There is a race condition that showed up in a threaded JIT environment.
The situation is that a process with a JIT code page forks, so the page is
marked read-only, then some threads are created in the child. One of the
threads attempts to add a new code block to the JIT page, so a
copy-on-write fault is taken, and the kernel allocates a new page, copies
the data, installs the new pte, and then calls lazy_mmu_prot_update() to
flush caches to make sure that the icache and dcache are in sync.
Unfortunately, the other thread runs right after the new pte is installed,
but before the caches have been flushed. It tries to execute some old JIT
code that was already in this page, but it sees some garbage in the i-cache
from the previous users of the new physical page.
Fix: we must make the caches consistent before installing the pte. This is
an ia64 only fix because lazy_mmu_prot_update() is a no-op on all other
architectures.
Signed-off-by: Anil Keshavamurthy <anil.s.keshavamurthy@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Cc: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
__vunmap must not rely on area->nr_pages when picking the release methode
for area->pages. It may be too small when __vmalloc_area_node failed early
due to lacking memory. Instead, use a flag in vmstruct to differentiate.
Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Avoid bogus out of memory errors: fix sa_query to actually pass gfp_mask
supplied by the user to idr_pre_get.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Acked-by: "Sean Hefty" <mshefty@ichips.intel.com>
Acked-by: "Roland Dreier" <rdreier@cisco.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
ib_fmr_pool_map_phys gets the virtual address by pointer but never writes
there, and users (e.g. srp) seem to assume this and ignore the value
returned. This patch cleans up the API to get the VA by value, and updates
all users.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Acked-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Set private data length for reject messages to the correct size. Fix from
openib svn r8483.
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Cc: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
srp_unmap_data assumes req->fmr is NULL if the request is not mapped, so we
must clean it out in case of an error.
Signed-off-by: Vu Pham <vu@mellanox.com>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Acked-by: Roland Dreier <rolandd@cisco.com>
Cc: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The device address contains unsigned character arrays, which contain raw GID
addresses. The GIDs may not be naturally aligned, so do not cast them to
structures or unions.
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Cc: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
If a user of the IB CM returns -ENOMEM from their connection callback, simply
drop the incoming REQ - do not attempt to send a reject. This should allow
the sender to retry the request.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Cc: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
After recent changes, mthca_wq_init does not actually initialize the WQ as it
used to - it simply resets all index fields to their initial values. So,
let's rename it to mthca_wq_reset.
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Cc: Roland Dreier <rolandd@cisco.com>
Acked-by: Zach Brown <zach.brown@oracle.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
mthca_ah_query returs the static rate of the address handle in internal mthc
format. fix it to use rate encoding from enum ib_rate, which is what users
expect.
Signed-off-by: Jack Morgenstein <jackm@mellanox.co.il>
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Cc: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2.6.16 leaks like hell. While testing, I found massive leakage
(reproduced in openvz) in:
*filp
*size-4096
And 1 object leaks in
*size-32
*size-64
*size-128
It is the fix for the first one. filp leaks in the bowels of namei.c.
Seems, size-4096 is file table leaking in expand_fdtables.
I have no idea what are the rest and why they show only accompanying
another leaks. Some debugging structs?
[akpm@osdl.org, Trond: remove the IS_ERR() check]
Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: Kirill Korotaev <dev@openvz.org>
Cc: <stable@kernel.org>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Herbert's patch 82062c72cd
in cryptodev-2.6 tree breaks alignment rules for PadLock
xcrypt instruction leading to General protection Oopses.
This patch fixes the problem.
Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
pbm->name should be initialized before calling
pbm_register_toplevel_resources. Move the call a few lines down to
avoid a nice Oops.
Signed-off-by: Marc Zyngier <maz@misterjones.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
We shouldn't overwrite it, it's the device node full name
already and that's what we want.
Based upon a report from Marc Zyngier.
Signed-off-by: David S. Miller <davem@davemloft.net>
Instead of initializing both ports of a SAB device
properly, we were setting up the first port
structure twice and ending up only with the second
port, oops.
Signed-off-by: David S. Miller <davem@davemloft.net>
We have a bad interaction with both the kernel and user space being able
to change some of the /proc file status. This fixes the most obvious
part of it, but I expect we'll also make it harder for users to modify
even their "own" files in /proc.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The inline function compare_ether_addr is faster than memcmp.
