- 28 4月, 2006 1 次提交
-
-
由 Zachary Amsden 提交于
Proposed fix for ptep_get_and_clear_full PAE bug. Pte_clear had the same bug, so use the same fix for both. Turns out pmd_clear had it as well, but pgds are not affected. The problem is rather intricate. Page table entries in PAE mode are 64-bits wide, but the only atomic 8-byte write operation available in 32-bit mode is cmpxchg8b, which is expensive (at least on P4), and thus avoided. But it can happen that the processor may prefetch entries into the TLB in the middle of an operation which clears a page table entry. So one must always clear the P-bit in the low word of the page table entry first when clearing it. Since the sequence *ptep = __pte(0) leaves the order of the write dependent on the compiler, it must be coded explicitly as a clear of the low word followed by a clear of the high word. Further, there must be a write memory barrier here to enforce proper ordering by the compiler (and, in the future, by the processor as well). On > 4GB memory machines, the implementation of pte_clear for PAE was clearly deficient, as it could leave virtual mappings of physical memory above 4GB aliased to memory below 4GB in the TLB. The implementation of ptep_get_and_clear_full has a similar bug, although not nearly as likely to occur, since the mappings being cleared are in the process of being destroyed, and should never be dereferenced again. But, as luck would have it, it is possible to trigger bugs even without ever dereferencing these bogus TLB mappings, even if the clear is followed fairly soon after with a TLB flush or invalidation. The problem is that memory above 4GB may now be aliased into the first 4GB of memory, and in fact, may hit a region of memory with non-memory semantics. These regions include AGP and PCI space. As such, these memory regions are not cached by the processor. This introduces the bug. The processor can speculate memory operations, including memory writes, as long as they are committed with the proper ordering. Speculating a memory write to a linear address that has a bogus TLB mapping is possible. Normally, the speculation is harmless. But for cached memory, it does leave the falsely speculated cacheline unmodified, but in a dirty state. This cache line will be eventually written back. If this cacheline happens to intersect a region of memory that is not protected by the cache coherency protocol, it can corrupt data in I/O memory, which is generally a very bad thing to do, and can cause total system failure or just plain undefined behavior. These bugs are extremely unlikely, but the severity is of such magnitude, and the fix so simple that I think fixing them immediately is justified. Also, they are nearly impossible to debug. Signed-off-by: NZachary Amsden <zach@vmware.com> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
- 27 4月, 2006 4 次提交
-
-
由 Linus Torvalds 提交于
-
由 Linus Torvalds 提交于
* master.kernel.org:/home/rmk/linux-2.6-mmc: [MMC] pxamci: fix data timeout calculation
-
由 Linus Torvalds 提交于
* master.kernel.org:/home/rmk/linux-2.6-arm: [ARM] nommu: trivial fixups for head-nommu.S and the Makefile [ARM] vfp: fix leak of VFP_NAN_FLAG into FPSCR [ARM] 3484/1: Correct AEABI CFLAGS for correct enum handling
-
由 Russell King 提交于
-
- 26 4月, 2006 32 次提交
-
-
由 Chandra Seetharaman 提交于
Few of the notifier_chain_register() callers use __init in the definition of notifier_call. It is incorrect as the function definition should be available after the initializations (they do not unregister them during initializations). This patch fixes all such usages to _not_ have the notifier_call __init section. Signed-off-by: NChandra Seetharaman <sekharan@us.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Chandra Seetharaman 提交于
Few of the notifier_chain_register() callers use __devinitdata in the definition of notifier_block data structure. It is incorrect as the data structure should be available after the initializations (they do not unregister them during initializations). This was leading to an oops when notifier_chain_register() call is invoked for those callback chains after initialization. This patch fixes all such usages to _not_ have the notifier_block data structure in the init data section. Signed-off-by: NChandra Seetharaman <sekharan@us.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 James Morris 提交于
