summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [IPV4]: severe locking bug in fib_semantics.cAlexey Kuznetsov2006-08-171-6/+6
| | | | | | | | | | | | | Found in 2.4 by Yixin Pan <yxpan@hotmail.com>. > When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) = > is used in fib_release_info() instead of write_lock_bh(&fib_info_lock). = > Is the following case possible: a BH interrupts fib_release_info() while = > holding the write lock, and calls ip_check_fib_default() which calls = > read_lock(&fib_info_lock), and spin forever. Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
* [MCAST]: Fix filter leak on device removal.David L Stevens2006-08-172-17/+25
| | | | | | | | | | | This fixes source filter leakage when a device is removed and a process leaves the group thereafter. This also includes corresponding fixes for IPv6 multicast source filters on device removal. Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Disallow whitespace in network device names.David S. Miller2006-08-171-5/+14
| | | | | | It causes way too much trouble and confusion in userspace. Signed-off-by: David S. Miller <davem@davemloft.net>
* [PPP]: handle kmalloc failures and convert to using kzallocPanagiotis Issaris2006-08-171-11/+19
| | | | | | | | | | | | | | | | | The PPP code contains two kmalloc()s followed by memset()s without handling a possible memory allocation failure. (Suggested by Joe Perches). And furthermore, conversions from kmalloc+memset to kzalloc. [akpm@osdl.org: fix error-path leak] [akpm@osdl.org: cleanups] [paulus@samba.org: don't add useless printk and cardmap_destroy calls] Signed-off-by: Panagiotis Issaris <takis@issaris.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Paul Mackerras <paulus@samba.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [PKT_SCHED] cls_u32: Fix typo.Ralf Hildebrandt2006-08-171-1/+1
| | | | | Signed-off-by: Ralf Hildebrandt <Ralf.Hildebrandt@charite.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: Compile error on ARMKevin Hilman2006-08-171-1/+1
| | | | | | | | | | atm_proc_exit() is declared as __exit, and thus in .exit.text. On some architectures (ARM) .exit.text is discarded at compile time, and since atm_proc_exit() is called by some other __init functions, it results in a link error. Signed-off-by: Kevin Hilman <khilman@mvista.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BNX2]: Convert to netdev_alloc_skb()Michael Chan2006-08-171-8/+6
| | | | | | | | | | Convert dev_alloc_skb() to netdev_alloc_skb() and increase default rx ring size to 255. The old ring size of 100 was too small. Update version to 1.4.44. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [BNX2]: Fix tx race condition.Michael Chan2006-08-172-23/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a subtle race condition between bnx2_start_xmit() and bnx2_tx_int() similar to the one in tg3 discovered by Herbert Xu: CPU0 CPU1 bnx2_start_xmit() if (tx_ring_full) { tx_lock bnx2_tx() if (!netif_queue_stopped) netif_stop_queue() if (!tx_ring_full) update_tx_ring netif_wake_queue() tx_unlock } Even though tx_ring is updated before the if statement in bnx2_tx_int() in program order, it can be re-ordered by the CPU as shown above. This scenario can cause the tx queue to be stopped forever if bnx2_tx_int() has just freed up the entire tx_ring. The possibility of this happening should be very rare though. The following changes are made, very much identical to the tg3 fix: 1. Add memory barrier to fix the above race condition. 2. Eliminate the private tx_lock altogether and rely solely on netif_tx_lock. This eliminates one spinlock in bnx2_start_xmit() when the ring is full. 3. Because of 2, use netif_tx_lock in bnx2_tx_int() before calling netif_wake_queue(). 4. Add memory barrier to bnx2_tx_avail(). 5. Add bp->tx_wake_thresh which is set to half the tx ring size. 6. Check for the full wake queue condition before getting netif_tx_lock in tg3_tx(). This reduces the number of unnecessary spinlocks when the tx ring is full in a steady-state condition. Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Terminology in ip-sysctl.txtJan "Yenya" Kasprzak2006-08-171-3/+3
| | | | | | | | | | | this minor patch fixes the description of net.ipv4.tcp_mem sysctl in ip-sysctl.txt - the headline names the values "min, pressure, max", while the description uses the "low, pressure, high" values. Both tcp_rmem and tcp_wmem descriptions use the "min, pressure, max" values, so I have changed the tcp_mem to match this and not vice versa. Signed-off-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Possible leak of multicast source filter sctructureMichal Ruzicka2006-08-171-3/+3
| | | | | | | | | | There is a leak of a socket's multicast source filter list structure on closing a socket with a multicast source filter set on an interface that does not exist any more. Signed-off-by: Michal Ruzicka <michal.ruzicka@comstar.cz> Acked-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6] lockdep: annotate __icmpv6_socketIngo Molnar2006-08-171-0/+13
