In order to handle all of the cases of address calculation overflow
properly, we run sparc 32-bit processes in "address masking" mode
when running on a 64-bit kernel.
Address masking mode zeros out the top 32-bits of the address
calculated for every load and store instruction.
However, when we're in privileged mode we have to run with that
address masking mode disabled even when accessing userspace from
the kernel.
To "simulate" the address masking mode we clear the top-bits by
hand for 32-bit processes in the fault handler.
It is the responsibility of code in the compat layer to properly
zero extend addresses used to access userspace. If this isn't
followed properly we can get into a fault loop.
Say that the user address is 0xf0000000 but for whatever reason
the kernel code sign extends this to 64-bit, and then the kernel
tries to access the result.
In such a case we'll fault on address 0xfffffffff0000000 but the fault
handler will process that fault as if it were to address 0xf0000000.
We'll loop faulting forever because the fault never gets satisfied.
So add a check specifically for this case, when the kernel is faulting
on a user address access and the addresses don't match up.
This code path is sufficiently slow path, and this bug is sufficiently
painful to diagnose, that this kind of bug check is warranted.
Signed-off-by: David S. Miller <davem@davemloft.net>
When we're idling in NOHZ mode, timer interrupts are not running.
Evidence of processing timer interrupts is what the NMI watchdog
uses to determine if the CPU is stuck.
On Niagara, we'll yield the cpu. This will make the cpu, at
worst, hang out in the hypervisor until an interrupt arrives.
This will prevent the NMI watchdog timer from firing.
However on non-Niagara we just loop executing instructions
which will cause the NMI watchdog to keep firing. It won't
see timer interrupts happening so it will think the cpu is
stuck.
Fix this by touching the NMI watchdog in the cpu idle loop
on non-Niagara machines.
Signed-off-by: David S. Miller <davem@davemloft.net>
It all lives in the oprofile support code currently and we will need
to share this stuff with NMI watchdog and perf_counter support.
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6:
i2c: Warn on deprecated binding model use
eeprom: More consistent symbol names
eeprom: Move 93cx6 eeprom driver to /drivers/misc/eeprom
spi: Move at25 (for SPI eeproms) to /drivers/misc/eeprom
i2c: Move old eeprom driver to /drivers/misc/eeprom
i2c: Move at24 to drivers/misc/eeprom
i2c: Quilt tree has moved
i2c: Delete many unused adapter IDs
i2c: Delete 10 unused driver IDs
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (92 commits)
gianfar: Revive VLAN support
vlan: Export symbols as non GPL symbols.
bnx2x: tx_has_work should not wait for FW
netxen: reduce memory footprint
netxen: fix vlan tso/checksum offload
net: Fix linux/if_frad.h's suitability for userspace.
net: Move config NET_NS to from net/Kconfig to init/Kconfig
isdn: Fix missing ifdef in isdn_ppp
networking: document "nc" in addition to "netcat" in netconsole.txt
e1000e: workaround hw errata
af_key: initialize xfrm encap_oa
virtio_net: Fix MAX_PACKET_LEN to support 802.1Q VLANs
lcs: fix compilation for !CONFIG_IP_MULTICAST
rtl8187: Add termination packet to prevent stall
iwlwifi: fix rs_get_rate WARN_ON()
p54usb: fix packet loss with first generation devices
sctp: Fix another socket race during accept/peeloff
sctp: Properly timestamp outgoing data chunks for rtx purposes
sctp: Correctly start rtx timer on new packet transmissions.
sctp: Fix crc32c calculations on big-endian arhes.
...
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: Fix DAX handling via userspace access from kernel.
sparc64: Annotate sparc64 specific syscalls with SYSCALL_DEFINEx()
[CVE-2009-0029] sparc: Enable syscall wrappers for 64-bit
sparc64: Initialize FHC/CLOCK LED platform_device 'id' field correctly.
sparc64: fix modpost failure
sparc64: fix readout of cpu/fpu type
commit 77ecaf2d5a ("gianfar: Fix VLAN
HW feature related frame/buffer size calculation") wrongly removed
priv->vlgrp assignment, and now priv->vlgrp is always NULL.
This patch fixes the issue, plus fixes following sparse warning
introduced by the same commit:
gianfar.c:1406:13: warning: context imbalance in 'gfar_vlan_rx_register' - wrong count at exit
gfar_vlan_rx_register() checks for "if (old_grp == grp)" and tries
to return w/o dropping the lock.
According to net/8021q/vlan.c VLAN core issues rx_register() callback:
1. In register_vlan_dev() only on a newly created group;
2. In unregister_vlan_dev() only if the group becomes empty.
Thus the check in the gianfar driver isn't needed.
Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Acked-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In previous kernels, any kernel module could get access to the
'real-device' and the VLAN-ID for a particular VLAN. In more recent
kernels, the code was restructured such that this is hard to do
without accessing private .h files for any module that cannot use
GPL-only symbols.
