1. 06 Jan, 2008 4 commits
    • Ingo Molnar's avatar
      CPU hotplug: fix cpu_is_offline() on !CONFIG_HOTPLUG_CPU · a263898f
      Ingo Molnar authored
      make randconfig bootup testing found that the cpufreq code
      crashes on bootup, if the powernow-k8 driver is enabled and
      if maxcpus=1 passed on the boot line to a !CONFIG_HOTPLUG_CPU
      kernel.
      
      First lockdep found out that there's an inconsistent unlock
      sequence:
      
       =====================================
       [ BUG: bad unlock balance detected! ]
       -------------------------------------
       swapper/1 is trying to release lock (&per_cpu(cpu_policy_rwsem, cpu)) at:
       [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42
       but there are no more locks to release!
      
      Call Trace:
       [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42
       [<ffffffff80251c29>] print_unlock_inbalance_bug+0x104/0x12c
       [<ffffffff80252f3a>] mark_held_locks+0x56/0x94
       [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42
       [<ffffffff807008b6>] cpufreq_add_dev+0x2a8/0x5c4
       ...
      
      then shortly afterwards the cpufreq code crashed on an assert:
      
       ------------[ cut here ]------------
       kernel BUG at drivers/cpufreq/cpufreq.c:1068!
       invalid opcode: 0000 [1] SMP
       [...]
       Call Trace:
        [<ffffffff805145d6>] sysdev_driver_unregister+0x5b/0x91
        [<ffffffff806ff520>] cpufreq_register_driver+0x15d/0x1a2
        [<ffffffff80cc0596>] powernowk8_init+0x86/0x94
       [...]
       ---[ end trace 1e9219be2b4431de ]---
      
      the bug was caused by maxcpus=1 bootup, which brought up the
      secondary core as !cpu_online() but !cpu_is_offline() either,
      which on on !CONFIG_HOTPLUG_CPU is always 0 (include/linux/cpu.h):
      
        /* CPUs don't go offline once they're online w/o CONFIG_HOTPLUG_CPU */
        static inline int cpu_is_offline(int cpu) { return 0; }
      
      but the cpufreq code uses cpu_online() and cpu_is_offline() in
      a mixed way - the low-level drivers use cpu_online(), while
      the cpufreq core uses cpu_is_offline(). This opened up the
      possibility to add the non-initialized sysdev device of the
      secondary core:
      
       cpufreq-core: trying to register driver powernow-k8
       cpufreq-core: adding CPU 0
       powernow-k8: BIOS error - no PSB or ACPI _PSS objects
       cpufreq-core: initialization failed
       cpufreq-core: adding CPU 1
       cpufreq-core: initialization failed
      
      which then blew up. The fix is to make cpu_is_offline() always
      the negation of cpu_online(). With that fix applied the kernel
      boots up fine without crashing:
      
       Calling initcall 0xffffffff80cc0510: powernowk8_init+0x0/0x94()
       powernow-k8: Found 1 AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ processors (1 cpu cores) (version 2.20.00)
       powernow-k8: BIOS error - no PSB or ACPI _PSS objects
       initcall 0xffffffff80cc0510: powernowk8_init+0x0/0x94() returned -19.
       initcall 0xffffffff80cc0510 ran for 19 msecs: powernowk8_init+0x0/0x94()
       Calling initcall 0xffffffff80cc328f: init_lapic_nmi_sysfs+0x0/0x39()
      
      We could fix this by making CPU enumeration aware of max_cpus, but that
      would be more fragile IMO, and the cpu_online(cpu) != cpu_is_offline(cpu)
      possibility was quite confusing and a continuous source of bugs too.
      
      Most distributions have kernels with CPU hotplug enabled, so this bug
      remained hidden for a long time.
      
      Bug forensics:
      
      The broken cpu_is_offline() API variant was introduced via:
      
       commit a59d2e4e
       Author: Rusty Russell <rusty@rustcorp.com.au>
       Date:   Mon Mar 8 06:06:03 2004 -0800
      
           [PATCH] minor cleanups for hotplug CPUs
      
      ( this predates linux-2.6.git, this commit is available from Thomas's
        historic git tree. )
      
      Then 1.5 years later the cpufreq code made use of it:
      
       commit c32b6b8e
       Author: Ashok Raj <ashok.raj@intel.com>
       Date:   Sun Oct 30 14:59:54 2005 -0800
      
           [PATCH] create and destroy cpufreq sysfs entries based on cpu notifiers
      
       +       if (cpu_is_offline(cpu))
       +               return 0;
      
      which is a correct use of the subtly broken new API. v2.6.15 then
      shipped with this bug included.
      
      then it took two more years for random-kernel qa to hit it.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a263898f
    • Ingo Molnar's avatar
      hda_intel suspend latency: shorten codec read · 57a04513
      Ingo Molnar authored
      not sleeping for every codec read/write but doing a short udelay and
      a conditional reschedule has cut suspend+resume latency by about 1
      second on my T60.
      
