Skip to content

L
linux
Switch branch/tag
  1. 07 Jan, 2008 2 commits
  3. 06 Jan, 2008 5 commits
    • Linus Torvalds's avatar
      Linux 2.6.24-rc7 · 3ce54450
      Linus Torvalds authored
      3ce54450
    • Ingo Molnar's avatar
      CPU hotplug: fix cpu_is_offline() on !CONFIG_HOTPLUG_CPU · a263898f
      Ingo Molnar authored 
      make randconfig bootup testing found that the cpufreq code
crashes on bootup, if the powernow-k8 driver is enabled and
if maxcpus=1 passed on the boot line to a !CONFIG_HOTPLUG_CPU
kernel.

First lockdep found out that there's an inconsistent unlock
sequence:

 =====================================
 [ BUG: bad unlock balance detected! ]
 -------------------------------------
 swapper/1 is trying to release lock (&per_cpu(cpu_policy_rwsem, cpu)) at:
 [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42
 but there are no more locks to release!

Call Trace:
 [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42
 [<ffffffff80251c29>] print_unlock_inbalance_bug+0x104/0x12c
 [<ffffffff80252f3a>] mark_held_locks+0x56/0x94
 [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42
 [<ffffffff807008b6>] cpufreq_add_dev+0x2a8/0x5c4
 ...

then shortly afterwards the cpufreq code crashed on an assert:

 ------------[ cut here ]------------
 kernel BUG at drivers/cpufreq/cpufreq.c:1068!
 invalid opcode: 0000 [1] SMP
 [...]
 Call Trace:
  [<ffffffff805145d6>] sysdev_driver_unregister+0x5b/0x91
  [<ffffffff806ff520>] cpufreq_register_driver+0x15d/0x1a2
  [<ffffffff80cc0596>] powernowk8_init+0x86/0x94
 [...]
 ---[ end trace 1e9219be2b4431de ]---

the bug was caused by maxcpus=1 bootup, which brought up the
secondary core as !cpu_online() but !cpu_is_offline() either,
which on on !CONFIG_HOTPLUG_CPU is always 0 (include/linux/cpu.h):

  /* CPUs don't go offline once they're online w/o CONFIG_HOTPLUG_CPU */
  static inline int cpu_is_offline(int cpu) { return 0; }

but the cpufreq code uses cpu_online() and cpu_is_offline() in
a mixed way - the low-level drivers use cpu_online(), while
the cpufreq core uses cpu_is_offline(). This opened up the
possibility to add the non-initialized sysdev device of the
secondary core:

 cpufreq-core: trying to register driver powernow-k8
 cpufreq-core: adding CPU 0
 powernow-k8: BIOS error - no PSB or ACPI _PSS objects
 cpufreq-core: initialization failed
 cpufreq-core: adding CPU 1
 cpufreq-core: initialization failed

which then blew up. The fix is to make cpu_is_offline() always
the negation of cpu_online(). With that fix applied the kernel
boots up fine without crashing:

 Calling initcall 0xffffffff80cc0510: powernowk8_init+0x0/0x94()
 powernow-k8: Found 1 AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ processors (1 cpu cores) (version 2.20.00)
 powernow-k8: BIOS error - no PSB or ACPI _PSS objects
 initcall 0xffffffff80cc0510: powernowk8_init+0x0/0x94() returned -19.
 initcall 0xffffffff80cc0510 ran for 19 msecs: powernowk8_init+0x0/0x94()
 Calling initcall 0xffffffff80cc328f: init_lapic_nmi_sysfs+0x0/0x39()

We could fix this by making CPU enumeration aware of max_cpus, but that
would be more fragile IMO, and the cpu_online(cpu) != cpu_is_offline(cpu)
possibility was quite confusing and a continuous source of bugs too.

Most distributions have kernels with CPU hotplug enabled, so this bug
remained hidden for a long time.

Bug forensics:

The broken cpu_is_offline() API variant was introduced via:

 commit a59d2e4e
 Author: Rusty Russell <rusty@rustcorp.com.au>
 Date:   Mon Mar 8 06:06:03 2004 -0800

     [PATCH] minor cleanups for hotplug CPUs

( this predates linux-2.6.git, this commit is available from Thomas's
  historic git tree. )

Then 1.5 years later the cpufreq code made use of it:

 commit c32b6b8e
 Author: Ashok Raj <ashok.raj@intel.com>
 Date:   Sun Oct 30 14:59:54 2005 -0800

     [PATCH] create and destroy cpufreq sysfs entries based on cpu notifiers

 +       if (cpu_is_offline(cpu))
 +               return 0;

which is a correct use of the subtly broken new API. v2.6.15 then
shipped with this bug included.

then it took two more years for random-kernel qa to hit it.
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a263898f
    • Ingo Molnar's avatar
      hda_intel suspend latency: shorten codec read · 57a04513
      Ingo Molnar authored 
      not sleeping for every codec read/write but doing a short udelay and
a conditional reschedule has cut suspend+resume latency by about 1
second on my T60.

