Commit graph

86663 commits

Author SHA1 Message Date
Haavard Skinnemoen
325d6f5593 avr32: Fix OCD refcounting bug
Iff the parent has TIF_DEBUG set, _and_ clone_flags includes
CLONE_PTRACE we should set the TIF_DEBUG flag for the child and
increment the ocd refcount. Otherwise, the TIF_DEBUG flag must be
unset.

Currently, the child inherits TIF_DEBUG from the parent before
copy_thread is called, so TIF_DEBUG may be already be set before we
determine whether the child is supposed to inherit debugging
capabilities from the parent or not. This means that ocd_enable()
won't increment the refcount, because TIF_DEBUG is already set, and
that TIF_DEBUG will be set for processes that aren't being debugged.

This leads to a refcounting asymmetry, which may show up as

------------[ cut here ]------------
Badness at arch/avr32/kernel/ocd.c:73
PC is at ocd_disable+0x34/0x60
LR is at put_lock_stats+0xa/0x20

as reported by David Brownell. Happens when strace'ing a process that
forks a new child process, e.g. "strace mount -tjffs2 mtd1 /mnt", and
subsequently killing the child process (e.g. "umount /mnt".)

Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
2008-02-27 14:23:53 +01:00
Pavel Emelyanov
b37d428b24 [INET]: Don't create tunnels with '%' in name.
Four tunnel drivers (ip_gre, ipip, ip6_tunnel and sit) can receive a
pre-defined name for a device from the userspace.  Since these drivers
call the register_netdevice() (rtnl_lock, is held), which does _not_
generate the device's name, this name may contain a '%' character.

Not sure how bad is this to have a device with a '%' in its name, but
all the other places either use the register_netdev(), which call the
dev_alloc_name(), or explicitly call the dev_alloc_name() before
registering, i.e. do not allow for such names.

This had to be prior to the commit 34cc7b, but I forgot to number the
patches and this one got lost, sorry.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-26 23:51:04 -08:00
Jeremy Kerr
d58831375d [POWERPC] spufs: fix context destruction during psmap fault
We have a small window where a spu context may be destroyed while
we're servicing a page fault (from another thread) to the context's
problem state mapping.

After we up_read() the mmap_sem, it's possible that the context is
destroyed by its owning thread, and so the later references to ctx
are invalid. This can maifest as a deadlock on the (now free()-ed)
context state mutex.

This change adds a reference to the context before we release the
mmap_sem, so that the context cannot be destroyed.

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
2008-02-27 18:47:53 +11:00
David S. Miller
d9595a7b9c [AF_KEY]: Fix oops by converting to proc_net_*().
To make sure the procfs visibility occurs after the ->proc_fs ops are
setup, use proc_net_fops_create() and proc_net_remove().

This also fixes an OOPS after module unload in that the name string
for remove was wrong, so it wouldn't actually be removed.  That bug
was introduced by commit 61145aa1a1
("[KEY]: Clean up proc files creation a bit.")

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-26 22:23:31 -08:00
Li Zefan
78374676ef CONNECTOR: make cn_already_initialized static
It is used in connector.c only, so make it static.

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-26 18:42:44 -08:00
Bjorn Mork
148f97292e [IPV4]: Reset scope when changing address
This bug did bite at least one user, who did have to resort to rebooting
the system after an "ifconfig eth0 127.0.0.1" typo.

Deleting the address and adding a new is a less intrusive workaround.
But I still beleive this is a bug that should be fixed.  Some way or
another.

Another possibility would be to remove the scope mangling based on
address.  This will always be incomplete (are 127/8 the only address
space with host scope requirements?)

We set the scope to RT_SCOPE_HOST if an IPv4 interface is configured
with a loopback address (127/8).  The scope is never reset, and will
remain set to RT_SCOPE_HOST after changing the address. This patch
resets the scope if the address is changed again, to restore normal
functionality.

Signed-off-by: Bjorn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-26 18:42:41 -08:00
Benjamin Thery
f1243c2db6 [IPV6]: Add missing initializations of the new nl_info.nl_net field
Add some more missing initializations of the new nl_info.nl_net field
in IPv6 stack. This field will be used when network namespaces are
fully supported.

Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-26 18:42:37 -08:00
Patrick McHardy
3dbf8d56a2 [MACVLAN]: Update Kconfig to refer to iproute
Since the macvlan release I had at least 5 users asking how to configure
it since the old userspace tool doesn't work with the version in the
kernel. Add a pointer to the Kconfig help.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-26 17:52:05 -08:00
Thomas Gleixner
3ab2273175 bluetooth: delete timer in l2cap_conn_del()
Delete a possibly armed timer before kfree'ing the connection object.

Solves: http://lkml.org/lkml/2008/2/15/514

Reported-by:Quel Qun <kelk1@comcast.net>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-26 17:42:56 -08:00
David S. Miller
622eaec613 [SPARC64]: Loosen checks in exception table handling.
Some parts of the kernel now do things like do *_user() accesses while
set_fs(KERNEL_DS) that fault on purpose.

See, for example, the code added by changeset
a0c1e9073e ("futex: runtime enable pi
and robust functionality").

That trips up the ASI sanity checking we make in do_kernel_fault().

Just remove it for now.  Maybe we can add it back later with an added
conditional which looks at the current get_fs() value.

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-26 17:30:02 -08:00
Julia Lawall
b2d7c7f7a6 arch/sh/drivers/dma/dma-sh.c: Correct use of ! and &
In commit e6bafba5b4, a bug was fixed that
involved converting !x & y to !(x & y).  The code below shows the same
pattern, and thus should perhaps be fixed in the same way.

This is not tested and clearly changes the semantics, so it is only
something to consider.

The semantic patch that makes this change is as follows:
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@@ expression E1,E2; @@
(
  !E1 & !E2
|
- !E1 & E2
+ !(E1 & E2)
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2008-02-27 10:28:48 +09:00
Roland Dreier
030f1b2f5d MAINTAINERS: neteffect update
Adding Nishi to the maintainers list.

Signed-off-by: Glenn Streiff <gstreiff@neteffect.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-02-26 16:24:29 -08:00
John Lacombe
4b1cc7e7ca RDMA/nes: Fix interrupt moderation low threshold
Interrupt moderation low threshold value was incorrectly triggering,
indicating that the threshold should be lowered.

The impact was the timer was likely to become 40usecs and get stuck
there.  The biggest side effect was too many interrupts and nonoptimal
performance.

Signed-off-by: John Lacombe <jlacombe@neteffect.com>
Signed-off-by: Glenn Streiff <gstreiff@neteffect.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-02-26 16:24:29 -08:00
Faisal Latif
30da7cff87 RDMA/nes: Fix CRC endianness for RDMA connection establishment on big-endian
With commit ef19454b ("[LIB] crc32c: Keep intermediate crc state in
cpu order"), the behavior of crc32c changes on big-endian platforms.

Our algorithm expects the previous behavior; otherwise we have RDMA
connection establishment failure on big-endian platforms like powerpc.
Apply cpu_to_le32() to value returned by crc32c() to get the previous
behavior.

Signed-off-by: Faisal Latif <flatif@neteffect.com>
Signed-off-by: Glenn Streiff <gstreiff@neteffect.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-02-26 16:24:29 -08:00
Faisal Latif
a2e9c384ce RDMA/nes: Fix use-after-free in mini_cm_dec_refcnt_listen()
Fix use-after-free spotted by Coverity checker flagged by Adrian Bunk.

Signed-off-by: Faisal Latif <flatif@neteffect.com>
Signed-off-by: Glenn Streiff <gstreiff@neteffect.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-02-26 16:24:29 -08:00
Glenn Streiff
f84fba6f96 RDMA/nes: Fix use-after-free in nes_create_cq()
Just delete the debugging statement so we don't use cqp_request after
freeing it.  Adrian Bunk flagged this use-after-free issue spotted by
the Coverity checker.

Signed-off-by: Glenn Streiff <gstreiff@neteffect.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-02-26 16:24:29 -08:00
Adrian Bunk
a4435febd4 RDMA/nes: Fix a check-after-use in nes_probe()
Fix a check-after-use spotted by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Glenn Streiff <gstreiff@neteffect.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-02-26 16:24:29 -08:00
Adrian Bunk
ed0ba33d64 RDMA/nes: Fix a memory leak in schedule_nes_timer()
Fix a memory leak spotted by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Glenn Streiff <gstreiff@neteffect.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-02-26 16:24:27 -08:00
Bartlomiej Zolnierkiewicz
204f47c5a5 ide: remove stale comments from ide-dma.c (take 2)
- ide-dma.c is not a separate module

- ide-dma.c is not PCI specific anymore

- DMA is enabled by default nowadays

- link for Intel Zappa BIOS is dead

etc.

v2:
* Some comments should be preserved. (Noticed by Mark Lord)

Cc: Mark Lord <liml@rtr.ca>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:36 +01:00
Bartlomiej Zolnierkiewicz
56467d17d2 ide: remove ide-tape documentation from Documentation/ide.txt
More complete documentation is available in Documentation/ide/ide-tape.txt.

Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:36 +01:00
Bartlomiej Zolnierkiewicz
fcac6f87a5 qd65xx: remove commented out code
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:36 +01:00
Borislav Petkov
d48567dd43 ide-tape: schedule driver for removal after 6 months
Signed-off-by: Borislav Petkov <petkovbb@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:36 +01:00
Bartlomiej Zolnierkiewicz
d12faa2736 ide-disk: add missing printk() KERN_* levels
Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:36 +01:00
Bartlomiej Zolnierkiewicz
dbecebca19 ide: fix sparse warning about shadowing 'flags' symbol
drivers/ide/ide.c:801:18: warning: symbol 'flags' shadows an earlier one
drivers/ide/ide.c:732:16: originally declared here

Also fix some whitespace damage while at it.

Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:35 +01:00
Andreas Schwab
bcd88ac3b2 ide-cd: fix CD/DVD burning
Move counting of sense bytes into the transfer loop.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Acked-by: Borislav Petkov <petkovbb@gmail.com>
Cc: Kiyoshi Ueda <k-ueda@ct.jp.nec.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:35 +01:00
Bartlomiej Zolnierkiewicz
9f10d9ee0a ide-cd: fix 'ireason' handling for REQ_TYPE_ATA_PC requests
Pass 'struct request *rq' to ide_cd_check_ireason() from cdrom_newpc_intr()
and use ide_cd_check_ireason() also for REQ_TYPE_ATA_PC requests.

This fixes some hangs caused by not finishing the transfer before ending
the request and also makes use of 'ireason == 1' quirk for spurious IRQs.

Tested-by: Brad Rosser <brad.rosser@gmail.com>
Cc: Borislav Petkov <petkovbb@googlemail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:35 +01:00
Bartlomiej Zolnierkiewicz
788d669736 qd65xx: fix setup of QD6580 Control register
Control register of QD6580 should be setup before probing for devices.

Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:35 +01:00
Bartlomiej Zolnierkiewicz
c53ea18dc2 ide: skip probing port if "hdx=noprobe" was used for both devices on it
* Skip probing port if "hdx=noprobe" parameter was used for both devices on it.

* Obsolete "idex=noprobe" parameter - it only works for ide_generic, cmd640
  and PCI hosts in Compatibility mode (on alpha/x86/ia64/m32r/mips/ppc32).

Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:34 +01:00
Bartlomiej Zolnierkiewicz
cbd34d00af ide: remove redundant comment from ide_unregister()
Identical comment is present in ide_hwif_release_regions() documentation.

Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:33 +01:00
Sam Ravnborg
b66cae7672 hpt366: fix section mismatch warnings
hpt366: fix section mismatch warnings

Fix following warnings:
WARNING: o-sparc64/vmlinux.o(.data+0x195a38): Section mismatch in reference from the variable hpt37x_info.0 to the variable .devinit.data:hpt370
WARNING: o-sparc64/vmlinux.o(.data+0x195a40): Section mismatch in reference from the variable hpt37x_info.0 to the variable .devinit.data:hpt370a
WARNING: o-sparc64/vmlinux.o(.data+0x195a48): Section mismatch in reference from the variable hpt37x_info.0 to the variable .devinit.data:hpt372
WARNING: o-sparc64/vmlinux.o(.data+0x195a50): Section mismatch in reference from the variable hpt37x_info.0 to the variable .devinit.data:hpt372n

Replace a static array with a small switch resulting in
more readable code.
Mark the pci table __devinitconst.

A lot of variables are const but annotated __devinitdata.
Annotating them __devinitconst would cause a section type
conflict error when build for 64 bit powerpc.

Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:33 +01:00
Borislav Petkov
acbe44e627 ide-cd: Enable audio play quirk for Optiarc DVD RW AD-5200A drive
Reported-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Borislav Petkov <petkovbb@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
2008-02-26 21:50:32 +01:00
Linus Torvalds
7704a8b6fc Merge branch 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6
* 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6:
  [XFS] Undo bit ops cleanup mod due to regression on 32-bit powermac
  [XFS] Undo bit ops cleanup mod due to regression on 32-bit powermac
  Remove empty file fs/xfs/Makefile-linux-2.6.
2008-02-26 07:55:29 -08:00
Linus Torvalds
adefe11c53 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: add missing ext4_journal_stop()
  ext4: ext4_find_next_zero_bit needs an aligned address on some arch
  ext4: set EXT4_EXTENTS_FL only for directory and regular files
  ext4: Don't mark filesystem error if fallocate fails
  ext4: Fix BUG when writing to an unitialized extent
  ext4: Don't use ext4_dec_count() if not needed
  ext4: modify block allocation algorithm for the last group
  ext4: Don't claim block from group which has corrupt bitmap
  ext4: Get journal write access before modifying the extent tree
  ext4: Fix memory and buffer head leak in callers to ext4_ext_find_extent()
  ext4: Don't leave behind a half-created inode if ext4_mkdir() fails
  ext4: Fix kernel BUG at fs/ext4/mballoc.c:910!
  ext4: Fix locking hierarchy violation in ext4_fallocate()
  Remove incorrect BKL comments in ext4
2008-02-26 07:50:16 -08:00
Linus Torvalds
3d6ce33253 Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  Revert "power_state: get rid of write-only variable in SATA"
  make atapi_dmadir static
2008-02-26 07:49:36 -08:00
Linus Torvalds
3fca96eed1 Merge branch 'v2.6.25-rc3-lockdep' of git://git.kernel.org/pub/scm/linux/kernel/git/peterz/linux-2.6-lockdep
* 'v2.6.25-rc3-lockdep' of git://git.kernel.org/pub/scm/linux/kernel/git/peterz/linux-2.6-lockdep:
  Subject: lockdep: include all lock classes in all_lock_classes
  lockdep: increase MAX_LOCK_DEPTH
2008-02-26 07:49:15 -08:00
Linus Torvalds
98c1fc934c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: fix NULL pointer deref. and resource leak
  Documentation: correction to debugging-via-ohci1394
  ieee1394: sbp2: fix rescan-scsi-bus
  firewire: fw-sbp2: fix NULL pointer deref. in scsi_remove_device
  firewire: fw-sbp2: fix NULL pointer deref. in slave_alloc
  firewire: fw-sbp2: (try to) avoid I/O errors during reconnect
  firewire: fw-sbp2: enforce a retry of __scsi_add_device if bus generation changed
  firewire: fw-sbp2: sort includes
  firewire: fw-sbp2: logout and login after failed reconnect
  firewire: fw-sbp2: don't add scsi_device twice
  firewire: fw-sbp2: log bus_id at management request failures
  firewire: fw-sbp2: wait for completion of fetch agent reset
  ieee1394: sbp2: add INQUIRY delay workaround
  firewire: fw-sbp2: add INQUIRY delay workaround
  firewire: log GUID of new devices
  firewire: fw-sbp2: don't retry login or reconnect after unplug
  firewire: fix "kobject_add failed for fw* with -EEXIST"
  firewire: fw-sbp2: fix logout before login retry
  firewire: fw-sbp2: unsigned int vs. unsigned
2008-02-26 07:48:27 -08:00
Linus Torvalds
7c811e4b6a Merge git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86: (24 commits)
  x86: no robust/pi futex for real i386 CPUs
  x86: fix boot failure on 486 due to TSC breakage
  x86: fix build on non-C locales.
  x86: make c_idle.work have a static address.
  x86: don't save unreliable stack trace entries
  x86: don't make swapper_pg_pmd global
  x86: don't print a warning when MTRR are blank and running in KVM
  x86: fix execve with -fstack-protect
  x86: fix vsyscall wreckage
  x86: rename KERNEL_TEXT_SIZE => KERNEL_IMAGE_SIZE
  x86: fix spontaneous reboot with allyesconfig bzImage
  x86: remove double-checking empty zero pages debug
  x86: notsc is ignored on common configurations
  x86/mtrr: fix kernel-doc missing notation
  x86: handle BIOSes which terminate e820 with CF=1 and no SMAP
  x86: add comments for NOPs
  x86: don't use P6_NOPs if compiling with CONFIG_X86_GENERIC
  x86: require family >= 6 if we are using P6 NOPs
  x86: do not promote TM3x00/TM5x00 to i686-class
  x86: hpet fix docbook comment
  ...
2008-02-26 07:44:09 -08:00
Linus Torvalds
37c00b84d0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched:
  latencytop: change /proc task_struct access method
  latencytop: fix memory leak on latency proc file
  latencytop: fix kernel panic while reading latency proc file
  sched: add declaration of sched_tail to sched.h
  sched: fix signedness warnings in sched.c
  sched: clean up __pick_last_entity() a bit
  sched: remove duplicate code from sched_fair.c
  sched: make early bootup sched_clock() use safer
2008-02-26 07:43:31 -08:00
Tejun Heo
cf3680b90c printk: fix possible printk overrun
printk recursion detection prepends message to printk_buf and offsets
printk_buf when actual message is printed but it forgets to trim buffer
length accordingly. This can result in overrun in extreme cases. Fix it.

