Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tag: v2.6.29
Commits on Mar 23, 2009
  1. Linux 2.6.29

  2. Build with -fno-dwarf2-cfi-asm

    Kyle McMartin authored committed
    With a sufficiently new compiler and binutils, code which wasn't
    previously generating .eh_frame sections has begun to.  Certain
    architectures (powerpc, in this case) may generate unexpected relocation
    formats in response to this, preventing modules from loading.
    While the new relocation types should probably be handled, revert to the
    previous behaviour with regards to generation of .eh_frame sections.
    (This was reported against Fedora, which appears to be the only distro
    doing any building against gcc-4.4 at present: RH bz#486545.)
    Signed-off-by: Kyle McMartin <>
    Acked-by: Roland McGrath <>
    Cc: Alexandre Oliva <>
    Cc: Sam Ravnborg <>
    Signed-off-by: Linus Torvalds <>
  3. trivial: fix orphan dates in ext2 documentation

    Jody McIntyre authored committed
    Revert the change to the orphan dates of Windows 95, DOS, compression.
    Add a new orphan date for OS/2.
    Signed-off-by: Jody McIntyre <>
    Acked-by: Pavel Machek <>
    Signed-off-by: Linus Torvalds <>
  4. Merge git://

    * git:// (32 commits)
      ucc_geth: Fix oops when using fixed-link support
      dm9000: locking bugfix
      net: update dnet.c for bus_id removal
      dnet: DNET should depend on HAS_IOMEM
      dca: add missing copyright/license headers
      nl80211: Check that function pointer != NULL before using it
      sungem: missing net_device_ops
      be2net: fix to restore vlan ids into BE2 during a IF DOWN->UP cycle
      be2net: replenish when posting to rx-queue is starved in out of mem conditions
      bas_gigaset: correctly allocate USB interrupt transfer buffer
      smsc911x: reset last known duplex and carrier on open
      sh_eth: Fix mistake of the address of SH7763
      sh_eth: Change handling of IRQ
      netns: oops in ip[6]_frag_reasm incrementing stats
      net: kfree(napi->skb) => kfree_skb
      net: fix sctp breakage
      ipv6: fix display of local and remote sit endpoints
      net: Document /proc/sys/net/core/netdev_budget
      tulip: fix crash on iface up with shirq debug
      virtio_net: Make virtio_net support carrier detection
  5. Merge git://

    * git://
      sparc64: Fix crash with /proc/iomem
      sparc64: Reschedule KGDB capture to a software interrupt.
      sbus: Auto-load openprom module when device opened.
  6. fix ptrace slowness

    Miklos Szeredi authored committed
    This patch fixes bug #12208:
      Bug-Entry       :
      Subject         : uml is very slow on 2.6.28 host
    This turned out to be not a scheduler regression, but an already
    existing problem in ptrace being triggered by subtle scheduler
    The problem is this:
     - task A is ptracing task B
     - task B stops on a trace event
     - task A is woken up and preempts task B
     - task A calls ptrace on task B, which does ptrace_check_attach()
     - this calls wait_task_inactive(), which sees that task B is still on the runq
     - task A goes to sleep for a jiffy
     - ...
    Since UML does lots of the above sequences, those jiffies quickly add
    up to make it slow as hell.
    This patch solves this by not rescheduling in read_unlock() after
    ptrace_stop() has woken up the tracer.
    Thanks to Oleg Nesterov and Ingo Molnar for the feedback.
    Signed-off-by: Miklos Szeredi <>
    Signed-off-by: Linus Torvalds <>
  7. Merge branch 'merge' of git://…

    * 'merge' of git://
      powerpc/mm: Fix Respect _PAGE_COHERENT on classic ppc32 SW TLB load machines
  8. kumargala

    powerpc/mm: Fix Respect _PAGE_COHERENT on classic ppc32 SW TLB load m…

    kumargala authored
    Grant picked up the wrong version of "Respect _PAGE_COHERENT on classic
    ppc32 SW" (commit a4bd6a9)
    It was missing the code to actually deal with the fixup of
    _PAGE_COHERENT based on the CPU feature.
    Signed-off-by: Kumar Gala <>
  9. davem330

