Unless I miss a guaranteed relation between between "f" and
"new_fa->fa_info" this patch is required for fixing a NULL dereference
introduced by commit a6501e080c ("[IPV4]
FIB_HASH: Reduce memory needs and speedup lookups") and spotted by the
Coverity checker.
Eric Dumazet says:
Hum, you are right, kmem_cache_free() doesnt allow a NULL
object, like kfree() does.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The Coverity checker spotted that less memory than required was
allocated.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
IFLA_LINK is no longer a write-only attribute on the kernel side and
must thus be validated. Same goes for the newly introduced
IFLA_LINKINFO.
Fixes undefined behaviour if either of the attributes are not well
formed.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86: (32 commits)
x86: fix page_is_ram() thinko
x86: fix WARN_ON() message: teach page_is_ram() about the special 4Kb bios data page
x86: i8259A: remove redundant irq_descinitialization
x86: fix vdso_install breaks user "make install"
x86: change IO delay back to 0x80
x86: lds - Use THREAD_SIZE instead of numeric constant
x86: lds - Use PAGE_SIZE instead of numeric constant
x86 cleanup: suspend_asm_64.S - use X86_CR4_PGE instead of numeric value
x86: docs fixes to Documentation/i386/IO-APIC.txt
x86: fix printout ugliness in cpu info printk
x86: clean up csum-wrappers_64.c some more
x86: coding style fixes in arch/x86/lib/csum-wrappers_64.c
x86: coding style fixes in arch/x86/lib/io_64.c
x86: exclude vsyscall files from stackprotect
x86: add pgd_large() on 64-bit, for consistency
x86: minor cleanup of comments in processor.h
x86: annotate pci/common.s:pci_scan_bus_with_sysdata with __devinit
x86: fix section mismatch in head_64.S:initial_code
x86: fix section mismatch in srat_64.c:reserve_hotadd
x86: fix section mismatch warning in topology.c:arch_register_cpu
...
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/czankel/xtensa-2.6: (29 commits)
[XTENSA] Allow debugger to modify the WINDOWBASE register.
[XTENSA] Fix makefile to work with binutils-2.18.
[XTENSA] Fix register corruption for certain processor configurations
[XTENSA] Fix cache flush macro for D$/I$ aliasing/non-aliasing
[XTENSA] Exclude thread-global registers from the xtregs structures.
[XTENSA] Add support for the sa_restorer function
[XTENSA] Add support for configurable registers and coprocessors
[XTENSA] Clean up stat structs.
[XTENSA] Use preprocessor to generate the linker script for the ELF boot image
[XTENSA] Add missing RELOCATE_ENTRY for debug vector
[XTENSA] Add volatile keyword to asm statements accessing counter registers
[XTENSA] Remove unused code
[XTENSA] Fix modules for non-exec processor configurations
[XTENSA] Add missing cast in elf.h ELF_CORE_COPY_REGS()
[XTENSA] Fix comments regarding the number of frames to save
[XTENSA] Add missing a2 register restore in register spill routine
[XTENSA] adjust boot linker script start addresses
[XTENSA] Remove oldmask from sigcontext and fix register flush
[XTENSA] Clean up elf-gregset.
[XTENSA] Fix icache flush for cache aliasing
...
This patch fixes two NULL dereferences introduced by commit
06386bbfd2 and spotted by the Coverity
checker.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Make the kernel jump into gdbstub (if configured) on a BUG with the register
set from the BUG rather than interpolating another illegal instruction and
leaving gdbstub's idea of the process counter in unsupported_syscall() where
the original BUG was detected.
With this patch, gdbstub reports a SIGABRT to the compiler and reports the
program counter at the original BUG, allowing the execution state at the time
of the BUG to be examined with GDB.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Introduce into the MN10300 gdbstub a couple of barrier() calls to replace the
removed volatility of the input/output index variables for the Rx ring buffer.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Call update_process_times() outside of the xtime_lock. Somewhere somewhere
inside one of the functions called by that, xtime_lock is readlocked, which
ends up in a deadlock situation.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/mthca: Free correct MPT on error exit from mthca_fmr_alloc()
IPoIB/cm: Fix ipoib_cm_dev_stop() cleanup when drain times out
In hibernate, we may end up calling the VGA save regs function twice, so we need to make sure it's idempotent. That means leaving ARX in index mode after the first save operation. Fixes hibernate on 965.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Failing to preserve the MI_ARB_STATE register was causing FIFO underruns on
the VGA output on my HP 2510p after resume.
