summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* futex: Prevent stale futex owner when interrupted/timeoutThomas Gleixner2008-01-081-10/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Roland Westrelin did a great analysis of a long standing thinko in the return path of futex_lock_pi. While we fixed the lock steal case long ago, which was easy to trigger, we never had a test case which exposed this problem and stupidly never thought about the reverse lock stealing scenario and the return to user space with a stale state. When a blocked tasks returns from rt_mutex_timed_locked without holding the rt_mutex (due to a signal or timeout) and at the same time the task holding the futex is releasing the futex and assigning the ownership of the futex to the returning task, then it might happen that a third task acquires the rt_mutex before the final rt_mutex_trylock() of the returning task happens under the futex hash bucket lock. The returning task returns to user space with ETIMEOUT or EINTR, but the user space futex value is assigned to this task. The task which acquired the rt_mutex fixes the user space futex value right after the hash bucket lock has been released by the returning task, but for a short period of time the user space value is wrong. Detailed description is available at: https://bugzilla.redhat.com/show_bug.cgi?id=400541 The fix for this is the same as we do when the rt_mutex was acquired by a higher priority task via lock stealing from the designated new owner. In that case we already fix the user space value and the internal pi_state up before we return. This mechanism can be used to fixup the above corner case as well. When the returning task, which failed to acquire the rt_mutex, notices that it is the designated owner of the futex, then it fixes up the stale user space value and the pi_state, before returning to user space. This happens with the futex hash bucket lock held, so the task which acquired the rt_mutex is guaranteed to be blocked on the hash bucket lock. We can access the rt_mutex owner, which gives us the pid of the new owner, safely here as the owner is not able to modify (release) it while waiting on the hash bucket lock. Rename the "curr" argument of fixup_pi_state_owner() to "newowner" to avoid confusion with current and add the check for the stale state into the failure path of rt_mutex_trylock() in the return path of unlock_futex_pi(). If the situation is detected use fixup_pi_state_owner() to assign everything to the owner of the rt_mutex. Pointed-out-and-tested-by: Roland Westrelin <roland.westrelin@sun.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* pl2303: Fix mode switching regressionAlan Cox2008-01-083-0/+27
| | | | | | | | | | | | | | | Cleaning out all the incorrect 'no change made' checks for termios settings showed up a problem with the PL2303. The hardware here seems to lose sync and bits if you tell it to make no changes. This shows up with a real world application. To fix this the driver check for meaningful hardware changes is restored but doing the tests correctly and as a tty layer function so it doesn't get duplicated wrongly everywhere if other drivers turn out to need it. Signed-off-by: Alan Cox <alan@redhat.com> Tested-by: Mirko Parthey <mirko.parthey@informatik.tu-chemnitz.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* hfs: handle more on-disk corruptions without oopsingEric Sandeen2008-01-084-3/+42
| | | | | | | | | | | | | | | | | | | | | | | | hfs seems prone to bad things when it encounters on disk corruption. Many values are read from disk, and used as lengths to memcpy, as an example. This patch fixes up several of these problematic cases. o sanity check the on-disk maximum key lengths on mount (these are set to a defined value at mkfs time and shouldn't differ) o check on-disk node keylens against the maximum key length for each tree o fix hfs_btree_open so that going out via free_tree: doesn't wind up in hfs_releasepage, which wants to follow the very pointer we were trying to set up: HFS_SB(sb)->cat_tree = hfs_btree_open() ... failure gets to hfs_releasepage and tries to follow HFS_SB(sb)->cat_tree Tested with the fsfuzzer; it survives more than it used to. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Cc: Roman Zippel <zippel@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Fix crash with FLAT_MEMORY and ARCH_PFN_OFFSET != 0Thomas Bogendoerfer2008-01-081-1/+1