    ucc_geth: Fix oops when using fixed-link support

    Anton Vorontsov authored davem330 committed
    commit b1c4a9d ("ucc_geth: Change
    uec phy id to the same format as gianfar's") introduced a regression
    in the ucc_geth driver that causes this oops when fixed-link is used:
    Unable to handle kernel paging request for data at address 0x00000000
    Faulting instruction address: 0xc0151270
    Oops: Kernel access of bad area, sig: 11 [#1]
    NIP: c0151270 LR: c0151270 CTR: c0017760
    REGS: cf81fa60 TRAP: 0300   Not tainted  (2.6.29-rc8)
    MSR: 00009032 <EE,ME,IR,DR>  CR: 24024042  XER: 20000000
    DAR: 00000000, DSISR: 20000000
    TASK = cf81cba0[1] 'swapper' THREAD: cf81e000
    GPR00: c0151270 cf81fb10 cf81cba0 00000000 c0272e20 c025f354 00001e80
    GPR08: d1068200 cffffb74 06000000 d106c200 42024042 10085148 0fffd000
    GPR16: 00000001 00000001 00000000 007ffeb0 00000000 0000c000 cf83f36c
    GPR24: 00000030 cf83f360 cf81fb20 00000000 d106c200 20000000 00001e80
    NIP [c0151270] ucc_geth_open+0x330/0x1efc
    LR [c0151270] ucc_geth_open+0x330/0x1efc
    Call Trace:
    [cf81fb10] [c0151270] ucc_geth_open+0x330/0x1efc (unreliable)
    [cf81fba0] [c0187638] dev_open+0xbc/0x12c
    [cf81fbc0] [c0187e38] dev_change_flags+0x8c/0x1b0
    This patch fixes the issue by removing offending (and somewhat
    duplicate) code from init_phy() routine, and changes _probe()
    function to use uec_mdio_bus_name().
    Also, since we fully construct phy_bus_id in the _probe() routine,
    we no longer need ->phy_address and ->mdio_bus fields in
    ucc_geth_info structure.
    I wish the patch would be a bit shorter, but it seems like the only
    way to fix the issue in a sane way. Luckily, the patch has been
    tested with real PHYs and fixed-link, so no further regressions
    Reported-by: Joakim Tjernlund <>
    Signed-off-by: Anton Vorontsov <>
    Tested-by: Joakim Tjernlund <>
    Signed-off-by: David S. Miller <>
  10. davem330

    dm9000: locking bugfix

    David Brownell authored davem330 committed
    This fixes a locking bug in the dm9000 driver.  It calls
    request_irq() without setting IRQF_DISABLED ... which is
    correct for handlers that support IRQ sharing, since that
    behavior is not guaranteed for shared IRQs.  However, its
    IRQ handler then wrongly assumes that IRQs are blocked.
    So the fix just uses the right spinlock primitives in the
    IRQ handler.
    NOTE:  this is a classic example of the type of bug which
    lockdep currently masks by forcibly setting IRQF_DISABLED
    on IRQ handlers that did not request that flag.
    Signed-off-by: David Brownell <>
    Signed-off-by: David S. Miller <>
  11. davem330

    net: update dnet.c for bus_id removal

    Stephen Rothwell authored davem330 committed
    Signed-off-by: Stephen Rothwell <>
    Signed-off-by: David S. Miller <>
Commits on Mar 22, 2009
  1. Merge git://

    * git://
      kconfig: improve seed in randconfig
      kconfig: fix randconfig for choice blocks
  2. Merge branch 'fix-includes' of git://…

    * 'fix-includes' of git://
      m68k: merge the non-MMU and MMU versions of siginfo.h
      m68k: use the MMU version of unistd.h for all m68k platforms
      m68k: merge the non-MMU and MMU versions of signal.h
      m68k: merge the non-MMU and MMU versions of ptrace.h
      m68k: use MMU version of setup.h for both MMU and non-MMU
      m68k: merge the non-MMU and MMU versions of sigcontext.h
      m68k: merge the non-MMU and MMU versions of swab.h
      m68k: merge the non-MMU and MMU versions of param.h
  3. Update my email address

    Gertjan van Wingerde authored committed
    Update all previous incarnations of my email address to the correct one.
    Signed-off-by: Gertjan van Wingerde <>
    Signed-off-by: Linus Torvalds <>
  4. eCryptfs: NULL crypt_stat dereference during lookup

    Tyler Hicks authored committed
    If ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being
    specified as mount options, a NULL pointer dereference of crypt_stat
    was possible during lookup.
    This patch moves the crypt_stat assignment into
    ecryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat
    will not be NULL before we attempt to dereference it.
    Thanks to Dan Carpenter and his static analysis tool, smatch, for
    finding this bug.
    Signed-off-by: Tyler Hicks <>
    Acked-by: Dustin Kirkland <>
    Cc: Dan Carpenter <>
    Cc: Serge Hallyn <>
    Signed-off-by: Linus Torvalds <>
  5. eCryptfs: Allocate a variable number of pages for file headers