Signed-off-by: Dave Airlie <airlied@redhat.com>
On many chipsets, the checks for DPLL enable or VGA mode will prevent the pipeconf regs from being restored, which could result in a blank display or X failing to come back after resume. So restore them unconditionally along with actually restoring pipe B's palette correctly.
Signed-off-by: Dave Airlie <airlied@redhat.com>
On resume, if the interrupt state isn't restored correctly, we may end
up with a flood of unexpected or ill-timed interrupts, which could cause
the kernel to disable the interrupt or vblank events to happen at the
wrong time. So save/restore them properly.
Signed-off-by: Dave Airlie <airlied@linux.ie>
Remove redundant vma range checks.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Commit a0a400d79e ("[NET]: dev_mcast:
add multicast list synchronization helpers") from you introduced a new
field "da_synced" to struct dev_addr_list that is not properly
initialized to 0. So when any of the current users (8021q, macvlan,
mac80211) calls dev_mc_sync/unsync they mess the address list for both
devices.
The attached patch fixed it for me and avoid future problems.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
When adding __devinitconst etc. the __initconst variant
were missed.
Add this one and proper definitions for .head.text for use
in .S files.
The naming .head.text is preferred over .text.head as the
latter will conflict for a function named head when introducing
-ffunctions-sections.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
XXXINIT_TO_INIT and XXXEXIT_TO_EXIT warnings use the reversed symbol name order
in the suggestion, e.g.:
WARNING: vmlinux.o(.meminit.text+0x36c): Section mismatch in reference from the function free_area_init_core() to the function .init.text:setup_usemap()
The function __meminit free_area_init_core() references
a function __init setup_usemap().
If free_area_init_core is only used by setup_usemap then
annotate free_area_init_core with a matching annotation.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
When mthca_fmr_alloc() returns an error, it should free the MPT at the
index key, not mr->ibmr.lkey, since the lkey has been mangled by
hw_index_to_key() and no longer is the real index. This bug causes
corruption of the MPT table free bitmap when mthca_fmr_alloc() fails.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Commit efcd9971 ("IPoIB/cm: Factor out ipoib_cm_free_rx_reap_list()")
introduced a bug in ipoib_cm_dev_stop() when the receive drain times
out. In that case, the function moves all the pending rx stuff into a
private list but then calls ipoib_cm_free_rx_reap_list(), which
handles a different list.
Fix this by moving everything to the rx_reap_list that will actually
get freed up.
This fixes <https://bugs.openfabrics.org/show_bug.cgi?id=906>.
Signed-off-by: Pradeep Satyanarayana <pradeeps@linux.vnet.ibm.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
This reverts commit 1f84260c8c, which is
suspected to be the reason for some very occasional and hard-to-trigger
crashes that usually look related to memory allocation (mostly reported
in networking, but since that's generally the most common source of
shortlived allocations - and allocations in interrupt contexts - that in
itself is not a big clue).
See for example
http://bugzilla.kernel.org/show_bug.cgi?id=9973http://lkml.org/lkml/2008/2/19/278
etc.
One promising suspicion for what the root cause of bug is (which also
explains why it's so hard to trigger in practice) came from Eric
Dumazet:
"I wonder how SLUB_FASTPATH is supposed to work, since it is affected
by a classical ABA problem of lockless algo.
cmpxchg_local(&c->freelist, object, object[c->offset]) can succeed,
while an interrupt came (on this cpu), and several allocations were
done, and one free was performed at the end of this interruption, so
'object' was recycled.
c->freelist can then contain the previous value (object), but
object[c->offset] was changed by IRQ.
We then put back in freelist an already allocated object."
but another reason for the revert is simply that everybody agrees that
this code was the main suspect just by virtue of the pattern of oopses.
Cc: Torsten Kaiser <just.for.lkml@googlemail.com>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Switch the BCM47XX code to the new SPROM data structure now that the old
one has been removed.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This patch fixes the following build error with CONFIG_EISA=n caused by
commit 231a35d372:
<-- snip -->
...
LD .tmp_vmlinux1
arch/mips/sni/built-in.o: In function `snirm_a20r_setup_devinit':
a20r.c:(.init.text+0x42c): undefined reference to `sni_eisa_root_init'
a20r.c:(.init.text+0x42c): relocation truncated to fit: R_MIPS_26 against `sni_eisa_root_init'
arch/mips/sni/built-in.o: In function `snirm_setup_devinit':
rm200.c:(.init.text+0x52c): undefined reference to `sni_eisa_root_init'
rm200.c:(.init.text+0x52c): relocation truncated to fit: R_MIPS_26 against `sni_eisa_root_init'
make[1]: *** [.tmp_vmlinux1] Error 1
<-- snip -->
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The MIPS version of pcibios_enalbe_resources did not have the fixes
from ed6d14f976 yet which under circumstances
similar to x86 might result in failures.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Two files were omitted from the recent removal of the qemu platform.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This patch enables the system calls timerfd_create(), timerfd_settime()
and timerfd_gettime() for MIPS architecture.