| | | | | | | | | | | | | | | | | | | | | When using FLAT_MEMORY and ARCH_PFN_OFFSET is not 0, the kernel crashes in memmap_init_zone(). This bug got introduced by commit c713216deebd95d2b0ab38fef8bb2361c0180c2d Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Acked-by: Mel Gorman <mel@csn.ul.ie> Cc: Bob Picco <bob.picco@hp.com> Cc: Dave Hansen <haveblue@us.ibm.com> Cc: Andy Whitcroft <apw@shadowen.org> Cc: Andi Kleen <ak@muc.de> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Cc: "Keith Mannthey" <kmannth@gmail.com> Cc: "Luck, Tony" <tony.luck@intel.com> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Yasunori Goto <y-goto@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* snd_mixer_oss_build_input(): fix for __you_cannot_kmalloc_that_much failure ↵Jean Delvare2008-01-081-38/+63
| | | | | | | | | | | | | with gcc-3.2 Rework this functions so that gcc-3.2 can successfully perform constant-folding. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Jaroslav Kysela <perex@suse.cz> Cc: Takashi Iwai <tiwai@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* dmi-id: fix for __you_cannot_kmalloc_that_much failureJean Delvare2008-01-081-5/+14
| | | | | | | | | | | | | | | | | gcc 3.2 has a hard time coping with the code in dmi_id_init(): drivers/built-in.o(.init.text+0x789e): In function `dmi_id_init': : undefined reference to `__you_cannot_kmalloc_that_much' make: *** [.tmp_vmlinux1] Error 1 Moving half of the code to a separate function seems to help. This is a no-op for gcc 4.1 which will successfully inline the code anyway. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Dave Airlie <airlied@linux.ie> Tested-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* vmcoreinfo: add the array length of "free_list" for filtering free pagesKen'ichi Ohmichi2008-01-081-0/+1
| | | | | | | | | | | | | | | | | | | | | This patch adds the array length of "free_area.free_list" to the vmcoreinfo data so that makedumpfile (dump filtering command) can exclude all free pages in linux-2.6.24. makedumpfile creates a small dumpfile by excluding unnecessary pages for the analysis. To distinguish unnecessary pages, makedumpfile gets the vmcoreinfo data which has the minimum debugging information only for dump filtering. In 2.6.24-rc1 or later, the free_area.free_list is an array which has one list for each migrate types instead of a single list. makedumpfile needs the array length of "free_area.free_list" and the vmcoreinfo data should contain it. Signed-off-by: Huang Ying <ying.huang@intel.com> Tested-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp> Acked-by: Simon Horman <horms@verge.net.au> Cc: David Rientjes <rientjes@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* eCryptfs: fix dentry handling on create error, unlink, and inode destroyMichael Halcrow2008-01-082-17/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch corrects some erroneous dentry handling in eCryptfs. If there is a problem creating the lower file, then there is nothing that the persistent lower file can do to really help us. This patch makes a vfs_create() failure in the lower filesystem always lead to an unconditional do_create failure in eCryptfs. Under certain sequences of operations, the eCryptfs dentry can remain in the dcache after an unlink. This patch calls d_drop() on the eCryptfs dentry to correct this. eCryptfs has no business calling d_delete() directly on a lower filesystem's dentry. This patch removes the call to d_delete() on the lower persistent file's dentry in ecryptfs_destroy_inode(). (Thanks to David Kleikamp, Eric Sandeen, and Jeff Moyer for helping identify and resolve this issue) Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com> Cc: Dave Kleikamp <shaggy@austin.ibm.com> Cc: Eric Sandeen <sandeen@redhat.com> Cc: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* xip: fix get_zeroed_page with __GFP_HIGHMEMAkinobu Mita2008-01-081-4/+5