[ mingo@elte.hu:

  bug was introduced by me via:

   commit 32a7600668
   Author: Ingo Molnar <mingo@elte.hu>
   Date:   Fri Jan 25 21:07:58 2008 +0100

       printk: make printk more robust by not allowing recursion
]

Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-02-26 07:42:37 -08:00
Thomas Gleixner
f18edc95a3 x86: no robust/pi futex for real i386 CPUs
Real i386 CPUs do not have cmpxchg instructions. Catch it before
crashing on an invalid opcode.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-02-26 12:56:06 +01:00
Mikael Pettersson
12c247a671 x86: fix boot failure on 486 due to TSC breakage
> Diffing dmesg between git7 and git8 doesn't sched any light since
 > git8 also removed the printouts of the x86 caps as they were being
 > initialised and updated. I'm currently adding those printouts back
 > in the hope of seeing where and when the caps get broken.

That turned out to be very illuminating:

 --- dmesg-2.6.24-git7	2008-02-24 18:01:25.295851000 +0100
 +++ dmesg-2.6.24-git8	2008-02-24 18:01:25.530358000 +0100
 ...
 CPU: After generic identify, caps: 00000003 00000000 00000000 00000000 00000000 00000000 00000000 00000000

 CPU: After all inits, caps: 00000003 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+CPU: After applying cleared_cpu_caps, caps: 00000013 00000000 00000000 00000000 00000000 00000000 00000000 00000000

Notice how the TSC cap bit goes from Off to On.

(The first two lines are printout loops from -git7 forward-ported
to -git8, the third line is the same printout loop added just after
the xor-with-cleared_cpu_caps[] loop.)

Here's how the breakage occurs:
1. arch/x86/kernel/tsc_32.c:tsc_init() sees !cpu_has_tsc,
   so bails and calls setup_clear_cpu_cap(X86_FEATURE_TSC).
2. include/asm-x86/cpufeature.h:setup_clear_cpu_cap(bit) clears
   the bit in boot_cpu_data and sets it in cleared_cpu_caps
3. arch/x86/kernel/cpu/common.c:identify_cpu() XORs all caps
   in with cleared_cpu_caps
   HOWEVER, at this point c->x86_capability correctly has TSC
   Off, cleared_cpu_caps has TSC On, so the XOR incorrectly
   sets TSC to On in c->x86_capability, with disastrous results.

The real bug is that clearing bits with XOR only works if the
bits are known to be 1 prior to the XOR, and that's not true here.

A simple fix is to convert the XOR to AND-NOT instead. The following
patch does that, and allows my 486 to boot 2.6.25-rc kernels again.

[ mingo@elte.hu: fixed a similar bug in setup_64.c as well. ]

The breakage was introduced via commit 7d851c8d3d.

Signed-off-by: Mikael Pettersson <mikpe@it.uu.se>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:56:04 +01:00
Priit Laes
03994f01e8 x86: fix build on non-C locales.
For some locales regex range [a-zA-Z] does not work as it is supposed to.
so we have to use [:alnum:] and [:xdigit:] to make it work as intended.

[1] http://en.wikipedia.org/wiki/Estonian_alphabet

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:56:02 +01:00
Glauber Costa
2b775a27c0 x86: make c_idle.work have a static address.
Currently, c_idle is declared in the stack, and thus, have no static address.

Peter Zijlstra points out this simple solution, in which c_idle.work
is initializated separatedly. Note that the INIT_WORK macro has a static
declaration of a key inside.

