- 23 May, 2007 40 commits
-
-
Jamal Hadi Salim authored
This fixes an out-of-boundary condition when the classified band equals q->bands. Caught by Alexey Signed-off-by:
Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Chris Wright <chrisw@sous-sol.org>
-
Corey Mutter authored
Reverse the sense of the promiscuous-mode tests in ip6_mc_input(). Signed-off-by:
Corey Mutter <crm-netdev@mutternet.com> Signed-off-by:
David L Stevens <dlstevens@us.ibm.com> Signed-off-by:
-
YOSHIFUJI Hideaki authored
I think this is less critical, but is also suitable for -stable release. Signed-off-by:
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by:
-
YOSHIFUJI Hideaki authored
Because skb->dst is assigned in ip6_route_input(), it is really bad to use it in hop-by-hop option handler(s). Closes: Bug #8450 (Eric Sesterhenn <snakebyte@gmx.de>) Signed-off-by:
-
David L Stevens authored
When an IPv6 router is forwarding a packet with a link-local scope source address off-link, RFC 4007 requires it to send an ICMPv6 destination unreachable with code 2 ("not neighbor"), but Linux doesn't. Fix below. Signed-off-by: -
Eric Dumazet authored
vgettimeofday() may return some bad timeval values, (tv_usec = 1000000), because of a wrong compare. Signed-off-by:
Eric Dumazet <dada1@cosmosbay.com> Signed-off-by:
-
Corey Minyard authored
Fix a rather obvious error that Patrick found in the setup routines. Need to set the proper address space in the ACPI case. Signed-off-by:
Corey Minyard <minyard@acm.org> Cc: Patrick Schoeller <Patrick.Schoeller@hp.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Takashi Iwai authored
Added a missing call to resume mixer controls for STAC92xx codecs. Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
Jaroslav Kysela <perex@suse.cz> Signed-off-by:
-
Doug Chapman authored
Patch for: http://bugzilla.kernel.org/show_bug.cgi?id=8426 A recent code cleanup that moved code from mptscsih to mptspi inadvertently change the order some code was called. This caused a massive slowdown (of 150x to 300x) on the CD/DVD drive on the high-end HP Integrity servers. Signed-off-by:
Doug Chapman <doug.chapman@hp.com> Cc: <Eric.Moore@lsil.com> Cc: James Bottomley <James.Bottomley@steeleye.com> Signed-off-by:
-
Tejun Heo authored
MSI doesn't work on RS400-200 and RS480 requiring pci=nomsi kernel boot parameter for ahci to work. This patch renames quirk_svw_msi() to quirk_disable_all_msi() and use it to disable MSI on those chips. http://thread.gmane.org/gmane.linux.ide/17820 http://thread.gmane.org/gmane.linux.ide/17516 https://bugzilla.novell.com/show_bug.cgi?id=263893Signed-off-by:
Tejun Heo <htejun@gmail.com> Cc: Matí-as Alejandro Torres <torresmat@gmail.com> Cc: Greg K-H <greg@kroah.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by:
-
Tejun Heo authored
Currently, devt_attr for the "dev" file is freed immediately on device removal, but if the "dev" sysfs file is open when a device is removed, sysfs will access its attribute structure for further access including close resulting in jumping to garbled address. Fix it by postponing freeing devt_attr to device release time. Note that devt_attr for class_device is already freed on release. This bug is reported by Chris Rankin as bugzilla bug#8198. Signed-off-by:
-
NeilBrown authored
[PATCH] md: Avoid a possibility that a read error can wrongly propagate through md/raid1 to a filesystem. When a raid1 has only one working drive, we want read error to propagate up to the filesystem as there is no point failing the last drive in an array. Currently the code perform this check is racy. If a write and a read a both submitted to a device on a 2-drive raid1, and the write fails followed by the read failing, the read will see that there is only one working drive and will pass the failure up, even though the one working drive is actually the *other* one. So, tighten up the locking. Signed-off-by:
Neil Brown <neilb@suse.de> Signed-off-by:
-
Thomas Gleixner authored
We need to make sure that the clocksources are resumed, when timekeeping is resumed. The current resume logic does not guarantee this. Add a resume function pointer to the clocksource struct, so clocksource drivers which need to reinitialize the clocksource can provide a resume function. Add a resume function, which calls the maybe available clocksource resume functions and resets the watchdog function, so a stable TSC can be used accross suspend/resume. Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> Cc: john stultz <johnstul@us.ibm.com> Cc: Andi Kleen <ak@suse.de> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by:
-
Ken Chen authored
The internal hugetlb resv_huge_pages variable can permanently leak nonzero value in the error path of hugetlb page fault handler when hugetlb page is used in combination of cpuset. The leaked count can permanently trap N number of hugetlb pages in unusable "reserved" state. Steps to reproduce the bug: (1) create two cpuset, user1 and user2 (2) reserve 50 htlb pages in cpuset user1 (3) attempt to shmget/shmat 50 htlb page inside cpuset user2 (4) kernel oom the user process in step 3 (5) ipcrm the shm segment At this point resv_huge_pages will have a count of 49, even though there are no active hugetlbfs file nor hugetlb shared memory segment in the system. The leak is permanent and there is no recovery method other than system reboot. The leaked count will hold up all future use of that many htlb pages in all cpusets. The culprit is that the error path of alloc_huge_page() did not properly undo the change it made to resv_huge_page, causing inconsistent state. Signed-off-by:
Ken Chen <kenchen@google.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: Adam Litke <agl@us.ibm.com> Cc: Martin Bligh <mbligh@google.com> Acked-by:
David Gibson <dwg@au1.ibm.com> Signed-off-by:
-
Srinivas Aji authored
When the server drops its connection, NFS client reconnects using the same socket after disconnecting. If the new connection's SYN,ACK doesn't contain the TCP timestamp option and the old connection's did, tp->tcp_header_len is recomputed assuming no timestamp header but tp->rx_opt.tstamp_ok remains set. Then tcp_build_and_update_options() adds in a timestamp option past the end of the allocated TCP header, overwriting TCP data, or when the data is in skb_shinfo(skb)->frags[], overwriting skb_shinfo(skb) causing a crash soon after. (The issue was debugged from such a crash.) Similarly, wscale_ok and sack_ok also get set based on the SYN,ACK packet but not reset on disconnect, since they are zeroed out at initialization. The patch zeroes out the entire tp->rx_opt struct in tcp_disconnect() to avoid this sort of problem. Signed-off-by:
Srinivas Aji <Aji_Srinivas@emc.com> Signed-off-by:
-
Vlad Yasevich authored
I broke the non-wildcard case recently. This is to fixes it. Now, explictitly bound addresses can ge retrieved using the API. Signed-off-by:
Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by:
-
Vlad Yasevich authored
sctp_getsockopt_local_addrs_old() in net/sctp/socket.c calls copy_to_user() while the spinlock addr_lock is held. this should not be done as copy_to_user() might sleep. the call to sctp_copy_laddrs_to_user() while holding the lock is also problematic as it calls copy_to_user() Signed-off-by:
-
Sergei Shtylyov authored
Get rid of the CONFIG_NETPOLL_RX option completely since all the dependencies have been removed long ago... Signed-off-by:
Sergei Shtylyov <sshtylyov@ru.mvista.com> Acked-by:
Jeff Garzik <jgarzik@pobox.com> Acked-by:
Matt Mackall <mpm@selenic.com> Signed-off-by:
-
Sergei Shtylyov authored
CONFIG_NETPOLL_TRAP causes the TX queue controls to be completely bypassed in the netpoll's "trapped" mode which easily causes overflows in the drivers with short TX queues (most notably, in 8139too with its 4-deep queue). So, make this option more sensible by making it only bypass the TX softirq wakeup. Signed-off-by:
Tom Rini <trini@kernel.crashing.org> Acked-by:
-
Eric Sesterhenn authored
Signed-off-by:
-
Stephen Mollett authored
It appears that a minor thinko occurred in udf_rmdir and the (already-cleared) link count on the directory that is being removed was being decremented instead of the link count on its parent directory. This gives rise to lots of kernel messages similar to: UDF-fs warning (device loop1): udf_rmdir: empty directory has nlink != 2 (8) when removing directory trees. No other ill effects have been observed but I guess it could theoretically result in the link count overflowing on a very long-lived, much modified directory. Signed-off-by:
Stephen Mollett <molletts@yahoo.com> Cc: Dave Hansen <haveblue@us.ibm.com> Cc: Jan Kara <jack@ucw.cz> Signed-off-by:
-
OGAWA Hirofumi authored
If you compile and run the below test case in an msdos or vfat directory on an x86-64 system with -m32 you'll get garbage in the kernel_dirent struct followed by a SIGSEGV. The patch fixes this. Reported and initial fix by Bart Oldeman #include <sys/types.h> #include <sys/ioctl.h> #include <dirent.h> #include <stdio.h> #include <unistd.h> #include <fcntl.h> struct kernel_dirent { long d_ino; long d_off; unsigned short d_reclen; char d_name[256]; /* We must not include limits.h! */ }; #define VFAT_IOCTL_READDIR_BOTH _IOR('r', 1, struct kernel_dirent [2]) #define VFAT_IOCTL_READDIR_SHORT _IOR('r', 2, struct kernel_dirent [2]) int main(void) { int fd = open(".", O_RDONLY); struct kernel_dirent de[2]; while (1) { int i = ioctl(fd, VFAT_IOCTL_READDIR_BOTH, (long)de); if (i == -1) break; if (de[0].d_reclen == 0) break; printf("SFN: reclen=%2d off=%d ino=%d, %-12s", de[0].d_reclen, de[0].d_off, de[0].d_ino, de[0].d_name); if (de[1].d_reclen) printf("\tLFN: reclen=%2d off=%d ino=%d, %s", de[1].d_reclen, de[1].d_off, de[1].d_ino, de[1].d_name); printf("\n"); } return 0; } Signed-off-by:Bart Oldeman <bartoldeman@users.sourceforge.net> Signed-off-by:
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Signed-off-by:
-
Thomas Gleixner authored
While the !highres/!dyntick code assigns the duty of the do_timer() call to one specific CPU, this was dropped in the highres/dyntick part during development. Steven Rostedt discovered the xtime lock contention on highres/dyntick due to several CPUs trying to update jiffies. Add the single CPU assignement back. In the dyntick case this needs to be handled carefully, as the CPU which has the do_timer() duty must drop the assignement and let it be grabbed by another CPU, which is active. Otherwise the do_timer() calls would not happen during the long sleep. Signed-off-by:
Ingo Molnar <mingo@elte.hu> Cc: Steven Rostedt <rostedt@goodmis.org> Acked-by:
Mark Lord <mlord@pobox.com> Signed-off-by:
-
Michael Chan authored
Update version to 1.5.8.1. Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
-
Michael Chan authored
This is needed to save the MSI state which will be lost during suspend. Signed-off-by:
-
Michael Chan authored
The device may be in D3hot state and should not allow MII register access. Signed-off-by:
-
Michael Chan authored
Remove the check for skb->len greater than MTU when doing TSO. When the destination has a smaller MSS than the source, a TSO packet may be smaller than the MTU at the source and we still need to process it as a TSO packet. Thanks to Brian Ristuccia <bristuccia@starentnetworks.com> for reporting the problem. Signed-off-by:
-
Michael Chan authored
Update version to 3.75.1. Signed-off-by:
-
Michael Chan authored
The reset was added a while back so that ASF could re-init whatever MAC address it wanted to use after the MAC address was changed. Instead of resetting, we can just keep MAC address 1 unchanged during MAC address changes if MAC address 1 is different from MAC address 0. This fixes 2 problems: 1. Bonding calls set_mac_address in contexts that cannot sleep. It no longer sleeps with the chip reset removed. 2. When ASF shares the same MAC address as the NIC, it needs to always do that even when the MAC address is changed. Signed-off-by:
-
Michael Chan authored
1. Remove the check for skb->len greater than MTU when doing TSO. When the destination has a smaller MSS than the source, a TSO packet may be smaller than the MTU and we still need to process it as a TSO packet. 2. On 5705A3 devices with TSO enabled, the DMA engine can hang due to a hardware bug. This patch avoids the hanging condition by reducing the DMA burst size. Signed-off-by:
Matt Carlson <mcarlson@broadcom.com> Signed-off-by:
-
Stephen Hemminger authored
Wake On Lan works correctly on Yukon-FE and other variants. Signed-off-by:
Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by:
-
Stephen Hemminger authored
By default, the skge driver now enables wake on magic and wake on PHY. This is a bad default (bug), wake on PHY means machine will never shutdown if connected to a switch. Signed-off-by:
-
NeilBrown authored
It's not necessarily correct to assume that the xdr_buf used to hold the server's reply must have page data whenever it has tail data. And there's no need for us to deal with that case separately anyway. Acked-by:
"J. Bruce Fields" <bfields@citi.umich.edu> Signed-off-by:
-
NeilBrown authored
We need to zero various parts of 'exp' before any 'goto out', otherwise when we go to free the contents... we die. Signed-off-by:
-
Richard Purdie authored
The last zlib_inflate update broke certain corner cases for ppp_deflate decompression handling. This patch fixes some logic to make things work properly again. Users other than ppp_deflate (the only Z_PACKET_FLUSH user) should be unaffected. Fixes bug 8405 (confirmed by Stefan) Signed-off-by:
Richard Purdie <rpurdie@rpsys.net> Cc: Stefan Wenk <stefan.wenk@gmx.at> Signed-off-by:
-
Akinobu Mita authored
SLOB doesn't calculate correct page order when page size is not 4KB. This patch fixes it with using get_order() instead of find_order() which is SLOB version of get_order(). Signed-off-by:
Akinobu Mita <akinobu.mita@gmail.com> Acked-by:
-
David Rientjes authored
Fixes a deadlock in the OOM killer for allocations that are not __GFP_HARDWALL. Before the OOM killer checks for the allocation constraint, it takes callback_mutex. constrained_alloc() iterates through each zone in the allocation zonelist and calls cpuset_zone_allowed_softwall() to determine whether an allocation for gfp_mask is possible. If a zone's node is not in the OOM-triggering task's mems_allowed, it is not exiting, and we did not fail on a __GFP_HARDWALL allocation, cpuset_zone_allowed_softwall() attempts to take callback_mutex to check the nearest exclusive ancestor of current's cpuset. This results in deadlock. We now take callback_mutex after iterating through the zonelist since we don't need it yet. Cc: Andi Kleen <ak@suse.de> Cc: Nick Piggin <npiggin@suse.de> Cc: Christoph Lameter <clameter@engr.sgi.com> Cc: Martin J. Bligh <mbligh@mbligh.org> Signed-off-by:
David Rientjes <rientjes@google.com> Signed-off-by:
-
Dan Williams authored
Now that do_undefinstr handles kernel and user mode undefined instruction exceptions it must not assume that interrupts are enabled at entry. Cc: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by:
Dan Williams <dan.j.williams@intel.com> Signed-off-by:
-
Tejun Heo authored
For some reason, sata_via is missing PM hooks. Add them. Spotted by Jeroen Janssen <jeroen.janssen@gmail.com>. Signed-off-by:
-
Jorge Boncompte authored
While porting some changes of the 2.6.21-rc7 pptp/proto_gre conntrack and nat modules to a 2.4.32 kernel I noticed that the gre_key function returns a wrong pointer to the GRE key of a version 0 packet thus corrupting the packet payload. The intended behaviour for GREv0 packets is to act like nf_conntrack_proto_generic/nf_nat_proto_unknown so I have ripped the offending functions (not used anymore) and modified the nf_nat_proto_gre modules to not touch version 0 (non PPTP) packets. Signed-off-by:
Jorge Boncompte <jorge@dti2.net> Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