| | | | | | | | | | | | | | The use of get_zeroed_page() with __GFP_HIGHMEM is invalid. Use alloc_page() with __GFP_ZERO instead of invalid get_zeroed_page(). (This patch is only compile tested) Cc: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Acked-by: Hugh Dickins <hugh@veritas.com> Acked-by: Carsten Otte <cotte@de.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* md: fix data corruption when a degraded raid5 array is reshapedDan Williams2008-01-081-2/+4
| | | | | | | | | | | | | | | | | We currently do not wait for the block from the missing device to be computed from parity before copying data to the new stripe layout. The change in the raid6 code is not techincally needed as we don't delay data block recovery in the same way for raid6 yet. But making the change now is safer long-term. This bug exists in 2.6.23 and 2.6.24-rc Cc: <stable@kernel.org> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Acked-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* KEYS: fix macroSebastian Siewior2008-01-081-1/+1
| | | | | | | | | | | | Commit 664cceb0093b755739e56572b836a99104ee8a75 changed the parameters of the function make_key_ref(). The macros that are used in case CONFIG_KEY is not defined did not change. Cc: David Howells <dhowells@redhat.com> Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* fat: optimize fat_count_free_clusters()OGAWA Hirofumi2008-01-081-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | On large partition, scanning the free clusters is very slow if users doesn't use "usefree" option. For optimizing it, this patch uses sb_breadahead() to read of FAT sectors. On some user's 15GB partition, this patch improved it very much (1min => 600ms). The following is the result of 2GB partition on my machine. without patch: root@devron (/)# time df -h > /dev/null real 0m1.202s user 0m0.000s sys 0m0.440s with patch: root@devron (/)# time df -h > /dev/null real 0m0.378s user 0m0.012s sys 0m0.168s Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* spi_bitbang: always grab lock with irqs blockedDavid Brownell2008-01-081-2/+3
| | | | | | | | | Fix a glitch reported by lockdep in the spi_bitbang code: it needs to consistently block IRQs when holding that spinlock. Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* x86: fix do_fork_idle section mismatchThomas Gleixner2008-01-081-1/+1
| | | | | | | | | | | | | With CPU_HOTPLUG=n: WARNING: vmlinux.o(.text+0x104f8): Section mismatch: reference to .init.text:fork_idle (between 'do_fork_idle' and 'lapic_timer_broadcast') do_fork_idle() needs to be __cpuinit. It can be static as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge branch 'for-linus' of ↵Linus Torvalds2008-01-083-3/+3
|\ | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: IB/srp: Release transport before removing host IB/mlx4: Fix value of pkey_index in QP1 completions MAINTAINERS: Update Sean Hefty's email address
| * IB/srp: Release transport before removing hostDave Dillow2008-01-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | The documented call sequence for removing a host is to call the transport xxx_remove_host() prior to scsi_remove_host(). The SRP transport used to crash when that order was followed, but as it is now fixed, use the documented order. Signed-off-by: David Dillow <dillowda@ornl.gov> Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: Roland Dreier <rolandd@cisco.com>
| * IB/mlx4: Fix value of pkey_index in QP1 completionsDotan Barak2008-01-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | Fix the value of pkey_index in completions to get a valid value for GSI QPs. Without this fix, incoming GSI packets on port 2 get an invalid P_Key index in the completion, which prevents the MAD layer from sending back a response, which can make the second port of ConnectX HCAs completely useless. Signed-off-by: Dotan Barak <dotanb@dev.mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com>
| * MAINTAINERS: Update Sean Hefty's email addressSean Hefty2008-01-081-1/+1