This patch addresses a flaw in LSM, where there is no mediation of readv() and writev() in for 32-bit compatible apps using a 64-bit kernel. This bug was discovered and fixed initially in the native readv/writev code [1], but was not fixed in the compat code. Thanks to Al for spotting this one. [1] http://lwn.net/Articles/154282/Signed-off-by: NJames Morris <jmorris@namei.org> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Al Viro 提交于
All modifications of ->i_flags in inodes that might be visible to somebody else must be under ->i_mutex. That patch fixes ext3 ioctl() setting S_APPEND and friends. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Al Viro 提交于
Switched to use of sys_pread64()/sys_pwrite64() rather than keep duplicating their guts; among the little things that had been missing there were such as ret = security_file_permission (file, MAY_READ); Gotta love the LSM robustness, right? Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Al Viro 提交于
sbi->s_group_desc is an array of pointers to buffer_head. memcpy() of buffer size from address of buffer_head is a bad idea - it will generate junk in any case, may oops if buffer_head is close to the end of slab page and next page is not mapped and isn't what was intended there. IOW, ->b_data is missing in that call. Fortunately, result doesn't go into the primary on-disk data structures, so only backup ones get crap written to them; that had allowed this bug to remain unnoticed until now. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Al Viro 提交于
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
git://brick.kernel.dk/data/git/linux-2.6-block由 Linus Torvalds 提交于
* 'splice' of git://brick.kernel.dk/data/git/linux-2.6-block: [PATCH] splice: add ->splice_write support for /dev/null [PATCH] splice: rearrange moving to/from pipe helpers [PATCH] Add support for the sys_vmsplice syscall [PATCH] splice: fix offset problems [PATCH] splice: fix min() warning
-
由 Linus Torvalds 提交于
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: [PATCH] forcedeth: fix initialization [PATCH] sky2: version 1.2 [PATCH] sky2: reset function can be devinit [PATCH] sky2: use ALIGN() macro [PATCH] sky2: add fake idle irq timer [PATCH] sky2: reschedule if irq still pending [PATCH] bcm43xx: make PIO mode usable [PATCH] bcm43xx: add to MAINTAINERS [PATCH] softmac: fix SIOCSIWAP [PATCH] Fix crash on big-endian systems during scan e1000: Update truesize with the length of the packet for packet split [PATCH] Fix locking in gianfar
-
由 Linus Torvalds 提交于
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [BRIDGE]: allow full size vlan packets
-
由 Jens Axboe 提交于
Useful for testing. Signed-off-by: NJens Axboe <axboe@suse.de>
-
由 Jens Axboe 提交于
We need these for people writing their own ->splice_read/write hooks. Signed-off-by: NJens Axboe <axboe@suse.de>
-
由 Ayaz Abdulla 提交于
This patch fixes the nic initialization. If the nic was in low power mode, it brings it back to normal power. Also, it utilizes a new hardware reset during the init. I am resending based on feedback, I corrected the register size mapping and delay after posted write. Signed-Off-By: NAyaz Abdulla <aabdulla@nvidia.com> Signed-off-by: NJeff Garzik <jeff@garzik.org>
-
由 Stephen Hemminger 提交于
Update to version 1.2 Signed-off-by: NStephen Hemminger <shemminger@osdl.org> Signed-off-by: NJeff Garzik <jeff@garzik.org>
-
由 Stephen Hemminger 提交于
The sky2_reset function only called from sky2_probe. Maybe the compiler was smart enough to figure this out already. Signed-off-by: NStephen Hemminger <shemminger@osdl.org> Signed-off-by: NJeff Garzik <jeff@garzik.org>
-
由 Stephen Hemminger 提交于
The ALIGN() macro in kernel.h does the same math that the sky2 driver was using for padding. Signed-off-by: NStephen Hemminger <shemminger@osdl.org> Signed-off-by: NJeff Garzik <jeff@garzik.org>
-
由 Stephen Hemminger 提交于
Add an fake NAPI schedule once a second. This is an attempt to work around for broken configurations with edge-triggered interrupts. Signed-off-by: NStephen Hemminger <shemminger@osdl.org> Signed-off-by: NJeff Garzik <jeff@garzik.org>
-
由 Stephen Hemminger 提交于
