Commit Graph

6035 Commits

Author SHA1 Message Date
David Meybohm
4c5640cb5f [PATCH] preempt race in getppid
With CONFIG_PREEMPT && !CONFIG_SMP, it's possible for sys_getppid to
return a bogus value if the parent's task_struct gets reallocated after
current->group_leader->real_parent is read:

        asmlinkage long sys_getppid(void)
        {
                int pid;
                struct task_struct *me = current;
                struct task_struct *parent;

                parent = me->group_leader->real_parent;
RACE HERE =>    for (;;) {
                        pid = parent->tgid;
        #ifdef CONFIG_SMP
        {
                        struct task_struct *old = parent;

                        /*
                         * Make sure we read the pid before re-reading the
                         * parent pointer:
                         */
                        smp_rmb();
                        parent = me->group_leader->real_parent;
                        if (old != parent)
                                continue;
        }
        #endif
                        break;
                }
                return pid;
        }

If the process gets preempted at the indicated point, the parent process
can go ahead and call exit() and then get wait()'d on to reap its
task_struct. When the preempted process gets resumed, it will not do any
further checks of the parent pointer on !CONFIG_SMP: it will read the
bad pid and return.

So, the same algorithm used when SMP is enabled should be used when
preempt is enabled, which will recheck ->real_parent in this case.

Signed-off-by: David Meybohm <dmeybohmlkml@bellsouth.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-23 11:44:29 -07:00
Linus Torvalds
3f024c1a4b Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2005-08-23 11:06:56 -07:00
David S. Miller
dc16aaf29d [ROSE]: Fix missing unlocks in rose_route_frame()
Noticed by Coverity checker.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:50:09 -07:00
David S. Miller
d5d283751e [TCP]: Document non-trivial locking path in tcp_v{4,6}_get_port().
This trips up a lot of folks reading this code.
Put an unlikely() around the port-exhaustion test
for good measure.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:49:54 -07:00
David S. Miller
89ebd197eb [TCP]: Unconditionally clear TCP_NAGLE_PUSH in skb_entail().
Intention of this bit is to force pushing of the existing
send queue when TCP_CORK or TCP_NODELAY state changes via
setsockopt().

But it's easy to create a situation where the bit never
clears.  For example, if the send queue starts empty:

1) set TCP_NODELAY
2) clear TCP_NODELAY
3) set TCP_CORK
4) do small write()

The current code will leave TCP_NAGLE_PUSH set after that
sequence.  Unconditionally clearing the bit when new data
is added via skb_entail() solves the problem.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:13:06 -07:00
Thomas Graf
0fbbeb1ba4 [PKT_SCHED]: Fix missing qdisc_destroy() in qdisc_create_dflt()
qdisc_create_dflt() is missing to destroy the newly allocated
default qdisc if the initialization fails resulting in leaks
of all kinds. The only caller in mainline which may trigger
this bug is sch_tbf.c in tbf_create_dflt_qdisc().

Note: qdisc_create_dflt() doesn't fulfill the official locking
      requirements of qdisc_destroy() but since the qdisc could
      never be seen by the outside world this doesn't matter
      and it can stay as-is until the locking of pkt_sched
      is cleaned up.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:12:44 -07:00
Vlad Yasevich
d2287f8441 [SCTP]: Add SENTINEL to SCTP MIB stats
Add SNMP_MIB_SENTINEL to the definition of the sctp_snmp_list so that
the output routine in proc correctly terminates.  This was causing some
problems running on ia64 systems.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:12:04 -07:00
Ralf Baechle
01d7dd0e9f [AX25]: UID fixes
o Brown paperbag bug - ax25_findbyuid() was always returning a NULL pointer
   as the result.  Breaks ROSE completly and AX.25 if UID policy set to deny.

 o While the list structure of AX.25's UID to callsign mapping table was
   properly protected by a spinlock, it's elements were not refcounted
   resulting in a race between removal and usage of an element.

Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:11:45 -07:00
Ralf Baechle
53b924b31f [NET]: Fix socket bitop damage
The socket flag cleanups that went into 2.6.12-rc1 are basically oring
the flags of an old socket into the socket just being created.
Unfortunately that one was just initialized by sock_init_data(), so already
has SOCK_ZAPPED set.  As the result zapped sockets are created and all
incoming connection will fail due to this bug which again was carefully
replicated to at least AX.25, NET/ROM or ROSE.

In order to keep the abstraction alive I've introduced sock_copy_flags()
to copy the socket flags from one sockets to another and used that
instead of the bitwise copy thing.  Anyway, the idea here has probably
been to copy all flags, so sock_copy_flags() should be the right thing.
With this the ham radio protocols are usable again, so I hope this will
make it into 2.6.13.

Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:11:30 -07:00
Patrick McHardy
66a79a19a7 [NETFILTER]: Fix HW checksum handling in ip_queue/ip6_queue
The checksum needs to be filled in on output, after mangling a packet
ip_summed needs to be reset.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:10:35 -07:00
Dave Johnson
1344a41637 [IPV4]: Fix negative timer loop with lots of ipv4 peers.
From: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>

Found this bug while doing some scaling testing that created 500K inet
peers.

peer_check_expire() in net/ipv4/inetpeer.c isn't using inet_peer_gc_mintime
correctly and will end up creating an expire timer with less than the
minimum duration, and even zero/negative if enough active peers are
present.

If >65K peers, the timer will be less than inet_peer_gc_mintime, and with
>70K peers, the timer duration will reach zero and go negative.

The timer handler will continue to schedule another zero/negative timer in
a loop until peers can be aged.  This can continue for at least a few
minutes or even longer if the peers remain active due to arriving packets
while the loop is occurring.

Bug is present in both 2.4 and 2.6.  Same patch will apply to both just
fine.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:10:15 -07:00
Herbert Xu
c3a20692ca [RPC]: Kill bogus kmap in krb5
While I was going through the crypto users recently, I noticed this
bogus kmap in sunrpc.  It's totally unnecessary since the crypto
layer will do its own kmap before touching the data.  Besides, the
kmap is throwing the return value away.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:09:53 -07:00
Dmitry Yusupov
14869c3886 [TCP]: Do TSO deferral even if tail SKB can go out now.
If the tail SKB fits into the window, it is still
benefitical to defer until the goal percentage of
the window is available.  This give the application
time to feed more data into the send queue and thus
results in larger TSO frames going out.

Patch from Dmitry Yusupov <dima@neterion.com>.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-23 10:09:27 -07:00
Peter Chubb
a4cce10492 [IA64] Fix simulator boot (for real this time).
Thanks to Stephane, we've now worked out the real cause of the
`Linux  will not boot on simulator' problem.  Turns out it's a stack
overflow because the stack pointer wasn't being initialised properly
in boot_head.S (it was being initialised to the lowest instead of the
highest address of the stack, so the first push started to overwrite
data in the BSS).

Signed-off-by: Peter Chubb <peterc@gelato.unsw.edu.au>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2005-08-23 07:41:56 -07:00
Tony Luck
62d75f3753 [IA64] backout incorrect fix for simulator boot issue
Earlier fix in 4aec0fb122 just
masked the real problem.

Signed-off-by: Tony Luck <tony.luck@intel.com>
2005-08-23 07:39:15 -07:00
Tony Luck
034e5356a4 Pull prarit-bus-sysdata into release branch 2005-08-23 07:27:28 -07:00
Jeff Garzik
6885433c25 libata: release prep (bump versions, etc.)
- bump versions where necessary
- remove two duplicated+outdated doc comments
- add MODULE_VERSION() to AHCI driver
2005-08-23 02:53:51 -04:00
John W. Linville
7087e29554 [PATCH] i810_audio: fix release_region misordering in error exit from i810_probe
Re-order release_region calls in i810_probe to properly unwind preceding
allocations.

Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2005-08-23 01:38:22 -04:00
Tony Luck
729c80c6ff Auto-update from upstream 2005-08-22 14:31:36 -07:00
Linus Torvalds
f6fdd7d9c2 Don't allow normal users to set idle IO priority
It has all the normal priority inversion problems.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-20 18:51:29 -07:00
Patrick McHardy
7e71af49d4 [NETFILTER]: Fix HW checksum handling in TCPMSS target
Most importantly, remove bogus BUG() in receive path.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-20 17:40:41 -07:00
Patrick McHardy
f93592ff4f [NETFILTER]: Fix HW checksum handling in ECN target
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-20 17:39:15 -07:00
Patrick McHardy
fd841326d7 [NETFILTER]: Fix ECN target TCP marking
An incorrect check made it bail out before doing anything.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-20 17:38:40 -07:00
Alexey Dobriyan
a5ea169c95 [PATCH] freevxfs: fix breakage introduced by symlink fixes
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-20 14:30:50 -07:00
Linus Torvalds
db873896d1 befs: fix up missed follow_link declaration change
We'd updated the prototype and the return value, but not the function
declaration itself.
2005-08-20 13:20:01 -07:00
Andi Kleen
1eecd73cce [PATCH] x86_64: Fix race in TSC synchronization
Plug a race in TSC synchronization

We need to do tsc_sync_wait() before the CPU is set online to prevent
multiple CPUs from doing it in parallel - which won't work because TSC
sync has global unprotected state.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-19 19:18:47 -07:00
Andi Kleen
5e5ec10499 [PATCH] x86_64: Don't print exceptions for ltrace
Don't printk exceptions for ltrace

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-19 19:18:47 -07:00
Linus Torvalds
916fa469ab Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2005-08-19 19:15:57 -07:00
Linus Torvalds
b8d9598c41 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6 2005-08-19 18:59:49 -07:00
Steve Dickson
01c314a0c0 [PATCH] NFSv4: unbalanced BKL in nfs_atomic_lookup()
Added missing unlock_kernel() to NFSv4 atomic lookup.

Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-19 18:44:56 -07:00
Steven Rostedt
cd3716ab40 [PATCH] Mobil Pentium 4 HT and the NMI
I'm trying to get the nmi working with my laptop (IBM ThinkPad G41) and after
debugging it a while, I found that the nmi code doesn't want to set it up for
this particular CPU.

Here I have:

$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 15
model           : 4
model name      : Mobile Intel(R) Pentium(R) 4 CPU 3.33GHz
stepping        : 1
cpu MHz         : 3320.084
cache size      : 1024 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 1
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 3
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe pni
monitor ds_cpl est tm2 cid xtpr
bogomips        : 6642.39

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 15
model           : 4
model name      : Mobile Intel(R) Pentium(R) 4 CPU 3.33GHz
stepping        : 1
cpu MHz         : 3320.084
cache size      : 1024 KB
physical id     : 0
siblings        : 2
core id         : 0
cpu cores       : 1
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 3
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe pni
monitor ds_cpl est tm2 cid xtpr
bogomips        : 6637.46

And the following code shows:

$ cat linux-2.6.13-rc6/arch/i386/kernel/nmi.c

[...]

void setup_apic_nmi_watchdog (void)
{
        switch (boot_cpu_data.x86_vendor) {
        case X86_VENDOR_AMD:
                if (boot_cpu_data.x86 != 6 && boot_cpu_data.x86 != 15)
                        return;
                setup_k7_watchdog();
                break;
        case X86_VENDOR_INTEL:
                 switch (boot_cpu_data.x86) {
                case 6:
                        if (boot_cpu_data.x86_model > 0xd)
                                return;

                        setup_p6_watchdog();
                        break;
                case 15:
                        if (boot_cpu_data.x86_model > 0x3)
                                return;

Here I get boot_cpu_data.x86_model == 0x4.  So I decided to change it and
reboot.  I now seem to have a working NMI.  So, unless there's something know
to be bad about this processor and the NMI.  I'm submitting the following
patch.

Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Acked-by: Zwane Mwaikambo <zwane@arm.linux.org.uk>
Acked-by: Mikael Pettersson <mikpe@csd.uu.se>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-19 18:44:56 -07:00
Al Viro
008b150a3c [PATCH] Fix up symlink function pointers
This fixes up the symlink functions for the calling convention change:

 * afs, autofs4, befs, devfs, freevxfs, jffs2, jfs, ncpfs, procfs,
   smbfs, sysvfs, ufs, xfs - prototype change for ->follow_link()
 * befs, smbfs, xfs - same for ->put_link()

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-19 18:08:21 -07:00
Linus Torvalds
cc314eef01 Fix nasty ncpfs symlink handling bug.
This bug could cause oopses and page state corruption, because ncpfs
used the generic page-cache symlink handlign functions.  But those
functions only work if the page cache is guaranteed to be "stable", ie a
page that was installed when the symlink walk was started has to still
be installed in the page cache at the end of the walk.

We could have fixed ncpfs to not use the generic helper routines, but it
is in many ways much cleaner to instead improve on the symlink walking
helper routines so that they don't require that absolute stability.

We do this by allowing "follow_link()" to return a error-pointer as a
cookie, which is fed back to the cleanup "put_link()" routine.  This
also simplifies NFS symlink handling.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-19 18:02:56 -07:00
Al Viro
2fb1e3086d [PATCH] jffs2: fix symlink error handling
The current calling conventions for ->follow_link() are already fairly
complex.

What we have is
	1) you can return -error; then you must release nameidata yourself
	   and ->put_link() will _not_ be called.
	2) you can do nd_set_link(nd, ERR_PTR(-error)) and return 0
	3) you can do nd_set_link(nd, path) and return 0
	4) you can return 0 (after having moved nameidata yourself)

jffs2 follow_link() is broken - it has an exit where it returns
-EIO and leaks nameidata.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-19 17:57:19 -07:00
Al Viro
83c4e43722 [SPARC]: Fix weak aliases
sparc_ksyms.c used to declare weak alias to several gcc intrinsics.  It
doesn't work with gcc4 anymore - it wants a declaration for the thing
we are aliasing to and that's not going to happen for something like
.mul, etc.  Replaced with direct injection of weak alias on the assembler
level - .weak <alias> followed by <alias> = <aliased>; that works on all
gcc versions.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-19 15:56:37 -07:00
David S. Miller
a3f9985843 [SPARC64]: Move kernel unaligned trap handlers into assembler file.
GCC 4.x really dislikes the games we are playing in
unaligned.c, and the cleanest way to fix this is to
move things into assembler.

