Permalink
Commits on Aug 4, 2007
  1. @gregkh

    Linux 2.6.21.7

    gregkh committed Aug 4, 2007
  2. @gregkh

    V4L: cx88-blackbird: fix vidioc_g_tuner never ending list of tuners

    v4l-info and other programs would loop indefinitely while querying the
    tuners for cx88-blackbird cards.
    
    The cause was that vidioc_g_tuner didn't return an error value for
    qctrl->id != 0, making the application think there is a never ending
    list of tuners...
    
    This patch adds the same index check as done in vidioc_g_tuner() in
    cx88-video.
    
    Signed-off-by: Jelle Foks <jelle@foks.8m.com>
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jelle Foks committed with gregkh Jul 10, 2007
  3. @gregkh

    V4L: bttv: fix v4l1 api usage breaking the driver

    If one uses a V4L *one* application, such as vlc or mplayer's v4l driver, as
    the first user after the driver is loaded, the driver wedges itself and will
    never capture properly.  Even if one uses a V4L2 application later, it still
    won't work.
    
    If one uses a V4L *two* application first, such as tvtime or mplayer's v4l2
    driver, then the driver will be ok.  One can then run a V4L1 application, and
    it will work.
    
    It turns out the problem is with norm changing and the crop support that was
    added in 2.6.21.  The driver defaults to PAL, and keeps the last norm it was
    set too across opens.  If one changes the norm via V4L1, the cropping
    parameters are not reset like they should be, and they'll remain broken across
    device opens.
    
    This patch removes the direct setting of btv->tvnorm in the V4L1 ioctl
    VIDIOCSCHAN handler.  The norm is set via the existing call to set_input(),
    which calls set_tvnorm(), which will reset the cropping values now that it is
    able to detect the norm change.
    
    Signed-off-by: Trent Piepho <xyzzy@speakeasy.org>
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Trent Piepho committed with gregkh Jul 10, 2007
  4. @gregkh

    sky2: workaround for lost IRQ

    This patch restores a couple of workarounds from 2.6.16:
     * restart transmit moderation timer in case it expires during IRQ routine
     * default to having 10 HZ watchdog timer.
    At this point it more important not to hang than to worry about the
    power cost.
    
    Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
    Cc: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Stephen Hemminger committed with gregkh Jul 9, 2007
  5. @gregkh

    NTP: remove clock_was_set() call to prevent deadlock

    The clock_was_set() call in seconds_overflow() which happens only when
    leap seconds are inserted / deleted is wrong in two aspects:
    
    1. it results in a call to on_each_cpu() with interrupts disabled
    2. it is potential deadlock source vs. call_lock in smp_call_function()
    
    The only possible side effect of the removal might be, that an absolute
    CLOCK_REALTIME timer fires 1 second too late, in the rare case of leap
    second deletion and an absolute CLOCK_REALTIME timer which expires in
    the affected time frame. It will never fire too early.
    
    This was probably observed by the reporter of a June 30th -> July 1st
    hang: http://lkml.org/lkml/2007/7/3/
    
    A similar problem was observed by Dave Jones, who provided a screen shot
    with a lockdep back trace, which allowed to analyse the problem.
    
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Cc: john stultz <johnstul@us.ibm.com>
    Cc: Dave Jones <davej@redhat.com>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: Vincent Fortier <Vincent.Fortier1@EC.GC.CA>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Thomas Gleixner committed with gregkh Jul 3, 2007
  6. @jwessel @gregkh

    i386: fix infinite loop with singlestep int80 syscalls

    The commit 635cf99 introduced a
    regression.  Executing a ptrace single step after certain int80
    accesses will infinitely loop and never advance the PC.
    
    The TIF_SINGLESTEP check should be done on the return from the syscall
    and not before it.
    
