Ahmed managed to crash the Host in release_pgd(), which cannot be a Guest
bug, and indeed it wasn't.

The bug was that handing a 0 as the address of the toplevel page table
being manipulated can cause the lookup code in find_pgdir() to return
an uninitialized cache entry (we shadow up to 4 top level page tables
for each Guest).

Commit 37cc8d7f introduced this
behaviour in the Guest, uncovering the bug.

The patch which he submitted (which removed the /4 from the index
calculation) simply ensured that these high-indexed entries hit the
early exit path of guest_set_pmd().  But you get lots of segfaults in
guest userspace as the PMDs aren't being updated.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>

Now the TSC code handles a zero return from calculate_cpu_khz(),
lguest can simply pass through the value it gets from the Host: if
non-zero, all the normal TSC code applies.

Otherwise (or if the Host really doesn't support TSC), the clocksource
code will fall back to the slower but reasonable lguest clock.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>

Robert Bragg's 5dc33185 tightened
(ie. fixed) the checking in __get_vm_area, and it broke lguest.

lguest should pass the exact "end" it wants, not some random constant
(it was possible previously that it would actually get an address
different from SWITCHER_ADDR).

Also, Fabio Checconi pointed out that we should make sure we're not
hitting the fixmap area.
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
Cc: Robert Bragg <robert@sixbynine.org>

If req is LHREQ_INITIALIZE, and the guest has been initialized before
(unlikely), it will attempt to access cpu->tsk even though cpu is not yet
initialized.
Signed-off-by: NEugene Teo <eugeneteo@kernel.sg>
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>

Don't include linux/backing-dev.h twice in mm/filemap.c, it's pointless.
Signed-off-by: NJesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* git://git.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-hrt:
  time: remove obsolete CLOCK_TICK_ADJUST
  time: don't touch an offlined CPU's ts->tick_stopped in tick_cancel_sched_timer()
  time: prevent the loop in timespec_add_ns() from being optimised away
  ntp: use unsigned input for do_div()

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  [CRYPTO] skcipher: Fix section mismatches

This fixes a boot panic due to a typo in the recent iommu patchset from
FUJITA Tomonori <tomof@acm.org> - the code used dma_get_max_seg_size()
instead of dma_get_seg_boundary().

It also removes a couple of unnecessary BUG_ON() and ALIGN() macros.
Signed-off-by: NIvan Kokshaysky <ink@jurassic.park.msu.ru>
Reported-and-tested-by: NBob Tracy <rct@frus.com>
Acked-by: NFUJITA Tomonori <tomof@acm.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

We currently set the root-domain online span automatically when the
domain is added to the cpu if the cpu is already a member of
cpu_online_map.

This was done as a hack/bug-fix for s2ram, but it also causes a problem
with hotplug CPU_DOWN transitioning.  The right way to fix the original
problem is to actually respond to CPU_UP events, instead of CPU_ONLINE,
which is already too late.

This solves the hung reboot regression reported by Andrew Morton and
others.
Signed-off-by: NGregory Haskins <ghaskins@novell.com>
Acked-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

The first version of the ntp_interval/tick_length inconsistent usage patch was
recently merged as bbe4d18a

http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bbe4d18ac2e058c56adb0cd71f49d9ed3216a405

While the fix did greatly improve the situation, it was correctly pointed out
by Roman that it does have a small bug: If the users change clocksources after
the system has been running and NTP has made corrections, the correctoins made
against the old clocksource will be applied against the new clocksource,
causing error.

The second attempt, which corrects the issue in the NTP_INTERVAL_LENGTH
definition has also made it up-stream as commit
e13a2e61

http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e13a2e61dd5152f5499d2003470acf9c838eab84

Roman has correctly pointed out that CLOCK_TICK_ADJUST is calculated
based on the PIT's frequency, and isn't really relevant to non-PIT
driven clocksources (that is, clocksources other then jiffies and pit).

This patch reverts both of those changes, and simply removes
CLOCK_TICK_ADJUST.

This does remove the granularity error correction for users of PIT and Jiffies
clocksource users, but the granularity error but for the majority of users, it
should be within the 500ppm range NTP can accommodate for.

