Meelis Roos [Thu, 10 Feb 2005 09:12:02 +0000 (01:12 -0800)]
[SPARC32]: Fix syntax errors from smp_{mb,rmb,wmb} on sparc32.
smp_mb(), smp_rmp() and smp_wmb() definitions have a trailing semicolon
and cause compilation errors in single statement context, like
if-then-else on line 358 in include/linux/skbuff.h. This patch removes
all three offending semicolons to make it compile.
Signed-off-by: Meelis Roos <mroos@linux.ee> Acked-by: William Irwin <wli@holomorphy.com> Signed-off-by: David S. Miller <davem@davemloft.net>
[PATCH] Fix oops in alloc_zeroed_user_highpage() when page is NULL
The generic and IA-64 versions of alloc_zeroed_user_highpage() don't
check the return value from alloc_page_vma(). This can lead to an oops
if we're OOM.
This fixes my oops on PPC64, but I haven't got an IA-64 machine/compiler
handy.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[IPV4]: ipconfig: Replace schedule_timeout() with msleep()
Description: Use msleep() instead of schedule_timeout() to guarantee the task
delays as expected. Change the units of the two constants to be msecs and secs
respectively.
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Description: Use ssleep() instead of schedule_timeout() to guarantee the task
delays as expected. The first two replacements use TASK_INTERRUPTIBLE but do not
check for signals, so ssleep() should be appropriate.
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
[NET]: Replace schedule_timeout() with msleep() in netdev_wait_allrefs()
Description: Use msleep() instead of schedule_timeout() to guarantee the task
delays as expected. The current code uses TASK_INTERRUPTIBLE, but does not
respond to signals, so msleep() should be ok.
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Dave Airlie [Wed, 9 Feb 2005 07:57:43 +0000 (18:57 +1100)]
drm: fix race condition in radeon driver
Close a race which could allow for privilege escalation by users with DRI
privileges on Radeon hardware. Essentially, a malicious program could submit
a packet containing an offset (possibly in main memory) to be rendered from/to,
while a separate thread switched that offset in userspace rapidly between a
valid value and an invalid one. radeon_check_and_fixup_offset() would pull the
offset in from user space, check it, and spit it back out to user space to be
copied in later by the emit code. It would sometimes catch the bad value, but
sometimes the malicious program could modify it after the check and get an
invalid offset rendered from/to.
Fix this by allocating a temporary buffer and copying the data in at once.
While here, make the cliprects stuff not do the VERIFYAREA_READ and
COPY_FROM_USER_UNCHECKED gymnastics, avoiding a lock order reversal on FreeBSD.
Performance impact is negligible -- no difference on r200 to ~1% improvement on
rv200 in quake3 tests (P4 1Ghz, demofour at 1024x768, n=4 or 5)
From: Eric Anholt <anholt@freebsd.org> Signed-off-by: Dave Airlie <airlied@linux.ie>
David Howells [Tue, 8 Feb 2005 00:05:10 +0000 (16:05 -0800)]
[PATCH] NOMMU: Improved handling of get_unmapped_area() errors
The attached patch does two things:
(1) We no longer check the return value of file->f_op->get_unmapped_area()
unless we actually called it. We know addr is zero otherwise because
we'd've given an error earlier if it wasn't.
(2) If -ENOSYS was returned by that operation, then we assume we actually
called a driver (such as the framebuffer driver) that might want to
invoke the operation in a lower level driver (such as matroxfb) if one
exists, and that it found that one didn't.
We translate the -ENOSYS error into -ENODEV - the error we would have
given if the operation was not supplied in the file ops.
Doing this permits us an opportunity for arch_get_unmapped_area() or
something else to be called if we want that to happen, particularly in
the MMU case.
Signed-Off-By: David Howells <dhowells@redhat.com> Signed-Off-By: Linus Torvalds <torvalds@osdl.org>
Neil Brown [Mon, 7 Feb 2005 23:48:07 +0000 (15:48 -0800)]
[PATCH] nfsd: Don't try to cache reply to nfsv2 readdir.