    The new test case is below:
    
    /* Test whether singlestep through an int80 syscall works.
     */
    #define _GNU_SOURCE
    #include <stdio.h>
    #include <unistd.h>
    #include <fcntl.h>
    #include <sys/ptrace.h>
    #include <sys/wait.h>
    #include <sys/mman.h>
    #include <asm/user.h>
    #include <string.h>
    
    static int child, status;
    static struct user_regs_struct regs;
    
    static void do_child()
    {
    	char str[80] = "child: int80 test\n";
    
    	ptrace(PTRACE_TRACEME, 0, 0, 0);
    	kill(getpid(), SIGUSR1);
    	write(fileno(stdout),str,strlen(str));
    	asm ("int $0x80" : : "a" (20)); /* getpid */
    }
        
    static void do_parent()
    {
    	unsigned long eip, expected = 0;
    again:
    	waitpid(child, &status, 0);
    	if (WIFEXITED(status) || WIFSIGNALED(status))
    		return;
        
    	if (WIFSTOPPED(status)) {
    		ptrace(PTRACE_GETREGS, child, 0, &regs);
    		eip = regs.eip;
    		if (expected)
    			fprintf(stderr, "child stop @ %08lx, expected %08lx %s\n",
    					eip, expected,
    					eip == expected ? "" : " <== ERROR");
        
    		if (*(unsigned short *)eip == 0x80cd) {
    			fprintf(stderr, "int 0x80 at %08x\n", (unsigned int)eip);
    			expected = eip + 2;
    		} else
    			expected = 0;
        
    		ptrace(PTRACE_SINGLESTEP, child, NULL, NULL);
    	}
    	goto again;
    }
        
    int main(int argc, char * const argv[])
    {
    	child = fork();
    	if (child)
    		do_parent();
    	else
    		do_child();
    	return 0;
    }
    
    
    Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
    Cc: Jeremy Fitzhardinge <jeremy@goop.org>
    Cc: Chuck Ebbert <cebbert@redhat.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    jwessel committed with gregkh Jul 2, 2007
  7. @gregkh

    serial: clear proper MPSC interrupt cause bits

    The interrupt clearing code in mpsc_sdma_intr_ack() mistakenly clears the
    interrupt for both controllers instead of just the one its supposed to.
    This can result in the other controller appearing to hang because its
    interrupt was effectively lost.
    
    So, don't clear the interrupt cause bits for both MPSC controllers when
    clearing the interrupt for one of them.  Just clear the one that is
    supposed to be cleared.
    
    Signed-off-by: Jay Lubomirski <jaylubo@motorola.com>
    Acked-by: Mark A. Greer <mgreer@mvista.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jay Lubomirski committed with gregkh Jun 27, 2007
  8. @jeffmahoney @gregkh

    saa7134: fix thread shutdown handling

    This patch changes the test for the thread pid from >= 0 to > 0.
    
    When the saa7134 driver initialization fails after a certain point, it goes
    through the complete shutdown process for the driver.  Part of shutting it
    down includes tearing down the thread for tv audio.
    
    The test for tearing down the thread tests for >= 0.  Since the dev
    structure is kzalloc'd, the test will always be true if we haven't tried to
    start the thread yet.  We end up waiting on pid 0 to complete, which will
    never happen, so we lock up.
    
    This bug was observed in Novell Bugzilla 284718, when request_irq() failed.
    
    Signed-off-by: Jeff Mahoney <jeffm@suse.com>
    Acked-by: Mauro Carvalho Chehab <mchehab@infradead.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    jeffmahoney committed with gregkh Jun 27, 2007
  9. @gregkh

    mm: kill validate_anon_vma to avoid mapcount BUG

    validate_anon_vma gave a useful check on the integrity of the anon_vma list
    when Andrea was developing obj rmap; but it was not enabled in SLES9
    itself, nor in mainline, until Nick changed commented-out RMAP_DEBUG to
    configurable CONFIG_DEBUG_VM in 2.6.17.  Now Petr Vandrovec reports that
    its BUG_ON(mapcount > 100000) can easily crash a CONFIG_DEBUG_VM=y system.
    
    That limit was just an arbitrary number to protect against an infinite
    loop.  We could raise it to something enormous (depending on sizeof struct
    vma and size of memory?); but I rather think validate_anon_vma has outlived
    its usefulness, and is better just removed - which gives a magnificent
    performance boost to anything like Petr's test program ;)
    
    Of course, a very long anon_vma list is bad news for preemption latency,
    and I believe there has been one recent report of such: let's not forget
    that, but validate_anon_vma only makes it worse not better.
    
