1. 29 Oct, 2009 8 commits
    • Heiko Carstens's avatar
      [S390] smp: fix sigp sense handling · b3dcf3de
      Heiko Carstens authored
      
      
      sigp sense only returns the status of a cpu if it is non zero. If the
      status of the sensed cpu is all zeros condition code 0 (accpeted) is
      set and no status bits are returned.
      The current code however assumes that a status was returned and tests
      bits in it. This means uninitalized data is accessed with random
      results.
      Worst case is that the code that checks if cpu is offline on cpu
      hotplug assumes that the target cpu is offline while it is still
      running. This leads potentially to memory corruption since resources
      that are still needed by the target cpu will be freed and could be
      resused while still in use.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      b3dcf3de
    • Heiko Carstens's avatar
      [S390] smp: fix sigp stop handling · f8501ba7
      Heiko Carstens authored
      
      
      According to the architecture a cpu must not necessarily enter stopped
      state after completion of a sigp instruction with "stop" order code.
      So remove the BUG() statement after self sending sigp stop to avoid
      that it ever gets reached.
      Also add a sigp busy check to make sure that the order gets delivered.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      f8501ba7
    • Martin Schwidefsky's avatar
      [S390] cputime: fix overflow on 31 bit systems · 70f5dc51
      Martin Schwidefsky authored
      
      
      The cputime_to_msecs / cputime_to_clock_t and cputime64_to_clock_t
      cause fixpoint divide exceptions if the cputime is too large.
      On a machine that collected 49.7 days worth of idle time reading
      from /proc/stat will generate oopses like this:
      
      Kernel BUG at 001b0c92 [verbose debug info unavailable]
      fixpoint divide exception: 0009 [#13] SMP
      Modules linked in: ipv6
      CPU: 1 Tainted: G      D   2.6.27.10 #5
      Process cat (pid: 21352, task: 1fb34138, ksp: 1d2a3d98)
      Krnl PSW : 070c2000 801b0c92 (show_stat+0x2ca/0x68c)
                 R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0
      Krnl GPRS: 00000001 00001388 00000bb8 0015d2a1
                 00000000 00000000 000003e8 0001fd91
                 00000000 00000000 0000129d eecd2ff0
                 1cc533b9 0036f780 801b0bce 1d2a3cc0
      Krnl Code: 801b0c86: f18890abf198       mvo     171(9,%r9),408(9,%r15)
                 801b0c8c: 98abf170           lm      %r10,%r11,368(%r15)
                 801b0c90: 1da1               dr      %r10,%r1
                >801b0c92: 90abf170           stm     %r10,%r11,368(%r15)
                 801b0c96: 98abf190           lm      %r10,%r11,400(%r15)
                 801b0c9a: 1da1               dr      %r10,%r1
                 801b0c9c: 90abf190           stm     %r10,%r11,400(%r15)
                 801b0ca0: 18a3               lr      %r10,%r3
      Call Trace:
      ([<00000000001b09f4>] show_stat+0x2c/0x68c)
       [<000000000018dcee>] seq_read+0xb2/0x364
       [<00000000001a9980>] proc_reg_read+0x68/0x98
       [<00000000001705ee>] vfs_read+0x6e/0xe8
       [<0000000000170732>] sys_read+0x36/0x78
       [<000000000010f750>] sysc_do_restart+0x12/0x16
       [<0000000077f3ad6a>] 0x77f3ad6a
       <4>---[ end trace 1436ea9559d3de9e ]---
      Reported-by: default avatarMike Frysinger <vapier@gentoo.org>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      70f5dc51
    • Heiko Carstens's avatar
      [S390] call home: fix string length handling · e8a79c9e
      Heiko Carstens authored
      
      
      After copying uts->nodename to the static nodename array the static
      version isn't necessarily zero termininated, since the size of the
      array is one byte too short.
      Afterwards doing strncat(data, nodename, strlen(nodename)); may copy
      an arbitrary large amount of bytes.
      Fix this by getting rid of the static array and using strncat with
      proper length limit.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      e8a79c9e
    • Heiko Carstens's avatar
      [S390] call home: fix error handling in init function · 4a0fb4c4
      Heiko Carstens authored
      
      
      Fix missing unregister_sysctl_table in case the SCLP doesn't provide
      the requested feature. Also simplify the whole error handling while
      at it.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      4a0fb4c4
    • Heiko Carstens's avatar
      [S390] smp: fix prefix handling of offlined cpus · 4f8048ee
      Heiko Carstens authored
      
      
      Offlined cpus still have valid prefix register contents. Dumpers
      will store the register contents of a cpu to the location where its
      prefix register points to.
      For offlined cpus the area (lowcore) has been freed and the dumper
      would write the uninteresting contents of the offline cpu to a memory
      location which might be in use by some other component and destroy
      valueable information.
      To fix this set the prefix register of offline cpus to absolute
      address zero again. This prevents the current dumpers to write to
      random memory locations.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      4f8048ee
    • Martin Schwidefsky's avatar
      [S390] s/r: cmm resume fix · 8ca45667
      Martin Schwidefsky authored
      
      
      If a suspended z/VM guest has been logged off before the resume the
      'SET SMSG IUCV' CP command need to be repeated to reenable sending
      message via SMSG. This fixes the following error:
      
      HCPMFS057I H4214002 not receiving; SMSG off
      Error: non-zero CP response for command 'SMSG H4214002 CMM SHRINK 5010': #57
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      8ca45667
    • Sebastian Ott's avatar
      [S390] call home: fix local buffer usage in proc handler · 3f0b3c33
      Sebastian Ott authored
      
      
      Fix the size of the local buffer and use snprintf to prevent
      further miscalculations. Also fix the usage of bitwise vs logic
      operations.
      Signed-off-by: default avatarSebastian Ott <sebott@linux.vnet.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      3f0b3c33
  2. 22 Oct, 2009 8 commits
  3. 21 Oct, 2009 14 commits
  4. 20 Oct, 2009 10 commits
    • Andreas Gruenbacher's avatar
      dnotify: ignore FS_EVENT_ON_CHILD · 94552684
      Andreas Gruenbacher authored
      Mask off FS_EVENT_ON_CHILD in dnotify_handle_event().  Otherwise, when there
      is more than one watch on a directory and dnotify_should_send_event()
      succeeds, events with FS_EVENT_ON_CHILD set will trigger all watches and cause
      spurious events.
      
      This case was overlooked in commit e42e2773
      
      .
      
      	#define _GNU_SOURCE
      
      	#include <stdio.h>
      	#include <stdlib.h>
      	#include <unistd.h>
      	#include <signal.h>
      	#include <sys/types.h>
      	#include <sys/stat.h>
      	#include <fcntl.h>
      	#include <string.h>
      
      	static void create_event(int s, siginfo_t* si, void* p)
      	{
      		printf("create\n");
      	}
      
      	static void delete_event(int s, siginfo_t* si, void* p)
      	{
      		printf("delete\n");
      	}
      
      	int main (void) {
      		struct sigaction action;
      		char *tmpdir, *file;
      		int fd1, fd2;
      
      		sigemptyset (&action.sa_mask);
      		action.sa_flags = SA_SIGINFO;
      
      		action.sa_sigaction = create_event;
      		sigaction (SIGRTMIN + 0, &action, NULL);
      
      		action.sa_sigaction = delete_event;
      		sigaction (SIGRTMIN + 1, &action, NULL);
      
      	#	define TMPDIR "/tmp/test.XXXXXX"
      		tmpdir = malloc(strlen(TMPDIR) + 1);
      		strcpy(tmpdir, TMPDIR);
      		mkdtemp(tmpdir);
      
      	#	define TMPFILE "/file"
      		file = malloc(strlen(tmpdir) + strlen(TMPFILE) + 1);
      		sprintf(file, "%s/%s", tmpdir, TMPFILE);
      
      		fd1 = open (tmpdir, O_RDONLY);
      		fcntl(fd1, F_SETSIG, SIGRTMIN);
      		fcntl(fd1, F_NOTIFY, DN_MULTISHOT | DN_CREATE);
      
      		fd2 = open (tmpdir, O_RDONLY);
      		fcntl(fd2, F_SETSIG, SIGRTMIN + 1);
      		fcntl(fd2, F_NOTIFY, DN_MULTISHOT | DN_DELETE);
      
      		if (fork()) {
      			/* This triggers a create event */
      			creat(file, 0600);
      			/* This triggers a create and delete event (!) */
      			unlink(file);
      		} else {
      			sleep(1);
      			rmdir(tmpdir);
      		}
      
      		return 0;
      	}
      Signed-off-by: default avatarAndreas Gruenbacher <agruen@suse.de>
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      94552684
    • Eric Dumazet's avatar
      net: Fix struct inet_timewait_sock bitfield annotation · abf90cca
      Eric Dumazet authored
      commit 9e337b0f
      
       (net: annotate inet_timewait_sock bitfields)
      added 4/8 bytes in struct inet_timewait_sock.
      
      Fix this by declaring tw_ipv6_offset in the 'flags' bitfield
      The 14 bits hole is named tw_pad to make it cleary apparent.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      abf90cca
    • Herbert Xu's avatar
      tcp: Try to catch MSG_PEEK bug · b6b39e8f
      Herbert Xu authored
      
      
      This patch tries to print out more information when we hit the
      MSG_PEEK bug in tcp_recvmsg.  It's been around since at least
      2005 and it's about time that we finally fix it.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b6b39e8f
    • Huang Ying's avatar
      crypto: aesni-intel - Fix irq_fpu_usable usage · 13b79b97
      Huang Ying authored
      
      
      When renaming kernel_fpu_using to irq_fpu_usable, the semantics of the
      function is changed too, from mesuring whether kernel is using FPU,
      that is, the FPU is NOT available, to measuring whether FPU is usable,
      that is, the FPU is available.
      
      But the usage of irq_fpu_usable in aesni-intel_glue.c is not changed
      accordingly. This patch fixes this.
      Signed-off-by: default avatarHuang Ying <ying.huang@intel.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      13b79b97
    • Eric Dumazet's avatar
      net: Fix IP_MULTICAST_IF · 55b80503
      Eric Dumazet authored
      
      
      ipv4/ipv6 setsockopt(IP_MULTICAST_IF) have dubious __dev_get_by_index() calls.
      
      This function should be called only with RTNL or dev_base_lock held, or reader
      could see a corrupt hash chain and eventually enter an endless loop.
      
      Fix is to call dev_get_by_index()/dev_put().
      
      If this happens to be performance critical, we could define a new dev_exist_by_index()
      function to avoid touching dev refcount.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      55b80503
    • Dave Young's avatar
      bluetooth: static lock key fix · 45054dc1
      Dave Young authored
      
      
      When shutdown ppp connection, lockdep waring about non-static key
      will happen, it is caused by the lock is not initialized properly
      at that time.
      
      Fix with tuning the lock/skb_queue_head init order
      
      [   94.339261] INFO: trying to register non-static key.
      [   94.342509] the code is fine but needs lockdep annotation.
      [   94.342509] turning off the locking correctness validator.
      [   94.342509] Pid: 0, comm: swapper Not tainted 2.6.31-mm1 #2
      [   94.342509] Call Trace:
      [   94.342509]  [<c0248fbe>] register_lock_class+0x58/0x241
      [   94.342509]  [<c024b5df>] ? __lock_acquire+0xb57/0xb73
      [   94.342509]  [<c024ab34>] __lock_acquire+0xac/0xb73
      [   94.342509]  [<c024b7fa>] ? lock_release_non_nested+0x17b/0x1de
      [   94.342509]  [<c024b662>] lock_acquire+0x67/0x84
      [   94.342509]  [<c04cd1eb>] ? skb_dequeue+0x15/0x41
      [   94.342509]  [<c054a857>] _spin_lock_irqsave+0x2f/0x3f
      [   94.342509]  [<c04cd1eb>] ? skb_dequeue+0x15/0x41
      [   94.342509]  [<c04cd1eb>] skb_dequeue+0x15/0x41
      [   94.342509]  [<c054a648>] ? _read_unlock+0x1d/0x20
      [   94.342509]  [<c04cd641>] skb_queue_purge+0x14/0x1b
      [   94.342509]  [<fab94fdc>] l2cap_recv_frame+0xea1/0x115a [l2cap]
      [   94.342509]  [<c024b5df>] ? __lock_acquire+0xb57/0xb73
      [   94.342509]  [<c0249c04>] ? mark_lock+0x1e/0x1c7
      [   94.342509]  [<f8364963>] ? hci_rx_task+0xd2/0x1bc [bluetooth]
      [   94.342509]  [<fab95346>] l2cap_recv_acldata+0xb1/0x1c6 [l2cap]
      [   94.342509]  [<f8364997>] hci_rx_task+0x106/0x1bc [bluetooth]
      [   94.342509]  [<fab95295>] ? l2cap_recv_acldata+0x0/0x1c6 [l2cap]
      [   94.342509]  [<c02302c4>] tasklet_action+0x69/0xc1
      [   94.342509]  [<c022fbef>] __do_softirq+0x94/0x11e
      [   94.342509]  [<c022fcaf>] do_softirq+0x36/0x5a
      [   94.342509]  [<c022fe14>] irq_exit+0x35/0x68
      [   94.342509]  [<c0204ced>] do_IRQ+0x72/0x89
      [   94.342509]  [<c02038ee>] common_interrupt+0x2e/0x34
      [   94.342509]  [<c024007b>] ? pm_qos_add_requirement+0x63/0x9d
      [   94.342509]  [<c038e8a5>] ? acpi_idle_enter_bm+0x209/0x238
      [   94.342509]  [<c049d238>] cpuidle_idle_call+0x5c/0x94
      [   94.342509]  [<c02023f8>] cpu_idle+0x4e/0x6f
      [   94.342509]  [<c0534153>] rest_init+0x53/0x55
      [   94.342509]  [<c0781894>] start_kernel+0x2f0/0x2f5
      [   94.342509]  [<c0781091>] i386_start_kernel+0x91/0x96
      Reported-by: default avatarOliver Hartkopp <oliver@hartkopp.net>
      Signed-off-by: default avatarDave Young <hidave.darkstar@gmail.com>
      Tested-by: default avatarOliver Hartkopp <oliver@hartkopp.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      45054dc1
    • Dave Young's avatar
      bluetooth: scheduling while atomic bug fix · f74c77cb
      Dave Young authored
      
      
      Due to driver core changes dev_set_drvdata will call kzalloc which should be
      in might_sleep context, but hci_conn_add will be called in atomic context
      
      Like dev_set_name move dev_set_drvdata to work queue function.
      
      oops as following:
      
      Oct  2 17:41:59 darkstar kernel: [  438.001341] BUG: sleeping function called from invalid context at mm/slqb.c:1546
      Oct  2 17:41:59 darkstar kernel: [  438.001345] in_atomic(): 1, irqs_disabled(): 0, pid: 2133, name: sdptool
      Oct  2 17:41:59 darkstar kernel: [  438.001348] 2 locks held by sdptool/2133:
      Oct  2 17:41:59 darkstar kernel: [  438.001350]  #0:  (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.+.}, at: [<faa1d2f5>] lock_sock+0xa/0xc [l2cap]
      Oct  2 17:41:59 darkstar kernel: [  438.001360]  #1:  (&hdev->lock){+.-.+.}, at: [<faa20e16>] l2cap_sock_connect+0x103/0x26b [l2cap]
      Oct  2 17:41:59 darkstar kernel: [  438.001371] Pid: 2133, comm: sdptool Not tainted 2.6.31-mm1 #2
      Oct  2 17:41:59 darkstar kernel: [  438.001373] Call Trace:
      Oct  2 17:41:59 darkstar kernel: [  438.001381]  [<c022433f>] __might_sleep+0xde/0xe5
      Oct  2 17:41:59 darkstar kernel: [  438.001386]  [<c0298843>] __kmalloc+0x4a/0x15a
      Oct  2 17:41:59 darkstar kernel: [  438.001392]  [<c03f0065>] ? kzalloc+0xb/0xd
      Oct  2 17:41:59 darkstar kernel: [  438.001396]  [<c03f0065>] kzalloc+0xb/0xd
      Oct  2 17:41:59 darkstar kernel: [  438.001400]  [<c03f04ff>] device_private_init+0x15/0x3d
      Oct  2 17:41:59 darkstar kernel: [  438.001405]  [<c03f24c5>] dev_set_drvdata+0x18/0x26
      Oct  2 17:41:59 darkstar kernel: [  438.001414]  [<fa51fff7>] hci_conn_init_sysfs+0x40/0xd9 [bluetooth]
      Oct  2 17:41:59 darkstar kernel: [  438.001422]  [<fa51cdc0>] ? hci_conn_add+0x128/0x186 [bluetooth]
      Oct  2 17:41:59 darkstar kernel: [  438.001429]  [<fa51ce0f>] hci_conn_add+0x177/0x186 [bluetooth]
      Oct  2 17:41:59 darkstar kernel: [  438.001437]  [<fa51cf8a>] hci_connect+0x3c/0xfb [bluetooth]
      Oct  2 17:41:59 darkstar kernel: [  438.001442]  [<faa20e87>] l2cap_sock_connect+0x174/0x26b [l2cap]
      Oct  2 17:41:59 darkstar kernel: [  438.001448]  [<c04c8df5>] sys_connect+0x60/0x7a
      Oct  2 17:41:59 darkstar kernel: [  438.001453]  [<c024b703>] ? lock_release_non_nested+0x84/0x1de
      Oct  2 17:41:59 darkstar kernel: [  438.001458]  [<c028804b>] ? might_fault+0x47/0x81
      Oct  2 17:41:59 darkstar kernel: [  438.001462]  [<c028804b>] ? might_fault+0x47/0x81
      Oct  2 17:41:59 darkstar kernel: [  438.001468]  [<c033361f>] ? __copy_from_user_ll+0x11/0xce
      Oct  2 17:41:59 darkstar kernel: [  438.001472]  [<c04c9419>] sys_socketcall+0x82/0x17b
      Oct  2 17:41:59 darkstar kernel: [  438.001477]  [<c020329d>] syscall_call+0x7/0xb
      Signed-off-by: default avatarDave Young <hidave.darkstar@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f74c77cb
    • Julian Anastasov's avatar
      tcp: fix TCP_DEFER_ACCEPT retrans calculation · b103cf34
      Julian Anastasov authored
      
      
      Fix TCP_DEFER_ACCEPT conversion between seconds and
      retransmission to match the TCP SYN-ACK retransmission periods
      because the time is converted to such retransmissions. The old
      algorithm selects one more retransmission in some cases. Allow
      up to 255 retransmissions.
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Acked-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b103cf34
    • Julian Anastasov's avatar
      tcp: reduce SYN-ACK retrans for TCP_DEFER_ACCEPT · 0c3d79bc
      Julian Anastasov authored
      
      
      Change SYN-ACK retransmitting code for the TCP_DEFER_ACCEPT
      users to not retransmit SYN-ACKs during the deferring period if
      ACK from client was received. The goal is to reduce traffic
      during the deferring period. When the period is finished
      we continue with sending SYN-ACKs (at least one) but this time
      any traffic from client will change the request to established
      socket allowing application to terminate it properly.
      Also, do not drop acked request if sending of SYN-ACK fails.
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Acked-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0c3d79bc
    • Julian Anastasov's avatar
      tcp: accept socket after TCP_DEFER_ACCEPT period · d1b99ba4
      Julian Anastasov authored
      
      
      Willy Tarreau and many other folks in recent years
      were concerned what happens when the TCP_DEFER_ACCEPT period
      expires for clients which sent ACK packet. They prefer clients
      that actively resend ACK on our SYN-ACK retransmissions to be
      converted from open requests to sockets and queued to the
      listener for accepting after the deferring period is finished.
      Then application server can decide to wait longer for data
      or to properly terminate the connection with FIN if read()
      returns EAGAIN which is an indication for accepting after
      the deferring period. This change still can have side effects
      for applications that expect always to see data on the accepted
      socket. Others can be prepared to work in both modes (with or
      without TCP_DEFER_ACCEPT period) and their data processing can
      ignore the read=EAGAIN notification and to allocate resources for
      clients which proved to have no data to send during the deferring
      period. OTOH, servers that use TCP_DEFER_ACCEPT=1 as flag (not
      as a timeout) to wait for data will notice clients that didn't
      send data for 3 seconds but that still resend ACKs.
      Thanks to Willy Tarreau for the initial idea and to
      Eric Dumazet for the review and testing the change.
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Acked-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d1b99ba4