      The patch also fixes the unexpected codec-connection errors that
      happen more often in the new power-save mode:
          http://lkml.org/lkml/2007/11/8/255
          http://bugzilla.kernel.org/show_bug.cgi?id=9332Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Acked-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      57a04513
    • Akos Maroy's avatar
      fix: using joysticks in 32 bit applications on 64 bit systems · 3fee37c1
      Akos Maroy authored
      unfortunately 32 bit apps don't see the joysticks on a 64 bit system.
      this prevents one playing X-Plane (http://www.x-plane.com/) or other
      32-bit games with joysticks.
      
      this is a known issue, and already raised several times:
      
       http://readlist.com/lists/vger.kernel.org/linux-kernel/28/144411.html
      
       http://www.brettcsmith.org/wiki/wiki.cgi?action=browse&diff=1&id=OzyComputer/Joystick
      
      unfortunately this is still not fixed in the mainline kernel.
      
      it would be nice to have this fixed, so that people can play these games
      without having to patch their kernel.
      
      the following patch solves the problem on 2.6.22.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Acked-by: default avatarChristoph Hellwig <hch@infradead.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3fee37c1
    • Linus Torvalds's avatar
      Revert "scsi: revert "[SCSI] Get rid of scsi_cmnd->done"" · 7b3d9545
      Linus Torvalds authored
      This reverts commit ac40532e, which gets
      us back the original cleanup of 6f5391c2.
      
      It turns out that the bug that was triggered by that commit was
      apparently not actually triggered by that commit at all, and just the
      testing conditions had changed enough to make it appear to be due to it.
      
      The real problem seems to have been found by Peter Osterlund:
      
        "pktcdvd sets it [block device size] when opening the /dev/pktcdvd
         device, but when the drive is later opened as /dev/scd0, there is
         nothing that sets it back.  (Btw, 40944 is possible if the disk is a
         CDRW that was formatted with "cdrwtool -m 10236".)
      
         The problem is that pktcdvd opens the cd device in non-blocking mode
         when pktsetup is run, and doesn't close it again until pktsetup -d is
         run.  The effect is that if you meanwhile open the cd device,
         blkdev.c:do_open() doesn't call bd_set_size() because
         bdev->bd_openers is non-zero."
      
      In particular, to repeat the bug (regardless of whether commit
      6f5391c2 is applied or not):
      
        " 1. Start with an empty drive.
          2. pktsetup 0 /dev/scd0
          3. Insert a CD containing an isofs filesystem.
          4. mount /dev/pktcdvd/0 /mnt/tmp
          5. umount /mnt/tmp
          6. Press the eject button.
          7. Insert a DVD containing a non-writable filesystem.
          8. mount /dev/scd0 /mnt/tmp
          9. find /mnt/tmp -type f -print0 | xargs -0 sha1sum >/dev/null
          10. If the DVD contains data beyond the physical size of a CD, you
              get I/O errors in the terminal, and dmesg reports lots of
              "attempt to access beyond end of device" errors."
      
      which in turn is because the nested open after the media change won't
      cause the size to be set properly (because the original open still holds
      the block device, and we only do the bd_set_size() when we don't have
      other people holding the device open).
      
      The proper fix for that is probably to just do something like
      
      	bdev->bd_inode->i_size = (loff_t)get_capacity(disk)<<9;
      
      in fs/block_dev.c:do_open() even for the cases where we're not the
      original opener (but *not* call bd_set_size(), since that will also
      change the block size of the device).
      
      Cc: Peter Osterlund <petero2@telia.com>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Matthew Wilcox <matthew@wil.cx>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7b3d9545
  2. 04 Jan, 2008 14 commits
    • Dave Dillow's avatar
      [SCSI] SRP transport: only remove our own entries · 91183344
      Dave Dillow authored
      The SCSI SRP transport class currently iterates over all children
      devices of the host that is being removed in srp_remove_host(). However,
      not all of those children were created by the SRP transport, and
      removing them will cause corruption and an oops when their creator tries
      to remove them.
      Signed-off-by: default avatarDavid Dillow <dillowda@ornl.gov>
      Acked-by: default avatarFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
      91183344
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 · 439f61b9
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
        [ISDN]: i4l: Fix DLE handling for i4l-audio
        [ISDN] i4l: 'NO CARRIER' message lost after ldisc flush
        [CONNECTOR]: Return proper error code in cn_call_callback()
        [INET]: Fix netdev renaming and inet address labels
        [CASSINI]: Bump driver version and release date.
        [CASSINI]: Fix two obvious NAPI bugs.
        [CASSINI]: Set skb->truesize properly on receive packets.
        [CASSINI]: Program parent Intel31154 bridge when necessary.
        [CASSINI]: Revert 'dont touch page_count'.
        [CASSINI]: Fix endianness bug.
        [XFRM]: Do not define km_migrate() if !CONFIG_XFRM_MIGRATE
        [X25]: Add missing x25_neigh_put
      439f61b9
    • Matthias Goebl's avatar
      [ISDN]: i4l: Fix DLE handling for i4l-audio · 7fde4d77
      Matthias Goebl authored
      The DLE handling in i4l-audio seems to be broken.
      