For systems that have granularity errors greater then 500ppm, the
"ntp_tick_adj=" boot option can be used to compensate.

[johnstul@us.ibm.com: provided changelog]
[mattilinnanvuori@yahoo.com: maek ntp_tick_adj static]
Signed-off-by: NRoman Zippel <zippel@linux-m68k.org>
Acked-by: Njohn stultz <johnstul@us.ibm.com>
Signed-off-by: NMatti Linnanvuori <mattilinnanvuori@yahoo.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Cc: mingo@elte.hu
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>

Silences WARN_ONs in rcu_enter_nohz() and rcu_exit_nohz(), which appeared
before caused by (repeated) calls to:
        $ echo 0 > /sys/devices/system/cpu/cpu1/online
        $ echo 1 > /sys/devices/system/cpu/cpu1/online
Signed-off-by: NKarsten Wiese <fzu@wemgehoertderstaat.de>
Cc: johnstul@us.ibm.com
Cc: Rafael Wysocki <rjw@sisk.pl>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>

Since some architectures don't support __udivdi3().
Signed-off-by: NSegher Boessenkool <segher@kernel.crashing.org>
Cc: john stultz <johnstul@us.ibm.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>

The kernel NTP code shouldn't hand 64-bit *signed* values to do_div().  Make it
instead hand 64-bit unsigned values.  This gets rid of a couple of warnings.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Cc: Roman Zippel <zippel@linux-m68k.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: john stultz <johnstul@us.ibm.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>

In commit ee7c82da ("wait_task_stopped:
simplify and fix races with SIGCONT/SIGKILL/untrace"), the magic (short)
cast when storing si_code was lost in wait_task_stopped.  This leaks the
in-kernel CLD_* values that do not match what userland expects.
Signed-off-by: NRoland McGrath <roland@redhat.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

The previous patch to move chainiv and eseqiv into blkcipher created
a section mismatch for the chainiv exit function which was also called
from __init.  This patch removes the __exit marking on it.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This makes 64-bit ptrace calls setting the 64-bit orig_ax field for a
32-bit task sign-extend the low 32 bits up to 64.  This matches what a
64-bit debugger expects when tracing a 32-bit task.

This follows on my "x86_64 ia32 syscall restart fix".  This didn't
matter until that was fixed.

The debugger ignores or zeros the high half of every register slot it
sets (including the orig_rax pseudo-register) uniformly.  It expects
that the setting of the low 32 bits always has the same meaning as a
32-bit debugger setting those same 32 bits with native 32-bit
facilities.

This never arose before because the syscall restart check never
matched any -ERESTART* values due to lack of sign extension.  Before
that fix, even 32-bit ptrace setting orig_eax to -1 failed to trigger
the restart check anyway.  So this was never noticed as a regression
of 64-bit debuggers vs 32-bit debuggers on the same 64-bit kernel.
Signed-off-by: NRoland McGrath <roland@redhat.com>
[ Changed to just do the sign-extension unconditionally on x86-64,
  since orig_ax is always just a small integer and doesn't need
  the full 64-bit range ]
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

This adds another Broadcom BCM2045 based device to the blacklist, with
these settings the micro dongle works on my system.
Signed-off-by: NKarsten Keil <kkeil@suse.de>
Acked-by: NMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'slab-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/christoph/vm:
  slub: fix typo in Documentation/vm/slub.txt
  slab: NUMA slab allocator migration bugfix
  slub: Do not cross cacheline boundaries for very small objects
  slab - use angle brackets for include of kmalloc_sizes.h
  slab numa fallback logic: Do not pass unfiltered flags to page allocator
  slub statistics: Fix check for DEACTIVATE_REMOTE_FREES

* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
  ide: update references to Documentation/ide/ide.txt (v2)
  ide: move ide.txt to Documentation/ide/
  ide: fix buggy code in ide_register_hw()
  ide: fix enabling DMA on it821x in "smart" mode
  ide-cd: mark REQ_TYPE_ATA_PC write requests with REQ_RW flag

Fix all references to Documentation/ide/ide.txt.
Add/update ide/00-INDEX file.
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

Cleanup some of Documentation directory:
Move Documentation/ide.txt to the ide/ sub-directory.
Fix trailing whitespace while there.
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

Relocating the index to come after finding the hwif pointer.
Signed-off-by: Peter Teoh <htmldeveloper@gmail.com>
Reported-by: NAdrian Bunk <bunk@kernel.org>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

ide_tune_dma() should return '1' if IDE_HFLAG_NO_SET_MODE host flag is set.

Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

On Thursday 06 March 2008, walt wrote:

> For me, this commit causes the problem it's intended to fix:
> 
> commit 9f10d9ee
> Author: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
> Date:   Tue Feb 26 21:50:35 2008 +0100
> 
>      ide-cd: fix 'ireason' handling for REQ_TYPE_ATA_PC requests
> 
>      This fixes some hangs caused by not finishing the transfer before ending
>      the request and also makes use of 'ireason == 1' quirk for spurious IRQs.
> 
> When I mount a CD there is a long delay, and I see this error message:
> 
> hdc: ide_cd_check_ireason: wrong transfer direction!
> cdrom: failed setting lba address space
> hdc: status error: status=0x58 { DriveReady SeekComplete DataRequest }
> ide: failed opcode was: unknown
> hdc: drive not ready for command
> <repeated many times>
> 
> When I revert this commit everything works properly again, including
> CD burning.

It turned out that REQ_TYPE_ATA_PC write requests were not marked as such
(the previous commit assumed them to be).
Reported-by: Nwalt <w41ter@gmail.com>
Tested-by: Nwalt <w41ter@gmail.com>
Reviewed-by: NBorislav Petkov <petkovbb@googlemail.com>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

* 'hotfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
  NFS: Fix dentry revalidation for NFSv4 referrals and mountpoint crossings
  NFS: Fix the fsid revalidation in nfs_update_inode()
  SUNRPC: Fix a nfs4 over rdma transport oops
  NFS: Fix an f_mode/f_flags confusion in fs/nfs/write.c

As long as the directory contents haven't changed, we should just let the
path walk proceed to cross the mountpoint. Apart from being an optimisation
in the case of 'nohide' mountpoint traversals, it also fixes an issue with
referrals: referral inodes don't have valid filehandles, so calling
nfs_revalidate_inode() on them is a bug.
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>

When we detect that we've crossed a mountpoint on the remote server, we
must take care not to use that inode to revalidate the fsid on our
current superblock. To do so, we label the inode as a remote mountpoint,
and check for that in nfs_update_inode().
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>

Prevent an RPC oops when freeing a dynamically allocated RDMA
buffer, used in certain special-case large metadata operations.
Signed-off-by: NTom Talpey <tmt@netapp.com>
Signed-off-by: NJames Lentini <jlentini@netapp.com>
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>

O_SYNC is stored in filp->f_flags.
Thanks to Al Viro for pointing out the bug.
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>

The card state mutex was only initialized when a device was connected,
but used during unload unconditionally, leading to an Oops if a driver
was loaded and unloaded again without ever connecting a device.

Fix this by initializing the mutex as soon as the structure is allocated.
Also add a missing mutex unlock revealed in the same execution path.

This fixes a possible Oops in 2.6.25-rc that was introduced by commit
e468c048 ("Gigaset: permit module
unload").

Thanks to Roland Kletzing for reporting this problem.
Signed-off-by: NTilman Schmidt <tilman@imap.cc>
Tested-by: NRoland Kletzing <devzero@web.de>
Cc: Hansjoerg Lipp <hjlipp@web.de>
Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched-devel

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched-devel:
  sched: don't allow rt_runtime_us to be zero for groups having rt tasks
  sched: rt-group: fixup schedulability constraints calculation
  sched: fix the wrong time slice value for SCHED_FIFO tasks
  sched: export task_nice
  sched: balance RT task resched only on runqueue
  sched: retain vruntime

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86:
  x86-boot: don't request VBE2 information
  x86: re-add reboot fixups
  x86: fix typo in step.c
  x86: fix merge mistake in i387.c
  x86: clear DF before calling signal handler

randconfig testing found a bootup lockup in drivers/char/esp.c because
of a spinlock that wasn't correctly initialized.

