1
Commit Graph

5819 Commits

Author SHA1 Message Date
Herbert Xu
c8ac377464 [TCP]: Fix bug #5070: kernel BUG at net/ipv4/tcp_output.c:864
1) We send out a normal sized packet with TSO on to start off.
2) ICMP is received indicating a smaller MTU.
3) We send the current sk_send_head which needs to be fragmented
since it was created before the ICMP event.  The first fragment
is then sent out.

At this point the remaining fragment is allocated by tcp_fragment.
However, its size is padded to fit the L1 cache-line size therefore
creating tail-room up to 124 bytes long.

This fragment will also be sitting at sk_send_head.

4) tcp_sendmsg is called again and it stores data in the tail-room of
of the fragment.
5) tcp_push_one is called by tcp_sendmsg which then calls tso_fragment
since the packet as a whole exceeds the MTU.

At this point we have a packet that has data in the head area being
fed to tso_fragment which bombs out.

My take on this is that we shouldn't ever call tcp_fragment on a TSO
socket for a packet that is yet to be transmitted since this creates
a packet on sk_send_head that cannot be extended.

So here is a patch to change it so that tso_fragment is always used
in this case.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-16 20:43:40 -07:00
Patrick McHardy
793245eeb9 [IPV6]: Fix raw socket hardware checksum failures
When packets hit raw sockets the csum update isn't done yet, do it manually.
Packets can also reach rawv6_rcv on the output path through
ip6_call_ra_chain, in this case skb->ip_summed is CHECKSUM_NONE and this
codepath isn't executed.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-16 20:39:38 -07:00
Zachary Amsden
12aaa0855b [PATCH] i386 / desc_empty macro is incorrect
Chuck Ebbert noticed that the desc_empty macro is incorrect.  Fix it.

Thankfully, this is not used as a security check, but it can falsely
overwrite TLS segments with carefully chosen base / limits.  I do not
believe this is an issue in practice, but it is a kernel bug.

Signed-off-by: Zachary Amsden <zach@vmware.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>

[ x86-64 had the same problem, and the same fix. Linus ]

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-16 12:18:01 -07:00
Linus Torvalds
5153f7e6db Merge head 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/shaggy/jfs-2.6 2005-08-16 12:12:30 -07:00
Linus Torvalds
ca27ea487e Merge master.kernel.org:/pub/scm/linux/kernel/git/lenb/to-linus 2005-08-16 09:43:13 -07:00
Linus Torvalds
cf59001235 Merge master.kernel.org:/pub/scm/linux/kernel/git/aia21/ntfs-2.6 2005-08-16 09:31:28 -07:00
Trond Myklebust
65e4308d25 [PATCH] NFS: Ensure we always update inode->i_mode when doing O_EXCL creates
When the client performs an exclusive create and opens the file for writing,
a Netapp filer will first create the file using the mode 01777. It does this
since an NFSv3/v4 exclusive create cannot immediately set the mode bits.
The 01777 mode then gets put into the inode->i_mode. After the file creation
is successful, we then do a setattr to change the mode to the correct value
(as per the NFS spec).

The problem is that nfs_refresh_inode() no longer updates inode->i_mode, so
the latter retains the 01777 mode. A bit later, the VFS notices this, and calls
remove_suid(). This of course now resets the file mode to inode->i_mode & 0777.
Hey presto, the file mode on the server is now magically changed to 0777. Duh...

Fixes http://bugzilla.linux-nfs.org/show_bug.cgi?id=32

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-16 09:30:58 -07:00
John Hawkes
367ae3cd74 [PATCH] fix for ia64 sched-domains code
Fix for ia64 sched domain building triggered by cpuset code.

Acked-by: Nick Piggin <npiggin@suse.de>
Acked-by: Dinakar Guniguntala <dino@in.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-16 08:54:00 -07:00
Trond Myklebust
58fcb8df0b [PATCH] NFS: Ensure ACL xdr code doesn't overflow.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-16 08:52:11 -07:00
Anton Altaparmakov
e74589ac25 NTFS: Fix bug in mft record writing where we forgot to set the device in
the buffers when mapping them after the VM had discarded them.
      Thanks to Martin MOKREJŠ for the bug report.

