cb->atapi.cdb is an array of 16 u8 elements. The call too memset()
would set the first part of the sge array to zero as well. It's not
a packed struct.
This one has been around for five years. I found it with Smatch. I
think the reason no one has seen it before is because we normally call
sil24_fill_sg() and that overwrites sge with proper information?
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
* 'kvm-updates/2.6.35' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: read apic->irr with ioapic lock held
KVM: ia64: Add missing spin_unlock in kvm_arch_hardware_enable()
KVM: Fix order passed to iommu_unmap
KVM: MMU: Remove user access when allowing kernel access to gpte.w=0 page
KVM: MMU: invalidate and flush on spte small->large page size change
KVM: SVM: Implement workaround for Erratum 383
KVM: SVM: Handle MCEs early in the vmexit process
KVM: powerpc: fix init/exit annotation
As it stands this check compares the number of pages to the page size.
This makes no sense and makes the fcntl fail in almost any sane case.
Fix it by checking if nr_pages is not zero (it can become zero only if
arg is too big and round_pipe_size() overflows).
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
pipe_set_size() needs to copy pipe bufs from the old circular buffer
to the new.
The current code gets this wrong in multiple ways, resulting in oops.
Test program is available here:
http://www.kernel.org/pub/linux/kernel/people/mszeredi/piperesize/
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
We do the same BUG_ON() just a line later when calling into
__bd_abort_claiming().
Reported-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
I don't like the subtle multi-context code in bd_claim (ie. detects where it
has been called based on bd_claiming). It seems clearer to just require a new
function to finish a 2-part claim.
Also improve commentary in bd_start_claiming as to how it should
be used.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
bd_start_claiming has an unbalanced module_put introduced in 6b4517a79.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: sound/spi: patch for the unuseful variable removal
ALSA: hda - Add SSID table for iMac7,1.
ALSA: hda - Add SSID table for MacBookAir1,1
ALSA: hda - Add SSID table for MacBookAir2,1
ALSA: atmel: set "channel A event" output to debug
* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
tracing: Fix null pointer deref with SEND_SIG_FORCED
perf: Fix signed comparison in perf_adjust_period()
powerpc/oprofile: fix potential buffer overrun in op_model_cell.c
perf symbols: Set the DSO long name when using symbol_conf.vmlinux_name
* master.kernel.org:/home/rmk/linux-2.6-arm:
ARM: 6164/1: Add kto and kfrom to input operands list.
ARM: 6166/1: Proper prefetch abort handling on pre-ARMv6
ARM: 6165/1: trap overflows on highmem pages from kmap_atomic when debugging
ARM: 6152/1: ux500 make it possible to disable localtimers
[ARM] pxa/spitz: Correctly register WM8750
[ARM] pxa/palmtc: storage class should be before const qualifier
ARM: 6146/1: sa1111: Prevent deadlock in resume path
ARM: 6145/1: ux500 MTU clockrate correction
ARM: 6144/1: TCM memory bug freeing bug
ARM: VFP: Fix vfp_put_double() for d16-d31
In commit 1f8438a853 (icmp: Account for ICMP out errors), I did a typo
on IPV6 side, using ICMP6_MIB_OUTMSGS instead of ICMP6_MIB_OUTERRORS
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Realtek confirmed that a 20us delay is needed after mdio_read and
mdio_write operations. Reduce the delay in mdio_write, and add it
to mdio_read too. Also add a comment that the 20us is from hw specs.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Acked-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Since commit cc772ab7cd ("gianfar: Add
hardware RX timestamping support"), the driver no longer works on
at least MPC8313ERDB and MPC8568EMDS boards (and possibly much more
boards as well).
That's how MPC8313 Reference Manual describes RCTRL_TS_ENABLE bit:
Timestamp incoming packets as padding bytes. PAL field is set
to 8 if the PAL field is programmed to less than 8. Must be set
to zero if TMR_CTRL[TE]=0.
I see that the commit above sets this bit, but it doesn't handle
TMR_CTRL. Manfred probably had this bit set by the firmware for
his boards. But obviously this isn't true for all boards in the
wild.
Also, I recall that Freescale BSPs were explicitly disabling the
timestamping because of a performance drop.
For now, the best way to deal with this is just disable the
timestamping, and later we can discuss proper device tree bindings
and implement enabling this feature via some property.
Signed-off-by: Anton Vorontsov <avorontsov@mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The extra ! character means that these conditions are always false.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Sjur Braendeland <sjur.brandeland@stericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch implements a work around for Erratum 5, "3.3 V Fiber Speed
Selection." If the hardware wiring does not respect this erratum, then
fiber optic mode will not work properly.
Signed-off-by: Richard Cochran <richard.cochran@omicron.at>
Signed-off-by: David S. Miller <davem@davemloft.net>
Generating the file in make modules_install was broken as well, because
it didn't work in a readonly filesystem and otherwise it generated a
root-owned file which is not wanted.
Reported-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Michal Marek <mmarek@suse.cz>
BugLink: http://bugs.launchpad.net/bugs/591416
There are a number of network drivers (bridge, bonding, etc) that are not yet
receive multi-queue enabled and use alloc_netdev(), so don't print a
num_rx_queues imbalance warning in that case.
