- 12 Jun, 2008 2 commits
-
-
Henry Nestler authored
Page faults in kernel address space between PAGE_OFFSET up to VMALLOC_START should not try to map as vmalloc. Fix rarely endless page faults inside mount_block_root for root filesystem at boot time. All 32bit kernels up to 2.6.25 can fail into this hole. I can not present this under native linux kernel. I see, that the 64bit has fixed the problem. I copied the same lines into 32bit part. Recorded debugs are from coLinux kernel 2.6.22.18 (virtualisation): http://www.henrynestler.com/colinux/testing/pfn-check-0.7.3/20080410-antinx/bug16-recursive-page-fault-endless.txt The physicaly memory was trimmed down to 192MB to better catch the bug. More memory gets the bug more rarely. Details, how every x86 32bit system can fail: Start from "mount_block_root", http://lxr.linux.no/linux/init/do_mounts.c#L297 There the variable "fs_names" got one memory page with 4096 bytes. Variable "p" walks through the existing file system types. The first string is no problem. But, with the second loop in mount_block_root the offset of "p" is not at beginning of page, the offset is for example +9, if "reiserfs" is the first in list. Than calls do_mount_root, and lands in sys_mount. Remember: Variable "type_page" contains now "fs_type+9" and not contains a full page. The sys_mount copies 4096 bytes with function "exact_copy_from_user()": http://lxr.linux.no/linux/fs/namespace.c#L1540 Mostly exist pages after the buffer "fs_names+4096+9" and the page fault handler was not called. No problem. In the case, if the page after "fs_names+4096" is not mapped, the page fault handler was called from http://lxr.linux.no/linux/fs/namespace.c#L1320 The do_page_fault gots an address 0xc03b4000. It's kernel address, address >= TASK_SIZE, but not from vmalloc! It's from "__getname()" alias "kmem_cache_alloc". The "error_code" is 0. "vmalloc_fault" will be call: http://lxr.linux.no/linux/arch/i386/mm/fault.c#L332 "vmalloc_fault" tryed to find the physical page for a non existing virtual memory area. The macro "pte_present" in vmalloc_fault() got a next page fault for 0xc0000ed0 at: http://lxr.linux.no/linux/arch/i386/mm/fault.c#L282 No PTE exist for such virtual address. The page fault handler was trying to sync the physical page for the PTE lockup. This called vmalloc_fault() again for address 0xc000000, and that also was not existing. The endless began... In normal case the cpu would still loop with disabled interrrupts. Under coLinux this was catched by a stack overflow inside printk debugs. Signed-off-by: Henry Nestler <henry.nestler@gmail.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-
Ingo Molnar authored
-tip testing found this build bug: MODPOST 331 modules ERROR: "geode_mfgpt_toggle_event" [drivers/watchdog/geodewdt.ko] undefined! ERROR: "geode_mfgpt_alloc_timer" [drivers/watchdog/geodewdt.ko] undefined! make[1]: *** [__modpost] Error 1 make: *** [modules] Error 2 with this config: http://redhat.com/~mingo/misc/config-Wed_Jun__4_18_01_59_CEST_2008.bad export those symbols. Signed-off-by: Ingo Molnar <mingo@elte.hu>
-
- 10 Jun, 2008 4 commits
-
-
Chris Wright authored
Cc: Michal Ostrowski <mostrows@earthlink.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/roland/infinibandLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: IB/core: Remove IB_DEVICE_SEND_W_INV capability flag IB/umem: Avoid sign problems when demoting npages to integer
-
git://git.infradead.org/users/cbou/battery-2.6.26Linus Torvalds authored
* git://git.infradead.org/users/cbou/battery-2.6.26: power_supply: Fix race in power_supply_uevent
-
git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6: Blackfin serial driver: fix up tty core set_ldisc API change breakage bug Blackfin arch: protect only the SPI bus controller with CONFIG_SPI_BFIN Blackfin arch: fixup warnings with the new cplb saved values Blackfin Serial Driver: Clean up BF54x macro in blackfin UART driver.
