The error handling around fib_insert_node was broken because we always
zeroed the error before checking it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
NETROM network devices are virtual network devices encapsulating NETROM
frames into AX.25 which will be sent through an AX.25 device, so form a
special "super class" of normal net devices; split their locks off into a
separate class since they always nest.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
ROSE network devices are virtual network devices encapsulating ROSE
frames into AX.25 which will be sent through an AX.25 device, so form a
special "super class" of normal net devices; split their locks off into
a separate class since they always nest.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Right now all uses of the ax25_list_lock lock are _bh locks but knowing
some code is only ever getting invoked from _bh context we can better.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The truesize check has uncovered the fact that we forgot to update truesize
after pskb_expand_head. Unfortunately pskb_expand_head can't update it for
us because it's used in all sorts of different contexts, some of which would
not allow truesize to be updated by itself.
So the solution for now is to simply update it in IPComp.
This patch also changes skb_put to __skb_put since we've just expanded
tailroom by exactly that amount so we know it's there (but gcc does not).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
In the source address selection, the address must be sorted
from global to node-local.
But, ifp->scope is different from the scope for source address
selection.
2001::1 fe80::1 ::1
ifp->scope 0 0x02 0x01
ipv6_addr_src_scope(&ifp->addr) 0x0e 0x02 0x01
So, we need to use ipv6_addr_src_scope(&ifp->addr) for sorting.
And, for backward compatibility, addresses should be sorted from
new one to old one.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
I think there is still a problem with the AIMD parameter update in
HighSpeed TCP code.
Line 125~138 of the code (net/ipv4/tcp_highspeed.c):
/* Update AIMD parameters */
if (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd) {
while (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd &&
ca->ai < HSTCP_AIMD_MAX - 1)
ca->ai++;
} else if (tp->snd_cwnd < hstcp_aimd_vals[ca->ai].cwnd) {
while (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd &&
ca->ai > 0)
ca->ai--;
In fact, the second part (decreasing ca->ai) never decreases since the
while loop's inequality is in the reverse direction. This leads to
unfairness with multiple flows (once a flow happens to enjoy a higher
ca->ai, it keeps enjoying that even its cwnd decreases)
Here is a tentative fix (I also added a comment, trying to keep the
change clear):
Acked-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
nr_destroy_socket takes the socket lock itself so it should better be
called with the socket unlocked.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
When establishing a new circuit in nr_rx_frame the locks are taken in
a different order than in the rest of the stack. This should be
harmless but triggers lockdep. Either way, reordering the code a
little solves the issue.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Delivery of AX.25 frame to the layer 3 protocols happens in softirq
context so locking needs to be bh-proof.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
If IPv6 addresses are ordered by scope, then ipv6_dev_get_saddr() can
break-out of the device addr_list for() loop when the candidate source
address scope is less than the destination address scope.
Signed-off-by: Brian Haley <brian.haley@hp.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Prior to 2.6.18rc1 you could install with devices on a JMicron chipset
using the "all-generic-ide" option. As of this kernel the AHCI driver
grabs the controller and rams it into AHCI mode losing the PATA ports
and making CD drives and the like vanish. The all-generic-ide option
fails because the AHCI driver grabbed the PCI device and reconfigured
it.
To fix this three things are needed.
#1 We must put the chip into dual function mode
#2 The AHCI driver must grab only function 0 (already in your rc1 tree)
#3 Something must grab the PATA ports
The attached patch is the minimal risk edition of this. It puts the chip
into dual function mode so that AHCI will grab the SATA ports without
losing the PATA ports. To keep the risk as low as possible the third
patch adds the PCI identifiers for the PATA port and the FN check to the
ide-generic driver. There is a more featured jmicron driver on its way
but that adds risk and the ide-generic support is sufficient to install
and run a system.
The actual chip setup done by the quirk is the precise setup recommended
by the vendor.
(The JMB368 appears only in the ide-generic entry as it has no AHCI so
does not need the quirk)
Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
During the recent discussion of taking 'volatile' off of the spinlock, I
noticed that while most arches #define cpu_relax() such that it implies
barrier(), some arches define cpu_relax() to be empty.