Also, don't need to drag in proc_fs.h, the only reference to proc_dir_entry
is a pointer so the declaration is needed here.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Acked-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The upper bound for HTB time diff needs to be scaled to PSCHED
units rather than just assuming usecs. The field mbuffer is used
in TDIFF_SAFE(), as an upper bound.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
A panic was reported when receiving 1522 size packets if using
the default MTU. we should set the initial rx buffer length to the
value that e1000changemtu sets so that we can receive any packet
that would not be dropped by LPE=0.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Auke Kok <auke.jan.h.kok@intel.com>
After removing the hardware CRC stripping which causes problems with
SOL and related issues, we need to compensate for this changed size.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
The original suggested fix for netpoll was found to be racy on SMP
kernels. While it is highly unlikely that this race would ever be seen
in the real world due to current netpoll usage models, we implemented
this updated fix to address concerns.
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
when data arrives at IP through loopback (and possibly other devices).
So the field needs to be cleared before it confuses the route code.
This was seen when running netem over loopback, but there are probably
other device cases. Maybe this should go into stable?
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Seem like quite a few splipped through the cracks. Here's a patch to
update all references I could find:
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
When pskb_trim has to defer to ___pksb_trim to trim the frag_list part of
the packet, the frag_list is not updated to reflect the trimming. This
will usually work fine until you hit something that uses the packet length
or tail from the frag_list.
Examples include esp_output and ip_fragment.
Another problem caused by this is that you can end up with a linear packet
with a frag_list attached.
It is possible to get away with this if we audit everything to make sure
that they always consult skb->len before going down onto frag_list. In
fact we can do the samething for the paged part as well to avoid copying
the data area of the skb. For now though, let's do the conservative fix
and update frag_list.
Many thanks to Marco Berizzi for helping me to track down this bug.
This 4-year old bug took 3 months to track down. Marco was very patient
indeed :)
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: (53 commits)
[MIPS] sparsemem: fix crash in show_mem
[MIPS] vr41xx: Update workpad setup function
[MIPS] vr41xx: Update e55 setup function
[MIPS] vr41xx: Removed old v2.4 VRC4173 driver
[MIPS] vr41xx: Move IRQ numbers to asm-mips/vr41xx/irq.h
[MIPS] MIPSsim: Build fix, rename sim_timer_setup -> plat_timer_setup.
[MIPS] Remove unused code.
[MIPS] IP22 Fix brown paper bag in RTC code.
[MIPS] Atlas, Malta, SEAD: Don't disable interrupts in mips_time_init().
[MIPS] Replace board_timer_setup function pointer by plat_timer_setup.
[MIPS] Nuke redeclarations of board_time_init.
[MIPS] Remove redeclarations of setup_irq().
[MIPS] Nuke redeclarations of board_timer_setup.
[MIPS] Print out TLB handler assembly for debugging.
[MIPS] SMTC: Reformat to Linux style.
[MIPS] MIPSsim: Delete redeclaration of ll_local_timer_interrupt.
[MIPS] IP27: Reformatting.
[MIPS] IP27: Invoke setup_irq for timer interrupt so proc stats will be shown.
[MIPS] IP27: irq_chip startup method returns unsigned int.
[MIPS] IP27: struct irq_desc member handler was renamed to chip.
...
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] arch/arm/kernel/bios32.c: no need to set isa_bridge
[ARM] 3729/3: EABI padding rules necessitate the packed attribute of floatx80
[ARM] 3725/1: sharpsl_pm: warn about wrong temperature
[ARM] 3723/1: collie charging
[ARM] 3728/1: Restore missing CPU Hotplug irq helper
[ARM] 3727/1: fix ucb initialization on collie
[ARM] Allow Versatile to be built for AB and PB
[ARM] 3726/1: update {ep93xx,ixp2000,ixp23xx,lpd270,onearm} defconfigs to 2.6.18-rc1
[ARM] 3721/1: Small cleanup for locomo.c
Chandra Seetharaman reported SLAB crashes caused by the slab.c lock
annotation patch. There is only one chunk of that patch that has a
material effect on the slab logic - this patch undoes that chunk.
This was confirmed to fix the slab problem by Chandra.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Tested-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
With sparsemem, pfn should be checked by pfn_valid() before pfn_to_page().
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This patch fixes a typo in arch/mips/sgi-ip22/ip22-time.c, leading to the
incorrect year being set into the RTC chip.
Signed-off-by: Julien BLACHE <jb@jblache.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>