-
- 09 Jun, 2008 20 commits
-
-
Dmitry Baryshkov authored
Commit 54d29ad3 (Power Supply: fix race in device_create) introduced a race in power_supply_uevent. Previously it checked that power_supply is available by checking for dev->driver_data. But now dev->driver_data is set before power_supply->dev is initialised. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com> Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreqLinus Torvalds authored
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/davej/cpufreq: [CPUFREQ] Fix format string bug.
-
Chris Wright authored
Format string bug. Not exploitable, as this is only writable by root, but worth fixing all the same. Spotted-by: Ilja van Sprundel <ilja@netric.org> Signed-off-by: Dave Jones <davej@redhat.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: [ALSA] hda - Fix "alc262_sony_unsol[]" hda_verb array
-
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpcLinus Torvalds authored
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: [POWERPC] ehea: Remove dependency on MEMORY_HOTPLUG [POWERPC] Make walk_memory_resource available with MEMORY_HOTPLUG=n [POWERPC] Use dev_set_name in pci_64.c [POWERPC] Fix incorrect enabling of VMX when building signal or user context [POWERPC] boot/Makefile CONFIG_ variable fixes
-
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6.26Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6.26: sh: Add -mno-fdpic to default flags. sh: add resource of USB host for SH7723 usb: r8a66597-hcd: Add support for SH7723 USB host sh: Fix compile error SH7763 setup code sh: Add SH7723 SCIF support
-
Russ Anderson authored
Minor source code cleanup of page flags in mm/page_alloc.c. Move the definition of the groups of bits to page-flags.h. The purpose of this clean up is that the next patch will conditionally add a page flag to the groups. Doing that in a header file is cleaner than adding #ifdefs to the C code. Signed-off-by: Russ Anderson <rja@sgi.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
Commit 30f2f0eb ("block: do_mounts - accept root=<non-existant partition>") extended blk_lookup_devt() to be able to look up partitions that had not yet been registered, but in the process made the assumption that the '&block_class.devices' list only contains disk devices and that you can do 'dev_to_disk(dev)' on them. That isn't actually true. The block_class device list also contains the partitions we've discovered so far, and you can't just do a 'dev_to_disk()' on those. So make sure to only work on devices that block/genhd.c has registered itself, something we can test by checking the 'dev->type' member. This makes the loop in blk_lookup_devt() match the other such loops in this file. [ We may want to do an alternate version that knows to handle _either_ whole-disk devices or partitions, but for now this is the minimal fix for a series of crashes reported by Mariusz Kozlowski in http://lkml.org/lkml/2008/5/25/25 and Ingo in http://lkml.org/lkml/2008/6/9/39 ] Reported-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl> Reported-by: Ingo Molnar <mingo@elte.hu> Cc: Neil Brown <neilb@suse.de> Cc: Joao Luis Meloni Assirati <assirati@nonada.if.usp.br> Acked-by: Kay Sievers <kay.sievers@vrfy.org> Cc: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Roland Dreier authored
In 2.6.26, we added some support for send with invalidate work requests, including a device capability flag to indicate whether a device supports such requests. However, the support was incomplete: the completion structure was not extended with a field for the key contained in incoming send with invalidate requests. Full support for memory management extensions (send with invalidate, local invalidate, fast register through a send queue, etc) is planned for 2.6.27. Since send with invalidate is not very useful by itself, just remove the IB_DEVICE_SEND_W_INV bit before the 2.6.26 final release; we will add an IB_DEVICE_MEM_MGT_EXTENSIONS bit in 2.6.27, which makes things simpler for applications, since they will not have quite as confusing an array of fine-grained bits to check. Signed-off-by: Roland Dreier <rolandd@cisco.com>
-
Akio Idehara authored
I think that hda_verb array must have "terminator (empty array)". But alc262_sony_unsol[] does not have it. And it causes gcc-4.3's buggy behavior with snd_hda_sequence_write(). Signed-off-by: Akio Idehara <zbe64533@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Paul Mundt authored