Also, only print the warning once for those drivers that _are_ multi-queue
enabled.
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (21 commits)
mac80211: fix deauth before assoc
iwlwifi: add missing rcu_read_lock
mac80211: fix function pointer check
wireless: remove my name from the maintainer list
ath5k: fix NULL pointer in antenna configuration
p54usb: Add device ID for Dell WLA3310 USB
wl1251: fix a memory leak in probe
ipmr: dont corrupt lists
8139too: fix buffer overrun in rtl8139_init_board
asix: check packet size against mtu+ETH_HLEN instead of ETH_FRAME_LEN
r8169: fix random mdio_write failures
ip6mr: fix a typo in ip6mr_for_each_table()
iwlwifi: move sysfs_create_group to post request firmware
iwlwifi: add name to Maintainers list
iwl3945: fix internal scan
iwl3945: enable stuck queue detection on 3945
ipv6: avoid high order allocations
ath5k: retain promiscuous setting
ath5k: depend on CONFIG_PM_SLEEP for suspend/resume functions
mac80211: process station blockack action frames from work
...
* 'for-2.6.35' of git://linux-nfs.org/~bfields/linux:
nfsd4: shut down callback queue outside state lock
nfsd: nfsd_setattr needs to call commit_metadata
Reinstate the null behaviour that the in-kernel gdbstub had for the GDB
remote protocol 'p' command (retrieve a single register value) prior to
commit 7ca8b9c0da ("frv: extend gdbstub to support more features of
gdb").
Before that, the 'p' command just returned an empty reply, which causes
gdb to then go and use the 'g' command. However, since that commit, the
'p' command returns an error string, which causes gdb to abort its
connection to the target.
Not all gdb versions are affected, some use try 'g' first, and if that
works, don't bother with 'p', and so don't see the error.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
MSM7x30 isn't supported in this driver yet. If ones tried to compile it in
with MSM7x30 configure you get,
linux-2.6/drivers/mmc/host/msm_sdcc.c: In function 'msmsdcc_fifo_addr':
linux-2.6/drivers/mmc/host/msm_sdcc.c:165: error: 'MSM_SDC1_PHYS' undeclared (first use in this function)
linux-2.6/drivers/mmc/host/msm_sdcc.c:165: error: (Each undeclared identifier is reported only once
linux-2.6/drivers/mmc/host/msm_sdcc.c:165: error: for each function it appears in.)
linux-2.6/drivers/mmc/host/msm_sdcc.c:167: error: 'MSM_SDC2_PHYS' undeclared (first use in this function)
linux-2.6/drivers/mmc/host/msm_sdcc.c:169: error: 'MSM_SDC3_PHYS' undeclared (first use in this function)
linux-2.6/drivers/mmc/host/msm_sdcc.c:171: error: 'MSM_SDC4_PHYS' undeclared (first use in this function)
So we add a Kconfig check to prevent this.
Signed-off-by: Daniel Walker <dwalker@codeaurora.org>
10, 233 is allocated officially to /dev/kmview which is shipping in
Ubuntu and Debian distributions. vhost_net seem to have borrowed it
without making a proper request and this causes regressions in the other
distributions.
vhost_net can use a dynamic minor so use that instead. Also update the
file with a comment to try and avoid future misunderstandings.
cc: stable@kernel.org
Signed-off-by: Alan Cox <device@lanana.org>
[ We should have caught this before 2.6.34 got released. - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Add a spin_unlock missing on the error path.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression E1;
@@
* spin_lock(E1,...);
<+... when != E1
if (...) {
... when != E1
* return ...;
}
...+>
* spin_unlock(E1,...);
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Avi Kivity <avi@redhat.com>
This is obviously a left-over from the the old interface taking the
size. Apparently a mostly harmless issue with the current iommu_unmap
implementation.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
If cr0.wp=0, we have to allow the guest kernel access to a page with pte.w=0.
We do that by setting spte.w=1, since the host cr0.wp must remain set so the
host can write protect pages. Once we allow write access, we must remove
user access otherwise we mistakenly allow the user to write the page.
Reviewed-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Always invalidate spte and flush TLBs when changing page size, to make
sure different sized translations for the same address are never cached
in a CPU's TLB.
Currently the only case where this occurs is when a non-leaf spte pointer is
overwritten by a leaf, large spte entry. This can happen after dirty
logging is disabled on a memslot, for example.
Noticed by Andrea.
KVM-Stable-Tag
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This patch implements a workaround for AMD erratum 383 into
KVM. Without this erratum fix it is possible for a guest to
kill the host machine. This patch implements the suggested
workaround for hypervisors which will be published by the
next revision guide update.
[jan: fix overflow warning on i386]
[xiao: fix unused variable warning]
Cc: stable@kernel.org
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
This patch moves handling of the MC vmexits to an earlier
point in the vmexit. The handle_exit function is too late
because the vcpu might alreadry have changed its physical
cpu.