      It produces spurious DLEs so asterisk 1.2.24 with chan_modem_i4l
      gets irritated, the error message is:
      "chan_modem_i4l.c:450 i4l_read: Value of escape is ^ (17)".
      -> There shouldn't be a DLE-^.
      If a spurious DLE-ETX occurs, the audio connection even dies.
      I use a "AVM Fritz!PCI" isdn card.
      
      I found two issues that only appear if ISDN_AUDIO_SKB_DLECOUNT(skb) > 0:
      - The loop in isdn_tty.c:isdn_tty_try_read() doesn't escape a DLE if it's
        the last character.
      
      - The loop in isdn_common.c:isdn_readbchan_tty() doesn't copy its characters,
        it only remembers the last one ("last = *p;").
      
        Compare it with the loop in isdn_common.c:isdn_readbchan(), that *does*
        copy them ("*cp++ = *p;") correctly.
        The special handling of the "last" character made it more difficult.
        I compared it to linux-2.4.19: There was no "last"-handling and both loops
        did escape and copy all characters correctly.
      Signed-off-by: default avatarMatthias Goebl <matthias.goebl@goebl.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7fde4d77
    • Matthias Goebl's avatar
      [ISDN] i4l: 'NO CARRIER' message lost after ldisc flush · 00409bb0
      Matthias Goebl authored
      The ISDN tty layer doesn't produce a 'NO CARRIER' message after hangup.
      
      I suppose it broke when tty_buffer_flush() has been added to
      tty_ldisc_flush() in the commit below.
      
      For isdn_tty_modem_result(RESULT_NO_CARRIER..) the
      message inserted via isdn_tty_at_cout() -> tty_insert_flip_char()
      is flushed immediately by tty_ldisc_flush() -> tty_buffer_flush().
      More annoyingly, the audio abort sequence DLE-ETX is also lost.
      
      This patch fixes only active audio connections, because I assume that nobody
      changes the line discipline for audio.
      
      For non-audio connections the problem remains.
      Maybe we can remove the tty_ldisc_flush() in isdn_tty_modem_result()
      at all because it's done at tty_close?
      
      On Mon, May 07, 2007 at 04:05:57PM -0500, Paul Fulghum wrote:
      > Flush the tty flip buffer when the line discipline
      > input queue is flushed, including the user call
      > tcflush(TCIFLUSH/TCIOFLUSH). This prevents unexpected
      > stale data after a user application calls tcflush().
      >
      > Cc: Alan Cox <alan@lxorguk.org.uk>
      > Cc: Antonino Ingargiola <tritemio@gmail.com>
      > Signed-off-by: Paul Fulghum <paulkf@microgate.com>
      >
      > --- a/drivers/char/tty_io.c	2007-05-04 05:46:55.000000000 -0500
      > +++ b/drivers/char/tty_io.c	2007-05-05 03:23:46.000000000 -0500
      > @@ -1240,6 +1263,7 @@ void tty_ldisc_flush(struct tty_struct *
      >  			ld->flush_buffer(tty);
      >  		tty_ldisc_deref(ld);
      >  	}
      > +	tty_buffer_flush(tty);
      [..]
      Signed-off-by: default avatarMatthias Goebl <matthias.goebl@goebl.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00409bb0
    • Li Zefan's avatar
      [CONNECTOR]: Return proper error code in cn_call_callback() · 134d99e3
      Li Zefan authored
      Error code should be set to EINVAL instead of ENODEV if !queue_work().
      There's another call of queue_work() which may set err to EINVAL.
      Signed-off-by: default avatarLi Zefan <lizf@cn.fujitsu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      134d99e3
    • Mark McLoughlin's avatar
      [INET]: Fix netdev renaming and inet address labels · 44344b2a
      Mark McLoughlin authored
      When re-naming an interface, the previous secondary address
      labels get lost e.g.
      
        $> brctl addbr foo
        $> ip addr add 192.168.0.1 dev foo
        $> ip addr add 192.168.0.2 dev foo label foo:00
        $> ip addr show dev foo | grep inet
          inet 192.168.0.1/32 scope global foo
          inet 192.168.0.2/32 scope global foo:00
        $> ip link set foo name bar
        $> ip addr show dev bar | grep inet
          inet 192.168.0.1/32 scope global bar
          inet 192.168.0.2/32 scope global bar:2
      
      Turns out to be a simple thinko in inetdev_changename() - clearly we
      want to look at the address label, rather than the device name, for
      a suffix to retain.
      Signed-off-by: default avatarMark McLoughlin <markmc@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      44344b2a
    • David S. Miller's avatar
      14be85f5
    • David S. Miller's avatar
      [CASSINI]: Fix two obvious NAPI bugs. · 86216268
      David S. Miller authored
      1) close should do napi_disable() not napi_enable
      2) remove unused local var 'todo'
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      86216268
    • David S. Miller's avatar
      [CASSINI]: Set skb->truesize properly on receive packets. · d011a231
      David S. Miller authored
      skb->truesize was not being incremented at all to
      reflect the page based data added to RX SKBs.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d011a231
    • David S. Miller's avatar
    • David S. Miller's avatar
      [CASSINI]: Revert 'dont touch page_count'. · 9de4dfb4
      David S. Miller authored
      This reverts changeset fa4f0774
      ([CASSINI]: dont touch page_count) because it breaks the driver.
      
      The local page counting added by this changeset did not account
      for the asynchronous page count changes done by kfree_skb()
      and friends.
      
      The change adds extra atomics and on top of it all appears to be
      totally unnecessary as well.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Acked-by: default avatarNick Piggin <npiggin@suse.de>
      9de4dfb4
    • Al Viro's avatar
      [CASSINI]: Fix endianness bug. · e5e02540
      Al Viro authored
      Here's proposed fix for RX checksum handling in cassini; it affects
      little-endian working with half-duplex gigabit, but obviously needs
      testing on big-endian too.
      
      The problem is, we need to convert checksum to fixed-endian *before*
      correcting for (unstripped) FCS.  On big-endian it won't matter
      (conversion is no-op), on little-endian it will, but only if FCS is
      not stripped by hardware; i.e. in half-duplex gigabit mode when
      ->crc_size is set.
      
      cassini.c part is that fix, cassini.h one consists of trivial
      endianness annotations.  With that applied the sucker is endian-clean,
      according to sparse.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e5e02540
    • Eric Dumazet's avatar
      [XFRM]: Do not define km_migrate() if !CONFIG_XFRM_MIGRATE · 2d60abc2
      Eric Dumazet authored
      In include/net/xfrm.h we find :
      
      #ifdef CONFIG_XFRM_MIGRATE
      extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
                            struct xfrm_migrate *m, int num_bundles);
      ...
      #endif
      
      We can also guard the function body itself in net/xfrm/xfrm_state.c
      with same condition.
      
      (Problem spoted by sparse checker)
      make C=2 net/xfrm/xfrm_state.o
      ...
      net/xfrm/xfrm_state.c:1765:5: warning: symbol 'km_migrate' was not declared. Should it be static?
      ...
      Signed-off-by: default avatarEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d60abc2
    • Julia Lawall's avatar
      [X25]: Add missing x25_neigh_put · 76975f8a
      Julia Lawall authored
      The function x25_get_neigh increments a reference count.  At the point of
      the second goto out, the result of calling x25_get_neigh is only stored in
      a local variable, and thus no one outside the function will be able to
      decrease the reference count.  Thus, x25_neigh_put should be called before
      the return in this case.
      
      The problem was found using the following semantic match.
      (http://www.emn.fr/x-info/coccinelle/)
      
      // <smpl>
      
      @@
      type T,T1,T2;
      identifier E;
      statement S;
      expression x1,x2,x3;
      int ret;
      @@
      
        T E;
        ...
      * if ((E = x25_get_neigh(...)) == NULL)
        S
        ... when != x25_neigh_put(...,(T1)E,...)
            when != if (E != NULL) { ... x25_neigh_put(...,(T1)E,...); ...}
            when != x1 = (T1)E
            when != E = x3;
            when any
        if (...) {
          ... when != x25_neigh_put(...,(T2)E,...)
              when != if (E != NULL) { ... x25_neigh_put(...,(T2)E,...); ...}
              when != x2 = (T2)E
      (
      *   return;
      |
      *   return ret;
      )
        }
      // </smpl>
      Signed-off-by: default avatarJulia Lawall <julia@diku.dk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      76975f8a
  3. 03 Jan, 2008 15 commits
  4. 02 Jan, 2008 7 commits