    Signed-off-by: Hugh Dickins <hugh@veritas.com>
    Cc: Petr Vandrovec <petr@vmware.com>
    Acked-by: Nick Piggin <npiggin@suse.de>
    Cc: Andrea Arcangeli <andrea@suse.de>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Hugh Dickins committed with gregkh Jun 27, 2007
  10. @paulusmack @gregkh

    POWERPC: Fix subtle FP state corruption bug in signal return on SMP

    This fixes a bug which can cause corruption of the floating-point state
    on return from a signal handler.  If we have a signal handler that has
    used the floating-point registers, and it happens to context-switch to
    another task while copying the interrupted floating-point state from the
    user stack into the thread struct (e.g. because of a page fault, or
    because it gets preempted), the context switch code will think that the
    FP registers contain valid FP state that needs to be copied into the
    thread_struct, and will thus overwrite the values that the signal return
    code has put into the thread_struct.
    
    This can occur because we clear the MSR bits that indicate the presence
    of valid FP state after copying the state into the thread_struct.  To fix
    this we just move the clearing of the MSR bits to before the copy.  A
    similar potential problem also occurs with the Altivec state, and this
    fixes that in the same way.
    
    Signed-off-by: Paul Mackerras <paulus@samba.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    paulusmack committed with gregkh Jun 26, 2007
  11. @gregkh

    audit: fix oops removing watch if audit disabled

    Removing a watched file will oops if audit is disabled (auditctl -e 0).
    
    To reproduce:
    - auditctl -e 1
    - touch /tmp/foo
    - auditctl -w /tmp/foo
    - auditctl -e 0
    - rm /tmp/foo (or mv)
    
    Signed-off-by: Tony Jones <tonyj@suse.de>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Tony Jones committed with gregkh Jun 24, 2007
  12. @gregkh

    FUTEX: Restore the dropped ERSCH fix

    The return value of futex_find_get_task() needs to be -ESRCH in case
    that the search fails. This was part of the original futex fixes and 
    got accidentally dropped, when the futex-tidy-up patch was split out.
    
    Results in a NULL pointer dereference in case the search fails.
    
    Restore it.
    
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: Ulrich Drepper <drepper@redhat.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Thomas Gleixner committed with gregkh Jun 23, 2007
  13. @gregkh

    posix-timers: Prevent softirq starvation by small intervals and SIG_IGN

    posix-timers which deliver an ignored signal are currently rearmed in
    the timer softirq: This is necessary because the timer needs to be
    delivered again when SIG_IGN is removed. This is not a problem, when
    the interval is reasonable.
    
    With high resolution timers enabled one might arm a posix timer with a
    very small interval and ignore the signal. This might lead to a
    softirq starvation when the interval is so small that the timer is
    requeued onto the softirq pending list right away.
    
    This problem was pointed out by Jan Kiszka. Thanks Jan !
    
    The correct solution would be to stop the timer, when the signal is
    ignored and rearm it when SIG_IGN is removed. Unfortunately this
    requires modification in sigaction and involves non trivial sighand
    locking. It's too late in the release cycle for such a change.
    
    For now we just keep the timer running and enforce that the timer only
    fires every jiffie. This does not break anything as we keep the
    overrun counter correct. It adds a little inaccuracy to the
    timer_gettime() interface, but...
    
    The more complex change is necessary anyway to fix another short
    coming of the current implementation, which I discovered while looking
    at this problem: A pending signal is discarded when SIG_IGN is set. In
    case that a posixtimer signal is pending then it is discarded as well,
    but when SIG_IGN is removed later nothing rearms the timer. This is
    not new, it's that way since posix timers have been merged. So nothing
    to worry about right now.
    
    I have a working solution to fix all of this, but the impact is too
    large for both stable and 2.6.22. I'm going to send it out for review
    in the next days.
    
    This should go into 2.6.21.stable as well.
    
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Acked-by: Ingo Molnar <mingo@elte.hu>
    Cc: Jan Kiszka <jan.kiszka@web.de>
    Cc: Ulrich Drepper <drepper@redhat.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Thomas Gleixner committed with gregkh Jun 21, 2007
  14. @gregkh

    sched: fix next_interval determination in idle_balance()

    Fix massive SMP imbalance on NUMA nodes observed on 2.6.21.5 with CFS. 
    (and later on reproduced without CFS as well).
    
    The intervals of domains that do not have SD_BALANCE_NEWIDLE must be 
    considered for the calculation of the time of the next balance. 
    Otherwise we may defer rebalancing forever and nodes might stay idle for 
    very long times.
    