| | | | | | | | | | | | | | Split off __icmpv6_socket's sk->sk_dst_lock class, because it gets used from softirqs, which is safe for __icmpv6_sockets (because they never get directly used via userspace syscalls), but unsafe for normal sockets. Has no effect on non-lockdep kernels. Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: xt_physdev build fixAndrew Morton2006-08-171-0/+1
| | | | | | | It needs netfilter_bridge.h for brnf_deferred_hooks Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Fix potential stack overflow in net/core/utils.cSuresh Siddha2006-08-171-3/+4
| | | | | | | | | On High end systems (1024 or so cpus) this can potentially cause stack overflow. Fix the stack usage. Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [VLAN]: Make sure bonding packet drop checks get done in hwaccel RX path.David S. Miller2006-08-173-17/+30
| | | | | | | | | | | | Since __vlan_hwaccel_rx() is essentially bypassing the netif_receive_skb() call that would have occurred if we did the VLAN decapsulation in software, we are missing the skb_bond() call and the assosciated checks it does. Export those checks via an inline function, skb_bond_should_drop(), and use this in __vlan_hwaccel_rx(). Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-2.6.18Greg Kroah-Hartman2006-08-161-4/+4
|\
| * kbuild: correct assingment to CFLAGS with CROSS_COMPILESam Ravnborg2006-08-161-4/+4
| | | | | | | | | | | | | | | | | | | | Some architectures change $CC in arch/$(ARCH)/Makefile mips is one example. That have impact on what options are supported by gcc so move all $(call cc-option, ...) after include of arch specific Makefile. Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
* | Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6Greg Kroah-Hartman2006-08-166-77/+50
|\ \
| * | [S390] kernel page table allocation.Heiko Carstens2006-08-161-3/+3
| | | | | | | | | | | | | | | | | | | | | Don't waste DMA capable pages for identity mapping page tables. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| * | [S390] inaccessible PAV alias devices on LPAR.Peter Oberparleiter2006-08-161-14/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some situations PAV alias devices on LPAR are not accessible. The initialization procedure required to enable access to PAV alias devices has to be performed per storage server subsystem and not only once per storage server. Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| * | [S390] dasd slab cache alignment.Heiko Carstens2006-08-161-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | The dasd_page_cache should return page addresses and therefore the cache must be created with an alignment of PAGE_SIZE. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| * | [S390] dasd calls kzalloc while holding a spinlock.Horst Hummel2006-08-102-41/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | The dasd function dasd_set_uid calls kzalloc while holding the dasd_devmap_lock. Rearrange the code to do the memory allocation outside the lock. Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| * | [S390] dasd set offline kernel bug.Horst Hummel2006-08-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | The request queue flush function of the dasd driver has to dequeue the requests first and then call the end request function. Otherwise a kernel bug in ll_rw_block.c might get triggered. Signed-off-by: Horst Hummel <horst.hummel@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| * | [S390] add __cpuinit to appldata_cpu_notifyGerald Schaefer2006-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | | Use __cpuinit for CPU hotplug notifier function. Signed-off-by: Gerald Schaefer <geraldsc@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| * | [S390] xpram system device class.Martin Schwidefsky2006-08-071-24/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove system device class for xpram. It creates the directory hierarchy under /sys/devices/system/xpram/xpram0. The xpram0 directory is empty and it is always created while xpram1 and following devices are always missing, independent if the devices exist or not. Since the xpram devices are listed in /proc/partitions and /sys/block/ as slram<x> the system device class for xpram is meaningless. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
* | | Merge gregkh@master.kernel.org:/pub/scm/linux/kernel/git/wim/linux-2.6-watchdogGreg Kroah-Hartman2006-08-161-4/+4
|\ \ \
| * | | [WATCHDOG] Kconfig typos fix.Matt LaPlante2006-08-151-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Three typos in drivers/char/watchdog/Kconfig... Signed-off-by: Matt LaPlante <kernel1@cyberdogtech.com> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