This patch changes the definition of cpu_relax() for frv, h8300, m68knommu,
sh, sh64, v850 and xtensa from an empty while(0) to the compiler barrier().
Signed-off-by: Chase Venters <chase.venters@clientec.com>
Acked-by: Arjan van de Ven <arjan@Linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Joseph Fannin reported that hpet_rtc_interrupt() enables hardirqs
in irq context:
[ 25.628000] [<c014af4e>] trace_hardirqs_on+0xce/0x200
[ 25.628000] [<c036cf21>] _spin_unlock_irq+0x31/0x70
[ 25.628000] [<c0296584>] rtc_get_rtc_time+0x44/0x1a0
[ 25.628000] [<c01198bb>] hpet_rtc_interrupt+0x21b/0x280
[ 25.628000] [<c0161141>] handle_IRQ_event+0x31/0x70
[ 25.628000] [<c0162d37>] handle_edge_irq+0xe7/0x210
[ 25.628000] [<c0106192>] do_IRQ+0x92/0x120
[ 25.628000] [<c0104121>] common_interrupt+0x25/0x2c
the call of rtc_get_rtc_time() is highly suspect. At a minimum we
need the patch below to save/restore hardirq state.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: Joseph Fannin <jfannin@gmail.com>
Cc: John Stultz <johnstul@us.ibm.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
We're supposed to go the next power of two if nfds==nr.
Of `nr', not of `nfsd'.
Spotted by Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
It looks like someone confused kmem_cache_create with a different allocator
and was attempting to give it knowledge of how many cache entries there
were.
With the unfortunate result that each slab entry was big enough to hold
every irq.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Address a potential 'larger than buffer size' memory access by
clear_user(). Without this patch, this call to clear_user() can attempt to
clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by
read_kcore().
Signed-off-by: Adam B. Jerome <abj@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
sysfs has a different i_mutex lock order behavior for i_mutex than the
other filesystems; sysfs i_mutex is called in many places with subsystem
locks held. At the same time, many of the VFS locking rules do not apply
to sysfs at all (cross directory rename for example). To untangle this
mess (which gives false positives in lockdep), we're giving sysfs inodes
their own class for i_mutex.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
When found, it is obvious. nfds calculated when allocating fdsets is
rewritten by calculation of size of fdtable, and when we are unlucky, we
try to free fdsets of wrong size.
Found due to OpenVZ resource management (User Beancounters).
Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Based on a patch from Ernie Petrides
During security research, Red Hat discovered a behavioral flaw in core
dump handling. A local user could create a program that would cause a
core file to be dumped into a directory they would not normally have
permissions to write to. This could lead to a denial of service (disk
consumption), or allow the local user to gain root privileges.
The prctl() system call should never allow to set "dumpable" to the
value 2. Especially not for non-privileged users.
This can be split into three cases:
1) running as root -- then core dumps will already be done as root,
and so prctl(PR_SET_DUMPABLE, 2) is not useful
2) running as non-root w/setuid-to-root -- this is the debatable case
3) running as non-root w/setuid-to-non-root -- then you definitely
do NOT want "dumpable" to get set to 2 because you have the
privilege escalation vulnerability
With case #2, the only potential usefulness is for a program that has
designed to run with higher privilege (than the user invoking it) that
wants to be able to create root-owned root-validated core dumps. This
might be useful as a debugging aid, but would only be safe if the program
had done a chdir() to a safe directory.
There is no benefit to a production setuid-to-root utility, because it
shouldn't be dumping core in the first place. If this is true, then the
same debugging aid could also be accomplished with the "suid_dumpable"
sysctl.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
'devices' is not a good name for a global variable.
Thankfully, it can become static.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Fixed the missing array terminators in AD1988 codec support code.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Fix a occasional deadlock occuring with snd-rtctimer driver,
added irqsave to the lock in tasklet (ALSA bug#952).
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Fixed 'section mismatch' errors in ALSA PCI drivers:
- removed invalid __devinitdata from pci id tables
- fix/remove __devinit of functions called in suspend/resume
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Drop the snd_minor structure's name field that was just a helper for
devfs device deregistration.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
The wavefront driver used __init in some places referenced by __devinit
functions.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Fix the workaround for AD1988A rev2 codec not to apply to AD1988B codec
chips.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Fix the driver string name for Terratec Aureon 7.1 Universe
to fit in 15 letters to avoid the overflow.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
CONFIG_SND_FM801=y, CONFIG_SND_FM801_TEA575X=m resulted in the following
compile error:
<-- snip -->
...
LD vmlinux
sound/built-in.o: In function 'snd_fm801_free':
fm801.c:(.text+0x3c15b): undefined reference to 'snd_tea575x_exit'
sound/built-in.o: In function 'snd_card_fm801_probe':
fm801.c:(.text+0x3cfde): undefined reference to 'snd_tea575x_init'
make: *** [vmlinux] Error 1
<-- snip -->
This patch fixes kernel Bugzilla #6458.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
if one of the first three CS_CHECKS fails, we goto cs_failed:
In this case parse we donr kfree() parse. Since the the last three
CS_CHECKS might also fail, i moved the kfree() below all the CS_CHECKs
and added one in the error path. This fixes coverity bug id #1099
Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
This is confirmed to fix a hang due to PCI resource conflicts with
setting up the Cardbus bridge on old laptops with the 440MX chipsets.
Original report by Alessio Sangalli, lspci debugging help by Pekka
Enberg, and trial patch suggested by Daniel Ritz:
"From the docs available i would _guess_ this thing is really similar
to the 82443BX/82371AB combination. at least the SMBus base address
register is hidden at the very same place (32bit at 0x90 in function
3 of the "south" brigde)"
The dang thing is largely undocumented, but the patch was corroborated
by Asit Mallick:
"I am trying to find the register information. 440MX is an integration of
440BX north-bridge without AGP and PIIX4E (82371EB). PIIX4 quirk
should cover the ACPI and SMBus related I/O registers."
and verified to fix the problem by Alessio.
Cc: Daniel Ritz <daniel.ritz-ml@swissonline.ch>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Dmitry Torokhov <dtor_core@ameritech.net>
Tested-by: Alessio Sangalli <alesan@manoweb.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
1. Multipath devices for which SetPGID is not supported are not handled well.
Use NOP ccws for path verification (sans path grouping) when SetPGID is not
supported.
2. Check for PGIDs already set with SensePGID on _all_ paths (not just the
first one) and try to find a common one. Moan if no common PGID can be
found (and use NOP verification). If no PGIDs have been set, use the css
global PGID (as before). (Rationale: SetPGID will get a command reject if
the PGID it tries to set does not match the already set PGID.)
3. Immediately before reboot, issue RESET CHANNEL PATH (rcp) on all chpids. This
will remove the old PGIDs. rcp will generate solicited CRWs which can be
savely ignored by the machine check handler (all other actions create
unsolicited CRWs).
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The module parameters for xpram are not or in a wrong way parsed.
The xpram module uses the module_param_array directive with an int
parameter which causes the kernel to automatically parse the passed
numbers. This will cause errors if arguments are omitted or cause
wrong results if arguments have size qualifiers.
Use module_param_array with charp and parse the arguments later.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
futex_atomic_cmpxchg_inatomic has the same bug as the other
atomic futex operations: the operation needs to be done in the
user address space, not the kernel address space. Add the missing
sacf 256 & sacf 0.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Add a reg_mutex to prevent unregistering a subchannel before it has been
registered. Since 2.6.17, we've seen oopses in kslowcrw when a device is
found to be not operational during sense id when doing initial device
recognition; it is not clear yet why that particular problem was not (yet)
observed with earlier kernels...
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Make sure that raw_local_save_flags and raw_local_irq_restore always get an
unsigned long parameter. raw_irqs_disabled should call raw_local_save_flags
instead of local_save_flags.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
__builtin_trap() has the archictecture defined backend in gcc since gcc 3.3.
To make sure the kernel builds with gcc 3.2 as well, use the old style BUG()
statement if compiled with older gcc versions.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>