Presently the --fdpic specifier and the --isa matching clash when building with FDPIC toolchains. As we have no interest in building the kernel with --fdpic in the first place, always try to add in -mno-fdpic to the default flags. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
-
Yoshihiro Shimoda authored
Signed-off-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
-
Yoshihiro Shimoda authored
R8A66597 is similar to SH7723 USB 2.0 Host/Function module. In addition, the USB of SH7366 is compatible with SH7723. It can support SH7723 USB host by changing Kconfig. Signed-off-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com> Acked-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
-
Nobuhiro Iwamatsu authored
SH7763's setup code use old DECLARE_INTC_DESC. There was a compile error because of this. Signed-off-by: Nobuhiro Iwamatsu <iwamatsu.nobuhiro@renesas.com> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
-
Yusuke.Goda authored
Signed-off-by: Yusuke Goda <goda.yusuke@renesas.com> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
-
Nathan Lynch authored
Now that walk_memory_resource() is available regardless of MEMORY_HOTPLUG's setting, this dependency is not needed. Signed-off-by: Nathan Lynch <ntl@pobox.com> Acked-by: Jeff Garzik <jeff@garzik.org> Acked-by: Yasunori Goto <y-goto@jp.fujitsu.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Nathan Lynch authored
The ehea driver was recently changed[1] to use walk_memory_resource() to detect the system's memory layout. However, walk_memory_resource() is available only when memory hotplug is enabled. So CONFIG_EHEA was made to depend on MEMORY_HOTPLUG [2], but it is inappropriate for a network driver to have such a dependency. Make the declaration of walk_memory_resource() and its powerpc implementation (ehea is powerpc-specific) unconditionally available. [1] 48cfb14f "ehea: Add DLPAR memory remove support" [2] fb7b6ca2 "ehea: Add dependency to Kconfig" Signed-off-by: Nathan Lynch <ntl@pobox.com> Acked-by: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Stephen Rothwell authored
During the next merge window, pci_name()'s return value will become const, so use the new dev_set_name() instead to avoid the warning (from linux-next): arch/powerpc/kernel/pci_64.c: In function 'of_create_pci_dev': arch/powerpc/kernel/pci_64.c:193: warning: passing argument 1 of 'sprintf' discards qualifiers from pointer target type Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Greg KH <greg@kroah.com> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Benjamin Herrenschmidt authored
When building a signal or a ucontext, we can incorrectly set the MSR_VEC bit of the kernel pt_regs->msr before returning to userspace if the task -ever- used VMX. This can lead to funny result if that stack used it in the past, then "lost" it (ie. it wasn't enabled after a context switch for example) and then called get_context. It can end up with VMX enabled and the registers containing values from some other task. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
Adrian Bunk authored
This corrects the names of two CONFIG_ variables. Note that the CONFIG_MPC86XADS fix uncovers another bug (with mpc866_ads_defconfig) that will require fixing: <-- snip --> ... arch/powerpc/boot/dtc -O dtb -o arch/powerpc/boot/mpc866ads.dtb -b 0 /home/bunk/linux/kernel-2.6/git/linux-2.6/arch/powerpc/boot/dts/mpc866ads.dts DTC: dts->dtb on file "/home/bunk/linux/kernel-2.6/git/linux-2.6/arch/powerpc/boot/dts/mpc866ads.dts" WRAP arch/powerpc/boot/cuImage.mpc866ads powerpc64-linux-ld: arch/powerpc/boot/cuboot-mpc866ads.o: No such file: No such file or directory make[2]: *** [arch/powerpc/boot/cuImage.mpc866ads] Error 1 <-- snip --> Reported-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
-
- 08 Jun, 2008 1 commit
-
-
Adrian Bunk authored
Commit 73f20e58 ("FAT_VALID_MEDIA(): remove pointless test") wrongly added the new fat_valid_media() function to the userspace-visible part of include/linux/msdos_fs.h Move it to the part of include/linux/msdos_fs.h that is not exported to userspace. Reported-by: Onur Küçük <onur@pardus.org.tr> Reported-by: S.Çağlar Onur <caglar@pardus.org.tr> Signed-off-by: Adrian Bunk <bunk@kernel.org> Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 07 Jun, 2008 3 commits
-
-
Graf Yang authored
This is the patch that follows Linus's modification about set_ldisc. Graf has built and tested it on BF537 using Linus's git Tree. Signed-off-by: Graf Yang <graf.yang@analog.com> Signed-off-by: Bryan Wu <cooloney@kernel.org>
-
Mike Frysinger authored