* | | | [PATCH] PATCH: 1 line 2.6.18 bugfix: modpost-64bit-fix.patchHans de Goede2006-08-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a small but annoying bug in scripts/mod/file2alias.c which causes it to generate invalid aliases for input devices on 64 bit archs. This causes joydev.ko to not be automaticly loaded when inserting a joystick, resulting in a non working joystick (for the average user). In scripts/mod/file2alias.c is the following code for generating the input aliases: static void do_input(char *alias, kernel_ulong_t *arr, unsigned int min, unsigned int max) { unsigned int i; for (i = min; i < max; i++) if (arr[i / BITS_PER_LONG] & (1 << (i%BITS_PER_LONG))) sprintf(alias + strlen(alias), "%X,*", i); } On 32 bits systems, this correctly generates "0,*" for the first alias, "8,*" for the second etc. However on 64 bits it generates: "0,*20,*" resp "8,*28,*" Notice how it adds 20 + first entry (hex) ! to the list of hex codes, which is 32 more then the first entry, thus is because the bit test above wraps at 32 bits instead of 64. scripts/mod/file2alias.c, line 379 reads: if (arr[i / BITS_PER_LONG] & (1 << (i%BITS_PER_LONG))) That should be: if (arr[i / BITS_PER_LONG] & (1L << (i%BITS_PER_LONG))) Notice the added 'L' after the 1, otherwise that is an 32 bit int instead of a 64 bit long, and when that int gets shifted >= 32 times, appearantly the number by which to shift is wrapped at 5 bits ( % 32) causing it to test a bit 32 bits too low. The patch below makes the nescesarry 1 char change :) Signed-off-by: Hans de Goede <j.w.r.degoede@hhs.nl> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | Merge branch 'upstream-linus' of ↵Greg Kroah-Hartman2006-08-157-62/+263
|\ \ \ \ | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2
| * | | | ocfs2: allocation hintsMark Fasheh2006-08-074-13/+145
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Record the most recently used allocation group on the allocation context, so that subsequent allocations can attempt to optimize for contiguousness. Local alloc especially should benefit from this as the current chain search tends to let it spew across the disk. Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * | | | ocfs2: better group descriptor consistency checksMark Fasheh2006-08-071-20/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Try to catch corrupted group descriptors with some stronger checks placed in a couple of strategic locations. Detect a failed resizefs and refuse to allocate past what bitmap i_clusters allows. Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * | | | ocfs2: limit cluster bitmap information saved at mountMark Fasheh2006-08-072-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were storing cluster count on the ocfs2_super structure, but never actually using it so remove that. Also, we don't want to populate the uptodate cache with the unlocked block read - it is technically safe as is, but we should change it for correctness. Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * | | | [PATCH] fs/ocfs2/dlm/dlmmaster.c: unexport dlm_migrate_lockresAdrian Bunk2006-08-071-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the unused EXPORT_SYMBOL_GPL(dlm_migrate_lockres). Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * | | | ocfs2: fix check for locally granted state during dlmunlock()Kurt Hackel2006-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a process requests a lock cancel but the lock has been remotely granted already then there is no need to send the cancel message. Signed-off-by: Kurt Hackel <kurt.hackel@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * | | | ocfs2: do not modify lksb->status in the unlock astKurt Hackel2006-08-071-25/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This can race with other ast notification, which can cause bad status values to propagate into the unlock ast. Signed-off-by: Kurt Hackel <kurt.hackel@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
| * | | | ocfs2: Fix lvb corruptionKurt Hackel2006-08-071-0/+6
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Properly ignore LVB flags during a PR downconvert. This avoids an illegal lvb update. Signed-off-by: Kurt Hackel <kurt.hackel@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
* | | | [PATCH] fcntl(F_SETSIG) fixTrond Myklebust2006-08-141-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fcntl(F_SETSIG) no longer works on leases because lease_release_private_callback() gets called as the lease is copied in order to initialise it. The problem is that lease_alloc() performs an unnecessary initialisation, which sets the lease_manager_ops. Avoid the problem by allocating the target lease structure using locks_alloc_lock(). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] fuse: fix error case in fuse_readpagesAlexander Zarochentsev2006-08-143-2/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't let fuse_readpages leave the @pages list not empty when exiting on error. [akpm@osdl.org: kernel-doc fixes] Signed-off-by: Alexander Zarochentsev <zam@namesys.com> Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] workqueue: remove lock_cpu_hotplug()Andrew Morton2006-08-141-12/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a private lock instead. It protects all per-cpu data structures in workqueue.c, including the workqueues list. Fix a bug in schedule_on_each_cpu(): it was forgetting to lock down the per-cpu resources. Unfixed long-standing bug: if someone unplugs the CPU identified by `singlethread_cpu' the kernel will get very sick. Cc: Dave Jones <davej@codemonkey.