| | | | | | | | | | | | | | My Unix email account is being discontinued at end of Q1 '08. Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <rolandd@cisco.com>
* | Revert "hda_intel suspend latency: shorten codec read"Linus Torvalds2008-01-081-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 57a04513cb35086d54bcb2cb92e6627fc8fa0fae. Harald Dunkel reports that it broke sound for him: "Alsa stopped working for me. I still can access /dev/dsp, change the volume and so on, but the speakers are quiet." Reverting it fixed things for him. Reported-and-tested-by: Harald Dunkel <harald.dunkel@t-online.de> Acked-by: Takashi Iwai <tiwai@suse.de> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | acct: real_parent ppidRoland McGrath2008-01-071-1/+1
| | | | | | | | | | | | | | | | | | The ac_ppid field reported in process accounting records should match what getppid() would have returned to that process, regardless of whether a debugger is attached. Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | core dump: real_parent ppidRoland McGrath2008-01-071-2/+2
| | | | | | | | | | | | | | | | | | The pr_ppid field reported in core dumps should match what getppid() would have returned to that process, regardless of whether a debugger is attached. Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds2008-01-079-47/+57
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | * 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] Fix CONFIG_BOOT_RAW. [MIPS] Assume R4000/R4400 newer than 3.0 don't have the mfc0 count bug [MIPS] Fix IP32 breakage [MIPS] Alchemy: Fix use of __init code bug exposed by modpost warning [MIPS] Move inclusing of kernel/time/Kconfig menu to appropriate place
| * | [MIPS] Fix CONFIG_BOOT_RAW.Ralf Baechle2008-01-071-1/+2
| | | | | | | | | | | | | | | | | | | | | This was broken by 017e3a492683b32d17dcd1b13b279745cc656073 (lmo) / 396a2ae08e5080b140330645743ab2567f6bc426 (kernel.org). Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| * | [MIPS] Assume R4000/R4400 newer than 3.0 don't have the mfc0 count bugThomas Bogendoerfer2008-01-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | This seems as reasonable assumption and gets some SNI machines to work which currently must rely on the cp0 counter as clocksource. Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| * | [MIPS] Fix IP32 breakageThomas Bogendoerfer2008-01-074-13/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - suppress master aborts during config read - set io_map_base - only fixup end of iomem resource to avoid failing request_resource in serial driver - killed useless setting of crime_int bit, which caused wrong interrupts - use physcial address for serial port platform device and let 8250 driver do the ioremap Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| * | [MIPS] Alchemy: Fix use of __init code bug exposed by modpost warningSergei Shtylyov2008-01-072-29/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WARNING: vmlinux.o(.text+0x1ca608): Section mismatch: reference to .init.text: add_wired_entry (between 'config_access' and 'config_read') by refactoring the code calling add_wired_entry() from config_access() to a separate function which is called from aau1x_pci_setup(). While at it: - make some unnecassarily global variables 'static'; - fix the letter case, whitespace, etc. in the comments... Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| * | [MIPS] Move inclusing of kernel/time/Kconfig menu to appropriate placeAtsushi Nemoto2008-01-071-2/+2
| |/ | | | | | | | | | | | | | | CONFIG_NO_HZ, CONFIG_HIGH_RES_TIMERS should be selected in "Kernel type" menu, not in "CPU selection" menu. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/v4l-dvbLinus Torvalds2008-01-073-7/+6
|\ \ | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/v4l-dvb: V4L/DVB (6916): ivtv: udelay has to be changed *after* the eeprom was read, not before V4L/DVB (6944a): Fix Regression VIDIOCGMBUF ioctl hangs on bttv driver
