- Jul 19, 2008
-
-
Adrian Bunk authored
-
Adrian Bunk authored
Signed-off-by:Adrian Bunk <bunk@kernel.org>
-
Tony Luck authored
The compiler team did the hard work for this distilling a problem in large fortran application which showed up when applied to a 290MB input data set down to this instruction: ldfd f34=[r17],-8 Which they noticed incremented r17 by 0x10 rather than decrementing it by 8 when the value in r17 caused an unaligned data fault. I tracked it down to some bad instruction decoding in unaligned.c. The code assumes that the 'x' bit can determine whether the instruction is an "ldf" or "ldfp" ... which it is for opcode=6 (see table 4-29 on page 3:302 of the SDM). But for opcode=7 the 'x' bit is irrelevent, all variants are "ldf" instructions (see table 4-36 on page 3:306). Note also that interpreting the instruction as "ldfp" means that the "paired" floating point register (f35 in the example here) will also be corrupted. Signed-off-by:Tony Luck <tony.luck@intel.com> Signed-off-by:
-
Ian Pickworth authored
- fix temporary debug code by changing printk to dprintk at level 1. - move CORE_IOCTL messages from level 1 to level 2. - this should help with selective debugging, while not filling people's logs up during normal use. Signed-off-by:
Ian Pickworth <ian@pickworth.me.uk> Signed-off-by:
Michael Krufky <mkrufky@linuxtv.org> Signed-off-by:
Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by:
-
David S. Miller authored
As noticed by Gabriel Campana, the kmalloc() length arg passed in by sctp_getsockopt_local_addrs_old() can overflow if ->addr_num is large enough. Therefore, enforce an appropriate limit. Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Nicholas Piggin authored
If prepare_write fails with AOP_TRUNCATED_PAGE, or if commit_write fails, then we may have failed the write operation despite prepare_write having instantiated blocks past i_size. Fix this, and consolidate the trimming into one place. Signed-off-by:
Nick Piggin <npiggin@suse.de> Signed-off-by:
-
Alan Stern authored
This patch (as905) removes a micro-optimization from the hub port initialization code. Previously we had been using a short timeout on the first attempt the read the device descriptor; now we will use the standard timeout length. It's not clear that the short timeout ever provided any benefit. And now we know of one case where it actually hurts: The device can't meet the short timeout and then it gets terminally confused. This fixes Bugzilla #8444. Signed-off-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by:
-
Ivan Kokshaysky authored
Override compiler .arch directive for generic kernel build. Signed-off-by:
Ivan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by:
Richard Henderson <rth@twiddle.net> Signed-off-by:
-
Ivan Kokshaysky authored
On alpha, ia64 and ppc64 only relocations to local data can go into read-only sections. The vast majority of module parameters use the global generic param_set_*/param_get_* functions, so the 'const' attribute for struct kernel_param is not only useless, but it also causes compile failures due to 'section type conflict' in those rare cases where param_set/get are local functions. This fixes http://bugzilla.kernel.org/show_bug.cgi?id=8964 Signed-off-by:
-
Adrian Bunk authored
static inline functions mustn't be exported. Signed-off-by: -
Adrian Bunk authored
static functions mustn't be exported. Signed-off-by:
-
- Jul 16, 2008
-
-
Adrian Bunk authored
-
- Jul 14, 2008
-
-
Adrian Bunk authored
-
3ware Inc authored
Use default DMA data direction to prevent data corruption when using SWIOTLB with 4GB+ on EM64T. http://www.3ware.com/KB/article.aspx?id=15243&cNode=6I1C6S Acked-by:
Jean Delvare <jdelvare@suse.de> Signed-off-by:
-
Al Viro authored
fcntl_setlk()/close() race prevention has a subtle hole - we need to make sure that if we *do* have an fcntl/close race on SMP box, the access to descriptor table and inode->i_flock won't get reordered. As it is, we get STORE inode->i_flock, LOAD descriptor table entry vs. STORE descriptor table entry, LOAD inode->i_flock with not a single lock in common on both sides. We do have BKL around the first STORE, but check in locks_remove_posix() is outside of BKL and for a good reason - we don't want BKL on common path of close(2). Solution is to hold ->file_lock around fcheck() in there; that orders us wrt removal from descriptor table that preceded locks_remove_posix() on close path and we either come first (in which case eviction will be handled by the close side) or we'll see the effect of close and do eviction ourselves. Note that even though it's read-only access, we do need ->file_lock here - rcu_read_lock() won't be enough to order the things. Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
David S. Miller authored
Noticed by Paul Marks <paul@pmarks.net>. Signed-off-by:
-
David S. Miller authored
net/ipv4/netfilter/ip_nat_snmp_basic.c: In function 'asn1_header_decode': net/ipv4/netfilter/ip_nat_snmp_basic.c:248: warning: 'len' may be used unini net/ipv4/netfilter/ip_nat_snmp_basic.c:248: warning: 'def' may be used unini net/ipv4/netfilter/ip_nat_snmp_basic.c: In function 'snmp_translate': net/ipv4/netfilter/ip_nat_snmp_basic.c:672: warning: 'l' may be used uniniti net/ipv4/netfilter/ip_nat_snmp_basic.c:668: warning: 'type' may be used unin Signed-off-by:
-
Chris Wright authored
- Don't trust a length which is greater than the working buffer. An invalid length could cause overflow when calculating buffer size for decoding oid. - An oid length of zero is invalid and allows for an off-by-one error when decoding oid because the first subid actually encodes first 2 subids. - A primitive encoding may not have an indefinite length. Thanks to Wei Wang from McAfee for report. Acked-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
Chris Wright <chrisw@sous-sol.org> Signed-off-by:
-
Patrick McHardy authored
Upstream commit: 607bfbf2 When selecting a new window, tcp_select_window() tries not to shrink the offered window by using the maximum of the remaining offered window size and the newly calculated window size. The newly calculated window size is always a multiple of the window scaling factor, the remaining window size however might not be since it depends on rcv_wup/rcv_nxt. This means we're effectively shrinking the window when scaling it down. The dump below shows the problem (scaling factor 2^7): - Window size of 557 (71296) is advertised, up to 3111907257: IP 172.2.2.3.33000 > 172.2.2.2.33000: . ack 3111835961 win 557 <...> - New window size of 514 (65792) is advertised, up to 3111907217, 40 bytes below the last end: IP 172.2.2.3.33000 > 172.2.2.2.33000: . 3113575668:3113577116(1448) ack 3111841425 win 514 <...> The number 40 results from downscaling the remaining window: 3111907257 - 3111841425 = 65832 65832 / 2^7 = 514 65832 % 2^7 = 40 If the sender uses up the entire window before it is shrunk, this can have chaotic effects on the connection. When sending ACKs, tcp_acceptable_seq() will notice that the window has been shrunk since tcp_wnd_end() is before tp->snd_nxt, which makes it choose tcp_wnd_end() as sequence number. This will fail the receivers checks in tcp_sequence() however since it is before it's tp->rcv_wup, making it respond with a dupack. If both sides are in this condition, this leads to a constant flood of ACKs until the connection times out. Make sure the window is never shrunk by aligning the remaining window to the window scaling factor. Signed-off-by:
-
Juergen Beisert authored
Due to index register access ordering problems, when using macros a line like this fails (and does nothing): setCx86(CX86_CCR2, getCx86(CX86_CCR2) | 0x88); With inlined functions this line will work as expected. Note about a side effect: Seems on Geode GX1 based systems the "suspend on halt power saving feature" was never enabled due to this wrong macro expansion. With inlined functions it will be enabled, but this will stop the TSC when the CPU runs into a HLT instruction. Kernel output something like this: Clocksource tsc unstable (delta = -472746897 ns) This is the 3rd version of this patch. - Adding missed arch/i386/kernel/cpu/mtrr/state.c Thanks to Andres Salomon - Adding some big fat comments into the new header file Suggested by Andi Kleen AK: fixed x86-64 compilation Adrian Bunk: Added workaround for x86_64 compilation. Signed-off-by:Juergen Beisert <juergen@kreuzholzen.de> Signed-off-by:
Andi Kleen <ak@suse.de> Signed-off-by:
-
- Apr 10, 2008
-
-
Heiko Carstens authored
From: Heiko Carstens <heiko.carstens@de.ibm.com> We got several false bug reports because of enabled CONFIG_DETECT_SOFTLOCKUP. Disable soft lockup detection on s390, since it doesn't work on a virtualized architecture. Signed-off-by:
Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by:
-
- Mar 19, 2008
-
-
Thomas Graf authored
Fixes a typo which caused fib_props[] to have the wrong size and makes sure the value used to index the array which is provided by userspace via netlink is checked to avoid out of bound access. Signed-off-by:
Thomas Graf <tgraf@suug.ch> Signed-off-by:
-
Oliver Neukum authored
I overlooked one. Setting the flag and killing the URBs must be under the lo so that no URB is submitted after usb_kill_urb() Adrian Bunk: Backported to 2.6.16. Signed-off-by:
Oliver Neukum <oliver@neukum.org> Signed-off-by:
-
- Mar 14, 2008
-
-
Adrian Bunk authored
Building kernel 2.6.16 with gcc 4.3 is completely untested, and you might run into both kernel and gcc problems (as always with new gcc versions). For making this obvious the kernel build now #error's when trying to build with gcc >= 4.3. The kernel might work fine when compiled with gcc 4.3 and it's therefore possible to remove the #error, but if someone really longs for regressions he can as well try a more recent kernel instead. Signed-off-by:
-
- Jan 27, 2008
-
-
Adrian Bunk authored
-
- Jan 21, 2008
-
-
Adrian Bunk authored
-
Trond Myklebust authored
It looks like nfs_setattr() and nfs_rename() also need to test whether the target is a regular file before calling nfs_wb_all()... It isn't technically needed since the version of nfs_wb_all() that exists on 2.6.16 should be safe to call on non-regular files (it will be a no-op). However it is a useful optimisation. Signed-off-by:
Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by:
-
Trond Myklebust authored
Ensure that we flush out writes in the case when someone calls utimes() in order to set the file times. Signed-off-by:
-
Ingo Molnar authored
fix: http://bugzilla.kernel.org/show_bug.cgi?id=3043 only allow coredumping to the same uid that the coredumping task runs under. Signed-off-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
-
Karsten Keil authored
Fix possible memory overrun issue in the isdn ioctl code. Found by ADLAB <adlab@venustech.com.cn> Signed-off-by:
Karsten Keil <kkeil@suse.de> Signed-off-by:
-
Karsten Keil authored
Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416 Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Adrian Bunk authored
Signed-off-by: -
Ben Collins authored
Signed-off-by:
Ben Collins <bcollins@ubuntu.com> Signed-off-by:
-
Herbert Xu authored
[ Upstream commit: 1c9b7aa1 ] Al went through the ip_fast_csum callers and found this piece of code that did not validate the IP header. While root crashing the machine by sending bogus packets through raw or AF_PACKET sockets isn't that serious, it is still nice to react gracefully. This patch ensures that the skb has enough data for an IP header and that the header length field is valid. Adrian Bunk: Backported to 2.6.16 following instructions by David Miller. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
- Jan 20, 2008
-
-
Eric Dumazet authored
[ Upstream commit: d8c92830 ] I noticed "ip route list cache x.y.z.t" can be *very* slow. While strace-ing -T it I also noticed that first part of route cache is fetched quite fast : recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202 GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = +3772 <0.000047> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"\234\0\0\0\30\0\2\0\254i\ 202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) += 3736 <0.000042> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"\204\0\0\0\30\0\2\0\254i\ 202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) += 3740 <0.000055> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"\234\0\0\0\30\0\2\0\254i\ 202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) += 3712 <0.000043> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"\204\0\0\0\30\0\2\0\254i\ 202GXm\0\0\2 \0\376\0\0\1\0\2"..., 16384}], msg_controllen=0, msg_flags=0}, 0) += 3732 <0.000053> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202 GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = +3708 <0.000052> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202 GXm\0\0\2 \0\376\0\0\2\0\2\0"..., 16384}], msg_controllen=0, msg_flags=0}, 0) = +3680 <0.000041> while the part at the end of the table is more expensive: recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"\204\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\1\0\2"..., +16384}], msg_controllen=0, msg_flags=0}, 0) = 3656 <0.003857> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"\204\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\1\0\2"..., +16384}], msg_controllen=0, msg_flags=0}, 0) = 3772 <0.003891> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\2\0\2\0"..., +16384}], msg_controllen=0, msg_flags=0}, 0) = 3712 <0.003765> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\2\0\2\0"..., +16384}], msg_controllen=0, msg_flags=0}, 0) = 3700 <0.003879> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\2\0\2\0"..., +16384}], msg_controllen=0, msg_flags=0}, 0) = 3676 <0.003797> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"p\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\2\0\2\0"..., +16384}], msg_controllen=0, msg_flags=0}, 0) = 3724 <0.003856> recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, +msg_iov(1)=[{"\234\0\0\0\30\0\2\0\254i\202GXm\0\0\2 \0\376\0\0\1\0\2"..., +16384}], msg_controllen=0, msg_flags=0}, 0) = 3736 <0.003848> The following patch corrects this performance/latency problem, removing quadratic behavior. Signed-off-by:
Eric Dumazet <dada1@cosmosbay.com> Signed-off-by:
-
Al Viro authored
New types - for 16bit checksums and "unfolded" 32bit variant. Signed-off-by:
-
David S. Miller authored
[ Upstream commit: d011a231 ] skb->truesize was not being incremented at all to reflect the page based data added to RX SKBs. Signed-off-by:
-
Al Viro authored
[ Upstream commit: e5e02540 ] Here's proposed fix for RX checksum handling in cassini; it affects little-endian working with half-duplex gigabit, but obviously needs testing on big-endian too. The problem is, we need to convert checksum to fixed-endian *before* correcting for (unstripped) FCS. On big-endian it won't matter (conversion is no-op), on little-endian it will, but only if FCS is not stripped by hardware; i.e. in half-duplex gigabit mode when ->crc_size is set. cassini.c part is that fix, cassini.h one consists of trivial endianness annotations. With that applied the sucker is endian-clean, according to sparse. Signed-off-by:
-
Chas Williams authored
[ Upstream commit: 52961955 ] Adrian Bunk: Backported to 2.6.16. Signed-off-by:
Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by:
-