This is a workaround for the case edge-triggered irq's. Several users seem to have broken configurations sharing edge-triggered irq's. To avoid losing IRQ's, reshedule if more work arrives. The changes to netdevice.h are to extract the part that puts device back in list into separate inline. Signed-off-by: NStephen Hemminger <shemminger@osdl.org> Signed-off-by: NJeff Garzik <jeff@garzik.org>
-
由 Jeff Garzik 提交于
Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes
-
-
由 Jeff Garzik 提交于
-
由 Stephen Hemminger 提交于
Need to allow for VLAN header when bridging. Signed-off-by: NStephen Hemminger <shemminger@osdl.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jens Axboe 提交于
sys_splice() moves data to/from pipes with a file input/output. sys_vmsplice() moves data to a pipe, with the input being a user address range instead. This uses an approach suggested by Linus, where we can hold partial ranges inside the pages[] map. Hopefully this will be useful for network receive support as well. Signed-off-by: NJens Axboe <axboe@suse.de>
-
由 Miklos Szeredi 提交于
Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
-
由 Miklos Szeredi 提交于
BKL does not protect against races if the task may sleep between checking and setting a value. So move checking of file->private_data near to setting it in fuse_fill_super(). Found by Al Viro. Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
-
由 Miklos Szeredi 提交于
A deadlock was possible, when the last reference to the superblock was held due to a background request containing a file reference. Releasing the file would release the vfsmount which in turn would release the superblock. Since sbput_sem is held during the fput() and fuse_put_super() tries to acquire this same semaphore, a deadlock results. The solution is to move the fput() outside the region protected by sbput_sem. Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
-
由 Miklos Szeredi 提交于
This reverts 73ce8355 commit. It was wrong, because it didn't take into account the requirement, that iput() for background requests must be performed synchronously with ->put_super(), otherwise active inodes may remain after unmount. The right solution is to keep the sbput_sem and perform iput() within the locked region, but move fput() outside sbput_sem. Signed-off-by: NMiklos Szeredi <miklos@szeredi.hu>
-
由 Jens Axboe 提交于
Make the move_from_pipe() actors return number of bytes processed, then move_from_pipe() can decide more cleverly when to move on to the next buffer. This fixes problems with pipe offset and differing file offset. Signed-off-by: NJens Axboe <axboe@suse.de>
-
由 Andrew Morton 提交于
Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NJens Axboe <axboe@suse.de>
-
由 Auke Kok 提交于
Update skb with the real packet size. Signed-off-by: NJesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: NAuke Kok <auke-jan.h.kok@intel.com> Signed-off-by: NJohn Ronciak <john.ronciak@intel.com>
-
由 Russell King 提交于
The VFP code can leak VFP_NAN_FLAG into the FPSCR. It doesn't correspond to any real FPSCR bit (and overlaps one of the exception flags). Bug report from Daniel Jacobowitz Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Richard Purdie 提交于
Patch from Richard Purdie The AAPCS says that enums can be variably sized depending on the range of valid values. This is not the accepted behaviour under linux so for compatibility gcc has an aapcs-linux target, the main difference being that enums are always of type int. Change the ARM Makefile to use this target. Signed-off-by: NRichard Purdie <rpurdie@rpsys.net> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
- 25 4月, 2006 3 次提交
-
-
由 Ivan Kokshaysky 提交于
As it turned out after recent SCSI changes, strncpy() was broken - it mixed up the return values from __stxncpy() in registers $24 and $27. Thanks to Mathieu Chouquet-Stringer for tracking down the problem and providing an excellent test case. Signed-off-by: NIvan Kokshaysky <ink@jurassic.park.msu.ru> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
-
由 Linus Torvalds 提交于
* master.kernel.org:/pub/scm/linux/kernel/git/sfrench/cifs-2.6-stable: [CIFS] Fix compile error when CONFIG_CIFS_EXPERIMENTAL is undefined
-
由 Patrick McHardy 提交于
The targets don't do the basic verification themselves anymore so the ipt action needs to take care of it. Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-