| * | V4L/DVB (6916): ivtv: udelay has to be changed *after* the eeprom was read, ↵Hans Verkuil2008-01-072-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | not before The eeprom decides which Hauppauge model it is, so the decision whether to use an udelay of 5 or 10 needs to be taken after reading the eeprom, not before. Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
| * | V4L/DVB (6944a): Fix Regression VIDIOCGMBUF ioctl hangs on bttv driverGregor Jasny2008-01-071-3/+1
| |/ | | | | | | | | | | | | | | Fix bttv VIDIOCGMBUF locking like done in commit 820eacd84cff23b76693f4be1e28feb672f4488f. Signed-off-by: Gregor Jasny <gjasny@web.de> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
* | Merge master.kernel.org:/home/rmk/linux-2.6-armLinus Torvalds2008-01-062-1/+21
|\ \ | |/ |/| | | | | | | * master.kernel.org:/home/rmk/linux-2.6-arm: [ARM] 4691/1: add missing i2c_board_info struct for at91rm9200 [ARM] 4735/1: Unbreak pxa25x suspend/resume
| * [ARM] 4691/1: add missing i2c_board_info struct for at91rm9200Jan Altenberg2008-01-061-0/+9
| | | | | | | | | | | | | | | | - Add missing i2c_board_info struct for at91rm9200 Signed-off-by: Jan Altenberg <jan.altenberg@linutronix.de> Acked-by: Andrew Victor <avictor.za@gmail.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
| * [ARM] 4735/1: Unbreak pxa25x suspend/resumeRichard Purdie2008-01-031-1/+12
| | | | | | | | | | | | | | | | | | | | | | Suspend/resume on the pxa25x was fairly obviously broken in revision 711be5ccfe9a02ba560aa918a008c31ea4760163. This patch fixes the damage by adding back the missing code. Signed-off-by: Richard Purdie <rpurdie@rpsys.net> Acked-by: Eric Miao <eric.y.miao@gmail.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* | Linux 2.6.24-rc7v2.6.24-rc7Linus Torvalds2008-01-061-1/+1
| |
* | CPU hotplug: fix cpu_is_offline() on !CONFIG_HOTPLUG_CPUIngo Molnar2008-01-062-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make randconfig bootup testing found that the cpufreq code crashes on bootup, if the powernow-k8 driver is enabled and if maxcpus=1 passed on the boot line to a !CONFIG_HOTPLUG_CPU kernel. First lockdep found out that there's an inconsistent unlock sequence: ===================================== [ BUG: bad unlock balance detected! ] ------------------------------------- swapper/1 is trying to release lock (&per_cpu(cpu_policy_rwsem, cpu)) at: [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42 but there are no more locks to release! Call Trace: [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42 [<ffffffff80251c29>] print_unlock_inbalance_bug+0x104/0x12c [<ffffffff80252f3a>] mark_held_locks+0x56/0x94 [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42 [<ffffffff807008b6>] cpufreq_add_dev+0x2a8/0x5c4 ... then shortly afterwards the cpufreq code crashed on an assert: ------------[ cut here ]------------ kernel BUG at drivers/cpufreq/cpufreq.c:1068! invalid opcode: 0000 [1] SMP [...] Call Trace: [<ffffffff805145d6>] sysdev_driver_unregister+0x5b/0x91 [<ffffffff806ff520>] cpufreq_register_driver+0x15d/0x1a2 [<ffffffff80cc0596>] powernowk8_init+0x86/0x94 [...] ---[ end trace 1e9219be2b4431de ]--- the bug was caused by maxcpus=1 bootup, which brought up the secondary core as !cpu_online() but !cpu_is_offline() either, which on on !CONFIG_HOTPLUG_CPU is always 0 (include/linux/cpu.h): /* CPUs don't go offline once they're online w/o CONFIG_HOTPLUG_CPU */ static inline int cpu_is_offline(int cpu) { return 0; } but the cpufreq code uses cpu_online() and cpu_is_offline() in a mixed way - the low-level drivers use cpu_online(), while the cpufreq core uses cpu_is_offline(). This opened up the possibility to add the non-initialized sysdev device of the secondary core: cpufreq-core: trying to register driver powernow-k8 cpufreq-core: adding CPU 0 powernow-k8: BIOS error - no PSB or ACPI _PSS objects cpufreq-core: initialization failed cpufreq-core: adding CPU 1 cpufreq-core: initialization failed which then blew up. The fix is to make cpu_is_offline() always the negation of cpu_online(). With that fix applied the kernel boots up fine without crashing: Calling initcall 0xffffffff80cc0510: powernowk8_init+0x0/0x94() powernow-k8: Found 1 AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ processors (1 cpu cores) (version 2.20.00) powernow-k8: BIOS error - no PSB or ACPI _PSS objects initcall 0xffffffff80cc0510: powernowk8_init+0x0/0x94() returned -19. initcall 0xffffffff80cc0510 ran for 19 msecs: powernowk8_init+0x0/0x94() Calling initcall 0xffffffff80cc328f: init_lapic_nmi_sysfs+0x0/0x39() We could fix this by making CPU enumeration aware of max_cpus, but that would be more fragile IMO, and the cpu_online(cpu) != cpu_is_offline(cpu) possibility was quite confusing and a continuous source of bugs too. Most distributions have kernels with CPU hotplug enabled, so this bug remained hidden for a long time. Bug forensics: The broken cpu_is_offline() API variant was introduced via: commit a59d2e4e6977e7b94e003c96a41f07e96cddc340 Author: Rusty Russell <rusty@rustcorp.com.au> Date: Mon Mar 8 06:06:03 2004 -0800 [PATCH] minor cleanups for hotplug CPUs ( this predates linux-2.6.git, this commit is available from Thomas's historic git tree. ) Then 1.5 years later the cpufreq code made use of it: commit c32b6b8e524d2c337767d312814484d9289550cf Author: Ashok Raj <ashok.raj@intel.com> Date: Sun Oct 30 14:59:54 2005 -0800 [PATCH] create and destroy cpufreq sysfs entries based on cpu notifiers + if (cpu_is_offline(cpu)) + return 0; which is a correct use of the subtly broken new API. v2.6.15 then shipped with this bug included. then it took two more years for random-kernel qa to hit it. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | hda_intel suspend latency: shorten codec readIngo Molnar2008-01-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | not sleeping for every codec read/write but doing a short udelay and a conditional reschedule has cut suspend+resume latency by about 1 second on my T60. The patch also fixes the unexpected codec-connection errors that happen more often in the new power-save mode: http://lkml.org/lkml/2007/11/8/255 http://bugzilla.kernel.org/show_bug.cgi?id=9332 Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | fix: using joysticks in 32 bit applications on 64 bit systemsAkos Maroy2008-01-061-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | unfortunately 32 bit apps don't see the joysticks on a 64 bit system. this prevents one playing X-Plane (http://www.x-plane.com/) or other 32-bit games with joysticks. this is a known issue, and already raised several times: http://readlist.com/lists/vger.kernel.org/linux-kernel/28/144411.html http://www.brettcsmith.org/wiki/wiki.cgi?action=browse&diff=1&id=OzyComputer/Joystick unfortunately this is still not fixed in the mainline kernel. it would be nice to have this fixed, so that people can play these games without having to patch their kernel. the following patch solves the problem on 2.6.22. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Revert "scsi: revert "[SCSI] Get rid of scsi_cmnd->done""Linus Torvalds2008-01-069-58/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit ac40532ef0b8649e6f7f83859ea0de1c4ed08a19, which gets us back the original cleanup of 6f5391c283d7fdcf24bf40786ea79061919d1e1d. It turns out that the bug that was triggered by that commit was apparently not actually triggered by that commit at all, and just the testing conditions had changed enough to make it appear to be due to it. The real problem seems to have been found by Peter Osterlund: "pktcdvd sets it [block device size] when opening the /dev/pktcdvd device, but when the drive is later opened as /dev/scd0, there is nothing that sets it back. (Btw, 40944 is possible if the disk is a CDRW that was formatted with "cdrwtool -m 10236".) The problem is that pktcdvd opens the cd device in non-blocking mode when pktsetup is run, and doesn't close it again until pktsetup -d is run. The effect is that if you meanwhile open the cd device, blkdev.c:do_open() doesn't call bd_set_size() because bdev->bd_openers is non-zero." In particular, to repeat the bug (regardless of whether commit 6f5391c283d7fdcf24bf40786ea79061919d1e1d is applied or not): " 1. Start with an empty drive. 2. pktsetup 0 /dev/scd0 3. Insert a CD containing an isofs filesystem. 4. mount /dev/pktcdvd/0 /mnt/tmp 5. umount /mnt/tmp 6. Press the eject button. 7. Insert a DVD containing a non-writable filesystem. 