    Tyler Hicks authored committed
    When allocating the memory used to store the eCryptfs header contents, a
    single, zeroed page was being allocated with get_zeroed_page().
    However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
    ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
    stored in the file's private_data->crypt_stat->num_header_bytes_at_front
    ecryptfs_write_metadata_to_contents() was using
    num_header_bytes_at_front to decide how many bytes should be written to
    the lower filesystem for the file header.  Unfortunately, at least 8K
    was being written from the page, despite the chance of the single,
    zeroed page being smaller than 8K.  This resulted in random areas of
    kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
    in the eCryptfs file headers if PAGE_SIZE was 4K.
    This patch allocates a variable number of pages, calculated with
    num_header_bytes_at_front, and passes the number of allocated pages
    along to ecryptfs_write_metadata_to_contents().
    Thanks to Florian Streibelt for reporting the data leak and working with
    me to find the problem.  2.6.28 is the only kernel release with this
    vulnerability.  Corresponds to CVE-2009-0787
    Signed-off-by: Tyler Hicks <>
    Acked-by: Dustin Kirkland <>
    Reviewed-by: Eric Sandeen <>
    Reviewed-by: Eugene Teo <>
    Cc: Greg KH <>
    Cc: dann frazier <>
    Cc: Serge E. Hallyn <>
    Cc: Florian Streibelt <>
    Signed-off-by: Linus Torvalds <>
  6. Benjamin Herrenschmidt

    radeonfb: Whack the PCI PM register until it sticks

    ozbenh authored committed
    This fixes a regression introduced when we switched to using the core
    pci_set_power_state().  The chip seems to need the state to be written
    over and over again until it sticks, so we do that.
    Note that the code is a bit blunt, without timeout, etc...  but that's
    pretty much because I put back in there the code exactly as it used to
    be before the regression.  I still add a call to pci_set_power_state()
    at the end so that ACPI gets called appropriately on x86.
    Signed-off-by: Benjamin Herrenschmidt <>
    Tested-by: Raymond Wooninck <>
    Acked-by: Rafael J. Wysocki <>
    Cc: Jesse Barnes <>
    Cc: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
Commits on Mar 21, 2009
  1. davem330

    dnet: DNET should depend on HAS_IOMEM

    Ilya Yanok authored davem330 committed
    Signed-off-by: Ilya Yanok <>
    Signed-off-by: David S. Miller <>
  2. davem330

    dca: add missing copyright/license headers

    Maciej Sosnowski authored davem330 committed
    In two dca files copyright and license headers are missing.
    This patch adds them there.
    Signed-off-by: Maciej Sosnowski <>
    Signed-off-by: David S. Miller <>
Commits on Mar 20, 2009
  1. davem330
  2. John W. Linville

    nl80211: Check that function pointer != NULL before using it

    Jouni Malinen authored linvjw committed
    NL80211_CMD_GET_MESH_PARAMS and NL80211_CMD_SET_MESH_PARAMS handlers
    did not verify whether a function pointer is NULL (not supported by
    the driver) before trying to call the function. The former nl80211
    command is available for unprivileged users, too, so this can
    potentially allow normal users to kill networking (or worse..) if
    mac80211 is built without CONFIG_MAC80211_MESH=y.
    Signed-off-by: Jouni Malinen <>
    Signed-off-by: John W. Linville <>
  3. davem330

    sungem: missing net_device_ops

    Stephen Hemminger authored davem330 committed
    Sungem driver only got partially converted to net_device_ops.
    Since this could cause bugs, please push this to 2.6.29
    Signed-off-by: Stephen Hemminger <>
    Signed-off-by: David S. Miller <>
  4. davem330

    be2net: fix to restore vlan ids into BE2 during a IF DOWN->UP cycle

    Sathya Perla authored davem330 committed
    This is a patch to reconfigure vlan-ids during an i/f down/up cycle
    Signed-off-by: Sathya Perla <>
    Signed-off-by: David S. Miller <>
  5. davem330

    be2net: replenish when posting to rx-queue is starved in out of mem c…

    Sathya Perla authored davem330 committed
    This is a patch to replenish the rx-queue when it is in a starved
    state (due to out-of-mem conditions)
    Signed-off-by: Sathya Perla <>
    Signed-off-by: David S. Miller <>
Commits on Mar 19, 2009
  1. JeffMoyer

    aio: lookup_ioctx can return the wrong value when looking up a bogus …

    JeffMoyer authored committed
    The libaio test harness turned up a problem whereby lookup_ioctx on a
    bogus io context was returning the 1 valid io context from the list
    Because of that, an extra put_iocontext was done, and when the process
    exited, it hit a BUG_ON in the put_iocontext macro called from exit_aio
    (since we expect a users count of 1 and instead get 0).
    The problem was introduced by "aio: make the lookup_ioctx() lockless"
    (commit abf137d).
    Thanks to Zach for pointing out that hlist_for_each_entry_rcu will not
    return with a NULL tpos at the end of the loop, even if the entry was
    not found.
    Signed-off-by: Jeff Moyer <>
    Acked-by: Zach Brown <>
    Acked-by: Jens Axboe <>
    Cc: Benjamin LaHaise <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
  2. davidel

    eventfd: remove fput() call from possible IRQ context

    davidel authored committed
    Remove a source of fput() call from inside IRQ context.  Myself, like Eric,
    wasn't able to reproduce an fput() call from IRQ context, but Jeff said he was
    able to, with the attached test program.  Independently from this, the bug is
    conceptually there, so we might be better off fixing it.  This patch adds an
    optimization similar to the one we already do on ->ki_filp, on ->ki_eventfd.
    Playing with ->f_count directly is not pretty in general, but the alternative
    here would be to add a brand new delayed fput() infrastructure, that I'm not
    sure is worth it.
    Signed-off-by: Davide Libenzi <>
    Cc: Benjamin LaHaise <>
    Cc: Trond Myklebust <>
    Cc: Eric Dumazet <>
    Signed-off-by: Jeff Moyer <>
    Cc: Zach Brown <>
    Cc: <>
    Signed-off-by: Andrew Morton <>
    Signed-off-by: Linus Torvalds <>
  3. Move cc-option to below arch-specific setup

    Sam Ravnborg says:
     "We have several architectures that plays strange games with $(CC) and
      So we need to postpone any use of $(call cc-option..) until we have
      included the arch specific Makefile so we try with the correct $(CC)
    Requested-by: Sam Ravnborg <>
    Signed-off-by: Linus Torvalds <>
  4. Merge branch 'for-linus' of git://

    * 'for-linus' of git://
      [S390] make page table upgrade work again
      [S390] make page table walking more robust
      [S390] Dont check for pfn_valid() in uaccess_pt.c
      [S390] ftrace/mcount: fix kernel stack backchain
      [S390] topology: define SD_MC_INIT to fix performance regression
      [S390] __div64_31 broken for CONFIG_MARCH_G5
  5. Merge branch 'for-linus' of git://…

    * 'for-linus' of git://
      HID: fix waitqueue usage in hiddev
      HID: fix incorrect free in hiddev
  6. Merge git://

    * git://
      Btrfs: Clear space_info full when adding new devices
      Btrfs: Fix locking around adding new space_info
  7. Fix race in create_empty_buffers() vs __set_page_dirty_buffers()

    Nick Piggin noticed this (very unlikely) race between setting a page
    dirty and creating the buffers for it - we need to hold the mapping
    private_lock until we've set the page dirty bit in order to make sure
    that create_empty_buffers() might not build up a set of buffers without
    the dirty bits set when the page is dirty.
    I doubt anybody has ever hit this race (and it didn't solve the issue
    Nick was looking at), but as Nick says: "Still, it does appear to solve
    a real race, which we should close."
    Acked-by: Nick Piggin <>
    Signed-off-by: Linus Torvalds <>
  8. Add '-fwrapv' to gcc CFLAGS

    This makes sure that gcc doesn't try to optimize away wrapping
    arithmetic, which the kernel occasionally uses for overflow testing, ie
    things like
    	if (ptr + offset < ptr)
    which technically is undefined for non-unsigned types. See

    for details.
    Not all versions of gcc support it, so we need to make it conditional
    (it looks like it was introduced in gcc-3.4).
    Reminded-by: Alan Cox <>
    Signed-off-by: Linus Torvalds <>
  9. davem330
  10. davem330

    sparc64: Fix crash with /proc/iomem

    Mikulas Patocka authored davem330 committed
    When you compile kernel on Sparc64 with heap memory checking and type
    "cat /proc/iomem", you get a crash, because pointers in struct
    resource are uninitialized.
    Most code fills struct resource with zeros, so I assume that it is
    responsibility of the caller of request_resource to initialized it,
    not the responsibility of request_resource functuion.
    After 2.6.29 is out, there could be a check for uninitialized fields
    added to request_resource to avoid crashes like this.
    Signed-off-by: Mikulas Patocka <>
    Signed-off-by: David S. Miller <>
  11. davem330

    sparc64: Reschedule KGDB capture to a software interrupt.

    davem330 authored
    Otherwise it might interrupt switch_to() midstream and use
    half-cooked register window state.
    Reported-by: Chris Torek <>
    Signed-off-by: David S. Miller <>
Something went wrong with that request. Please try again.