Attached is a patch to once again allow non-GPL modules the ability to
access the real-device and VLAN id for VLANs.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
The current tx_has_work waited until all packets sent by the driver
are marked as completed by the FW. This is too greedy and it causes
the bnx2x_poll to spin in vain. The driver should only check that all
packets FW already completed are freed - only in unload flow the
driver should make sure that transmit queue is empty
Signed-off-by: Vladislav Zolotarov <vladz@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
o reduce rx ring size from 8192 to 4096.
o cut down old huge lro buffers.
Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
o set netdev->vlan_features appropriately.
o fix tso descriptor initialization for vlan case.
Signed-off-by: Dhananjay Phadke <dhananjay@netxen.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The userspace interfaces are protected by CONFIG_* ifdefs
and that of course can't work.
Reported by Jaswinder Singh Rajput.
Signed-off-by: Krzysztof Hałasa <khc@pm.waw.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make NET_NS available underneath the generic Namespaces config option
since all of the other namespace options are there.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The following patch fixes a warning caused by a missing ifdef in
isdn_ppp.c. A function was defined, but never used if CONFIG_IPPP_FILTER
was not defined.
The warning was: 'get_filter' defined but not used
Patch is against 2.6.28.1
Signed-off-by: Daniele Venzano <venza@brownhat.org>
Acked-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Let the kernel developers know that i2c_attach_client() and
i2c_detach_client() are deprecated and should no longer be used.
Drivers using these should be converted to the standard device
driver binding model (probe and remove methods.)
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Ben Dooks <ben-linux@fluff.org>
Now that all EEPROM drivers live in the same place, let's harmonize
their symbol names.
Also fix eeprom's dependencies, it definitely needs sysfs, and is no
longer experimental after many years in the kernel tree.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Cc: David Brownell <dbrownell@users.sourceforge.net>
Update Kconfig text to specify this driver as I2C.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
As drivers/i2c/chips is going to go away, move the driver to
drivers/misc/eeprom. Other eeprom drivers may be moved here later, too.
Update Kconfig text to specify this driver as I2C.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
My i2c quilt tree will now be hosted on kernel.org, because I can
conveniently use rsync there.
Also list the new i2c wiki.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
It always annoyed me that the netconsole documentation didn't give me the
correct command for my distro. Update it with a command line that actually
works on my Fedora install.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There is a hardware errata in some revisions of the 82574 that needs
to be worked around in the driver by setting a register bit at init.
If this bit is not set A0 versions of the 82574 can generate
tx hangs.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Bruce Allan <bruce.w.allan@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6:
klist.c: bit 0 in pointer can't be used as flag
debugfs: introduce stub for debugfs_create_size_t() when DEBUG_FS=n
sysfs: fix problems with binary files
PNP: fix broken pnp lowercasing for acpi module aliases
driver core: Convert '/' to '!' in dev_set_name()
swab.h seems to have been missed during the header merge.
Add conditionals similar to byteorder.h and remove the
now unnecessary byteorder_no/mm.h
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/i915: Fix cursor physical address choice to match the 2D driver.
drm: stash AGP include under the do-we-have-AGP ifdef
drm: don't whine about not reading EDID data
drm/i915: hook up LVDS DPMS property
drm/i915: remove unnecessary debug output in KMS init
i915: fix freeing path for gem phys objects.
drm: create mode_config idr lock
drm: fix leak of device mappings since multi-master changes.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
PCI hotplug: fix lock imbalance in pciehp
PCI PM: Restore standard config registers of all devices early
PCI/MSI: bugfix/utilize for msi_capability_init()
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx:
i.MX31: framebuffer driver
i.MX31: Image Processing Unit DMA and IRQ drivers
dmaengine: add async_tx_clear_ack() macro
dmaengine: dma_issue_pending_all == nop when CONFIG_DMA_ENGINE=n
dmaengine: kill some dubious WARN_ONCEs
fsldma: print correct IRQ on mpc83xx
fsldma: check for NO_IRQ in fsl_dma_chan_remove()
dmatest: Use custom map/unmap for destination buffer
fsldma: use a valid 'device' for dma_pool_create
dmaengine: fix dependency chaining
* 'sh/for-2.6.29' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6: (22 commits)
dma-coherent: Restore dma_alloc_from_coherent() large alloc fall back policy.
dma-coherent: per-device coherent area is in pages, not bytes.
sh: fix unaligned and nonexistent address handling
nommu: Stub in vm_map_ram()/vm_unmap_ram()/vm_unmap_aliases().
sh: fix sh-sci / early printk build on sh7723
sh: export the sh7343 JPU to user space
sh: update defconfigs.
serial: sh-sci: Fix up SH7720/SH7721 SCI build.
sh: Kill off obsolete busses from arch/sh/Kconfig.
sh: sh7785lcr/highlander/hp6xx need linux/irq.h.
sh: Migo-R MMC support using spi_gpio and mmc_spi.
sh: ap325rxa MMC support using spi_gpio and mmc_spi
sh: mach-x3proto: needs linux/irq.h.
sh: Drop the BKL from sys_execve() on SH-5.
sh: convert rsk7203 to use smsc911x.
sh: convert magicpanelr2 platform to use smsc911x.
sh: convert ap325rxa platform to use smsc911x.
sh: mach-migor: Add tw9910 support.
sh: mach-migor: Delete soc_camera_platform setup.
sh: mach-migor: Add ov772x support.
...
* 'Kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/misc: (36 commits)
fs/Kconfig: move 9p out
fs/Kconfig: move afs out
fs/Kconfig: move coda out
fs/Kconfig: move the rest of ncpfs out
fs/Kconfig: move smbfs out
fs/Kconfig: move sunrpc out
fs/Kconfig: move nfsd out
fs/Kconfig: move nfs out
fs/Kconfig: move ufs out
fs/Kconfig: move sysv out
fs/Kconfig: move romfs out
fs/Kconfig: move qnx4 out
fs/Kconfig: move hpfs out
fs/Kconfig: move omfs out
fs/Kconfig: move minix out
fs/Kconfig: move vxfs out
fs/Kconfig: move squashfs out
fs/Kconfig: move cramfs out
fs/Kconfig: move efs out
fs/Kconfig: move bfs out
...
If userspace supplies an invalid pointer to a read() of an inotify
instance, the inotify device's event list mutex is unlocked twice.
This causes an unbalance which effectively leaves the data structure
unprotected, and we can trigger oopses by accessing the inotify
instance from different tasks concurrently.
The best fix (contributed largely by Linus) is a total rewrite
of the function in question:
On Thu, Jan 22, 2009 at 7:05 AM, Linus Torvalds wrote:
> The thing to notice is that:
>
> - locking is done in just one place, and there is no question about it
> not having an unlock.
>
> - that whole double-while(1)-loop thing is gone.
>
> - use multiple functions to make nesting and error handling sane
>
> - do error testing after doing the things you always need to do, ie do
> this:
>
> mutex_lock(..)
> ret = function_call();
> mutex_unlock(..)
>
> .. test ret here ..
>
> instead of doing conditional exits with unlocking or freeing.
>
> So if the code is written in this way, it may still be buggy, but at least
> it's not buggy because of subtle "forgot to unlock" or "forgot to free"
> issues.
>
> This _always_ unlocks if it locked, and it always frees if it got a
> non-error kevent.
Cc: John McCutchan <ttb@tentacle.dhs.org>
Cc: Robert Love <rlove@google.com>
Cc: <stable@kernel.org>
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Use '%zu' to print out a size_t variable, not '%d'. Another case of the
"let's keep at least Linus' defconfig compile warningless" rule.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
debugobjects: add and use INIT_WORK_ON_STACK
rcu: remove duplicate CONFIG_RCU_CPU_STALL_DETECTOR
relay: fix lock imbalance in relay_late_setup_files
oprofile: fix uninitialized use of struct op_entry
rcu: move Kconfig menu
softlock: fix false panic which can occur if softlockup_thresh is reduced
rcu: add __cpuinit to rcu_init_percpu_data()
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
hrtimers: fix inconsistent lock state on resume in hres_timers_resume
time-sched.c: tick_nohz_update_jiffies should be static
locking, hpet: annotate false positive warning
kernel/fork.c: unused variable 'ret'
itimers: remove the per-cpu-ish-ness
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (29 commits)
xen: unitialised return value in xenbus_write_transaction
x86: fix section mismatch warning
x86: unmask CPUID levels on Intel CPUs, fix
x86: work around PAGE_KERNEL_WC not getting WC in iomap_atomic_prot_pfn.
x86: use standard PIT frequency
xen: handle highmem pages correctly when shrinking a domain
x86, mm: fix pte_free()
xen: actually release memory when shrinking domain
x86: unmask CPUID levels on Intel CPUs
x86: add MSR_IA32_MISC_ENABLE bits to <asm/msr-index.h>
x86: fix PTE corruption issue while mapping RAM using /dev/mem
x86: mtrr fix debug boot parameter
x86: fix page attribute corruption with cpa()
Revert "x86: signal: change type of paramter for sys_rt_sigreturn()"
x86: use early clobbers in usercopy*.c
x86: remove kernel_physical_mapping_init() from init section
fix: crash: IP: __bitmap_intersects+0x48/0x73
cpufreq: use work_on_cpu in acpi-cpufreq.c for drv_read and drv_write
work_on_cpu: Use our own workqueue.
work_on_cpu: don't try to get_online_cpus() in work_on_cpu.
...
* 'for-linus' of git://oss.sgi.com/xfs/xfs:
Long btree pointers are still 64 bit on disk
[XFS] Remove the rest of the macro-to-function indirections.
xfs: sanity check attr fork size
xfs: fix bad_features2 fixups for the root filesystem
xfs: add a lock class for group/project dquots
xfs: lockdep annotations for xfs_dqlock2
xfs: add a separate lock class for the per-mount list of dquots
xfs: use mnt_want_write in compat_attrmulti ioctl
xfs: fix dentry aliasing issues in open_by_handle