Signed-off-by: Anton Altaparmakov <aia21@cantab.net>
2005-08-16 16:38:28 +01:00
Linus Torvalds
75cd968ab2 um: fix __pa/__va macro expansion problem
Proper parentheses around arguments needed, especially as the macros use
a high-precedence cast operator on the argument.
2005-08-15 17:40:46 -07:00
Len Brown
fb80cbee4c Merge ../from-linus 2005-08-15 16:02:50 -04:00
Len Brown
b857c730d4 Merge ../to-linus-stable/ 2005-08-15 15:49:00 -04:00
Luming Yu
30e332f330 [ACPI] re-enable platform-specific hotkey drivers by default
When both platform-specific and generic drivers exist,
enable generic over-ride with "acpi_generic_hotkey".

http://bugzilla.kernel.org/show_bug.cgi?id=4953

Signed-off-by: Luming Yu <luming.yu@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2005-08-15 15:46:58 -04:00
Antonino A. Daplas
3edea4833a [PATCH] intelfb/fbdev: Save info->flags in a local variable
Reported by: Pavel Kysilka (Bugzilla Bug 5059)

The intelfb driver does not keep resolution set with fbset after
switching to anot console and back.

Steps to reproduce:

  initial options: tty1,tty2 - 1024x768-60
  1) tty1 - fbset after booting (1024x768-60)
  2) tty1 - fbset 800x600-100
  tty1: 800x600-100
  3) swith to tty2, swith to tty1
  tty1: 1024x768-60 (the same resolution as default from kernel booting)

This bug is caused by intelfb unintentionally destroying info->flags in
set_par(). Therefore the flag, FBINFO_MISC_USEREVENT used to notify
fbcon of a mode change was cleared causing the above problem. This bug
though is not intelfb specific, as other drivers may also be affected.

The fix is to save info->flags in a local variable before calling any
of the driver hooks.  A more definitive fix (for post 2.6.13) is to
separate info->flags into one that is set by the driver and another that
is set by core fbdev/fbcon.

Signed-off-by: Antonino Daplas <adaplas@pol.net>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-15 09:59:39 -07:00
Sylvain Meyer
6bd49341f2 [PATCH] intelfb: Do not ioremap entire graphics aperture
Reported by: Pavel Kysilka (Bugzilla Bug 4738)

modprobe of intelfb results in the following error message:

	intelfb: Framebuffer driver for Intel(R) 830M/845G/852GM/855GM/865G/915G chi
	intelfb: Version 0.9.2
	ACPI: PCI Interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 16
	allocation failed: out of vmalloc space - use vmalloc=<size> to increase siz
	intelfb: Cannot remap FB region.

This will fail if the graphics aperture size is greater than 128 MB.

Fix is to ioremap only from the beginning of graphics aperture to the
end of the used framebuffer memory.

Signed-off-by: Sylvain Meyer <sylvain.meyer@worldonline.fr>
Signed-off-by: Antonino Daplas <adaplas@pol.net>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-15 09:53:34 -07:00
John McCutchan
89204c40a0 [PATCH] inotify: add MOVE_SELF event
This adds a MOVE_SELF event to inotify.  It is sent whenever the inode
you are watching is moved.  We need this event so that we can catch
something like this:

 - app1:
	watch /etc/mtab

 - app2:
	cp /etc/mtab /tmp/mtab-work
	mv /etc/mtab /etc/mtab~
	mv /tmp/mtab-work /etc/mtab

app1 still thinks it's watching /etc/mtab but it's actually watching
/etc/mtab~.

Signed-off-by: John McCutchan <ttb@tentacle.dhs.org>
Signed-off-by: Robert Love <rml@novell.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-15 09:50:31 -07:00
Robert Love
0bf955ce98 [PATCH] inotify: fix idr_get_new_above usage
We are saving the wrong thing in ->last_wd.  We want the wd, not the
return value.

Signed-off-by: Robert Love <rml@novell.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-15 09:48:31 -07:00
Linus Torvalds
2ba84684e8 Revert PCIBIOS_MIN_IO changes for 2.6.13
This reverts commits

  71db63acff
	[PATCH] increase PCIBIOS_MIN_IO on x86

and

  0b2bfb4e7f
    ACPI: increase PCIBIOS_MIN_IO on x86

since Lukas Sandströ<lukass@etek.chalmers.se> reports that this breaks
his on-board nvidia audio.

We should re-visit this later. For now we revert the change

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-14 18:21:30 -07:00
Linus Torvalds
b4b08e581f Revert "dc395x: Fix support for highmem"
It introduces a repeatable oops in the driver, which is a bigger problem
than the patch tries to solve. From the original description:

    Author: Jamie Lenehan <lenehan@twibble.org>
    Date:   Thu Mar 3 14:41:40 2005 +0200

    [PATCH] dc395x: Fix support for highmem

    From: Guennadi Liakhovetski <g.liakhovetski@gmx.de>

    Removes the page_to_virt and maps sg lists dynamically.
    This makes the driver work with highmem pages.

    Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
    Signed-off-by: Jamie Lenehan <lenehan@twibble.org>
    Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-14 15:43:39 -07:00
Steve French
27876d02b3 [PATCH] CIFS: Fix path name conversion for long filenames
Fix path name conversion for long filenames when mapchars mount option
was specified at mount time.

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-14 15:27:24 -07:00
Steve French
d024709deb [PATCH] CIFS: Fix missing entries in search results
Fix missing entries in search results when very long file names and more
than 50 (or so) of such long search entries in the directory.

FindNext could send corrupt last byte of resume name when resume key was
a few hundred bytes long file name or longer.

Fixes Samba Bug # 2932

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-14 15:27:24 -07:00
Jan Kara
1b0a74d1c0 [PATCH] Fix error handling in reiserfs
Initialize key object ID in inode so that we don't try to remove the inode
when we fail on some checks even before we manage to allocate something.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-13 21:54:13 -07:00
Paul Mundt
f73bc8cae3 [PATCH] sh: Make _syscall6() do the right thing.
There was a rather silly and embarrassing typo in the sh _syscall6().
For the syscall ABI we have the trapa value specified as 0x10 + number
of arguments, this was being set incorrectly in the _syscall6() case
which ended up causing some problems for users.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-13 14:23:39 -07:00
Linus Torvalds
4bb82551e1 Fix up mmap of /dev/kmem
This leaves the issue of whether we should deprecate the whole thing (or
if we should check the whole mmap range, for that matter) open. Just do
the minimal fix for now.
2005-08-13 14:22:59 -07:00
Evgeniy Polyakov
2da5bf80f7 [PATCH] w1: more debug level decrease.
Do not spam syslog each 10 seconds when there is nothing on the wire.

Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-12 12:55:02 -07:00
Linus Torvalds
63788ea924 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2005-08-12 09:22:34 -07:00
Eric W. Biederman
349188f66d [PATCH] x86_64: Fix apicid versus cpu# confusion.
Oops.  I knew I didn't have the physical versus logical cpu identifiers right
when I generated that patch.  It's not nearly as bad as I feared at the time
though.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-12 09:22:04 -07:00
Matt Mackall
d7b9dfc8ea [NETPOLL]: remove unused variable
Remove unused variable

Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 19:28:05 -07:00
Matt Mackall
53fb95d3c1 [NETPOLL]: fix initialization/NAPI race
This fixes a race during initialization with the NAPI softirq
processing by using an RCU approach.

This race was discovered when refill_skbs() was added to
the setup code.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 19:27:43 -07:00
Ingo Molnar
2652076507 [NETPOLL]: pre-fill skb pool
we could do one thing (see the patch below): i think it would be useful 
to fill up the netlogging skb queue straight at initialization time.  
Especially if netpoll is used for dumping alone, the system might not be 
in a situation to fill up the queue at the point of crash, so better be 
a bit more prepared and keep the pipeline filled.

[ I've modified this to be called earlier - mpm ]

Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 19:26:42 -07:00
Matt Mackall
0db1d6fc1e [NETPOLL]: add retry timeout
Add limited retry logic to netpoll_send_skb

Each time we attempt to send, decrement our per-device retry counter.
On every successful send, we reset the counter. 

We delay 50us between attempts with up to 20000 retries for a total of
1 second. After we've exhausted our retries, subsequent failed
attempts will try only once until reset by success.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 19:25:54 -07:00
Matt Mackall
f0d3459d07 [NETPOLL]: netpoll_send_skb simplify
Minor netpoll_send_skb restructuring

Restructure to avoid confusing goto and move some bits out of the
retry loop.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 19:25:11 -07:00
Matt Mackall
6b0b315729 [NETPOLL]: e1000 netpoll tweak
Suggested by Steven Rostedt, matches his patch included in e100.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 19:24:33 -07:00
Jeff Moyer
a636e13579 [NETPOLL]: deadlock bugfix
This fixes an obvious deadlock in the netpoll code.  netpoll_rx takes the
npinfo->rx_lock.  netpoll_rx is also the only caller of arp_reply (through
__netpoll_rx).  As such, it is not necessary to take this lock.

Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 19:23:50 -07:00
Jeff Moyer
11513128bb [NETPOLL]: rx_flags bugfix
Initialize npinfo->rx_flags.  The way it stands now, this will have random
garbage, and so will incur a locking penalty even when an rx_hook isn't
registered and we are not active in the netpoll polling code.

Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 19:23:04 -07:00
Alexey Dobriyan
a0d3bea3cf [NET]: Make skb->protocol __be16
There are many instances of

	skb->protocol = htons(ETH_P_*);
	skb->protocol = __constant_htons(ETH_P_*);
and
	skb->protocol = *_type_trans(...);

Most of *_type_trans() are already endian-annotated, so, let's shift
attention on other warnings.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-11 16:05:50 -07:00
Johannes Stezenbach
7d69fa6266 [PATCH] Fix DVB URL
Signed-off-by: Johannes Stezenbach <js@linuxtv.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-11 10:08:59 -07:00
Herbert Xu
b5da623ae9 [TCP]: Adjust {p,f}ackets_out correctly in tcp_retransmit_skb()
Well I've only found one potential cause for the assertion
failure in tcp_mark_head_lost.  First of all, this can only
occur if cnt > 1 since tp->packets_out is never zero here.
If it did hit zero we'd have much bigger problems.

So cnt is equal to fackets_out - reordering.  Normally
fackets_out is less than packets_out.  The only reason
I've found that might cause fackets_out to exceed packets_out
is if tcp_fragment is called from tcp_retransmit_skb with a
TSO skb and the current MSS is greater than the MSS stored
in the TSO skb.  This might occur as the result of an expiring
dst entry.

In that case, packets_out may decrease (line 1380-1381 in
tcp_output.c).  However, fackets_out is unchanged which means
that it may in fact exceed packets_out.

Previously tcp_retrans_try_collapse was the only place where
packets_out can go down and it takes care of this by decrementing
fackets_out.

So we should make sure that fackets_out is reduced by an appropriate
amount here as well.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-10 18:32:36 -07:00
Linus Torvalds
bc68552faa Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2005-08-10 12:21:25 -07:00
Linus Torvalds
0893dd327f Merge head 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev 2005-08-10 11:56:19 -07:00
James Bottomley
6068674437 [PATCH] remove name length check in a workqueue
We have a chek in there to make sure that the name won't overflow
task_struct.comm[], but it's triggering for scsi with lots of HBAs, only
scsi is using single-threaded workqueues which don't append the "/%d"
anyway.

All too hard.  Just kill the BUG_ON.

Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>

[ kthread_create() uses vsnprintf() and limits the thing, so no
  actual overflow can actually happen regardless ]

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-10 11:55:19 -07:00
Steven Whitehouse
001ab02a8c [DECNET]: Use sk_stream_error function rather than DECnet's own
Signed-off-by: Steven Whitehouse <steve@chygwyn.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-10 11:32:57 -07:00
Pierre Ossman
3462b92541 [PATCH] wbsd version bump
Even though the changes are minor for the next release an increasing
version number simplifies my support issues.

Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-10 11:08:56 -07:00
Benjamin Herrenschmidt
e62b8b2bc7 [PATCH] ppc64: Fix Fan control for new PowerMac G5 2.7GHz machines
The workaround for broken device-tree that prevents fan control from
working on recent G5 models need to be "enabled" for machines with
revision 0x37 of the bridge in addition to machines with revision 0x35.

Signed-off-by: Geoff Levand <geoffrey.levand@am.sony.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-10 11:07:40 -07:00
Linus Torvalds
70679ee34f Merge master.kernel.org:/home/rmk/linux-2.6-arm-smp 2005-08-10 11:05:56 -07:00
Linus Torvalds
435d444a53 Merge master.kernel.org:/home/rmk/linux-2.6-arm 2005-08-10 11:05:28 -07:00
Alexander Nyberg
22d0def9d0 [PATCH] ns558 list handling fix
Need to use list_for_entry_safe(), as we're removing items during the
traversal.  list_for_each_entry() uses the first ptr also as an iterator, if
you kfree() it slab takes it, might poison it and then you try to use it to
iterate to the next object in list.

Cc: Vojtech Pavlik <vojtech@suse.cz>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-10 11:03:02 -07:00
Ralf Baechle DL5RB
c0438174e8 [PATCH] 6pack persistence fix
Fix the p-persistence CSMA algorithm which in simplex mode was starting
with a slottime delay before doing anything else as if there was carrier
collision resulting in bad performance on simplex links.

Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org>
Acked-by: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-10 11:03:02 -07:00
Tejun Heo
42517438f9 libata: fix EH-related lockup by properly cleaning EH command list
Yet another hack due to the fact that libata is the only user of SCSI's
->eh_strategy_handler() hook.
2005-08-10 13:38:27 -04:00