I'm not sure why it became more prominent in 2.6.25-rc4, the bug seems
rather old and i've been doing allyesconfig bootups for ages with
CONFIG_ESP enabled.

This fixes this bootup lockup:

 PM: Adding info for No Bus:ttyP63
 ttyP32 at 0x0240 (irq = 0) is an ESP primary port
 BUG: spinlock lockup on CPU#0, swapper/1, f56dd004
 Pid: 1, comm: swapper Not tainted 2.6.25-rc4-sched-devel.git-x86-latest.git #402 [<c03ac6f4>] _raw_spin_lock+0x134/0x140
  [<c08649be>] _spin_lock_irqsave+0x5e/0x80
  [<c0b9fbfe>] ? espserial_init+0x2be/0x6e0
  [<c0b9fbfe>] espserial_init+0x2be/0x6e0
  [<c0b877a3>] kernel_init+0x83/0x260
  [<c0b9f940>] ? espserial_init+0x0/0x6e0
  [<c010416a>] ? restore_nocheck_notrace+0x0/0xe
  [<c0b87720>] ? kernel_init+0x0/0x260
  [<c0b87720>] ? kernel_init+0x0/0x260
  [<c0104507>] kernel_thread_helper+0x7/0x10
  =======================

kzalloc() is not the way to initialize spinlocks anymore.
Signed-off-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

This patch checks if we can set the rt_runtime_us to 0. If there is a
realtime task in the group, we don't want to set the rt_runtime_us as 0
or bad things will happen. (that task wont get any CPU time despite
being TASK_RUNNNG)
Signed-off-by: NDhaval Giani <dhaval@linux.vnet.ibm.com>
Signed-off-by: NIngo Molnar <mingo@elte.hu>

it was only possible to configure the rt-group scheduling parameters
beyond the default value in a very small range.

that's because div64_64() has a different calling convention than
do_div() :/

fix a few untidies while we are here; sysctl_sched_rt_period may overflow
due to that multiplication, so cast to u64 first. Also that RUNTIME_INF
juggling makes little sense although its an effective NOP.
Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: NIngo Molnar <mingo@elte.hu>

Function sys_sched_rr_get_interval returns wrong time slice value for
SCHED_FIFO tasks. The time slice for SCHED_FIFO tasks should be 0.
Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com>
Signed-off-by: NIngo Molnar <mingo@elte.hu>

The API is trivial, and so is the implementation.
Signed-off-by: NPavel Roskin <proski@gnu.org>
Signed-off-by: NIngo Molnar <mingo@elte.hu>

Sripathi Kodi reported a crash in the -rt kernel:

  https://bugzilla.redhat.com/show_bug.cgi?id=435674

this is due to a place that can reschedule a task without holding
the tasks runqueue lock.  This was caused by the RT balancing code
that pulls RT tasks to the current run queue and will reschedule the
current task.

There's a slight chance that the pulling of the RT tasks will release
the current runqueue's lock and retake it (in the double_lock_balance).
During this time that the runqueue is released, the current task can
migrate to another runqueue.

In the prio_changed_rt code, after the pull, if the current task is of
lesser priority than one of the RT tasks pulled, resched_task is called
on the current task. If the current task had migrated in that small
window, resched_task will be called without holding the runqueue lock
for the runqueue that the task is on.

This race condition also exists in the mainline kernel and this patch
adds a check to make sure the task hasn't migrated before calling
resched_task.
Signed-off-by: NSteven Rostedt <srostedt@redhat.com>
Tested-by: NSripathi Kodi <sripathik@in.ibm.com>
Acked-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: NIngo Molnar <mingo@elte.hu>

Kei Tokunaga reported an interactivity problem when moving tasks
between control groups.

Tasks would retain their old vruntime when moved between groups, this
can cause funny lags. Re-set the vruntime on group move to fit within
the new tree.
Reported-by: NKei Tokunaga <tokunaga.keiich@jp.fujitsu.com>
Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: NIngo Molnar <mingo@elte.hu>