Please see the following Bugzilla entry for more details:
http://bugzilla.kernel.org/show_bug.cgi?id=10038
This was tested using a Malta 4Kc board in both little-endian and
big-endian modes. The unit test program is available from the URL
above.
Signed-off-by: Dmitri Vorobiev <dmitri.vorobiev@gmail.com>
[Ralf: Added N64, N32 and O32 bits on 64-bit kernels.]
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Fix type mismatch warnings for 64-bit kernel builds which trigger -Werror.
The problem affects only SB-1 kernels with CONFIG_SIBYTE_DMA_PAGEOPS
enabled.
Signed-off-by: Thiemo Seufer <ths@networkno.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
kmap_coherent will only work correctly if the page it is called on is
not marked dirty. If it's dirty the kernel address of the page should
be used instead of a temporary mapping.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Properly acknowledge RM7K and RM9K interrupts. Before this, interrupts were
permanently masked after their first occurrence, making them non-functional.
Signed-off-by: Thomas Koeller <thomas.koeller@baslerweb.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
So far flush_cache_range() did't consider the I-cache largely because it
did rarely ever matter to real world code. This was working primarily
because normally code and data are don't share the same pages - with the
exception of MIPS16 code which uses address constants embedded between
the code. The following sequence of events may break the code:
o MIPS16 executable being loaded
o dynamic linker relocates the address constants embedded into the code:
o Uses mprotect(2) to make code pages PROT_READ|PROT_WRITE
o Performs the actual relocations by writing to the pages which likely
are COW. Because no PROT_EXEC is set I-cache coherence will not be
considered.
o Uses mprotect(2) to switch code pages back to PROT_READ|PROT_EXEC.
This results in a call to flush_cache_range() which also does not
consider I-caches.
o => executing the page just having been relocated may now result in the
I-cache getting refilled with stale data from memory.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
There are some places left in mips, that lookup task in initial namespace,
while the code doing so gets the pid from the user space and thus must
treat it as virtual.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This fixes a bug that can't handle a passthru command with more than
two sg entries.
Big thanks to Tim Pepper for debugging the problem.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Acked-by: Mark Salyzyn <Mark_Salyzyn@adaptec.com>
Cc: Stable Tree <stable@kernel.org>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
[S390] qdio: FCP/SCSI write I/O stagnates on LPAR
[S390] Fix futex_atomic_cmpxchg_std inline assembly.
[S390] dcss: Fix Unlikely(x) != y
[S390] sclp: clean up send/receive naming scheme
[S390] etr: fix compile error on !SMP
[S390] qdio: fix qdio_activate timeout handling.
[S390] Initialize per cpu lowcores on cpu hotplug.
[S390] find bit corner case.
[S390] dasd: fix locking in __dasd_device_process_final_queue
[S390] Make sure enabled wait psw is loaded in default_idle.
[S390] Let NR_CPUS default to 32/64 on s390/s390x.
[S390] cio: Do timed recovery on workqueue.
[S390] cio: Remember to initialize recovery_lock.
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
libata: implement drain buffers
libata: eliminate the home grown dma padding in favour of
block: clear drain buffer if draining for write command
block: implement request_queue->dma_drain_needed
block: add request->raw_data_len
block: update bio according to DMA alignment padding
libata: update ATAPI overflow draining
elevator: make elevator_get() attempt to load the appropriate module
cfq-iosched: add hlist for browsing parallel to the radix tree
block: make blk_rq_map_user() clear ->bio if it unmaps it
fs/block_dev.c: remove #if 0'ed code
make struct def_blk_aops static
make blk_settings_init() static
make blk_ioc_init() static
make blk-core.c:request_cachep static again
* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog:
[WATCHDOG] HP ProLiant WatchDog driver
[WATCHDOG] blackfin Watchdog driver: relocate all strings used in __init functions to __initdata
[WATCHDOG] Convert mtx1 wdt to be a platform device and use generic GPIO API
[WATCHDOG] Add support for SB1 hardware watchdog
* git://git.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-genirq:
genirq: do not leave interupts enabled on free_irq
genirq: spurious.c: use time_* macros