- 09 Mar, 2007 26 commits
-
-
Julien BLACHE authored
The USB vendor and product IDs are not byteswapped appropriately, and thus come out in the wrong endianness when fetched through the evdev using ioctl() on big endian platforms. Signed-off-by:
Julien BLACHE <jb@jblache.org> Signed-off-by:
Jiri Kosina <jkosina@suse.cz> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Michael Hanselmann authored
Commit 40b20c25 by Len Brown introduced a null pointer dereference in the appledisplay driver. This patch fixes it. Signed-off-by:
Michael Hanselmann <linux-kernel@hansmi.ch> Signed-off-by:
-
Stefan Richter authored
Since my commit 8252bbb1 in 2.6.20-rc1, host devices have a dummy driver attached. Alas the driver was not registered before use if ieee1394 was loaded with disable_nodemgr=1. This resulted in non-functional FireWire drivers or kernel lockup. http://bugzilla.kernel.org/show_bug.cgi?id=7942Signed-off-by:
Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by:
-
David Moore authored
This together with the phys_to_virt fix in lib/swiotlb.c::swiotlb_sync_sg fixes video1394 DMA on machines with DMA bounce buffers, especially Intel x86-64 machines with > 3GB RAM. Signed-off-by:
David Moore <dcm@acm.org> Tested-by:
Nicolas Turro <Nicolas.Turro@inrialpes.fr> Signed-off-by:
-
Rojhalat Ibrahim authored
We get the following compiler error: CC arch/ppc/kernel/ppc_ksyms.o arch/ppc/kernel/ppc_ksyms.c:275: error: '__mtdcr' undeclared here (not in a function) arch/ppc/kernel/ppc_ksyms.c:275: warning: type defaults to 'int' in declaration of '__mtdcr' arch/ppc/kernel/ppc_ksyms.c:276: error: '__mfdcr' undeclared here (not in a function) arch/ppc/kernel/ppc_ksyms.c:276: warning: type defaults to 'int' in declaration of '__mfdcr' make[1]: *** [arch/ppc/kernel/ppc_ksyms.o] Error 1 This is due to the EXPORT_SYMBOL for __mtdcr/__mfdcr not having the proper CONFIG protection Signed-off-by:
Rojhalat Ibrahim <imr@rtschenk.de> Signed-off-by:
Kumar Gala <galak@kernel.crashing.org> Signed-off-by:
-
Neil Brown authored
md/bitmap tracks how many active write requests are pending on blocks associated with each bit in the bitmap, so that it knows when it can clear the bit (when count hits zero). The counter has 14 bits of space, so if there are ever more than 16383, we cannot cope. Currently the code just calles BUG_ON as "all" drivers have request queue limits much smaller than this. However is seems that some don't. Apparently some multipath configurations can allow more than 16383 concurrent write requests. So, in this unlikely situation, instead of calling BUG_ON we now wait for the count to drop down a bit. This requires a new wait_queue_head, some waiting code, and a wakeup call. Tested by limiting the counter to 20 instead of 16383 (writes go a lot slower in that case...). Signed-off-by:
Neil Brown <neilb@suse.de> Signed-off-by:
-
Alexey Dobriyan authored
[IPV4/IPV6] multicast: Check add_grhead() return value add_grhead() allocates memory with GFP_ATOMIC and in at least two places skb from it passed to skb_put() without checking. Signed-off-by:
Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
John Heffner authored
We can accidently spit out a huge burst of packets with TSO when the FIN back is piggybacked onto the final packet. [TCP]: Don't apply FIN exception to full TSO segments. Signed-off-by:
John Heffner <jheffner@psc.edu> Signed-off-by:
-
Daniel Walker authored
[ATM]: Fix for crash in adummy_init() This was reported by Ingo Molnar here, http://lkml.org/lkml/2006/12/18/119 The problem is that adummy_init() depends on atm_init() , but adummy_init() is called first. So I put atm_init() into subsys_initcall which seems appropriate, and it will still get module_init() if it becomes a module. Interesting to note that you could crash your system here if you just load the modules in the wrong order. Signed-off-by:
Daniel Walker <dwalker@mvista.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Neil Brown authored
Fix various bugs with aligned reads in RAID5. It is possible for raid5 to be sent a bio that is too big for an underlying device. So if it is a READ that we pass stright down to a device, it will fail and confuse RAID5. So in 'chunk_aligned_read' we check that the bio fits within the parameters for the target device and if it doesn't fit, fall back on reading through the stripe cache and making lots of one-page requests. Note that this is the earliest time we can check against the device because earlier we don't have a lock on the device, so it could change underneath us. Also, the code for handling a retry through the cache when a read fails has not been tested and was badly broken. This patch fixes that code. Signed-off-by:
-
Takashi Iwai authored
[ALSA] hda-intel - Don't try to probe invalid codecs Fix the max number of codecs detected by HD-intel (and compatible) controllers to 3. Some hardware reports extra bits as if connected, and the driver gets confused to probe unexisting codecs. Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
Jaroslav Kysela <perex@suse.cz> Signed-off-by:
-
Takashi Iwai authored
The patch fixes the memory corruption by the support of unconventional sample rates. Also, it avoids the too restrictive constraints if any of usb descriptions contain continuous rates. Signed-off-by:
-
Takashi Iwai authored
This is a patch for ALSA Bug #2724. Some webcams provide bogus settings with no valid rates. With this patch those are skipped. Signed-off-by:
Gregor Jasny <gjasny@web.de> Signed-off-by:
-
Alan Stern authored
This patch (as849) fixes a bug in the USB hub driver. A single pre-allocated buffer is used for all port status reads, but nothing guarantees exclusive use of the buffer. A mutex is added to provide this guarantee. Signed-off-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
-
David Moore authored
Missing critical phys_to_virt in lib/swiotlb.c Adds missing call to phys_to_virt() in the lib/swiotlb.c:swiotlb_sync_sg() function. Without this change, a kernel panic will always occur whenever a SWIOTLB bounce buffer from a scatter-gather list gets synced. Affected are especially Intel x86_64 machines with more than about 3 GB RAM. Signed-off-by:
-
Dave Jones authored
On Sun, Feb 04, 2007 at 04:51:38PM +0100, Eric Piel wrote: > Hello, > > I've got a regression in 2.6.20-rc7 (-rc6 was fine) due to commit > 4b95320f ([AGPGART] intel_agp: restore > graphics device's pci space early in resume). I think the key to this failure is the last line here .. > agpgart-intel 0000:00:00.0: resuming > PM: Writing back config space on device 0000:00:02.0 at offset f (was 10b, writing 0) > PM: Writing back config space on device 0000:00:02.0 at offset d (was dc, writing 0) > PM: Writing back config space on device 0000:00:02.0 at offset b (was 10161025, writing 0) > PM: Writing back config space on device 0000:00:02.0 at offset 5 (was f4000000, writing 0) > PM: Writing back config space on device 0000:00:02.0 at offset 4 (was f8000008, writing 0) > PM: Writing back config space on device 0000:00:02.0 at offset 2 (was 3000011, writing 0) > PM: Writing back config space on device 0000:00:02.0 at offset 1 (was 2b00007, writing 0) > PM: Writing back config space on device 0000:00:02.0 at offset 0 (was 11328086, writing 0) > agpgart: Unable to remap memory. This then blows up the next access to intel_i810_private.registers, which happens to be intel_i810_insert_entries. Either we need .suspend methods which unmap these regions, or we need to skip trying to map them a second time on resume. There's an ugly patch below which does the latter. Give it a try? The intel-agp suspend/resume code has really grown into something of a monster, and could use some refactoring in a big way. Dave From: Dave Jones <davej@redhat.com> Signed-off-by:
-
Michael Buesch authored
If bcm43xx were to process an afterburner (ampdu) status response, Linux would oops. The ampdu and intermediate status bits are properly named. Signed-off-by:
Michael Buesch <mb@bu3sch.de> Signed-off-by:
Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by:
-
Larry Finger authored
There is a kernel oops on bcm43xx when resuming due to an overly tight timeout loop. Signed-off-by: Larry Finger<Larry.Finger@lwfinger.net> Signed-off-by: -
Tejun Heo authored
eighty_ninty_three() had word 93 validitity check but not the 80c bit test itself (bit 12). This increases the chance of incorrect wire detection especially because host side cable detection is often unreliable and we sometimes soley depend on drive side cable detection. Fix it. Signed-off-by:
Tejun Heo <htejun@gmail.com> Acked-by:
Alan <alan@lxorguk.ukuu.org.uk> Signed-off-by:
-
David Howells authored
Fix the key serial number collision avoidance code in key_alloc_serial(). This didn't use to be so much of a problem as the key serial numbers were allocated from a simple incremental counter, and it would have to go through two billion keys before it could possibly encounter a collision. However, now that random numbers are used instead, collisions are much more likely. This is fixed by finding a hole in the rbtree where the next unused serial number ought to be and using that by going almost back to the top of the insertion routine and redoing the insertion with the new serial number rather than trying to be clever and attempting to work out the insertion point pointer directly. This fixes kernel BZ #7727. Signed-off-by:
David Howells <dhowells@redhat.com> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
-
NeilBrown authored
If you lose this race, it can iput a socket inode twice and you get a BUG in fs/inode.c When I added the option for user-space to close a socket, I added some cruft to svc_delete_socket so that I could call that function when closing a socket per user-space request. This was the wrong thing to do. I should have just set SK_CLOSE and let normal mechanisms do the work. Not only wrong, but buggy. The locking is all wrong and it openned up a race where-by a socket could be closed twice. So this patch: Introduces svc_close_socket which sets SK_CLOSE then either leave the close up to a thread, or calls svc_delete_socket if it can get SK_BUSY. Adds a bias to sk_busy which is removed when SK_DEAD is set, This avoid races around shutting down the socket. Changes several 'spin_lock' to 'spin_lock_bh' where the _bh was missing. Bugzilla-url: http://bugzilla.kernel.org/show_bug.cgi?id=7916Signed-off-by:
-
Tejun Heo authored
80c test mask is at bits 18 and 19 of EIDE Controller Configuration not 22 and 23. Fix it. Signed-off-by:
-
Dan Williams authored
Correct assignment of DOT1XENABLE in WE-19 codepaths. RX_UNENCRYPTED_EAPOL = 1 really means setting DOT1XENABLE _off_, and vice versa. The original WE-19 patch erroneously reversed that. This patch fixes association with unencrypted and WEP networks when using wpa_supplicant. It also adds two missing break statements that, left out, could result in incorrect card configuration. Applies to (I think) 2.6.19 and later. Signed-off-by:
Dan Williams <dcbw@redhat.com> Signed-off-by:
-
Atsushi Nemoto authored
The usage of the century bit was inverted on 2.6.19 following to PCF8563's description, but it was not match to usage suggested by RTC8564's datasheet. Anyway what MO_C=1 means can vary on each platform. This patch is to detect its polarity in get_datetime routine. The default value of c_polarity is 0 (MO_C=1 means 19xx) so that this patch does not change current behavior even if get_datetime was not called before set_datetime. Signed-off-by:
Atsushi Nemoto <anemo@mba.ocn.ne.jp> Cc: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@teamlog.com> Cc: David Brownell <dbrownell@users.sourceforge.net> Cc: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by:
-
Paolo 'Blaisorblade' Giarrusso authored
Also PTRACE_OLDSETOPTIONS should be accepted, as done by kernel/ptrace.c and forced by binary compatibility. UML/32bit breaks because of this - since it is wise enough to use PTRACE_OLDSETOPTIONS to be binary compatible with 2.4 host kernels. Until 2.6.17 (commit f0f2d653) we had: default: return sys_ptrace(request, pid, addr, data); Instead here we have: case PTRACE_GET_THREAD_AREA: case ...: return sys_ptrace(request, pid, addr, data); default: return -EINVAL; This change was a style change - when a case is added, it must be explicitly tested this way. In this case, not enough testing was done. Cc: Andi Kleen <ak@suse.de> Signed-off-by:
Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by:
-
Mark Fasheh authored
Commit 592282cf fixed some missing directory c/mtime updates in part by introducing a dinode update in ocfs2_add_entry(). Unfortunately, ocfs2_link() (which didn't update the directory inode before) is now missing a single journal credit. Fix this by doubling the number of inode updates expected during hard link creation. Signed-off-by:
Mark Fasheh <mark.fasheh@oracle.com> Signed-off-by:
Chris Wright <chrisw@sous-sol.org>
-
- 20 Feb, 2007 2 commits
-
-
Greg Kroah-Hartman authored
-
Greg Banks authored
Due to type confusion, when an nfsacl verison 2 'ACCESS' request finishes and tries to clean up, it calls fh_put on entiredly the wrong thing and this can cause an oops. Signed-off-by:
-
- 04 Feb, 2007 3 commits
-
-
Linus Torvalds authored
-
Frédéric Riss authored
When calling into the EFI firmware, the parameters need to be passed on the stack. The recent change to use -mregparm=3 breaks x86 EFI support. This patch is needed to allow the new Intel-based Macs to suspend to ram (efi.get_time is called during the suspend phase). Signed-off-by:
Frederic Riss <frederic.riss@gmail.com> Signed-off-by:
-
Al Viro authored
That code doesn't do what its author apparently thought it would do... Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
- 03 Feb, 2007 9 commits
-
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: [SCSI] sd: udev accessing an uninitialized scsi_disk field results in a crash [SCSI] st: A MTIOCTOP/MTWEOF within the early warning will cause the file number to be incorrect [SCSI] qla4xxx: bug fixes [SCSI] Fix scsi_add_device() for async scanning
-
Jeff Garzik authored
x86-64 is missing these: Signed-off-by:
Jeff Garzik <jeff@garzik.org> Signed-off-by:
-
John Keller authored
The SN Altix platform does not conform to the IOSAPIC IRQ routing model. Add code in acpi_unregister_gsi() to check if (acpi_irq_model == ACPI_IRQ_MODEL_PLATFORM) and return. Due to an oversight, this code was not added previously when similar code was added to acpi_register_gsi(). http://marc.theaimsgroup.com/?l=linux-acpi&m=116680983430121&w=2Signed-off-by:
John Keller <jpk@sgi.com> Acked-by:
Len Brown <lenb@kernel.org> Cc: "Luck, Tony" <tony.luck@intel.com> Signed-off-by:
-
Andrew Morton authored
Andrew Vasquez is reporting as-iosched oopses and a 65% throughput slowdown due to the recent special-casing of direct-io against blockdevs. We don't know why either of these things are occurring. The patch minimally reverts us back to the 2.6.19 code for a 2.6.20 release. Cc: Andrew Vasquez <andrew.vasquez@qlogic.com> Cc: Ken Chen <kenchen@google.com> Signed-off-by:
-
Mike Frysinger authored
We went and named them __NR_sys_foo instead of __NR_foo. It may be too late to change this, but we can at least add the proper names now. Signed-off-by:
Mike Frysinger <vapier@gentoo.org> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by:
-
Peter Korsgaard authored
smc911x_phy_configure's error handling unconditionally unlocks the spinlock even if it wasn't locked. Patch fixes it. Signed-off-by:
Peter Korsgaard <jacmet@sunsite.dk> Cc: Jeff Garzik <jeff@garzik.org> Cc: <stable@kernel.org> Signed-off-by:
-
Magnus Damm authored
This patch fixes up ia64 kexec support for HP rx2620 hardware. It does this by skipping migration of already disabled irqs. This is most likely a problem on other ia64 platforms as well, but I've only been able to reproduce it on one machine so far. The full story is that handle_bad_irq() gets invoked before starting the new kernel without this patch. This seems to happen when fixup_irqs() calls generic_handle_irq() on already migrated (and disabled) irqs. So by avoiding migration of disabled irqs we stay away of handle_bad_irq(). The code has been tested on three different ia64 machines, all with good results. It is possible to trigger the same bug by offlining a processor using echo 0 > /sys/devices/system/cpu/cpuX/online. More detailed information is available in the following mail thread: http://lists.osdl.org/pipermail/fastboot/2007-January/thread.html#5774Signed-off-by:
Magnus Damm <magnus@valinux.co.jp> Acked-by:
Simon Horman <horms@verge.net.au> Acked-by:
Zou, Nanhai <nanhai.zou@intel.com> Acked-by:
Jay Lan <jlan@sgi.com> Acked-by:
"Luck, Tony" <tony.luck@intel.com> Signed-off-by:
-
Ken Chen authored
An AIO bug was reported that sleeping function is being called in softirq context: BUG: warning at kernel/mutex.c:132/__mutex_lock_common() Call Trace: [<a000000100577b00>] __mutex_lock_slowpath+0x640/0x6c0 [<a000000100577ba0>] mutex_lock+0x20/0x40 [<a0000001000a25b0>] flush_workqueue+0xb0/0x1a0 [<a00000010018c0c0>] __put_ioctx+0xc0/0x240 [<a00000010018d470>] aio_complete+0x2f0/0x420 [<a00000010019cc80>] finished_one_bio+0x200/0x2a0 [<a00000010019d1c0>] dio_bio_complete+0x1c0/0x200 [<a00000010019d260>] dio_bio_end_aio+0x60/0x80 [<a00000010014acd0>] bio_endio+0x110/0x1c0 [<a0000001002770e0>] __end_that_request_first+0x180/0xba0 [<a000000100277b90>] end_that_request_chunk+0x30/0x60 [<a0000002073c0c70>] scsi_end_request+0x50/0x300 [scsi_mod] [<a0000002073c1240>] scsi_io_completion+0x200/0x8a0 [scsi_mod] [<a0000002074729b0>] sd_rw_intr+0x330/0x860 [sd_mod] [<a0000002073b3ac0>] scsi_finish_command+0x100/0x1c0 [scsi_mod] [<a0000002073c2910>] scsi_softirq_done+0x230/0x300 [scsi_mod] [<a000000100277d20>] blk_done_softirq+0x160/0x1c0 [<a000000100083e00>] __do_softirq+0x200/0x240 [<a000000100083eb0>] do_softirq+0x70/0xc0 See report: http://marc.theaimsgroup.com/?l=linux-kernel&m=116599593200888&w=2 flush_workqueue() is not allowed to be called in the softirq context. However, aio_complete() called from I/O interrupt can potentially call put_ioctx with last ref count on ioctx and triggers bug. It is simply incorrect to perform ioctx freeing from aio_complete. The bug is trigger-able from a race between io_destroy() and aio_complete(). A possible scenario: cpu0 cpu1 io_destroy aio_complete wait_for_all_aios { __aio_put_req ... ctx->reqs_active--; if (!ctx->reqs_active) return; } ... put_ioctx(ioctx) put_ioctx(ctx); __put_ioctx bam! Bug trigger! The real problem is that the condition check of ctx->reqs_active in wait_for_all_aios() is incorrect that access to reqs_active is not being properly protected by spin lock. This patch adds that protective spin lock, and at the same time removes all duplicate ref counting for each kiocb as reqs_active is already used as a ref count for each active ioctx. This also ensures that buggy call to flush_workqueue() in softirq context is eliminated. Signed-off-by:"Ken Chen" <kenchen@google.com> Cc: Zach Brown <zach.brown@oracle.com> Cc: Suparna Bhattacharya <suparna@in.ibm.com> Cc: Benjamin LaHaise <bcrl@kvack.org> Cc: Badari Pulavarty <pbadari@us.ibm.com> Cc: <stable@kernel.org> Acked-by:
Jeff Moyer <jmoyer@redhat.com> Signed-off-by:
-
Adrian Bunk authored
Fix this by letting NF_CONNTRACK_H323 depend on (IPV6 || IPV6=n). Signed-off-by:
Adrian Bunk <bunk@stusta.de> Signed-off-by:
-