Cc: stable@kernel.org
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
kvmppc_e500_exit() is a module_exit function, so it should be tagged
with __exit, not __init. The incorrect annotation was added by commit
2986b8c72c.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: stable@kernel.org
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Avi Kivity <avi@redhat.com>
The commit "asm-generic: add NEED_SG_DMA_LENGTH to define sg_dma_len()"
18e98307de broke microblaze compilation.
dma_direct_map_sg() sets sg->dma_length, however microblaze doesn't
set NEED_SG_DMA_LENGTH so scatterlist strcutres doesn't include
dma_length.
sg->dma_length is always equal to sg->length on microblaze. So we
don't need to set set dma_length, that is, microblaze can simply use
sg->length.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Michal Simek <monstr@monstr.eu>
The commit "mm: Move ARCH_SLAB_MINALIGN and
ARCH_KMALLOC_MINALIGN to <linux/slab_def.h>"
1f0ce8b3dd which moved the ARCH_SLAB_MINALIGN
default into the global header broke FLAT for Microblaze.
Error message:
slab error in verify_redzone_free(): cache `idr_layer_cache':
memory outside object was overwritten
Signed-off-by: Michal Simek <monstr@monstr.eu>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
firewire: core: check for 1394a compliant IRM, fix inaccessibility of Sony camcorder
This reverts commit cfecde435d, since it
seems to cause some systems to not come up with any video output at all
(or video that only comes on when X starts up).
Fixes bugzilla:
http://bugzilla.kernel.org/show_bug.cgi?id=16163
Reported-and-tested-by: David John <davidjon@xenontk.org>
Tested-by: Nick Bowler <nbowler@elliptictech.com>
Acked-by: Carl Worth <cworth@cworth.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: (23 commits)
drm/radeon: don't poll tv dac if crtc2 is in use.
drm/radeon: reset i2c valid to avoid incorrect tv-out polling.
drm/nv50: fix iommu errors caused by device reading from address 0
drm/nouveau: off by one in init_i2c_device_find()
nouveau: off by one in nv50_gpio_location()
drm/nouveau: completely fail init if we fail to map the PRAMIN BAR
drm/nouveau: match U/DP script against SOR link
drm/radeon/kms/pm: resurrect printing power states
drm/radeon/kms: add trivial debugging for voltage
drm/radeon/kms/r600+: use voltage from requested clock mode (v3)
drm/radeon/kms/pm: track current voltage (v2)
drm/radeon/kms/pm: Disable voltage adjust on RS780/RS880
drm/radeon/kms: fix typo in printing the HPD info
drm/radeon/kms/pm: add mid profile
drm/radeon/kms/pm: Misc fixes
drm/radeon/kms/combios: fix typo in voltage fix
drm/radeon/kms/evergreen: set accel_enabled
drm/vmwgfx: return -EFAULT for copy_to_user errors
drm/drm_crtc: return -EFAULT on copy_to_user errors
drm/fb: use printk to print out the switching to text mode error.
...
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] Update default configuration.
[S390] arch/s390/kvm: Use GFP_ATOMIC when a lock is held
[S390] kprobes: add parameter check to module_free()
[S390] appldata/extmem/kvm: add missing GFP_KERNEL flag
sync can currently take a really long time if a concurrent writer is
extending a file. The problem is that the dirty pages on the address
space grow in the same direction as write_cache_pages scans, so if
the writer keeps ahead of writeback, the writeback will not
terminate until the writer stops adding dirty pages.
For a data integrity sync, we only need to write the pages dirty at
the time we start the writeback, so we can stop scanning once we get
to the page that was at the end of the file at the time the scan
started.
This will prevent operations like copying a large file preventing
sync from completing as it will not write back pages that were
dirtied after the sync was started. This does not impact the
existing integrity guarantees, as any dirty page (old or new)
within the EOF range at the start of the scan will still be
captured.
This patch will not prevent sync from blocking on large writes into
holes. That requires more complex intervention while this patch only
addresses the common append-case of this sync holdoff.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Now that the background flush code has been fixed, we shouldn't need to
silently multiply the wbc->nr_to_write to get good writeback. Remove
that code.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
If a filesystem writes more than one page in ->writepage, write_cache_pages
fails to notice this and continues to attempt writeback when wbc->nr_to_write
has gone negative - this trace was captured from XFS:
wbc_writeback_start: towrt=1024
wbc_writepage: towrt=1024
wbc_writepage: towrt=0
wbc_writepage: towrt=-1
wbc_writepage: towrt=-5
wbc_writepage: towrt=-21
wbc_writepage: towrt=-85
This has adverse effects on filesystem writeback behaviour. write_cache_pages()
needs to terminate after a certain number of pages are written, not after a
certain number of calls to ->writepage are made. This is a regression
introduced by 17bc6c30cf ("vfs: Add
no_nrwrite_index_update writeback control flag"), but cannot be reverted
directly due to subsequent bug fixes that have gone in on top of it.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This reportedly causes a lockdep warning on nfsd shutdown. That looks
like a false positive to me, but there's no reason why this needs the
state lock anyway.
Reported-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>