    Siddha also spotted that the conversion of the balance interval to 
    jiffies is missing. Fix that to.
    
    From: Srivatsa Vaddagiri <vatsa@linux.vnet.ibm.com>
    
    also continue the loop if !(sd->flags & SD_LOAD_BALANCE).
    
    Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
    
    It did in fact trigger under all three of mainline, CFS, and -rt 
    including CFS -- see below for a couple of emails from last Friday 
    giving results for these three on the AMD box (where it happened) and on 
    a single-quad NUMA-Q system (where it did not, at least not with such 
    severity).
    
    Signed-off-by: Christoph Lameter <clameter@sgi.com>
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Christoph Lameter committed with gregkh Jun 19, 2007
  15. @gregkh

    hugetlb: fix get_policy for stacked shared memory files

    Here's another breakage as a result of shared memory stacked files :(
    
    The NUMA policy for a VMA is determined by checking the following (in the
    order given):
    
    1) vma->vm_ops->get_policy() (if defined)
    2) vma->vm_policy (if defined)
    3) task->mempolicy (if defined)
    4) Fall back to default_policy
    
    By switching to stacked files for shared memory, get_policy() is now always
    set to shm_get_policy which is a wrapper function.  This causes us to stop
    at step 1, which yields NULL for hugetlb instead of task->mempolicy which
    was the previous (and correct) result.
    
    This patch modifies the shm_get_policy() wrapper to maintain steps 1-3 for
    the wrapped vm_ops.
    
    (akpm: the refcounting of mempolicies is busted and this patch does nothing to
    improve it)
    
    Signed-off-by: Adam Litke <agl@us.ibm.com>
    Acked-by: William Irwin <bill.irwin@oracle.com>
    Cc: dean gaudet <dean@arctic.org>
    Cc: Christoph Lameter <clameter@sgi.com>
    Cc: Andi Kleen <ak@suse.de>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Adam Litke committed with gregkh Jun 16, 2007
  16. @gregkh

    dm crypt: fix remove first_clone

    Get rid of first_clone in dm-crypt
    
    This gets rid of first_clone, which is not really needed.  Apparently, cloned
    bios used to share their bvec some time way in the past - this is no longer
    the case.  Contrarily, this even hurts us if we try to create a clone off
    first_clone after it has completed, and crypt_endio has destroyed its bvec.
    
    Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Cc: Jens Axboe <jens.axboe@oracle.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Olaf Kirch committed with gregkh Jun 13, 2007
  17. @gregkh

    dm crypt: fix avoid cloned bio ref after free

    Do not access the bio after generic_make_request
    
    We should never access a bio after generic_make_request - there's no guarantee
    it still exists.
    
    Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Cc: Jens Axboe <jens.axboe@oracle.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Olaf Kirch committed with gregkh Jun 13, 2007
  18. @gregkh

    dm crypt: fix call to clone_init

    Call clone_init early
    
    We need to call clone_init as early as possible - at least before call
    bio_put(clone) in any error path.  Otherwise, the destructor will try to
    dereference bi_private, which may still be NULL.
    
    Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Olaf Kirch committed with gregkh Jun 13, 2007
  19. @gregkh

    dm crypt: disable barriers

    Disable barriers in dm-crypt because of current workqueue processing can
    reorder requests.
    
    This must be addresed later but for now disabling barriers is needed to
    prevent data corruption.
    
    Signed-off-by: Milan Broz <mbroz@redhat.com>
    Signed-off-by: Alasdair G Kergon <agk@redhat.com>
    Cc: Jens Axboe <jens.axboe@oracle.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Milan Broz committed with gregkh Jun 13, 2007
  20. @gregkh

    md: Fix bug in error handling during raid1 repair.

    If raid1/repair (which reads all block and fixes any differences
    it finds) hits a read error, it doesn't reset the bio for writing
    before writing correct data back, so the read error isn't fixed,
    and the device probably gets a zero-length write which it might
    complain about.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Mike Accetta committed with gregkh Jun 12, 2007
  21. @neilbrown @gregkh

    md: Fix two raid10 bugs.

    1/ When resyncing a degraded raid10 which has more than 2 copies of each block,
      garbage can get synced on top of good data.
    
    2/ We round the wrong way in part of the device size calculation, which
      can cause confusion.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    neilbrown committed with gregkh Jun 12, 2007
  22. @gregkh

    hpt366: disallow Ultra133 for HPT374

    Eliminate UltraATA/133 support for HPT374 -- the chip isn't capable of this mode
    according to the manual, and doesn't even seem to tolerate 66 MHz DPLL clock...
    
    Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
    Cc: Geller Sandor <wildy@petra.hos.u-szeged.hu>
    Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Sergei Shtylyov committed with gregkh Jun 8, 2007
  23. @gregkh

    pi-futex: Fix exit races and locking problems

    1. New entries can be added to tsk->pi_state_list after task completed
       exit_pi_state_list(). The result is memory leakage and deadlocks.
    
    2. handle_mm_fault() is called under spinlock. The result is obvious.
    
    3. results in self-inflicted deadlock inside glibc.
       Sometimes futex_lock_pi returns -ESRCH, when it is not expected
       and glibc enters to for(;;) sleep() to simulate deadlock. This problem
       is quite obvious and I think the patch is right. Though it looks like
       each "if" in futex_lock_pi() got some stupid special case "else if". :-)
    
    4. sometimes futex_lock_pi() returns -EDEADLK,
       when nobody has the lock. The reason is also obvious (see comment
       in the patch), but correct fix is far beyond my comprehension.
       I guess someone already saw this, the chunk:
    
                            if (rt_mutex_trylock(&q.pi_state->pi_mutex))
                                    ret = 0;
    
       is obviously from the same opera. But it does not work, because the
       rtmutex is really taken at this point: wake_futex_pi() of previous
       owner reassigned it to us. My fix works. But it looks very stupid.
       I would think about removal of shift of ownership in wake_futex_pi()
       and making all the work in context of process taking lock.
    
    From: Thomas Gleixner <tglx@linutronix.de>
    
    Fix 1) Avoid the tasklist lock variant of the exit race fix by adding
        an additional state transition to the exit code.
    
        This fixes also the issue, when a task with recursive segfaults
        is not able to release the futexes.
    
    Fix 2) Cleanup the lookup_pi_state() failure path and solve the -ESRCH
        problem finally.
    
    Fix 3) Solve the fixup_pi_state_owner() problem which needs to do the fixup
        in the lock protected section by using the in_atomic userspace access
        functions.
    	
        This removes also the ugly lock drop / unqueue inside of fixup_pi_state()
    
    Fix 4) Fix a stale lock in the error path of futex_wake_pi()
    
    Added some error checks for verification.
    
    The -EDEADLK problem is solved by the rtmutex fixups.
    
    Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Acked-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Alexey Kuznetsov committed with gregkh Jun 8, 2007
  24. @gregkh

    rt-mutex: Fix chain walk early wakeup bug

    Alexey Kuznetsov found some problems in the pi-futex code. 
    
    One of the root causes is:
    
    When a wakeup happens, we do not to stop the chain walk so we
    we follow a non existing locking chain.
    
    Drop out when this happens.
    
    Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Acked-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Thomas Gleixner committed with gregkh Jun 8, 2007
  25. @gregkh

    rt-mutex: Fix stale return value

    Alexey Kuznetsov found some problems in the pi-futex code. 
    
    The major problem is a stale return value in rt_mutex_slowlock():
    
    When the pi chain walk returns -EDEADLK, but the waiter was woken up 
    during the phases where the locks were dropped, the rtmutex could be
    acquired, but due to the stale return value -EDEADLK returned to the
    caller.
    
    Reset the return value in the woken up path.
    
    Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Acked-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Thomas Gleixner committed with gregkh Jun 8, 2007
  26. @gregkh

    sparsemem: fix oops in x86_64 show_mem

    We aren't sampling for holes in memory. Thus we encounter a section hole with
    empty section map pointer for SPARSEMEM and OOPs for show_mem. This issue
    has been seen in 2.6.21, current git and current mm. This patch is for
    2.6.21 stable. It was tested against sparsemem.
    
    Previous to commit f0a5a58 memory_present
    was called for node_start_pfn to node_end_pfn. This would cover the hole(s)
    with reserved pages and valid sections. Most SPARSEMEM supported arches
    do a pfn_valid check in show_mem before computing the page structure address.
    
    This issue was brought to my attention on IRC by Arnaldo Carvalho de Melo at
    acme@redhat.com. Thanks to Arnaldo for testing.
    
    Signed-off-by: Bob Picco <bob.picco@hp.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Bob Picco committed with gregkh Jun 8, 2007
  27. @gregkh

    BNX2: Fix netdev watchdog on 5708.

    There's a bug in the driver that only initializes half of the context
    memory on the 5708.  Surprisingly, this works most of the time except
    for some occasional netdev watchdogs when sending a lot of 64-byte
    packets.  This fix is to add the missing code to initialize the 2nd
    half of the context memory.
    
    Update version to 1.5.8.2.
    
    Signed-off-by: Michael Chan <mchan@broadcom.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Michael Chan committed with gregkh Jun 5, 2007
Commits on Jul 7, 2007
  1. @gregkh

    Linux 2.6.21.6

    gregkh committed Jul 7, 2007
  2. @gregkh

    nf_conntrack_h323: add checking of out-of-range on choices' index values

    [NETFILTER]: nf_conntrack_h323: add checking of out-of-range on choices' index values
    
    Choices' index values may be out of range while still encoded in the fixed
    length bit-field. This bug may cause access to undefined types (NULL
    pointers) and thus crashes (Reported by Zhongling Wen).
    
    This patch also adds checking of decode flag when decoding SEQUENCEs.
    
    Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jing Min Zhao committed with gregkh Jul 5, 2007
Commits on Jun 11, 2007
  1. @chriswright

    Linux 2.6.21.5

    chriswright committed Jun 11, 2007
  2. @chriswright

    [PATCH] BLUETOOTH: Fix locking in hci_sock_dev_event().

    We presently use lock_sock() to acquire a lock on a socket in
    hci_sock_dev_event(), but this goes BUG because lock_sock()
    can sleep and we're already holding a read-write spinlock at
    that point. So, we must use the non-sleeping BH version,
    bh_lock_sock().
    
    However, hci_sock_dev_event() is called from user context and
    hence using simply bh_lock_sock() will deadlock against a
    concurrent softirq that tries to acquire a lock on the same
    socket. Hence, disabling BH's before acquiring the socket lock
    and enable them afterwards, is the proper solution to fix
    socket locking in hci_sock_dev_event().
    
    Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in>
    Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
    Signed-off-by: Jiri Kosina <jkosina@suse.cz>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Satyam Sharma committed with chriswright Jun 7, 2007
  3. @Infinoid @chriswright

    [PATCH] TCP: Use default 32768-61000 outgoing port range in all cases.

    This diff changes the default port range used for outgoing connections,
    from "use 32768-61000 in most cases, but use N-4999 on small boxes
    (where N is a multiple of 1024, depending on just *how* small the box
    is)" to just "use 32768-61000 in all cases".
    
    I don't believe there are any drawbacks to this change, and it keeps
    outgoing connection ports farther away from the mess of
    IANA-registered ports.
    
    Signed-off-by: Mark Glines <mark@glines.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Infinoid committed with chriswright Jun 7, 2007
  4. @davem330 @chriswright

    [PATCH] SPARC64: Don't be picky about virtual-dma values on sun4v.

    Handle arbitrary base and length values as long as they
    are multiples of IO_PAGE_SIZE.
    
    Bug found by Arun Kumar Rao.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    davem330 committed with chriswright Jun 7, 2007
  5. @davem330 @chriswright

    [PATCH] SPARC64: Fix _PAGE_EXEC_4U check in sun4u I-TLB miss handler.

    It was using an immediate _PAGE_EXEC_4U value in an 'and'
    instruction to perform the test.  This doesn't work because
    the immediate field is signed 13-bit, this the mask being
    tested against the PTE was 0x1000 sign-extended to 32-bits
    instead of just plain 0x1000.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    davem330 committed with chriswright Jun 7, 2007
  6. @chriswright

    [PATCH] SPARC64: Fix two bugs wrt. kernel 4MB TSB.

    1) The TSB lookup was not using the correct hash mask.
    
    2) It was not aligned on a boundary equal to it's size,
       which is required by the sun4v Hypervisor.
    
    wasn't having it's return value checked, and that bug will be fixed up
    as well in a subsequent changeset.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    David S. Miller committed with chriswright Jun 7, 2007