Signed-off-by: Mike Frysinger <vapier.adi@gmail.com> Signed-off-by: Bryan Wu <cooloney@kernel.org>
-
Roland Dreier authored
On a 64-bit architecture, if ib_umem_get() is called with a size value that is so big that npages is negative when cast to int, then the length of the page list passed to get_user_pages(), namely min_t(int, npages, PAGE_SIZE / sizeof (struct page *)) will be negative, and get_user_pages() will immediately return 0 (at least since 900cf086, "Be more robust about bad arguments in get_user_pages()"). This leads to an infinite loop in ib_umem_get(), since the code boils down to: while (npages) { ret = get_user_pages(...); npages -= ret; } Fix this by taking the minimum as unsigned longs, so that the value of npages is never truncated. The impact of this bug isn't too severe, since the value of npages is checked against RLIMIT_MEMLOCK, so a process would need to have an astronomical limit or have CAP_IPC_LOCK to be able to trigger this, and such a process could already cause lots of mischief. But it does let buggy userspace code cause a kernel lock-up; for example I hit this with code that passes a negative value into a memory registartion function where it is promoted to a huge u64 value. Cc: <stable@kernel.org> Signed-off-by: Roland Dreier <rolandd@cisco.com>
-
- 06 Jun, 2008 10 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4Linus Torvalds authored
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: enable barriers by default jbd2: Fix barrier fallback code to re-lock the buffer head ext4: Display the journal_async_commit mount option in /proc/mounts jbd2: If a journal checksum error is detected, propagate the error to ext4 jbd2: Fix memory leak when verifying checksums in the journal ext4: fix online resize bug ext4: Fix uninit block group initialization with FLEX_BG ext4: Fix use of uninitialized data with debug enabled.
-
Oleg Nesterov authored
use_mm() was changed to use switch_mm() instead of activate_mm(), since then nobody calls (and nobody should call) activate_mm() with PF_BORROWED_MM bit set. As Jeff Dike pointed out, we can also remove the "old != new" check, it is always true. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/roland/infinibandLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: IB/ipath: Fix SM trap forwarding IB/ehca: Reject send WRs only for RESET, INIT and RTR state MAINTAINERS: Update NetEffect (iw_nes) entry IB/ipath: Fix device capability flags IB/ipath: Avoid test_bit() on u64 SDMA status value
-
git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6: x86/PCI: add workaround for bug in ASUS A7V600 BIOS (rev 1005) PCI/x86: fix up PCI stuff so that PCI_GOANY supports OLPC
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: sound: emu10k1 - fix system hang with Audigy2 ZS Notebook PCMCIA card
-
git://git.kernel.org/pub/scm/linux/kernel/git/chrisw/lsm-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/chrisw/lsm-2.6: capabilities: remain source compatible with 32-bit raw legacy capability support. LSM: remove stale web site from MAINTAINERS
-
git://git.infradead.org/~dwmw2/mtd-2.6.26Linus Torvalds authored
* git://git.infradead.org/~dwmw2/mtd-2.6.26: [MTD] m25p80.c mutex unlock fix
-
David Sterba authored
Packet sending is driven by two flags, tx_ready and tx_queued. It was possible, that there were queued data for sending and hardware was flagged as blocked but in fact it was not. The tx_queued was indicator but should be really a counter else first fragmented packet resets tx_queued flag, but there may be pending packets which do not get sent. New semantics: tx_ready - set, if hw is ready to send packet, no packet is being transferred right now set the flag right at the place where data are copied into hw memory and not earlier without checking if it was succesful tx_queued - count of enqueued packets, including fragments Tested-by: Michal Rokos <michal.rokos@gmail.com> Signed-off-by: David Sterba <dsterba@suse.cz> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Jeff Layton authored
To get zeroed out memory from a particular NUMA node. To be used by sunrpc. Signed-off-by: Jeff Layton <jlayton@redhat.com> Cc: Christoph Lameter <clameter@sgi.com> Cc: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Thomas Tuttle authored
Just a quick explanation of the pagemap interface from a userspace point of view, and an example of how to use it (in English, not code). Signed-off-by: Thomas Tuttle <ttuttle@google.com> Cc: Matt Mackall <mpm@selenic.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-