As readdir returns the reply in a separate page, the cache code cannot find
the reply (and it would probably be too big anyway) so flag readdir for NOCACHE
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Neil Brown [Mon, 7 Feb 2005 23:47:40 +0000 (15:47 -0800)]
[PATCH] md: remove extra loop from copy_data
copy_data currently loops over bio's in a list, but the caller also does the
same looping, sometimes with extra work. So remove the loop from copy_data.
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Neil Brown [Mon, 7 Feb 2005 23:47:26 +0000 (15:47 -0800)]
[PATCH] md: fix endless loop when syncing an array that doesn't need any resync.
If the resync checkpoint for an array is at the end of the array, It doesn't
get set to MAX_SECTOR, so resyncing will be retried. By updating curr_resync
early, this problem is fixed.
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Neil Brown [Mon, 7 Feb 2005 23:47:13 +0000 (15:47 -0800)]
[PATCH] md: make md work a bit better with devfs
- set ->devfs_name
- create initial devfs names slightly differently so
as not to conflict
- re-read partition table when an array is assembled at boot
time - not sure why this is needed, but it is.
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Yoichi Yuasa [Mon, 7 Feb 2005 13:32:36 +0000 (05:32 -0800)]
[PATCH] mips: add unknown page size string
This patch had fixed the following warning.
arch/mips/lib-32/dump_tlb.c: In function 'dump_tlb':
arch/mips/lib-32/dump_tlb.c:69: warning: control may reach end of non-void function 'msk2str' being inlined
This patch adds return value, when page size is not match.
Martin Kögler [Mon, 7 Feb 2005 13:32:21 +0000 (05:32 -0800)]
[PATCH] serial: fix low-latency mode deadlock
We presently deadlock in low-latency mode because the receive code holds
port.lock while calling into the tty code to perform echoing. The tty code
calls back into the driver, which then takes port.lock.
Fix that by dropping the lock around the echo call.
Acked-by: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Frank Fricke reported that hostfs does not verify that a chmod +s, for
instance, is done by a sufficiently privileged user, as long as the UML
kernel itself can complete the operation on the host.
So, for instance, if UML is run as root and under /mnt/host we have a hostfs
mount, this works successfully:
(bash refuses running as setuid, but you could have another shell on the
host, as dash or whatever).
In general, if UML is run as uid 500 on the host, a hostfs mount is done
and under the hostfs mount there is a file with uid 500 on the host, I can
freely make it setuid (if it's executable).
This is especially bad when UML is run as root (which you should not do),
but is a problem in general, since it allows any user to create setuid 500
(in this example) executables on the host filesystem.
Finally, while I was looking at the chmod() implementation, I spotted a
kludge in the code and explained it with a comment.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Frank 'xraz' Fricke <xraz@rwxr-xr-x.de> Cc: Alexander Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Nick Piggin [Mon, 7 Feb 2005 13:31:08 +0000 (05:31 -0800)]
[PATCH] fix wait_task_inactive race
When a task is put to sleep, it is dequeued from the runqueue while it is
still running. The problem is that one some arches that have non-atomic
scheduling, the runqueue lock can be dropped and retaken in schedule() before
the task actually schedules off, and wait_task_inactive did not account for
this.
Signed-off-by: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Here's a fix for the ppc64 crash during boot. This corrects the
offending function to use more conventional error codes. I'll follow up
with return code cleanups for the entire module, and for RTAS code,
since these are probably too big for 2.6.11.
Signed-off-by: John Rose <johnrose@austin.ibm.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Peter Osterlund [Mon, 7 Feb 2005 00:28:04 +0000 (16:28 -0800)]
[PATCH] Make mousedev.c report all events to user space immediately
mousedev_packet() clears list->ready too early when called with
"tail == head - 1". The effect is that the last mouse event from the
hardware isn't reported to userspace until another hardware mouse
event arrives. This can make the left mouse button get stuck when
tapping on a touchpad. When this happens, the butten doesn't unstick
until you interact with the touchpad again.
Signed-off-by: Peter Osterlund <petero2@telia.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Chas Williams [Sun, 6 Feb 2005 14:19:21 +0000 (06:19 -0800)]
[ATM]: [zatm] replace sleep_on() with wait_event()
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
Chas Williams [Sun, 6 Feb 2005 14:18:39 +0000 (06:18 -0800)]
[ATM]: [iphase] remove sleep_on*() usage
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
Chas Williams [Sun, 6 Feb 2005 14:17:47 +0000 (06:17 -0800)]
[ATM]: [horizon] replace interruptible_sleep_on() with wait_event_interruptible()
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Graf [Sun, 6 Feb 2005 14:00:12 +0000 (06:00 -0800)]
[NETLINK]: Use SKB_MAXORDER to calculate NLMSG_GOODSIZE
NLMSG_GOODSIZE specifies a good default size for the skb tailroom
used in netlink messages when the size is unknown at the time of
the allocation.
The current value doesn't make much sense anymore because
skb_shared_info isn't taken into account which means that
depending on the architecture NLMSG_GOOSIZE can exceed PAGE_SIZE
resulting in a waste of almost a complete page.
Using SKB_MAXORDER solves this potential leak at the cost of
slightly smaller but safer sizes for some architectures.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Sun, 6 Feb 2005 13:49:00 +0000 (05:49 -0800)]
[NETFILTER]: Clean NAT status bits on module unload
another patch which I think should go in 2.6.11, it fixes a crash
when unloading, then reloading iptable_nat.
ip_nat_core doesn't clear the status bits in struct ip_conntrack on
module unload, but zeroes out the nat area. When the module is loaded
again and a connection times out ip_nat_cleanup_conntrack tries to
list_del the zeroed list-head and crashes. There are probably more
conditions under which it can crash or cause other misbehaviour.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy [Sun, 6 Feb 2005 13:40:01 +0000 (05:40 -0800)]
[PKT_SCHED]: ipt action: add back pskb_expand_head() call
Jamal asked me to add back the call to pskb_expand_head before 2.6.11.
This fixes a regression caused by my tc action cleanup patches, the
tc actions most not replace packets, so it must prevent netfilter from
doing so.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 6 Feb 2005 13:20:23 +0000 (05:20 -0800)]
[DOC]: Some atomic_ops.txt updates.
Based upon feedback from Linus:
- Touch on xchg(), cmpxchg() and spinlocks lightly.
- Discuss atomic_dec_and_test()
- Add some historical platform notes.
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 6 Feb 2005 12:52:02 +0000 (04:52 -0800)]
[SPARC64]: Correct rwlock membars.
read_unlock should order all previous memory operations
before the atomic counter update to drop the lock.
The debugging version of write_unlock had a similar error.
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicolas Pitre [Sun, 6 Feb 2005 22:49:26 +0000 (22:49 +0000)]
[ARM PATCH] 2458/1: prevent PXA2xx defines from clashing with SA1111's
Patch from Nicolas Pitre
A more elegant solution could be applied which would require more work.
However there is only one platform using both chips (Lubbock) and half
of the SA1111 features are unusable due to botched DMA support at the
PCB level anyway. Therefore this solution should be sufficient for
now.
Also removed the SADIV defines which use would not constitute good
programming practice. Divisors should be computed directly in the code
especially since different PXA2xx versions have different clock source
frequencies. No in-tree driver uses them so this is low impact..
Finally changed alignment to fit rest of file.
Signed-off-by: Nicolas Pitre Signed-off-by: Russell King
Alexander Viro [Sun, 6 Feb 2005 01:44:27 +0000 (02:44 +0100)]
[ide] fix ide_dump_atapi_status()
From: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
On Fri, 4 Feb 2005, Al Viro wrote:
> BTW, ide-lib.c code that triggers the ICE happens to be completely broken.
> Jens, it's your patch from September 2002 - what used to be
> if ((stat & (BUSY_STAT|ERR_STAT)) == ERR_STAT) {
> became
> if ((status.all & (status.b.bsy|status.b.check)) == status.b.check) {
> and that's *not* an equivalent transformation. Fixing it doesn't get rid
> of ICE, but it certainly deserves fixing.
projects / history.git / log