Signed-off-by: Glauber Costa <gcosta@redhat.com>
Acked-by: Peter Zijlstra <pzijlstr@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:56:02 +01:00
Vegard Nossum
1650743cdc x86: don't save unreliable stack trace entries
Currently, there is no way for print_stack_trace() to determine whether
a given stack trace entry was deemed reliable or not, simply because
save_stack_trace() does not record this information. (Perhaps needless
to say, this makes the saved stack traces A LOT harder to read, and
probably with no other benefits, since debugging features that use
save_stack_trace() most likely also require frame pointers, etc.)

This patch reverts to the old behaviour of only recording the reliable trace
entries for saved stack traces.

Signed-off-by: Vegard Nossum <vegardno@ifi.uio.no>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:55:58 +01:00
Adrian Bunk
ed2b7e2b1d x86: don't make swapper_pg_pmd global
There doesn't seem to be any reason for swapper_pg_pmd being global.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:55:58 +01:00
Joerg Roedel
4147c8747e x86: don't print a warning when MTRR are blank and running in KVM
Inside a KVM virtual machine the MTRRs are usually blank. This confuses Linux
and causes a warning message at boot. This patch removes that warning message
when running Linux as a KVM guest.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:55:57 +01:00
Ingo Molnar
5d119b2c9a x86: fix execve with -fstack-protect
pointed out by pageexec@freemail.hu:

> what happens here is that gcc treats the argument area as owned by the
> callee, not the caller and is allowed to do certain tricks. for ssp it
> will make a copy of the struct passed by value into the local variable
> area and pass *its* address down, and it won't copy it back into the
> original instance stored in the argument area.
>
> so once sys_execve returns, the pt_regs passed by value hasn't at all
> changed and its default content will cause a nice double fault (FWIW,
> this part took me the longest to debug, being down with cold didn't
> help it either ;).

To fix this we pass in pt_regs by pointer.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2008-02-26 12:55:57 +01:00
Thomas Gleixner
ce28b9864b x86: fix vsyscall wreckage
based on a report from Arne Georg Gleditsch about user-space apps
misbehaving after toggling /proc/sys/kernel/vsyscall64, a review
of the code revealed that the "NOP patching" done there is
fundamentally unsafe for a number of reasons:

1) the patching code runs without synchronizing other CPUs

2) it inserts NOPs even if there is no clock source which provides vread

3) when the clock source changes to one without vread we run in
   exactly the same problem as in #2

4) if nobody toggles the proc entry from 1 to 0 and to 1 again, then
   the syscall is not patched out

as a result it is possible to break user-space via this patching.
The only safe thing for now is to remove the patching.

This code was broken since v2.6.21.

Reported-by: Arne Georg Gleditsch <arne.gleditsch@dolphinics.no>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:55:57 +01:00
Ingo Molnar
d4afe41418 x86: rename KERNEL_TEXT_SIZE => KERNEL_IMAGE_SIZE
The KERNEL_TEXT_SIZE constant was mis-named, as we not only map the kernel
text but data, bss and init sections as well.

That name led me on the wrong path with the KERNEL_TEXT_SIZE regression,
because i knew how big of _text_ my images have and i knew about the 40 MB
"text" limit so i wrongly thought to be on the safe side of the 40 MB limit
with my 29 MB of text, while the total image size was slightly above 40 MB.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:55:56 +01:00
Ingo Molnar
88f3aec7af x86: fix spontaneous reboot with allyesconfig bzImage
recently the 64-bit allyesconfig bzImage kernel started spontaneously
rebooting during early bootup.

after a few fun hours spent with early init debugging, it turns out
that we've got this rather annoying limit on the size of the kernel
image:

      #define KERNEL_TEXT_SIZE  (40*1024*1024)

which limit my vmlinux just happened to pass:

       text           data       bss        dec       hex   filename
   29703744        4222751   8646224   42572719   2899baf   vmlinux

40 MB is 42572719 bytes, so my vmlinux was just 1.5% above this limit :-/

So it happily crashed right in head_64.S, which - as we all know - is
the most debuggable code in the whole architecture ;-)

So increase the limit to allow an up to 128MB kernel image to be mapped.
(should anyone be that crazy or lazy)

We have a full 4K of pagetable (level2_kernel_pgt) allocated for these
mappings already, so there's no RAM overhead and the limit was rather
pointless and arbitrary.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:55:56 +01:00