8. mount /dev/scd0 /mnt/tmp 9. find /mnt/tmp -type f -print0 | xargs -0 sha1sum >/dev/null 10. If the DVD contains data beyond the physical size of a CD, you get I/O errors in the terminal, and dmesg reports lots of "attempt to access beyond end of device" errors." which in turn is because the nested open after the media change won't cause the size to be set properly (because the original open still holds the block device, and we only do the bd_set_size() when we don't have other people holding the device open). The proper fix for that is probably to just do something like bdev->bd_inode->i_size = (loff_t)get_capacity(disk)<<9; in fs/block_dev.c:do_open() even for the cases where we're not the original opener (but *not* call bd_set_size(), since that will also change the block size of the device). Cc: Peter Osterlund <petero2@telia.com> Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Cc: Matthew Wilcox <matthew@wil.cx> Cc: Ingo Molnar <mingo@elte.hu> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | [SCSI] SRP transport: only remove our own entriesDave Dillow2008-01-041-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | The SCSI SRP transport class currently iterates over all children devices of the host that is being removed in srp_remove_host(). However, not all of those children were created by the SRP transport, and removing them will cause corruption and an oops when their creator tries to remove them. Signed-off-by: David Dillow <dillowda@ornl.gov> Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2008-01-048-51/+127
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: [ISDN]: i4l: Fix DLE handling for i4l-audio [ISDN] i4l: 'NO CARRIER' message lost after ldisc flush [CONNECTOR]: Return proper error code in cn_call_callback() [INET]: Fix netdev renaming and inet address labels [CASSINI]: Bump driver version and release date. [CASSINI]: Fix two obvious NAPI bugs. [CASSINI]: Set skb->truesize properly on receive packets. [CASSINI]: Program parent Intel31154 bridge when necessary. [CASSINI]: Revert 'dont touch page_count'. [CASSINI]: Fix endianness bug. [XFRM]: Do not define km_migrate() if !CONFIG_XFRM_MIGRATE [X25]: Add missing x25_neigh_put
| * | [ISDN]: i4l: Fix DLE handling for i4l-audioMatthias Goebl2008-01-042-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The DLE handling in i4l-audio seems to be broken. It produces spurious DLEs so asterisk 1.2.24 with chan_modem_i4l gets irritated, the error message is: "chan_modem_i4l.c:450 i4l_read: Value of escape is ^ (17)". -> There shouldn't be a DLE-^. If a spurious DLE-ETX occurs, the audio connection even dies. I use a "AVM Fritz!PCI" isdn card. I found two issues that only appear if ISDN_AUDIO_SKB_DLECOUNT(skb) > 0: - The loop in isdn_tty.c:isdn_tty_try_read() doesn't escape a DLE if it's the last character. - The loop in isdn_common.c:isdn_readbchan_tty() doesn't copy its characters, it only remembers the last one ("last = *p;"). Compare it with the loop in isdn_common.c:isdn_readbchan(), that *does* copy them ("*cp++ = *p;") correctly. The special handling of the "last" character made it more difficult. I compared it to linux-2.4.19: There was no "last"-handling and both loops did escape and copy all characters correctly. Signed-off-by: Matthias Goebl <matthias.goebl@goebl.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [ISDN] i4l: 'NO CARRIER' message lost after ldisc flushMatthias Goebl2008-01-041-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ISDN tty layer doesn't produce a 'NO CARRIER' message after hangup. I suppose it broke when tty_buffer_flush() has been added to tty_ldisc_flush() in the commit below. For isdn_tty_modem_result(RESULT_NO_CARRIER..) the message inserted via isdn_tty_at_cout() -> tty_insert_flip_char() is flushed immediately by tty_ldisc_flush() -> tty_buffer_flush(). More annoyingly, the audio abort sequence DLE-ETX is also lost. This patch fixes only active audio connections, because I assume that nobody changes the line discipline for audio. For non-audio connections the problem remains. Maybe we can remove the