Pavel Emelianov and Kirill Korotaev observe that fs and arch users of
security_vm_enough_memory tend to forget to vm_unacct_memory when a
failure occurs further down (typically in setup_arg_pages variants).
These are all users of insert_vm_struct, and that reservation will only
be unaccounted on exit if the vma is marked VM_ACCOUNT: which in some
cases it is (hidden inside VM_STACK_FLAGS) and in some cases it isn't.
So x86_64 32-bit and ppc64 vDSO ELFs have been leaking memory into
Committed_AS each time they're run. But don't add VM_ACCOUNT to them,
it's inappropriate to reserve against the very unlikely case that gdb
be used to COW a vDSO page - we ought to do something about that in
do_wp_page, but there are yet other inconsistencies to be resolved.
The safe and economical way to fix this is to let insert_vm_struct do
the security_vm_enough_memory check when it finds VM_ACCOUNT is set.
And the MIPS irix_brk has been calling security_vm_enough_memory before
calling do_brk which repeats it, doubly accounting and so also leaking.
Remove that, and all the fs and arch calls to security_vm_enough_memory:
give it a less misleading name later on.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-Off-By: Kirill Korotaev <dev@sw.ru>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
It turns out that the BUG_ON() in fs/exec.c: de_thread() is unreliable
and can trigger due to the test itself being racy.
de_thread() does
while (atomic_read(&sig->count) > count) {
}
.....
.....
BUG_ON(!thread_group_empty(current));
but release_task does
write_lock_irq(&tasklist_lock)
__exit_signal
(this is where atomic_dec(&sig->count) is run)
__exit_sighand
__unhash_process
takes write lock on tasklist_lock
remove itself out of PIDTYPE_TGID list
write_unlock_irq(&tasklist_lock)
so there's a clear (although small) window between the
atomic_dec(&sig->count) and the actual PIDTYPE_TGID unhashing of the
thread.
And actually there is no need for all threads to have exited at this
point, so we simply kill the BUG_ON.
Big thanks to Marc Lehmann who provided the test-case.
Fixes Bug 5170 (http://bugme.osdl.org/show_bug.cgi?id=5170)
Signed-off-by: Alexander Nyberg <alexn@telia.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Andrew Morton <akpm@osdl.org>
Cc: Ingo Molnar <mingo@elte.hu>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Certain (SGI?) ia64 boxes object to having their PCI BARs
restored unless absolutely necessary. This patch restricts calling
pci_restore_bars from pci_set_power_state unless the current state
is PCI_UNKNOWN, the actual (i.e. physical) state of the device is
PCI_D3hot, and the device indicates that it will lose its configuration
when transitioning to PCI_D0.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[patch 4/4] s390: qeth driver fixes .
From: Frank Pavlic <pavlic@de.ibm.com>
- Clear read channel first prior to using ccw_device_set_offline.
- use QETH_DBF_TEXT instead of QETH_DBF_SPRINTF
- invoke qeth_halt_channel and qeth_clear_channel for all channels,
even if halt/clear for one of the channel fails.
- enable qeth_arp_query function for GuestLAN devices
Signed-off-by: Frank Pavlic <pavlic@de.ibm.com>
diffstat:
qeth.h | 2 -
qeth_main.c | 106 +++++++++++++++++++++++++-----------------------------------
qeth_sys.c | 11 +++---
3 files changed, 53 insertions(+), 66 deletions(-)
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Jeff,
I'm sorry seems that they have not been sent out either ...
ok here they come ...
[patch 3/4] s390: TSO related fixes in qeth driver
From: Frank Pavlic <pavlic@de.ibm.com>
TSO related fixes :
- changing value of large_send attribute while network traffic
is running caused program check and thus device recovery.
- Due to hardware restriction discard packet when it exceeds 60K
otherwise qeth will cause program checks and thus traffic stall
when trying to send such huge packets.
Signed-off-by: Frank Pavlic <pavlic@de.ibm.com>
diffstat:
qeth.h | 4 ++--
qeth_main.c | 33 +++++++++++++++++++++------------
qeth_sys.c | 10 +++-------
3 files changed, 26 insertions(+), 21 deletions(-)
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Jeff,
sorry if I have flooded your inbox, I had some problems with the
mail server here yesterday, but it seems to be fixed ...
Ok patch 3-4 have no dependencies on patch 2 since only qeth driver is
affected.Thus I have made a new patch 2 for ctc driver.
Thank you .
[patch 2/4] s390: ctc driver fixes
From: Peter Tiedemann <ptiedem@de.ibm.com>
- race condition fixed
- minor cleanup
Signed-off-by: Peter Tiedemann <ptiedem@de.ibm.com>
Signed-off-by: Frank Pavlic <pavlic@de.ibm.com>
diffstat:
ctcmain.c | 41 ++++++++++++++++++++++-------------------
1 files changed, 22 insertions(+), 19 deletions(-)
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Merge of four previous patches and the Kconfig fix
* Remove debug printk's
* whitespace cleanup and version number change
* clear interrupts, reset phy, and reset hardware on shutdown
* ignore 64bit counter overflow interrupts
* fix a couple of places where second port could clobber state
of first port.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Do not count frames dropped by the hardware as part of rx_dropped.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Do not count non-error frames dropped by the hardware as
part of rx_dropped. Instead, count those frames dropped as
rx_missed_errors. Also, do not count other error frames as part of
rx_dropped. Finally, do not count oversized frames in rx_dropped
(since they are counted as part of rx_length_errors).