Noted by Al Viro.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-19 15:55:33 -07:00
Ben Colline
8d5290149e [SPARC]: Deal with glibc changing macro names in modpost.c
GLIBC 2.3.4 and later changed the STT_REGISTER macro to
STT_SPARC_REGISTER, so we need to cope with that somehow.

Original patch from fabbione, reposted by Ben Collins.

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-19 13:44:57 -07:00
David S. Miller
034ea6388a [TG3]: Update driver version and reldate.
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-19 12:57:31 -07:00
Michael Chan
da6b2d01d6 [TG3]: Fix SerDes detection
A problem was reported by Grant Grundler on an HP rx8620 using IOX
Core LAN partno(A7109-6) 5701 copper NIC. The tg3 driver mistakenly
detects this NIC as having a SerDes PHY and link does not come up as a
result.

The problem was caused by an incorrectly programmed eeprom that set the
NIC_SRAM_DATA_CFG_PHY_TYPE_FIBER bit in the NIC_SRAM_DATA_CFG location.

This patch will override the NIC_SRAM_DATA_CFG_PHY_TYPE_FIBER bit if a
valid PHY ID is read from the MII registers on older 570x chips where
the MII interface is not used on SerDes chips. On newer chips such as
the 5780 that use MII for both copper and SerDes, SerDes detection must
rely on the eeprom.

This patch will make the SerDes detection identical to versions 3.25 and
older.

Signed-off-by: Michael Chan <mchan@broadcom.com>
Acked-by: Grant Grundler <iod00d@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-19 12:54:29 -07:00
Tony Luck
4eaefb3952 Auto-update from upstream 2005-08-18 16:44:15 -07:00
Linus Torvalds
91aa9fb573 Merge master.kernel.org:/pub/scm/linux/kernel/git/bart/ide-2.6 2005-08-18 15:16:12 -07:00
Linus Torvalds
5fdf193b15 Merge head 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 2005-08-18 14:58:21 -07:00
Linus Torvalds
f3ed8b4447 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6 2005-08-18 14:57:53 -07:00
Tony Luck
3a931d4cca [IA64] remove unused function __ia64_get_io_port_base
Not only was this unused, but its somewhat eccentric declaration
of "static inline const unsigned long" gives gcc4 heartburn.

Signed-off-by: Tony Luck <tony.luck@intel.com>
2005-08-18 14:40:00 -07:00
Herbert Xu
6fc8b9e7c6 [IPCOMP]: Fix false smp_processor_id warning
This patch fixes a false-positive from debug_smp_processor_id().

The processor ID is only used to look up crypto_tfm objects.
Any processor ID is acceptable here as long as it is one that is
iterated on by for_each_cpu().

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-18 14:36:59 -07:00
David S. Miller
2cab224d1f [SPARC64]: Fix 2 bugs in cpufreq drivers.
1) cpufreq wants frequenceis in KHZ not MHZ
2) provide ->get() method so curfreq node is created

Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-18 14:35:38 -07:00
Ian Wienand
4aec0fb122 [IA64] Simulator bootloader fails with gcc 4
After building a fresh tree with gcc 4 I can't boot the simulator as
the bootloader loader dies with 

loading /home/ianw/kerntest/kerncomp//build/sim_defconfig/vmlinux...
failed to read phdr

After some investigation I believe this is do with differences between
the alignment of variables on the stack between gcc 3 and 4 and the
ski simulator.  If you trace through with the simulator you can see
that the disk_stat structure value returned from the SSC_WAIT_COMPLETION
call seems to be only half loaded.  I guess it doesn't like the alignment
of the input.

Signed-off-by: Ian Wienand <ianw@gelato.unsw.edu.au>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2005-08-18 14:10:41 -07:00
Patrick McHardy
cb94c62c25 [IPV4]: Fix DST leak in icmp_push_reply()
Based upon a bug report and initial patch by
Ollie Wild.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-18 14:05:44 -07:00
Ralf Baechle
2278364956 [NET]: Fix comment in loopback driver.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-18 14:05:18 -07:00
Jay Vosburgh
001dd250c1 [TOKENRING]: Use interrupt-safe locking with rif_lock.
Change operations on rif_lock from spin_{un}lock_bh to
spin_{un}lock_irq{save,restore} equivalents.  Some of the
rif_lock critical sections are called from interrupt context via
tr_type_trans->tr_add_rif_info.  The TR NIC drivers call tr_type_trans
from their packet receive handlers.

Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-18 14:04:51 -07:00