tty_ldisc_flush() in isdn_tty_modem_result() at all because it's done at tty_close? On Mon, May 07, 2007 at 04:05:57PM -0500, Paul Fulghum wrote: > Flush the tty flip buffer when the line discipline > input queue is flushed, including the user call > tcflush(TCIFLUSH/TCIOFLUSH). This prevents unexpected > stale data after a user application calls tcflush(). > > Cc: Alan Cox <alan@lxorguk.org.uk> > Cc: Antonino Ingargiola <tritemio@gmail.com> > Signed-off-by: Paul Fulghum <paulkf@microgate.com> > > --- a/drivers/char/tty_io.c 2007-05-04 05:46:55.000000000 -0500 > +++ b/drivers/char/tty_io.c 2007-05-05 03:23:46.000000000 -0500 > @@ -1240,6 +1263,7 @@ void tty_ldisc_flush(struct tty_struct * > ld->flush_buffer(tty); > tty_ldisc_deref(ld); > } > + tty_buffer_flush(tty); [..] Signed-off-by: Matthias Goebl <matthias.goebl@goebl.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [CONNECTOR]: Return proper error code in cn_call_callback()Li Zefan2008-01-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Error code should be set to EINVAL instead of ENODEV if !queue_work(). There's another call of queue_work() which may set err to EINVAL. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [INET]: Fix netdev renaming and inet address labelsMark McLoughlin2008-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When re-naming an interface, the previous secondary address labels get lost e.g. $> brctl addbr foo $> ip addr add 192.168.0.1 dev foo $> ip addr add 192.168.0.2 dev foo label foo:00 $> ip addr show dev foo | grep inet inet 192.168.0.1/32 scope global foo inet 192.168.0.2/32 scope global foo:00 $> ip link set foo name bar $> ip addr show dev bar | grep inet inet 192.168.0.1/32 scope global bar inet 192.168.0.2/32 scope global bar:2 Turns out to be a simple thinko in inetdev_changename() - clearly we want to look at the address label, rather than the device name, for a suffix to retain. Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [CASSINI]: Bump driver version and release date.David S. Miller2008-01-041-2/+2
| | | | | | | | | | | | Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [CASSINI]: Fix two obvious NAPI bugs.David S. Miller2008-01-041-2/+2
| | | | | | | | | | | | | | | | | | | | | 1) close should do napi_disable() not napi_enable 2) remove unused local var 'todo' Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [CASSINI]: Set skb->truesize properly on receive packets.David S. Miller2008-01-041-0/+1
| | | | | | | | | | | | | | | | | | | | | skb->truesize was not being incremented at all to reflect the page based data added to RX SKBs. Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [CASSINI]: Program parent Intel31154 bridge when necessary.David S. Miller2008-01-041-0/+86
| | | | | | | | | | | | Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [CASSINI]: Revert 'dont touch page_count'.David S. Miller2008-01-041-32/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts changeset fa4f0774d7c6cccb4d1fda76b91dd8eddcb2dd6a ([CASSINI]: dont touch page_count) because it breaks the driver. The local page counting added by this changeset did not account for the asynchronous page count changes done by kfree_skb() and friends. The change adds extra atomics and on top of it all appears to be totally unnecessary as well. Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Nick Piggin <npiggin@suse.de>
| * | [CASSINI]: Fix endianness bug.Al Viro2008-01-042-12/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Here's proposed fix for RX checksum handling in cassini; it affects little-endian working with half-duplex gigabit, but obviously needs testing on big-endian too. The problem is, we need to convert checksum to fixed-endian *before* correcting for (unstripped) FCS. On big-endian it won't matter (conversion is no-op), on little-endian it will, but only if FCS is not stripped by hardware; i.e. in half-duplex gigabit mode when ->crc_size is set. cassini.c part is that fix, cassini.h one consists of trivial endianness annotations. With that applied the sucker is endian-clean, according to sparse. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud