Pavel Emelianov and Kirill Korotaev observe that fs and arch users of
security_vm_enough_memory tend to forget to vm_unacct_memory when a
failure occurs further down (typically in setup_arg_pages variants).

These are all users of insert_vm_struct, and that reservation will only
be unaccounted on exit if the vma is marked VM_ACCOUNT: which in some
cases it is (hidden inside VM_STACK_FLAGS) and in some cases it isn't.

So x86_64 32-bit and ppc64 vDSO ELFs have been leaking memory into
Committed_AS each time they're run.  But don't add VM_ACCOUNT to them,
it's inappropriate to reserve against the very unlikely case that gdb
be used to COW a vDSO page - we ought to do something about that in
do_wp_page, but there are yet other inconsistencies to be resolved.

The safe and economical way to fix this is to let insert_vm_struct do
the security_vm_enough_memory check when it finds VM_ACCOUNT is set.

And the MIPS irix_brk has been calling security_vm_enough_memory before
calling do_brk which repeats it, doubly accounting and so also leaking.
Remove that, and all the fs and arch calls to security_vm_enough_memory:
give it a less misleading name later on.
Signed-off-by: NHugh Dickins <hugh@veritas.com>
Signed-Off-By: NKirill Korotaev <dev@sw.ru>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

It turns out that the BUG_ON() in fs/exec.c: de_thread() is unreliable
and can trigger due to the test itself being racy.

de_thread() does
 	while (atomic_read(&sig->count) > count) {
	}
	.....
	.....
	BUG_ON(!thread_group_empty(current));

but release_task does
	write_lock_irq(&tasklist_lock)
	__exit_signal
		(this is where atomic_dec(&sig->count) is run)
	__exit_sighand
	__unhash_process
		takes write lock on tasklist_lock
		remove itself out of PIDTYPE_TGID list
	write_unlock_irq(&tasklist_lock)

so there's a clear (although small) window between the
atomic_dec(&sig->count) and the actual PIDTYPE_TGID unhashing of the
thread.

And actually there is no need for all threads to have exited at this
point, so we simply kill the BUG_ON.

Big thanks to Marc Lehmann who provided the test-case.

Fixes Bug 5170 (http://bugme.osdl.org/show_bug.cgi?id=5170)
Signed-off-by: NAlexander Nyberg <alexn@telia.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: NAndi Kleen <ak@suse.de>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Certain (SGI?) ia64 boxes object to having their PCI BARs
restored unless absolutely necessary. This patch restricts calling
pci_restore_bars from pci_set_power_state unless the current state
is PCI_UNKNOWN, the actual (i.e. physical) state of the device is
PCI_D3hot, and the device indicates that it will lose its configuration
when transitioning to PCI_D0.
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Jeff,
sorry if I have flooded your inbox, I had some problems with the
mail server here yesterday, but it seems to be fixed ...
Ok patch 3-4 have no dependencies on patch 2 since only qeth driver is
affected.Thus I have made a new patch 2 for ctc driver.
Thank you .

[patch 2/4] s390: ctc driver fixes

From: Peter Tiedemann <ptiedem@de.ibm.com>
	- race condition fixed
	- minor cleanup
Signed-off-by: NPeter Tiedemann <ptiedem@de.ibm.com>
Signed-off-by: NFrank Pavlic <pavlic@de.ibm.com>

diffstat:
 ctcmain.c |   41 ++++++++++++++++++++++-------------------
 1 files changed, 22 insertions(+), 19 deletions(-)
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

Merge of four previous patches and the Kconfig fix
 * Remove debug printk's
 * whitespace cleanup and version number change
 * clear interrupts, reset phy, and reset hardware on shutdown
 * ignore 64bit counter overflow interrupts
 * fix a couple of places where second port could clobber state
   of first port.
Signed-off-by: NStephen Hemminger <shemminger@osdl.org>
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

Do not count frames dropped by the hardware as part of rx_dropped.
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

Do not count non-error frames dropped by the hardware as
part of rx_dropped. Instead, count those frames dropped as
rx_missed_errors. Also, do not count other error frames as part of
rx_dropped. Finally, do not count oversized frames in rx_dropped
(since they are counted as part of rx_length_errors).
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

Do not count frames dropped by the hardware as part of rx_dropped.
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

this patch display the correct channel number with iwlist scan
Signed-off-by: NMatthieu CASTET <castet.matthieu@free.fr>
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

There is an uninitialized variable issue in sata_sis.c
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

This patch fixes a nasty typo I introduced in my previous patch (commit
f2c853bc). The right offset of the
second port in pure sata mode is 64 and not 0x64.
Thanks to Martin Schuster for pointing this to me
Signed-off-by: NArnaud Patard <apatard@mandriva.com>
 ---
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

xircom_cb.c does #if CONFIG_NET_POLL_CONTROLLER instead of #ifdef,
resulting in drivers/net/tulip/xircom_cb.c:120:5: warning:
"CONFIG_NET_POLL_CONTROLLER" is not defined.
Signed-off-by: NKeith Owens <kaos@sgi.com>
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

drivers/net/s2io.c: In function `init_shared_mem':
drivers/net/s2io.c:431: warning: cast from pointer to integer of different size
drivers/net/s2io.c: In function `free_shared_mem':
drivers/net/s2io.c:662: warning: cast from pointer to integer of different size

Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

Fix PCI device id issues with sk98lin driver.
1. DLINK 530-T card has no Vital Product Data (VPD) area so the sk98lin
   driver won't work. (skge does however)
2. Remove commented out Yukon2 stuff
3. Restrict Linksys card to revisions that don't conflict with r8169 version.
Signed-off-by: NStephen Hemminger <shemminger@osdl.org>
Signed-off-by: NJeff Garzik <jgarzik@pobox.com>

disable_timer_pin_1 needs IO-APIC, not just local APIC.
Signed-off-by: NCal Peake <cp@absolutedigital.net>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Eliciting a SYNCACK in response, we were handling SYNC packets
only in the DCCP_OPEN state, in dccp_rcv_established.
Signed-off-by: NArnaldo Carvalho de Melo <acme@mandriva.com>

It is possible to receive more than one CLOSEREQ packet if the
CLOSE packet sent in response is somehow lost, change the state
to DCCP_CLOSING only on the first CLOSEREQ packet received.
Signed-off-by: NArnaldo Carvalho de Melo <acme@mandriva.com>

Patch from George G. Davis

As pointed out be Matthew Klahn <MKLAHN@motorola.com>, some sys_ipc()
call options require six args, e.g. SEMTIMEDOP. This patch adds an ARM sys_ipc_wrapper to save the sys_ipc() 'fifth' arg on the stack.
Signed-off-by: NGeorge G. Davis <gdavis@mvista.com>
 arch/arm/kernel/calls.S        |    2 +-
 arch/arm/kernel/entry-common.S |    5 +++++
Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>

In 2.6.13-rcX the MASQUERADE target was changed not to exclude local
packets for better source address consistency. This breaks DHCP clients
using UDP sockets when the DHCP requests are caught by a MASQUERADE rule
because the MASQUERADE target drops packets when no address is configured
on the outgoing interface. This patch makes it ignore packets with a
source address of 0.

Thanks to Rusty for this suggestion.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Don't parse the packet, the data is already available in the conntrack
structure.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

With large port numbers the helper_names buffer can overflow.
Noticed by Samir Bellabes <sbellabes@mandriva.com>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Fixes

> if [ -r System.map -a -x /sbin/depmod ]; then /sbin/depmod -ae -F
> System.map  2. 6.14-rc1; fi
> WARNING: /lib/modules/2.6.14-rc1/kernel/drivers/char/agp/amd64-agp.ko
> needs unknown symbol end_pfn
Signed-off-by: NAndi Kleen <ak@suse.de>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

fix up the runqueue lock owner only if we truly did a context-switch
with the runqueue lock held. Impacts ia64, mips, sparc64 and arm.
Signed-off-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Masked FPU exceptions should obviously not happen in the first place,
but if they do, ignoring them seems to be the right thing to do.

Although there is no documentation available for Cyrix MII, I did find
erratum F-7 for Winchip C6, "FPU instruction may result in spurious
exception under certain conditions" which seems to indicate that this
can happen.

That would also explain the behaviour Ondrej Zary reported on the MII.
Signed-off-by: NChuck Ebbert <76306.1226@compuserve.com>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

My patch "Separate pci bits out of struct device_node" (commit
1635317f) had the unfortunate
side-effect that it stopped eeh_init() from working correctly.

It needs the pointers set up by find_and_init_phbs(), but it was being
called just before find_and_init_phbs().  That meant that we didn't
enable EEH (pSeries PCI error recovery) on any devices, and that meant
that on POWER5 systems, the hypervisor wouldn't let us enable memory or
I/O space access to any devices, and their drivers got somewhat
confused.

This fixes it by moving the eeh_init call after find_and_init_phbs.
Tested on a POWER5 partition.
Signed-of-by: NPaul Mackerras <paulus@samba.org>
Signed-of-by: NLinus Torvalds <torvalds@osdl.org>

Like previously done for i386, get the x86_64 watchdog tick calculation
into a state where it can also be used on CPUs with frequencies beyond
4GHz.
Signed-off-by: NJan Beulich <jbeulich@novell.com>
Acked-by: NAndi Kleen <ak@muc.de>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

As written in Documentation/feature-removal-schedule.txt, remove the
io_remap_page_range() kernel API.
Signed-off-by: NRandy Dunlap <rdunlap@xenotime.net>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Replace the custom CHAR_IS_NUM() macro with isdigit() from <linux/ctype.h>
Signed-off-by: NTobias Klauser <tklauser@nuerscht.ch>
Acked-by: N"Antonino A. Daplas" <adaplas@pol.net>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Replace the custom is_digit() macro with isdigit() from <linux/ctype.h>
Signed-off-by: NTobias Klauser <tklauser@nuerscht.ch>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Added clarification on the root device format to be used for second kernel,
as well as specifying initrd if drivers are built as modules.
Signed-off-by: NKishore Sampathkumar <kishore.sampathkumar@hp.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>