Use ib_modify_qp_is_ok() in mthca, and delete the big table of
attributes for queue pair state transitions.
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

The in-kernel mthca driver contains a table of which attributes are
valid for each queue pair state transition.  It turns out that both
other IB drivers -- ipath and ehca -- which are being prepared for
merging have copied this table, errors and all.

To forestall this code duplication, move this table and the code to
check parameters against it into a midlayer library function,
ib_modify_qp_is_ok().
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Add low-level driver support to ib_mthca so that consumers can request
a "send queue drained" event be generated when a transiton to the SQD
state completes.
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

The call to ib_get_agent_port() shouldn't be possible to fail when
smi_check_local_dr_smp() is called from ib_mad_recv_done_handler().
When it is called from handle_outgoing_dr_smp(), the device and
port_num come from mad_agent_priv so I assume the call to
ib_get_agent_port() shouldn't fail either.  In either case,
smi_check_local_smp() only uses the mad_agent pointer to check that
mad_agent->device->process_mad is not NULL.  The device pointer would
have to be the same as the one passed to smi_check_local_dr_smp()
since that pointer is used later instead of the one checked in
smi_check_local_smp().
Signed-off-by: NHal Rosenstock <halr@voltaire.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

smi_check_local_dr_smp() is called only from two places in core/mad.c
It returns 0 or 1.  In smi_check_local_dr_smp(), it checks for
a directed route SMP but this function is only called when the SMP
is a directed route so this is a NOP.
Signed-off-by: NHal Rosenstock <halr@voltaire.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

This patch allows the consumer to set the page size of "pages" mapped
by the pool FMRs, which is a feature already existing in the base
verbs API.  On the cosmetic side it changes ib_fmr_attr.page_size field
to be named page_shift.
Signed-off-by: NOr Gerlitz <ogerlitz@voltaire.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Add a modify_device method to mthca, which implements setting the node
description.  This makes the writable "node_desc" sysfs attribute work
for Mellanox HCAs.
Signed-off-by: NMichael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Expose a writable "node_desc" sysfs attribute for InfiniBand devices.
This allows userspace to update the node description with information
such as the node's hostname, so that IB network management software
can tie its view to the real world.
Signed-off-by: NMichael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Remove trailing whitespace and fix indentation that with spaces
instead of tabs.
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Add low-level driver support for resizing CQs (both kernel and
userspace) to mthca.
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Add support to uverbs to handle resizing userspace CQs (completion
queues), including adding an ABI for marshalling requests and
responses.  The kernel midlayer already has ib_resize_cq().
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

The might_sleep() annotations in mthca are silly -- they all occur
shortly before calls that will end up in core functions like kmalloc()
that will print the same warning in an unsafe context anyway.  In
fact, beyond cluttering the source, we're actually bloating text with
CONFIG_DEBUG_SPINLOCK_SLEEP and/or CONFIG_PREEMPT_VOLUNTARY set.

With both options set, getting rid of the might_sleep()s saves a lot:
add/remove: 0/0 grow/shrink: 0/7 up/down: 0/-171 (-171)
function                                     old     new   delta
mthca_pd_alloc                               132     109     -23
mthca_init_cq                                969     946     -23
mthca_mr_alloc                               592     568     -24
mthca_pd_free                                 67      42     -25
mthca_free_mr                                219     194     -25
mthca_free_cq                                570     545     -25
mthca_fmr_alloc                              742     716     -26
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

The function mthca_free_err_wqe() can never fail, so get rid of its
return value.  That means handle_error_cqe() doesn't have to check
what mthca_free_err_wqe() returns, which means it can't fail either
and doesn't have to return anything either.  All this results in
simpler source code and a slight object code improvement:

add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-10 (-10)
function                                     old     new   delta
mthca_free_err_wqe                            83      81      -2
mthca_poll_cq                               1758    1750      -8
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

This address is going to be obsolete, so I should update it.

* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  [MIPS] SB1: Check for -mno-sched-prolog if building corelis debug kernel.
  [MIPS] Sibyte: Fix race in sb1250_gettimeoffset().
  [MIPS] Sibyte: Fix interrupt timer off by one bug.
  [MIPS] Sibyte: Fix M_SCD_TIMER_INIT and M_SCD_TIMER_CNT wrong field width.
  [MIPS] Protect more of timer_interrupt() by xtime_lock.
  [MIPS] Work around bad code generation for <asm/io.h>.
  [MIPS] Simple patch to power off DBAU1200
  [MIPS] Fix DBAu1550 software power off.
  [MIPS] local_r4k_flush_cache_page fix
  [MIPS] SB1: Fix interrupt disable hazard.
  [MIPS] Get rid of the IP22-specific code in arclib.
  Update MAINTAINERS entry for MIPS.