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Do not count frames dropped by the hardware as part of rx_dropped.
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
this patch display the correct channel number with iwlist scan
Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
This patch fixes a nasty typo I introduced in my previous patch (commit
f2c853bca5). The right offset of the
second port in pure sata mode is 64 and not 0x64.
Thanks to Martin Schuster for pointing this to me
Signed-off-by: Arnaud Patard <apatard@mandriva.com>
---
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
xircom_cb.c does #if CONFIG_NET_POLL_CONTROLLER instead of #ifdef,
resulting in drivers/net/tulip/xircom_cb.c:120:5: warning:
"CONFIG_NET_POLL_CONTROLLER" is not defined.
Signed-off-by: Keith Owens <kaos@sgi.com>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
drivers/net/s2io.c: In function `init_shared_mem':
drivers/net/s2io.c:431: warning: cast from pointer to integer of different size
drivers/net/s2io.c: In function `free_shared_mem':
drivers/net/s2io.c:662: warning: cast from pointer to integer of different size
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jeff Garzik <jgarzik@pobox.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
Fix PCI device id issues with sk98lin driver.
1. DLINK 530-T card has no Vital Product Data (VPD) area so the sk98lin
driver won't work. (skge does however)
2. Remove commented out Yukon2 stuff
3. Restrict Linksys card to revisions that don't conflict with r8169 version.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
The timer/watchdog register definitions were missing from
the mpcore watchdog patch. Add them.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
disable_timer_pin_1 needs IO-APIC, not just local APIC.
Signed-off-by: Cal Peake <cp@absolutedigital.net>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Eliciting a SYNCACK in response, we were handling SYNC packets
only in the DCCP_OPEN state, in dccp_rcv_established.
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
It is possible to receive more than one CLOSEREQ packet if the
CLOSE packet sent in response is somehow lost, change the state
to DCCP_CLOSING only on the first CLOSEREQ packet received.
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Patch from George G. Davis
As pointed out be Matthew Klahn <MKLAHN@motorola.com>, some sys_ipc()
call options require six args, e.g. SEMTIMEDOP. This patch adds an ARM sys_ipc_wrapper to save the sys_ipc() 'fifth' arg on the stack.
Signed-off-by: George G. Davis <gdavis@mvista.com>
arch/arm/kernel/calls.S | 2 +-
arch/arm/kernel/entry-common.S | 5 +++++
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
In 2.6.13-rcX the MASQUERADE target was changed not to exclude local
packets for better source address consistency. This breaks DHCP clients
using UDP sockets when the DHCP requests are caught by a MASQUERADE rule
because the MASQUERADE target drops packets when no address is configured
on the outgoing interface. This patch makes it ignore packets with a
source address of 0.
Thanks to Rusty for this suggestion.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Don't parse the packet, the data is already available in the conntrack
structure.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
With large port numbers the helper_names buffer can overflow.
Noticed by Samir Bellabes <sbellabes@mandriva.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
fix up the runqueue lock owner only if we truly did a context-switch
with the runqueue lock held. Impacts ia64, mips, sparc64 and arm.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Masked FPU exceptions should obviously not happen in the first place,
but if they do, ignoring them seems to be the right thing to do.
Although there is no documentation available for Cyrix MII, I did find
erratum F-7 for Winchip C6, "FPU instruction may result in spurious
exception under certain conditions" which seems to indicate that this
can happen.
That would also explain the behaviour Ondrej Zary reported on the MII.
Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
My patch "Separate pci bits out of struct device_node" (commit
1635317fac) had the unfortunate
side-effect that it stopped eeh_init() from working correctly.
It needs the pointers set up by find_and_init_phbs(), but it was being
called just before find_and_init_phbs(). That meant that we didn't
enable EEH (pSeries PCI error recovery) on any devices, and that meant
that on POWER5 systems, the hypervisor wouldn't let us enable memory or
I/O space access to any devices, and their drivers got somewhat
confused.
This fixes it by moving the eeh_init call after find_and_init_phbs.
Tested on a POWER5 partition.
Signed-of-by: Paul Mackerras <paulus@samba.org>
Signed-of-by: Linus Torvalds <torvalds@osdl.org>
Like previously done for i386, get the x86_64 watchdog tick calculation
into a state where it can also be used on CPUs with frequencies beyond
4GHz.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Andi Kleen <ak@muc.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
As written in Documentation/feature-removal-schedule.txt, remove the
io_remap_page_range() kernel API.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Added clarification on the root device format to be used for second kernel,
as well as specifying initrd if drivers are built as modules.
Signed-off-by: Kishore Sampathkumar <kishore.sampathkumar@hp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Some adjustments to the matroxfb code, for one part preventing the display
to be disabled for longer than necessary, and for the other part to make
information about the frame buffer position available so that a kernel
debugger might obtain that before the initial mode change.
Finally, some return code corrections to fit the generic fb code.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Petr Vandrovec <vandrove@vc.cvut.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
const-ify the font control structures and data, to make somewhat better
guarantees that these are not modified anywhere in the kernel.
Specifically for a kernel debugger to share this information from the
normal kernel code, such a guarantee seems rather desirable.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Cc: "Antonino A. Daplas" <adaplas@hotpop.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
An adjustment to the SM_DOWN case of fbcon_scroll to match the behavior of
SM_UP.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Cc: "Antonino A. Daplas" <adaplas@hotpop.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>