The patch also fixes the unexpected codec-connection errors that
happen more often in the new power-save mode:
    http://lkml.org/lkml/2007/11/8/255
    http://bugzilla.kernel.org/show_bug.cgi?id=9332Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Acked-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      57a04513
    • Akos Maroy's avatar
      fix: using joysticks in 32 bit applications on 64 bit systems · 3fee37c1
      Akos Maroy authored 
      unfortunately 32 bit apps don't see the joysticks on a 64 bit system.
this prevents one playing X-Plane (http://www.x-plane.com/) or other
32-bit games with joysticks.

this is a known issue, and already raised several times:

 http://readlist.com/lists/vger.kernel.org/linux-kernel/28/144411.html

 http://www.brettcsmith.org/wiki/wiki.cgi?action=browse&diff=1&id=OzyComputer/Joystick

unfortunately this is still not fixed in the mainline kernel.

it would be nice to have this fixed, so that people can play these games
without having to patch their kernel.

the following patch solves the problem on 2.6.22.
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Acked-by: default avatarChristoph Hellwig <hch@infradead.org>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3fee37c1
    • Linus Torvalds's avatar
      Revert "scsi: revert "[SCSI] Get rid of scsi_cmnd->done"" · 7b3d9545
      Linus Torvalds authored 
      This reverts commit ac40532e, which gets
us back the original cleanup of 6f5391c2.

It turns out that the bug that was triggered by that commit was
apparently not actually triggered by that commit at all, and just the
testing conditions had changed enough to make it appear to be due to it.

The real problem seems to have been found by Peter Osterlund:

  "pktcdvd sets it [block device size] when opening the /dev/pktcdvd
   device, but when the drive is later opened as /dev/scd0, there is
   nothing that sets it back.  (Btw, 40944 is possible if the disk is a
   CDRW that was formatted with "cdrwtool -m 10236".)

   The problem is that pktcdvd opens the cd device in non-blocking mode
   when pktsetup is run, and doesn't close it again until pktsetup -d is
   run.  The effect is that if you meanwhile open the cd device,
   blkdev.c:do_open() doesn't call bd_set_size() because
   bdev->bd_openers is non-zero."

In particular, to repeat the bug (regardless of whether commit
6f5391c2 is applied or not):

  " 1. Start with an empty drive.
    2. pktsetup 0 /dev/scd0
    3. Insert a CD containing an isofs filesystem.
    4. mount /dev/pktcdvd/0 /mnt/tmp
    5. umount /mnt/tmp
    6. Press the eject button.
    7. Insert a DVD containing a non-writable filesystem.
    8. mount /dev/scd0 /mnt/tmp
    9. find /mnt/tmp -type f -print0 | xargs -0 sha1sum >/dev/null
    10. If the DVD contains data beyond the physical size of a CD, you
        get I/O errors in the terminal, and dmesg reports lots of
        "attempt to access beyond end of device" errors."

which in turn is because the nested open after the media change won't
cause the size to be set properly (because the original open still holds
the block device, and we only do the bd_set_size() when we don't have
other people holding the device open).

The proper fix for that is probably to just do something like

	bdev->bd_inode->i_size = (loff_t)get_capacity(disk)<<9;

in fs/block_dev.c:do_open() even for the cases where we're not the
original opener (but *not* call bd_set_size(), since that will also
change the block size of the device).

Cc: Peter Osterlund <petero2@telia.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Matthew Wilcox <matthew@wil.cx>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7b3d9545
  5. 04 Jan, 2008 14 commits
    • Dave Dillow's avatar
      [SCSI] SRP transport: only remove our own entries · 91183344
      Dave Dillow authored 
      The SCSI SRP transport class currently iterates over all children
devices of the host that is being removed in srp_remove_host(). However,
not all of those children were created by the SRP transport, and
removing them will cause corruption and an oops when their creator tries
to remove them.
Signed-off-by: default avatarDavid Dillow <dillowda@ornl.gov>
Acked-by: default avatarFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      91183344
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 · 439f61b9
      Linus Torvalds authored 
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  [ISDN]: i4l: Fix DLE handling for i4l-audio
  [ISDN] i4l: 'NO CARRIER' message lost after ldisc flush
  [CONNECTOR]: Return proper error code in cn_call_callback()
  [INET]: Fix netdev renaming and inet address labels
  [CASSINI]: Bump driver version and release date.
  [CASSINI]: Fix two obvious NAPI bugs.
  [CASSINI]: Set skb->truesize properly on receive packets.
  [CASSINI]: Program parent Intel31154 bridge when necessary.
  [CASSINI]: Revert 'dont touch page_count'.
  [CASSINI]: Fix endianness bug.
  [XFRM]: Do not define km_migrate() if !CONFIG_XFRM_MIGRATE
  [X25]: Add missing x25_neigh_put
      439f61b9
    • Matthias Goebl's avatar
      [ISDN]: i4l: Fix DLE handling for i4l-audio · 7fde4d77
      Matthias Goebl authored 
      The DLE handling in i4l-audio seems to be broken.

It produces spurious DLEs so asterisk 1.2.24 with chan_modem_i4l
gets irritated, the error message is:
"chan_modem_i4l.c:450 i4l_read: Value of escape is ^ (17)".
-> There shouldn't be a DLE-^.
If a spurious DLE-ETX occurs, the audio connection even dies.
I use a "AVM Fritz!PCI" isdn card.

I found two issues that only appear if ISDN_AUDIO_SKB_DLECOUNT(skb) > 0:
- The loop in isdn_tty.c:isdn_tty_try_read() doesn't escape a DLE if it's
  the last character.

- The loop in isdn_common.c:isdn_readbchan_tty() doesn't copy its characters,
  it only remembers the last one ("last = *p;").

  Compare it with the loop in isdn_common.c:isdn_readbchan(), that *does*
  copy them ("*cp++ = *p;") correctly.
  The special handling of the "last" character made it more difficult.
  I compared it to linux-2.4.19: There was no "last"-handling and both loops
  did escape and copy all characters correctly.
Signed-off-by: default avatarMatthias Goebl <matthias.goebl@goebl.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7fde4d77
    • Matthias Goebl's avatar
      [ISDN] i4l: 'NO CARRIER' message lost after ldisc flush · 00409bb0
      Matthias Goebl authored 
      The ISDN tty layer doesn't produce a 'NO CARRIER' message after hangup.

I suppose it broke when tty_buffer_flush() has been added to
tty_ldisc_flush() in the commit below.

For isdn_tty_modem_result(RESULT_NO_CARRIER..) the
message inserted via isdn_tty_at_cout() -> tty_insert_flip_char()
is flushed immediately by tty_ldisc_flush() -> tty_buffer_flush().
More annoyingly, the audio abort sequence DLE-ETX is also lost.

This patch fixes only active audio connections, because I assume that nobody
changes the line discipline for audio.

For non-audio connections the problem remains.
Maybe we can remove the tty_ldisc_flush() in isdn_tty_modem_result()
at all because it's done at tty_close?

On Mon, May 07, 2007 at 04:05:57PM -0500, Paul Fulghum wrote:
> Flush the tty flip buffer when the line discipline
> input queue is flushed, including the user call
> tcflush(TCIFLUSH/TCIOFLUSH). This prevents unexpected
> stale data after a user application calls tcflush().
>
> Cc: Alan Cox <alan@lxorguk.org.uk>
> Cc: Antonino Ingargiola <tritemio@gmail.com>
> Signed-off-by: Paul Fulghum <paulkf@microgate.com>
>
> --- a/drivers/char/tty_io.c	2007-05-04 05:46:55.000000000 -0500
> +++ b/drivers/char/tty_io.c	2007-05-05 03:23:46.000000000 -0500
> @@ -1240,6 +1263,7 @@ void tty_ldisc_flush(struct tty_struct *
>  			ld->flush_buffer(tty);
>  		tty_ldisc_deref(ld);
>  	}
> +	tty_buffer_flush(tty);
[..]
Signed-off-by: default avatarMatthias Goebl <matthias.goebl@goebl.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00409bb0
    • Li Zefan's avatar
      [CONNECTOR]: Return proper error code in cn_call_callback() · 134d99e3
      Li Zefan authored 
      Error code should be set to EINVAL instead of ENODEV if !queue_work().
There's another call of queue_work() which may set err to EINVAL.
Signed-off-by: default avatarLi Zefan <lizf@cn.fujitsu.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      134d99e3
    • Mark McLoughlin's avatar
      [INET]: Fix netdev renaming and inet address labels · 44344b2a
      Mark McLoughlin authored 
      When re-naming an interface, the previous secondary address
labels get lost e.g.

  $> brctl addbr foo
  $> ip addr add 192.168.0.1 dev foo
  $> ip addr add 192.168.0.2 dev foo label foo:00
  $> ip addr show dev foo | grep inet
    inet 192.168.0.1/32 scope global foo
    inet 192.168.0.2/32 scope global foo:00
  $> ip link set foo name bar
  $> ip addr show dev bar | grep inet
    inet 192.168.0.1/32 scope global bar
    inet 192.168.0.2/32 scope global bar:2

Turns out to be a simple thinko in inetdev_changename() - clearly we
want to look at the address label, rather than the device name, for
a suffix to retain.
Signed-off-by: default avatarMark McLoughlin <markmc@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      44344b2a
    • David S. Miller's avatar
      [CASSINI]: Bump driver version and release date. · 14be85f5
      David S. Miller authored 
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      14be85f5
    • David S. Miller's avatar
      [CASSINI]: Fix two obvious NAPI bugs. · 86216268
      David S. Miller authored 
      1) close should do napi_disable() not napi_enable
2) remove unused local var 'todo'
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      86216268
    • David S. Miller's avatar
      [CASSINI]: Set skb->truesize properly on receive packets. · d011a231
      David S. Miller authored 
      skb->truesize was not being incremented at all to
reflect the page based data added to RX SKBs.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d011a231
    • David S. Miller's avatar
      [CASSINI]: Program parent Intel31154 bridge when necessary. · 9e1848b6
      David S. Miller authored 
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9e1848b6
    • David S. Miller's avatar
      [CASSINI]: Revert 'dont touch page_count'. · 9de4dfb4
      David S. Miller authored 
      This reverts changeset fa4f0774
([CASSINI]: dont touch page_count) because it breaks the driver.

The local page counting added by this changeset did not account
for the asynchronous page count changes done by kfree_skb()
and friends.

The change adds extra atomics and on top of it all appears to be
totally unnecessary as well.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Acked-by: default avatarNick Piggin <npiggin@suse.de>
      9de4dfb4
    • Al Viro's avatar
      [CASSINI]: Fix endianness bug. · e5e02540
      Al Viro authored 
      Here's proposed fix for RX checksum handling in cassini; it affects
little-endian working with half-duplex gigabit, but obviously needs
testing on big-endian too.

The problem is, we need to convert checksum to fixed-endian *before*
correcting for (unstripped) FCS.  On big-endian it won't matter
(conversion is no-op), on little-endian it will, but only if FCS is
not stripped by hardware; i.e. in half-duplex gigabit mode when
->crc_size is set.

cassini.c part is that fix, cassini.h one consists of trivial
endianness annotations.  With that applied the sucker is endian-clean,
according to sparse.
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e5e02540
    • Eric Dumazet's avatar
      [XFRM]: Do not define km_migrate() if !CONFIG_XFRM_MIGRATE · 2d60abc2
      Eric Dumazet authored 
      In include/net/xfrm.h we find :

#ifdef CONFIG_XFRM_MIGRATE
extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
                      struct xfrm_migrate *m, int num_bundles);
...
#endif

We can also guard the function body itself in net/xfrm/xfrm_state.c
with same condition.

(Problem spoted by sparse checker)
make C=2 net/xfrm/xfrm_state.o
...
net/xfrm/xfrm_state.c:1765:5: warning: symbol 'km_migrate' was not declared. Should it be static?
...
Signed-off-by: default avatarEric Dumazet <dada1@cosmosbay.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d60abc2
    • Julia Lawall's avatar
      [X25]: Add missing x25_neigh_put · 76975f8a
      Julia Lawall authored 
      The function x25_get_neigh increments a reference count.  At the point of
the second goto out, the result of calling x25_get_neigh is only stored in
a local variable, and thus no one outside the function will be able to
decrease the reference count.  Thus, x25_neigh_put should be called before
the return in this case.

The problem was found using the following semantic match.
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>

@@
type T,T1,T2;
identifier E;
statement S;
expression x1,x2,x3;
int ret;
@@

  T E;
  ...
* if ((E = x25_get_neigh(...)) == NULL)
  S
  ... when != x25_neigh_put(...,(T1)E,...)
      when != if (E != NULL) { ... x25_neigh_put(...,(T1)E,...); ...}
      when != x1 = (T1)E
      when != E = x3;
      when any
  if (...) {
    ... when != x25_neigh_put(...,(T2)E,...)
        when != if (E != NULL) { ... x25_neigh_put(...,(T2)E,...); ...}
        when != x2 = (T2)E
(
*   return;
|
*   return ret;
)
  }
// </smpl>
Signed-off-by: default avatarJulia Lawall <julia@diku.dk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      76975f8a
  7. 03 Jan, 2008 15 commits
  9. 02 Jan, 2008 4 commits
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7