The 40-bit DMA workaround recently implemented for 5714, 5715, and
5780 needs to be expanded because there may be other tg3 devices
behind the EPB Express to PCIX bridge in the 5780 class device.

For example, some 4-port card or mother board designs have 5704 behind
the 5714.

All devices behind the EPB require the 40-bit DMA workaround.

Thanks to Chris Elmquist again for reporting the problem and testing
the patch.
Signed-off-by: NMichael Chan <mchan@broadcom.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

If the AX.25 dialect chosen by the sysadmin is set to DAMA master / 3
(or DAMA slave / 2, if CONFIG_AX25_DAMA_SLAVE=n) ax25_kick() will fall
through the switch statement without calling ax25_send_iframe() or any
other function that would eventually free skbn thus leaking the packet.

Fix by restricting the sysctl inferface to allow only actually supported
AX.25 dialects.

The system administration mistake needed for this to happen is rather
unlikely, so this is an uncritical hole.

Coverity #651.
Signed-off-by: NRalf Baechle DL5RB <ralf@linux-mips.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

VIDEO_CX88_ALSA should not be between VIDEO_CX88_DVB and
VIDEO_CX88_DVB_ALL_FRONTENDS

When cx88-alsa was added to cx88/Kconfig, it was added in between
VIDEO_CX88_DVB and VIDEO_CX88_DVB_ALL_FRONTENDS.  This caused
undesireable effects to the appearance of the menu options in
menuconfig.

This fix reorders cx88-alsa and cx88-dvb in Kconfig, to match saa7134,
and restore the correct menuconfig appearance.
Signed-off-by: NMichael Krufky <mkrufky@linuxtv.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Fixed em28xx based system lockup, device needs to be initialized before
starting the isoc transfer otherwise the system will completly lock up.
Signed-off-by: NMarkus Rechberger <mrechberger@gmail.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

sys_unshare() does mmput(new_mm).  This is not enough if we have
mm->core_waiters.

This patch is a temporary fix for soon to be released 2.6.16.
Signed-off-by: NOleg Nesterov <oleg@tv-sign.ru>
[ Checked with Uli: "I'm not planning to use unshare(CLONE_VM).  It's
  not needed for any functionality planned so far.  What we (as in Red
  Hat) need unshare() for now is the filesystem side." ]
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

    
From Dave Johnson <djohnson+linuxmips@sw.starentnetworks.com>:
    
sb1250_gettimeoffset() simply reads the current cpu 0 timer remaining
value, however once this counter reaches 0 and the interrupt is raised,
it immediately resets and begins to count down again.
    
If sb1250_gettimeoffset() is called on cpu 1 via do_gettimeofday() after
the timer has reset but prior to cpu 0 processing the interrupt and
taking write_seqlock() in timer_interrupt() it will return a full value
(or close to it) causing time to jump backwards 1ms. Once cpu 0 handles
the interrupt and timer_interrupt() gets far enough along it will jump
forward 1ms.
    
Fix this problem by implementing mips_hpt_*() on sb1250 using a spare
timer unrelated to the existing periodic interrupt timers. It runs at
1Mhz with a full 23bit counter.  This eliminated the custom
do_gettimeoffset() for sb1250 and allowed use of the generic
fixed_rate_gettimeoffset() using mips_hpt_*() and timerhi/timerlo.
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

    
From Dave Johnson <djohnson+linuxmips@sw.starentnetworks.com>:
    
The timers need to be loaded with 1 less than the desired interval not
the interval itself.
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

    
From Dave Johnson <djohnson+linuxmips@sw.starentnetworks.com>:
    
Field width should be 23 bits not 20 bits.
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

    
From Dave Johnson <djohnson+linuxmips@sw.starentnetworks.com>:

* do_timer() expects the arch-specific handler to take the lock as it
  modifies jiffies[_64] and xtime.
* writing timerhi/lo in timer_interrupt() will mess up
  fixed_rate_gettimeoffset() which reads timerhi/lo.
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

    
If a call to set_io_port_base() was being followed by usage of
mips_io_port_base in the same function gcc was possibly using the old
value due to some clever abuse of const.  Adding a barrier will keep
the optimization and result in correct code with latest gcc.
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

Signed-off-by: NMatej Kupljen <matej.kupljen@ultra.si>
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

Signed-off-by: NSergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

    
If dcache_size != icache_size or dcache_size != scache_size, or
set-associative cache, icache/scache does not flushed properly.  Make
blast_?cache_page_indexed() masks its index value correctly.  Also,
use physical address for physically indexed pcache/scache.
Signed-off-by: NAtsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

    
The SB1 core has a three cycle interrupt disable hazard but we were
wrongly treating it as fully interlocked.
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

    
This breaks the kernel build if sgiwd93 was configured as a module.
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

It is broken, the condition is checked out of socket lock. It is
wonderful the bug survived for so long time.