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] fbdev: include backlight.h only when __KERNEL__ is definedMichal Januszewski2006-08-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | linux/backlight.h pulls in header files (eg. ioport.h) that break compilation of userspace programs. To solve the problem, only include backlight.h in fb.h if compiling kernel stuff. Signed-off-by: Michal Januszewski <spock@gentoo.org> Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] futex_handle_fault always failsjohn stultz2006-08-141-6/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We found this issue last week w/ the -RT kernel, but it seems the same issue is in mainline as well. Basically it is possible for futex_unlock_pi to return without actually freeing the lock. This is due to buggy logic in the use of futex_handle_fault() and its attempt argument in a failure case. Looking at futex.c the logic is as follows: 1) In futex_unlock_pi() we start w/ ret=0 and we go down to the first futex_atomic_cmpxchg_inatomic(), where we find uval==-EFAULT. We then jump to the pi_faulted label. 2) From pi_faulted: We increment attempt, unlock the sem and hit the retry label. 3) From the retry label, with ret still zero, we again hit EFAULT on the first futex_atomic_cmpxchg_inatomic(), and again goto the pi_faulted label. 4) Again from pi_faulted: we increment attempt and enter the conditional, where we call futex_handle_fault. 5) futex_handle_fault fails, and we goto the out_unlock_release_sem label. 6) From out_unlock_release_sem we return, and since ret is still zero, we return without error, while never actually unlocking the lock. Issue #1: at the first futex_atomic_cmpxchg_inatomic() we should probably be setting ret=-EFAULT before jumping to pi_faulted: However in our case this doesn't really affect anything, as the glibc we're using ignores the error value from futex_unlock_pi(). Issue #2: Look at futex_handle_fault(), its first conditional will return -EFAULT if attempt is >= 2. However, from the "if(attempt++) futex_handle_fault(attempt)" logic above, we'll *never* call futex_handle_fault when attempt is less then two. So we never get a chance to even try to fault the page in. The following patch addresses these two issues by 1) Always setting ret to -EFAULT if futex_handle_fault fails, and 2) Removing the = in futex_handle_fault's (attempt >= 2) check. I'm really not sure this is the right fix, but wanted to bring it up so folks knew the issue is alive and well in the current -git tree. From looking at the git logs the logic was first introduced (then later copied to other places) in the following commit almost a year ago: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4732efbeb997189d9f9b04708dc26bf8613ed721;hp=5b039e681b8c5f30aac9cc04385cc94be45d0823 Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Ingo Molnar <mingo@elte.hu> Acked-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] sys_getppid oopses on debug kernelKirill Korotaev2006-08-141-34/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sys_getppid() optimization can access a freed memory. On kernels with DEBUG_SLAB turned ON, this results in Oops. As Dave Hansen noted, this optimization is also unsafe for memory hotplug. So this patch always takes the lock to be safe. [oleg@tv-sign.ru: simplifications] Signed-off-by: Kirill Korotaev <dev@openvz.org> Cc: <stable@kernel.org> Cc: Dave Hansen <haveblue@us.ibm.com> Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] Change panic_on_oops message to "Fatal exception"Horms2006-08-146-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously the message was "Fatal exception: panic_on_oops", as introduced in a recent patch whith removed a somewhat dangerous call to ssleep() in the panic_on_oops path. However, Paul Mackerras suggested that this was somewhat confusing, leadind people to believe that it was panic_on_oops that was the root cause of the fatal exception. On his suggestion, this patch changes the message to simply "Fatal exception". A suitable oops message should already have been displayed. Signed-off-by: Simon Horman <horms@verge.net.au> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] dm: BUG/OOPS fixMichal Miroslaw2006-08-141-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix BUG I tripped on while testing failover and multipathing. BUG shows up on error path in multipath_ctr() when parse_priority_group() fails after returning at least once without error. The fix is to initialize m->ti early - just after alloc()ing it. BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000 printing eip: c027c3d2 *pde = 00000000 Oops: 0000 [#3] Modules linked in: qla2xxx ext3 jbd mbcache sg ide_cd cdrom floppy CPU: 0 EIP: 0060:[<c027c3d2>] Not tainted VLI EFLAGS: 00010202 (2.6.17.3 #1) EIP is at dm_put_device+0xf/0x3b eax: 00000001 ebx: ee4fcac0 ecx: 00000000 edx: ee4fcac0 esi: ee4fc4e0 edi: ee4fc4e0 ebp: 00000000 esp: c5db3e78 ds: 007b es: 007b ss: 0068 Process multipathd (pid: 15912, threadinfo=c5db2000 task=ef485a90) Stack: ec4eda40 c02816bd ee4fc4c0 00000000 f7e89498 f883e0bc c02816f6 f7e89480 f7e8948c c0281801 ffffffea f7e89480 f883e080 c0281ffe 00000001 00000000 00000004 dfe9cab8 f7a693c0 f883e080 f883e0c0 ca4b99c0 c027c6ee 01400000 Call Trace: <c02816bd> free_pgpaths+0x31/0x45 <c02816f6> free_priority_group+0x25/0x2e <c0281801> free_multipath+0x35/0x67 <c0281ffe> multipath_ctr+0x123/0x12d <c027c6ee> dm_table_add_target+0x11e/0x18b <c027e5b4> populate_table+0x8a/0xaf <c027e62b> table_load+0x52/0xf9 <c027ec23> ctl_ioctl+0xca/0xfc <c027e5d9> table_load+0x0/0xf9 <c0152146> do_ioctl+0x3e/0x43 <c0152360> vfs_ioctl+0x16c/0x178 <c01523b4> sys_ioctl+0x48/0x60 <c01029b3> syscall_call+0x7/0xb Code: 97 f0 00 00 00 89 c1 83 c9 01 80 e2 01 0f 44 c1 88 43 14 8b 04 24 59 5b 5e 5f 5d c3 53 89 c1 89 d3 ff 4a 08 0f 94 c0 84 c0 74 2a <8b> 01 8b 10 89 d8 e8 f6 fb ff ff 8b 03 8b 53 04 89 50 04 89 02 EIP: [<c027c3d2>] dm_put_device+0xf/0x3b SS:ESP 0068:c5db3e78 Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Acked-by: Alasdair G Kergon <agk@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] panic.c build fixAndrew Morton2006-08-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | kernel/panic.c: In function 'add_taint': kernel/panic.c:176: warning: implicit declaration of function 'debug_locks_off' Cc: Andi Kleen <ak@muc.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] fix hrtimer percpu usage typoJan Blunck2006-08-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The percpu variable is used incorrectly in switch_hrtimer_base(). Signed-off-by: Jan Blunck <jblunck@suse.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] initialize parts of udf inode earlier in createDan Bastone2006-08-141-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Eric says: > I saw an oops down this path when trying to create a new file on a UDF > filesystem which was internally marked as readonly, but mounted rw: > > udf_create > udf_new_inode > new_inode > alloc_inode > udf_alloc_inode > udf_new_block > returns EIO due to readonlyness > iput (on error) I ran into the same issue today, but when listing a directory with invalid/corrupt entries: udf_lookup udf_iget get_new_inode_fast alloc_inode udf_alloc_inode __udf_read_inode fails for any reason iput (on error) ... The following patch to udf_alloc_inode() should take care of both (and other similar) cases, but I've only tested it with udf_lookup(). Signed-off-by: Dan Bastone <dan@pwienterprises.com> Cc: Eric Sandeen <sandeen@sandeen.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] adfs error message fixAndrew Morton2006-08-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't use NULL as a printf control string. Fixes bug #6889. Cc: Ralph Corderoy <ralph@inputplus.co.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [PATCH] add imacfb documentation and detectionEdgar Hucek2006-08-143-6/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add basic Machine detection to imacfb and some Ducumentation bits for imacfb. Signed-off-by: Edgar Hucek <hostmaster@ed-soft.at> Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | | | [INET]: Use pskb_trim_unique when trimming paged unique skbsHerbert Xu2006-08-133-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The IPv4/IPv6 datagram output path was using skb_trim to trim paged packets because they know that the packet has not been cloned yet (since the packet hasn't been given to anything else in the system). This broke because skb_trim no longer allows paged packets to be trimmed. Paged packets must be given to one of the pskb_trim functions instead. This patch adds a new pskb_trim_unique function to cover the IPv4/IPv6 datagram output path scenario and replaces the corresponding skb_trim calls with it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | | [NETFILTER]: ulog: fix panic on SMP kernelsMark Huang2006-08-133-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix kernel panic on various SMP machines. The culprit is a null ub->skb in ulog_send(). If ulog_timer() has already been scheduled on one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the queue on another CPU by calling ulog_send() right before it exits, there will be no skbuff when ulog_timer() acquires the lock and calls ulog_send(). Cancelling the timer in ulog_send() doesn't help because it has already been scheduled and is running on the first CPU. Similar problem exists in ebt_ulog.c and nfnetlink_log.c. Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud