Commit Graph

26709 Commits

Author SHA1 Message Date
Jan Niehusmann
48564e628b [PATCH] smbfs: Fix slab corruption in samba error path
Yesterday, I got the following error with 2.6.16.13 during a file copy from
a smb filesystem over a wireless link.  I guess there was some error on the
wireless link, which in turn caused an error condition for the smb
filesystem.

In the log, smb_file_read reports error=4294966784 (0xfffffe00), which also
shows up in the slab dumps, and also is -ERESTARTSYS.  Error code 27499
corresponds to 0x6b6b, so the rq_errno field seems to be the only one being
set after freeing the slab.

In smb_add_request (which is the only place in smbfs where I found
ERESTARTSYS), I found the following:

        if (!timeleft || signal_pending(current)) {
                /*
                 * On timeout or on interrupt we want to try and remove the
                 * request from the recvq/xmitq.
                 */
                smb_lock_server(server);
                if (!(req->rq_flags & SMB_REQ_RECEIVED)) {
                        list_del_init(&req->rq_queue);
                        smb_rput(req);
                }
                smb_unlock_server(server);
        }
	[...]
        if (signal_pending(current))
                req->rq_errno = -ERESTARTSYS;

I guess that some codepath like smbiod_flush() caused the request to be
removed from the queue, and smb_rput(req) be called, without
SMB_REQ_RECEIVED being set.  This violates an asumption made by the quoted
code.

Then, the above code calls smb_rput(req) again, the req gets freed, and
req->rq_errno = -ERESTARTSYS writes into the already freed slab.  As
list_del_init doesn't cause an error if called multiple times, that does
cause the observed behaviour (freed slab with rq_errno=-ERESTARTSYS).

If this observation is correct, the following patch should fix it.

I wonder why the smb code uses list_del_init everywhere - using list_del
instead would catch such situations by poisoning the next and prev
pointers.

May  4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Firmware error detected.  Restarting.
May  4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Sysfs 'error' log captured.
May  4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Firmware error detected.  Restarting.
May  4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Sysfs 'error' log already exists.
May  4 23:33:02 knautsch kernel: [17180306.968000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:34:18 knautsch kernel: [17180383.256000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:34:18 knautsch kernel: [17180383.284000] SMB connection re-established (-5)
May  4 23:37:19 knautsch kernel: [17180563.956000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:40:09 knautsch kernel: [17180733.636000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:40:26 knautsch kernel: [17180750.700000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:43:02 knautsch kernel: [17180907.304000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:43:08 knautsch kernel: [17180912.324000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:43:34 knautsch kernel: [17180938.416000] smb_errno: class Unknown, code 27499 from command 0x6b
May  4 23:43:34 knautsch kernel: [17180938.416000] Slab corruption: start=c4ebe09c, len=244
May  4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May  4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May  4 23:43:34 knautsch kernel: [17180938.416000] 0f0: 00 fe ff ff
May  4 23:43:34 knautsch kernel: [17180938.416000] Next obj: start=c4ebe19c, len=244
May  4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May  4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:43:34 knautsch kernel: [17180938.416000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:43:34 knautsch kernel: [17180938.460000] SMB connection re-established (-5)
May  4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Firmware error detected.  Restarting.
May  4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Sysfs 'error' log already exists.
May  4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Firmware error detected.  Restarting.
May  4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Sysfs 'error' log already exists.
May  4 23:45:05 knautsch kernel: [17181029.868000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:45:36 knautsch kernel: [17181060.984000] smb_errno: class Unknown, code 27499 from command 0x6b
May  4 23:45:36 knautsch kernel: [17181060.984000] Slab corruption: start=c4ebe09c, len=244
May  4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May  4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May  4 23:45:36 knautsch kernel: [17181060.984000] 0f0: 00 fe ff ff
May  4 23:45:36 knautsch kernel: [17181060.984000] Next obj: start=c4ebe19c, len=244
May  4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May  4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:45:36 knautsch kernel: [17181060.984000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:45:36 knautsch kernel: [17181061.024000] SMB connection re-established (-5)
May  4 23:46:17 knautsch kernel: [17181102.132000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:47:46 knautsch kernel: [17181190.468000] smb_errno: class Unknown, code 27499 from command 0x6b
May  4 23:47:46 knautsch kernel: [17181190.468000] Slab corruption: start=c4ebe09c, len=244
May  4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May  4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May  4 23:47:46 knautsch kernel: [17181190.468000] 0f0: 00 fe ff ff
May  4 23:47:46 knautsch kernel: [17181190.468000] Next obj: start=c4ebe19c, len=244
May  4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May  4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:47:46 knautsch kernel: [17181190.468000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:47:46 knautsch kernel: [17181190.492000] SMB connection re-established (-5)
May  4 23:49:20 knautsch kernel: [17181284.828000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:49:39 knautsch kernel: [17181303.896000] smb_file_read: //some_file validation failed, error=4294966784

Signed-off-by: Jan Niehusmann <jan@gondor.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:56 -07:00
Marcelo Tosatti
2e367a82fc [PATCH] Marcelo has moved
Signed-off-by: Marcelo Tosatti <marcelo@kvack.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Trent Piepho
5e37661389 [PATCH] symbol_put_addr() locks kernel
Even since a previous patch:

Fix race between CONFIG_DEBUG_SLABALLOC and modules
Sun, 27 Jun 2004 17:55:19 +0000 (17:55 +0000)
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/old-2.6-bkcvs.git;a=commit;h=92b3db26d31cf21b70e3c1eadc56c179506d8fbe

The function symbol_put_addr() will deadlock the kernel.

symbol_put_addr() would acquire modlist_lock, then while holding the lock call
two functions kernel_text_address() and module_text_address() which also try
to acquire the same lock.  This deadlocks the kernel of course.

This patch changes symbol_put_addr() to not acquire the modlist_lock, it
doesn't need it since it never looks at the module list directly.  Also, it
now uses core_kernel_text() instead of kernel_text_address().  The latter has
an additional check for addr inside a module, but we don't need to do that
since we call module_text_address() (the same function kernel_text_address
uses) ourselves.

Signed-off-by: Trent Piepho <xyzzy@speakeasy.org>
Cc: Zwane Mwaikambo <zwane@fsmlabs.com>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Martin Schwidefsky
0159677857 [PATCH] s390: add vmsplice system call
Add new vmsplice system call and add missing __NR_xxx defines for
sys_set_robust_list, sys_get_robust_list, sys_splice, sys_sync_file_range
and sys_tee.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Mark Huang
6a050da45b [PATCH] initramfs: fix CPIO hardlink check
Copy the filenames of hardlinks when inserting them into the hash, since
the "name" pointer may point to scratch space (name_buf).  Not doing so
results in corruption if the scratch space is later overwritten: the wrong
file may be hardlinked, or, if the scratch space contains garbage, the link
will fail and a 0-byte file will be created instead.

Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Greg Smith
698d070746 [PATCH] s390: lcs incorrect test
While debugging why our LCS emulator is having some problems I noticed the
following weirdness in drivers/s390/net/lcs.c routine lcs_irq.  The `if'
statement is always true since SCHN_STAT_PCI is defined as 0x80.

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Andrew Morton
ac924c6034 [PATCH] setup_per_zone_pages_min() overflow fix
As pointed out in http://bugzilla.kernel.org/show_bug.cgi?id=6490, this
function can experience overflows on 32-bit machines, causing our response to
changed values of min_free_kbytes to go whacky.

Fixing it efficiently is all too hard, so fix it with 64-bit math instead.

Cc: Ake Sandgren <ake.sandgren@hpc2n.umu.se>
Cc: Martin Bligh <mbligh@google.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Heiko Carstens
5afdbd6e84 [PATCH] s390: exploit rcu_needs_cpu() interface
Exploit rcu_needs_cpu() interface to keep the cpu 'ticking' if necessary.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Heiko Carstens
986733e01d [PATCH] RCU: introduce rcu_needs_cpu() interface
With "Paul E. McKenney" <paulmck@us.ibm.com>

Introduce rcu_needs_cpu() interface.  This can be used to tell if there
will be a new rcu batch on a cpu soon by looking at the curlist pointer.
This can be used to avoid to enter a tickless idle state where the cpu
would miss that a new batch is ready when rcu_start_batch would be called
on a different cpu.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Olaf Kirch
3b7c810827 [PATCH] smbfs chroot issue (CVE-2006-1864)
Mark Moseley reported that a chroot environment on a SMB share can be left
via "cd ..\\".  Similar to CVE-2006-1863 issue with cifs, this fix is for
smbfs.

Steven French <sfrench@us.ibm.com> wrote:

Looks fine to me.  This should catch the slash on lookup or equivalent,
which will be all obvious paths of interest.

Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Chris Wedgwood
a7b862f663 [PATCH] VIA quirk fixup, additional PCI IDs
An earlier commit (75cf7456dd) changed an
overly-zealous PCI quirk to only poke those VIA devices that need it.
However, some PCI devices were not included in what I hope is now the full
list.  Consequently we're failing to run the quirk on all machines which need
it, causing IRQ routing failures.

This should I hope correct this.

Thanks to Masoud Sharbiani <masouds@masoud.ir> for pointing this out
and testing the fix.

Signed-off-by: Chris Wedgwood <cw@f00f.org>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Benjamin Herrenschmidt
73d5858809 [PATCH] pcmcia Oopses fixes
Fix some NULL dereferences in the pcmcia code when using old userland
tools.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:54 -07:00
Kylene Jo Hall
9458513660 [PATCH] tpm: update module dependencies
The TIS driver is dependent upon information from the ACPI table for device
discovery thus it compiles but does no actual work without this dependency.

Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:54 -07:00
Stefan Schweizer
90d5ede598 [PATCH] Fix capi reload by unregistering the correct major
I am having the bug FATAL: Error inserting capi ([..]/capi.ko): Device or
resource busy when I try to reload capi after loading it.  in dmesg:
capi20: unable to get major 68

Fix the issue which is caused by setting the major to zero when registering
the chrdev succeeded.

(akpm: this means that we can again not use `major=0' (dynamic major
allocation) for this driver).

Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:54 -07:00
Ian Kent
a537055395 [PATCH] autofs4: NFY_NONE wait race fix
This patch fixes two problems.

First, the comparison of entries in the waitq.c was incorrect.

Second, the NFY_NONE check was incorrect. The test of whether the dentry
is mounted if ineffective, for example, if an expire fails then we could
wait forever on a non existant expire. The bug was identified by Jeff
Moyer.

The patch changes autofs4 to wait on expires only as this is all that's
needed.  If there is no existing wait when autofs4_wait is call with a type
of NFY_NONE it delays until either a wait appears or the the expire flag is
cleared.

Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:54 -07:00
Adrian Bunk
6aff5cb8ec [PATCH] fs/open.c: unexport sys_openat
Remove the unused EXPORT_SYMBOL_GPL(sys_openat).

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:54 -07:00
Serge E. Hallyn
0cccca06f9 [PATCH] selinux: check for failed kmalloc in security_sid_to_context()
Check for NULL kmalloc return value before writing to it.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:54 -07:00
Linus Torvalds
9be2f7c38e Revert "[PATCH] i386: export: memory more than 4G through /proc/iomem"
This reverts commit 10dbe196a8.

The resource struct is still 32-bit, so trying to save a 64-bit memory
size there obviously won't work.

When we merge the 64-bit resource series, we can re-enable this.

Thanks to Sachin Sant and Maneesh Soni for debugging

Cc: Maneesh Soni <maneesh@in.ibm.com>
Cc: Sachin Sant <sachinp@in.ibm.com>
Cc: Russell King <rmk+lkml@arm.linux.org.uk>
Cc: Sharyathi Nagesh <sharyath@in.ibm.com>
Cc: Arjan van de Ven <arjan@infradead.org>
Cc: Vivek Goyal <vgoyal@in.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-13 08:01:23 -07:00
Linus Torvalds
032ebf2620 Alternative fix for MMC oops on unmount after removal
Make sure to clear the driverfs_dev pointer when we do del_gendisk() (on
disk removal), so that other users that may still have a ref to the disk
won't try to use the stale pointer.

Also move the KOBJ_REMOVE uevent handler up, so that the uevent still
has access to the driverfs_dev data.

This all should hopefully fix the problems with MMC umounts after device
removals that caused commit 56cf6504fc and
its reversal (1a2acc9e92).

Original problem reported by Todd Blumer and others.

Acked-by: Greg KH <gregkh@suse.de>
Cc: Russell King <rmk+lkml@arm.linux.org.uk>
Cc: James Bottomley <James.Bottomley@SteelEye.com>
Cc: Erik Mouw <erik@harddisk-recovery.com>
Cc: Andrew Vasquez <andrew.vasquez@qlogic.com>
Cc: Todd Blumer <todd@sdgsystems.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-12 18:42:09 -07:00
Linus Torvalds
18552b8f22 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [NEIGH]: Fix IP-over-ATM and ARP interaction.
  [TG3]: ethtool always report port is TP.
2006-05-12 15:39:32 -07:00
Linus Torvalds
faa88df860 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SPARC]: Fix warning on prom_getproperty in openprom.c
  [SPARC]: Handle UNWIND_INFO properly.
  [SPARC64]: Update defconfig.
  [SPARC]: show device name in /proc/dvma_map
  [SPARC]: Remove duplicate symbol exports
2006-05-12 15:26:29 -07:00
Sean Hefty
1b52fa98ed IB: refcount race fixes
Fix race condition during destruction calls to avoid possibility of
accessing object after it has been freed.  Instead of waking up a wait
queue directly, which is susceptible to a race where the object is
freed between the reference count going to 0 and the wake_up(), use a
completion to wait in the function doing the freeing.

Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-12 14:57:52 -07:00
Roland Dreier
6f4bb3d820 IB/ipath: Properly terminate PCI ID table
The ipath driver's table of PCI IDs needs a { 0, } entry at the end.
This makes all of the device aliases visible to userspace so hotplug
loads the module for all supported devices.  Without the patch,
modinfo ipath_core only shows:

    alias:          pci:v00001FC1d0000000Dsv*sd*bc*sc*i*

instead of the correct:

    alias:          pci:v00001FC1d00000010sv*sd*bc*sc*i*
    alias:          pci:v00001FC1d0000000Dsv*sd*bc*sc*i*

Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
2006-05-12 14:57:52 -07:00
Simon Kelley
bd89efc532 [NEIGH]: Fix IP-over-ATM and ARP interaction.
The classical IP over ATM code maintains its own IPv4 <-> <ATM stuff>
ARP table, using the standard neighbour-table code. The
neigh_table_init function adds this neighbour table to a linked list
of all neighbor tables which is used by the functions neigh_delete()
neigh_add() and neightbl_set(), all called by the netlink code.

Once the ATM neighbour table is added to the list, there are two
tables with family == AF_INET there, and ARP entries sent via netlink
go into the first table with matching family. This is indeterminate
and often wrong.

To see the bug, on a kernel with CLIP enabled, create a standard IPv4
ARP entry by pinging an unused address on a local subnet. Then attempt
to complete that entry by doing

ip neigh replace <ip address> lladdr <some mac address> nud reachable

Looking at the ARP tables by using 

ip neigh show

will reveal two ARP entries for the same address. One of these can be
found in /proc/net/arp, and the other in /proc/net/atm/arp.

This patch adds a new function, neigh_table_init_no_netlink() which
does everything the neigh_table_init() does, except add the table to
the netlink all-arp-tables chain. In addition neigh_table_init() has a
check that all tables on the chain have a distinct address family.
The init call in clip.c is changed to call
neigh_table_init_no_netlink().

Since ATM ARP tables are rather more complicated than can currently be
handled by the available rtattrs in the netlink protocol, no
functionality is lost by this patch, and non-ATM ARP manipulation via
netlink is rescued. A more complete solution would involve a rtattr
for ATM ARP entries and some way for the netlink code to give
neigh_add and friends more information than just address family with
which to find the correct ARP table.

[ I've changed the assertion checking in neigh_table_init() to not
  use BUG_ON() while holding neigh_tbl_lock.  Instead we remember that
  we found an existing tbl with the same family, and after dropping
  the lock we'll give a diagnostic kernel log message and a stack dump.
  -DaveM ]

Signed-off-by: Simon Kelley <simon@thekelleys.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-12 14:56:08 -07:00
Martin Habets
586152560a [SPARC]: Fix warning on prom_getproperty in openprom.c
Signed-off-by: Martin Habets <errandir_news@mph.eclipse.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-12 12:53:59 -07:00
Karsten Keil
ef34814426 [TG3]: ethtool always report port is TP.
Even with fiber cards ethtool reports that the connected port is TP,
the patch fix this.

Signed-off-by: Karsten Keil <kkeil@suse.de>
Acked-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-12 12:49:08 -07:00
David S. Miller
06a1be167e [SPARC]: Handle UNWIND_INFO properly.
For sparc32 we need R_SPARC_UA32 relocation support, for
sparc64 we need the handle R_SPARC_DISP32 relocations.

Based upon reports and initial patch by Martin Habets.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-12 12:45:50 -07:00
Linus Torvalds
be1fd94fd6 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6:
  [PATCH] scx200_acb: Fix for the CS5535 errata
  [PATCH] scx200_acb: Fix resource name use after free
  [PATCH] scx200_acb: Fix return on init error
2006-05-12 12:14:52 -07:00
Linus Torvalds
0d38eddab9 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
  [PATCH] USB: fix omninet driver bug
  [PATCH] USB: add ark3116 usb to serial driver
  [PATCH] usbserial: Fixes leak in serial_open() error path.
  [PATCH] usbserial: Fixes use-after-free in serial_open().
  [PATCH] USB: Emagic USB firmware loading fixes
  [PATCH] USB: add an IBM USB keyboard to the HID_QUIRK_NOGET blacklist
  [PATCH] USB: Add Sieraa Wireless 580 evdo card to airprime.c
  [PATCH] USB: ftdi_sio: add device id for ACT Solutions HomePro ZWave interface
  [PATCH] USB: ftdi_sio: Add support for HCG HF Dual ISO RFID Reader
  [PATCH] USB: ub oops in block_uevent
  [PATCH] USB: usbcore: don't check the device's power source
  [PATCH] USB: fix OHCI PM regression
  [PATCH] USB: pegasus fixes (logstorm, suspend)
  [PATCH] USBATM: fix modinfo output
  [PATCH] USBATM: change the default speedtouch iso altsetting
  [PATCH] USB: fix bug in ohci-hcd.c ohci_restart()
2006-05-12 12:14:19 -07:00
Linus Torvalds
1a2acc9e92 Revert "[BLOCK] Fix oops on removal of SD/MMC card"
This reverts commit 56cf6504fc.

Both Erik Mouw and Andrew Vasquez independently pinpointed this commit
as causing problems, where the slab cache for a driver is never released
(most obviously causing problems when immediately re-loading that
driver, resulting in a "kmem_cache_create: duplicate cache <xyz>"
message, but it can also cause other trouble).

James Bottomley dug into it, and reports:

  "OK, here's the scoop.  The problem patch adds a get of driverfs_dev in
   add_disk(), but doesn't put it again until disk_release() (which occurs
   on final put_disk() of the gendisk).

   However, in SCSI, the driverfs_dev is the sdev_gendev.  That means
   there's a reference held on sdev_gendev  until final disk put.
   Unfortunately, we use the driver model driver_remove to trigger
   del_gendisk (which removes the gendisk from visibility and decrements
   the refcount), so we've introduced an unbreakable deadlock in the
   reference counting with this.

   I suggest simply reversing this patch at the moment.  If Russell and
   Jens can tell me what they're trying to do I'll see if there's another
   way to do it."

so hereby the patch gets reverted, waiting for a better fix.

Cc: Jens Axboe <axboe@suse.de>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: James Bottomley <James.Bottomley@SteelEye.com>
Cc: Erik Mouw <erik@harddisk-recovery.com>
Cc: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-12 12:08:46 -07:00
Greg Kroah-Hartman
df3fccb14a [PATCH] USB: fix omninet driver bug
I introduced this way back in 2.6.13 when adding the port lock logic.
This device talks out through different "ports" all at the same time, so
the lock logic was wrong, preventing any data from ever being sent
properly.

Thanks a lot to Bernhard Reiter <bernhard@intevation.de> for being
patient and helping with debugging this.

Cc: Bernhard Reiter <bernhard@intevation.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:10 -07:00
Greg Kroah-Hartman
815ddc99dd [PATCH] USB: add ark3116 usb to serial driver
Based on Simon's original driver, with some minor code cleanups and
tidying by me.

Cc: Simon Schulz <simon@auctionant.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Luiz Fernando Capitulino
71a84163ca [PATCH] usbserial: Fixes leak in serial_open() error path.
If serial_open() fails at the port assignment or mutex_lock_interruptible()
is interrupted, the 'serial' object will never be freed.

We should call kref_put() when those errors happens.

Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Luiz Fernando Capitulino
704936a25b [PATCH] usbserial: Fixes use-after-free in serial_open().
If the device is disconnected while serial_open() is executing and
either try_module_get() or the device specific open function fails, the
kref_put() call in the 'bailout_kref_put' label will free the memory
pointed out by 'port'.

The subsequent dereferences in the 'bailout_kref_put' label will be
invalid.

The fix is just to assure kref_put() is called after any 'port' usage.

Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Monty
16c23f7d88 [PATCH] USB: Emagic USB firmware loading fixes
It's become apparent as machines get faster that the emagic kernel firmware
loaders (based on the ezusb loader) have a reset race.  a 400MHz TiBook
never tripped it, but a 2GHz Pentium M seems to hit it about 30% of the
time.  The bug is seen as a hung USB box and the kernel error:

drivers/usb/misc/emi62.c: emi62_load_firmware - error loading firmware:
error = -110

The patch below inserts a delay after deasserting reset to allow the box to
settle before a new command is issued.  This affects only device startup.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Olaf Hering
332bbf6138 [PATCH] USB: add an IBM USB keyboard to the HID_QUIRK_NOGET blacklist
After recent changes, the USB keyboard as shipped with IBM pSeries systems
does not work anymore, unless the keyboard is replugged after reboot.
Adding this model to the blacklist fixes it.

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Ken Brush
b68f7de02a [PATCH] USB: Add Sieraa Wireless 580 evdo card to airprime.c
This adds the Sierra Wireless card to airprime.c.

I tested this on my laptop.

Signed-off-by: Ken Brush <ken@cgi101.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:08 -07:00
Linus Torvalds
d8c3291c73 Linux v2.6.17-rc4 2006-05-11 16:31:53 -07:00
Linus Torvalds
d649dafd07 Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 3508/1: Update collie defconfig
  [ARM] Fix thread struct allocator for SMP case
  [ARM] Update mach-types
  [ARM] Update versatile_defconfig
2006-05-11 15:46:59 -07:00
Linus Torvalds
2bf9d6d0f2 Merge master.kernel.org:/home/rmk/linux-2.6-serial
* master.kernel.org:/home/rmk/linux-2.6-serial:
  [SERIAL] 8250: add locking to console write function
  [SERIAL] Remove unconditional enable of TX irq for console
  [SERIAL] 8250: set divisor register correctly for AMD Alchemy SoC uart
  [SERIAL] AMD Alchemy UART: claim memory range
  [SERIAL] Clean up serial locking when obtaining a reference to a port
2006-05-11 15:46:42 -07:00
Linus Torvalds
6572b2064a Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [NET_SCHED]: HFSC: fix thinko in hfsc_adjust_levels()
  [IPV6]: skb leakage in inet6_csk_xmit
  [BRIDGE]: Do sysfs registration inside rtnl.
  [NET]: Do sysfs registration as part of register_netdevice.
  [TG3]: Fix possible NULL deref in tg3_run_loopback().
  [NET] linkwatch: Handle jiffies wrap-around
  [IRDA]: Switching to a workqueue for the SIR work
  [IRDA]: smsc-ircc: Minimal hotplug support.
  [IRDA]: Removing unused EXPORT_SYMBOLs
  [IRDA]: New maintainer.
  [NET]: Make netdev_chain a raw notifier.
  [IPV4]: ip_options_fragment() has no effect on fragmentation
  [NET]: Add missing operstates documentation.
2006-05-11 15:35:54 -07:00
Linus Torvalds
f7a014af2d Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: (25 commits)
  [SCSI] mptfc: race between mptfc_register_dev and mptfc_target_alloc
  [SCSI] lpfc 8.1.6 : Fix Data Corruption in Bus Reset Path
  [SCSI] mptspi: revalidate negotiation parameters after host reset and resume
  [SCSI] srp.h: avoid padding of structs
  [SCSI] ibmvscsi: fix leak when failing to send srp event
  [SCSI] qla2xxx: Correct eh_abort recovery logic.
  [SCSI] megaraid_{mm,mbox}: fix a bug in reset handler
  [SCSI] fusion - bug fix stack overflow in mptbase
  [SCSI] scsi: Add IBM 2104-DU3 to blist
  [SCSI] Fix DVD burning issues.
  [SCSI] SCSI: aic7xxx_osm_pci resource leak fix.
  [SCSI] - fusion - mptfc bug fix's to prevent deadlock situations
  [SCSI] mptfusion: bug fix's for raid components adding/deleting
  [SCSI] aic7xxx: ahc_pci_write_config() fix
  [SCSI] megaraid: unused variable
  [SCSI] qla2xxx: only free_irq() after request_irq() succeeds
  [SCSI] Overrun in drivers/scsi/sim710.c
  [SCSI] lpfc 8.1.5 : Change version number to 8.1.5
  [SCSI] lpfc 8.1.5 : Misc small fixes
  [SCSI] lpfc 8.1.5 : Additional fixes to LOGO, PLOGI, and RSCN processing
  ...
2006-05-11 15:34:33 -07:00
Jens Axboe
dac07ec121 [BLOCK] limit request_fn recursion
Don't recurse back into the driver even if the unplug threshold is met,
when the driver asks for a requeue. This is both silly from a logical
point of view (requeues typically happen due to driver/hardware
shortage), and also dangerous since we could hit an endless request_fn
-> requeue -> unplug -> request_fn loop and crash on stack overrun.

Also limit blk_run_queue() to one level of recursion, similar to how
blk_start_queue() works.

This patch fixed a real problem with SLES10 and lpfc, and it could hit
any SCSI lld that returns non-zero from it's ->queuecommand() handler.

Signed-off-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-11 12:38:59 -07:00
Patrick McHardy
210525d65d [NET_SCHED]: HFSC: fix thinko in hfsc_adjust_levels()
When deleting the last child the level of a class should drop to zero.

Noticed by Andreas Mueller <andreas@stapelspeicher.org>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-11 12:22:03 -07:00
Linus Torvalds
f358166a94 ptrace_attach: fix possible deadlock schenario with irqs
Eric Biederman points out that we can't take the task_lock while holding
tasklist_lock for writing, because another CPU that holds the task lock
might take an interrupt that then tries to take tasklist_lock for writing.

Which would be a nasty deadlock, with one CPU spinning forever in an
interrupt handler (although admittedly you need to really work at
triggering it ;)

Since the ptrace_attach() code is special and very unusual, just make it
be extra careful, and use trylock+repeat to avoid the possible deadlock.

Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-11 11:08:49 -07:00
Linus Torvalds
0e44dc3837 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  IB/mthca: FMR ioremap fix
  IPoIB: Free child interfaces properly
  IB/mthca: Fix race in reference counting
  IB/srp: Fix tracking of pending requests during error handling
  IB: Fix display of 4-bit port counters in sysfs
2006-05-10 15:37:47 -07:00
Michael S. Tsirkin
ce477ae4f8 IB/mthca: FMR ioremap fix
Addresses for ioremap must be calculated off of pci_resource_start;
we can't directly use the bus address as seen by the HCA.  Fix the
code that remaps device memory for FMR access.

Based on patch by Klaus Smolin.

Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-10 15:16:57 -07:00
Linus Torvalds
6314410dd1 Merge branch 'upstream' of master.kernel.org:/pub/scm/linux/kernel/git/shemminger/netdev-2.6
* 'upstream' of master.kernel.org:/pub/scm/linux/kernel/git/shemminger/netdev-2.6:
  sis900: phy for FoxCon motherboard
  dl2k: use DMA_48BIT_MASK constant
  phy: mdiobus_register(): initialize all phy_map entries
  sky2: ifdown kills irq mask
2006-05-10 14:59:29 -07:00
James Cameron
d8e95e52a9 sis900: phy for FoxCon motherboard
661FX7MI-S motherboard which uses the SiS 661FX chipset.  The patch adds
an entry to mii_chip_info for the transceiver.

The PHY ids were found using the sis900_c_122.diff patch from
http://brownhat.org/sis900.html but that patch didn't solve the problem,
because the PHY at address 1 was already being chosen.

Without my patch, when bursts of packets arrive from other hosts on a
LAN, the interface dropped one roughly 10% of the time, causing
retransmits.  There were fifth second pauses in refresh of large xterms,
and it made Netrek suck.  I can provide further test data.

Workaround in lieu of patch is to use mii-tool to advertise
100baseTx-HD, then force renegotiation.

I wasn't able to identify the actual transceiver, so the description
field is a guess.

This patch is similar to Artur Skawina's patch:
http://marc.theaimsgroup.com/?l=linux-netdev&m=114297516729079&w=2

I'm not sure, but I wonder if it means the default behaviour should be
changed, so as to better handle future transceivers.

Diff is against 2.6.16.13.

Signed-off-by: James Cameron <james.cameron@hp.com>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-10 14:04:52 -07:00
Francois Romieu
4c1b46226c dl2k: use DMA_48BIT_MASK constant
Typo will be harder with this one.

Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-10 14:04:22 -07:00