[ This fixes bugzilla #6233:
  race condition in tcp_sendmsg when connection became established ]
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Lee Revell reported 28ms latency when process with lots of swapped memory
exits.

2.6.15 introduced a latency regression when unmapping: in accounting the
zap_work latency breaker, pte_none counted 1, pte_present PAGE_SIZE, but a
swap entry counted nothing at all.  We think of pages present as the slow
case, but Lee's trace shows that free_swap_and_cache's radix tree lookup
can make a lot of work - and we could have been doing it many thousands of
times without a latency break.

Move the zap_work update up to account swap entries like pages present.
This does account non-linear pte_file entries, and unmap_mapping_range
skipping over swap entries, by the same amount even though they're quick:
but neither of those cases deserves complicating the code (and they're
treated no worse than they were in 2.6.14).
Signed-off-by: NHugh Dickins <hugh@veritas.com>
Acked-by: NNick Piggin <npiggin@suse.de>
Acked-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Jiri Benc <jbenc@suse.cz> reported that modpost would stop with SIGABRT if
used with long filepaths.
The error looked like:
>   Building modules, stage 2.
>   MODPOST
> *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size:
+0x0809f588 ***
> [...]

Fix this by allocating at least the required memory + SZ bytes each time.
Before we sometimes ended up allocating too little memory resuting in the
glibc detected bug above.  Based on patch originally submitted by: Jiri
Benc <jbenc@suse.cz>
Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

A user can use nfsservctl() to spam the logs.

This can happen because the arguments to the nfsservctl() system call are
versioned.  This is a good thing.  However, when a bad version is detected,
the kernel prints a message and then returns an error.
Signed-off-by: NPeter Staubach <staubach@redhat.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

We can call try_to_release_page() with PagePrivate off and a valid
page->mapping This may cause all sorts of trouble for the filesystem
*_releasepage() handlers.  XFS bombs out in that case.

Lock the page before checking for page private.
Signed-off-by: NChristoph Lameter <clameter@sgi.com>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

The dm-stripe target currently does not enforce that the size of a stripe
device be a multiple of the chunk-size.  Under certain conditions, this can
lead to I/O requests going off the end of an underlying device.  This
test-case shows one example.

echo "0 100 linear /dev/hdb1 0" | dmsetup create linear0
echo "0 100 linear /dev/hdb1 100" | dmsetup create linear1
echo "0 200 striped 2 32 /dev/mapper/linear0 0 /dev/mapper/linear1 0" | \
   dmsetup create stripe0
dd if=/dev/zero of=/dev/mapper/stripe0 bs=1k

This will produce the output:
dd: writing '/dev/mapper/stripe0': Input/output error
97+0 records in
96+0 records out

And in the kernel log will be:
attempt to access beyond end of device
dm-0: rw=0, want=104, limit=100

The patch will check that the table size is a multiple of the stripe
chunk-size when the table is created, which will prevent the above striped
device from being created.

This should not affect tools like LVM or EVMS, since in all the cases I can
think of, striped devices are always created with the sizes being a
multiple of the chunk-size.

The size of a stripe device must be a multiple of its chunk-size.

(akpm: that typecast is quite gratuitous)
Signed-off-by: NKevin Corry <kevcorry@us.ibm.com>
Signed-off-by: NAlasdair G Kergon <agk@redhat.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>

Bryce reported a bug wherein offlining CPU0 (on x86 box) and then
subsequently onlining it resulted in a lockup.

On x86, CPU0 is never offlined.  The subsequent attempt to online CPU0
doesn't take that into account.  It actually tries to bootup the already
booted CPU.  Following patch fixes the problem (as acknowledged by Bryce).
Please consider for inclusion in 2.6.16.

Check if cpu is already online.
Signed-off-by: NSrivatsa Vaddagiri <vatsa@in.ibm.com>
Signed-off-by: NAndrew Morton <akpm@osdl.org>
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>