aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* [PATCH] unpaged: COW on VM_UNPAGEDHugh Dickins2005-11-22
| | | | | | | | | | | | | | | Remove the BUG_ON(vma->vm_flags & VM_UNPAGED) from do_wp_page, and let it do Copy-On-Write without touching the VM_UNPAGED's page counts - but this is incomplete, because the anonymous page it inserts will itself need to be handled, here and in other functions - next patch. We still don't copy the page if the pfn is invalid, because the copy_user_highpage interface does not allow it. But that's not been a problem in the past: can be added in later if the need arises. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] unpaged: VM_NONLINEAR VM_RESERVEDHugh Dickins2005-11-22
| | | | | | | | | | | | | | | | There's one peculiar use of VM_RESERVED which the previous patch left behind: because VM_NONLINEAR's try_to_unmap_cluster uses vm_private_data as a swapout cursor, but should never meet VM_RESERVED vmas, it was a way of extending VM_NONLINEAR to VM_RESERVED vmas using vm_private_data for some other purpose. But that's an empty set - they don't have the populate function required. So just throw away those VM_RESERVED tests. But one more interesting in rmap.c has to go too: try_to_unmap_one will want to swap out an anonymous page from VM_RESERVED or VM_UNPAGED area. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] unpaged: VM_UNPAGEDHugh Dickins2005-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although we tend to associate VM_RESERVED with remap_pfn_range, quite a few drivers set VM_RESERVED on areas which are then populated by nopage. The PageReserved removal in 2.6.15-rc1 changed VM_RESERVED not to free pages in zap_pte_range, without changing those drivers not to set it: so their pages just leak away. Let's not change miscellaneous drivers now: introduce VM_UNPAGED at the core, to flag the special areas where the ptes may have no struct page, or if they have then it's not to be touched. Replace most instances of VM_RESERVED in core mm by VM_UNPAGED. Force it on in remap_pfn_range, and the sparc and sparc64 io_remap_pfn_range. Revert addition of VM_RESERVED to powerpc vdso, it's not needed there. Is it needed anywhere? It still governs the mm->reserved_vm statistic, and special vmas not to be merged, and areas not to be core dumped; but could probably be eliminated later (the drivers are probably specifying it because in 2.4 it kept swapout off the vma, but in 2.6 we work from the LRU, which these pages don't get on). Use the VM_SHM slot for VM_UNPAGED, and define VM_SHM to 0: it serves no purpose whatsoever, and should be removed from drivers when we clean up. Signed-off-by: Hugh Dickins <hugh@veritas.com> Acked-by: William Irwin <wli@holomorphy.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] unpaged: unifdefed PageCompoundHugh Dickins2005-11-22
| | | | | | | | | | | | | | | | | It looks like snd_xxx is not the only nopage to be using PageReserved as a way of holding a high-order page together: which no longer works, but is masked by our failure to free from VM_RESERVED areas. We cannot fix that bug without first substituting another way to hold the high-order page together, while farming out the 0-order pages from within it. That's just what PageCompound is designed for, but it's been kept under CONFIG_HUGETLB_PAGE. Remove the #ifdefs: which saves some space (out- of-line put_page), doesn't slow down what most needs to be fast (already using hugetlb), and unifies the way we handle high-order pages. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] unpaged: sound nopage get_pageHugh Dickins2005-11-22
| | | | | | | | | | | | | | | | | | Something noticed when studying use of VM_RESERVED in different drivers: snd_usX2Y_hwdep_pcm_vm_nopage omitted to get_page: fixed. And how did this work before? Aargh! That nopage is returning a page from within a buffer allocated by snd_malloc_pages, which allocates a high-order page, then does SetPageReserved on each 0-order page within. That would have worked in 2.6.14, because when the area was unmapped, PageReserved inhibited put_page. 2.6.15-rc1 removed that inhibition (while leaving ineffective PageReserveds around for now), but it hasn't caused trouble because.. we've not been freeing from VM_RESERVED at all. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] unpaged: private write VM_RESERVEDHugh Dickins2005-11-22
| | | | | | | | | | | | | | | | | | The PageReserved removal in 2.6.15-rc1 issued a "deprecated" message when you tried to mmap or mprotect MAP_PRIVATE PROT_WRITE a VM_RESERVED, and failed with -EACCES: because do_wp_page lacks the refinement to COW pages in those areas, nor do we expect to find anonymous pages in them; and it seemed just bloat to add code for handling such a peculiar case. But immediately it caused vbetool and ddcprobe (using lrmi) to fail. So revert the "deprecated" messages, letting mmap and mprotect succeed. But leave do_wp_page's BUG_ON(vma->vm_flags & VM_RESERVED) in place until we've added the code to do it right: so this particular patch is only good if the app doesn't really need to write to that private area. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] unpaged: get_user_pages VM_RESERVEDHugh Dickins2005-11-22
| | | | | | | | | | | | | | | | | The PageReserved removal in 2.6.15-rc1 prohibited get_user_pages on the areas flagged VM_RESERVED in place of PageReserved. That is correct in theory - we ought not to interfere with struct pages in such a reserved area; but in practice it broke BTTV for one. So revert to prohibiting only on VM_IO: if someone gets into trouble with get_user_pages on VM_RESERVED, it'll just be a "don't do that". You can argue that videobuf_mmap_mapper shouldn't set VM_RESERVED in the first place, but now's not the time for breaking drivers without notice. Signed-off-by: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: eliminate use of libc PAGE_SIZEJeff Dike2005-11-22
| | | | | | | | | | On some systems, libc PAGE_SIZE calls getpagesize, which can't happen from a stub. So, I use UM_KERN_PAGE_SIZE, which is less variable in its definition, instead. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: properly invoke x86_64 system callsJeff Dike2005-11-22
| | | | | | | | | | | | | | This patch makes stub_segv use the stub_syscall macros. This was needed anyway, but the bug that prompted this was the discovery that gcc was storing stuff in RCX, which is trashed across a system call. This is exactly the sort of problem that the new macros fix. There is a stub_syscall0 for getpid. stub_segv was changed to be a libc file, and that caused some include changes. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: eliminate anonymous union and clean up symlink lossageJeff Dike2005-11-22
| | | | | | | | | | | | This gives a name to the anonymous union introduced in skas-hold-own-ldt, allowing to build on a wider range of gccs. It also removes ldt.h, which somehow became real, and replaces it with a symlink, and creates ldt-x86_64.h as a copy of ldt-i386.h for now. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: eliminate use of local in clone stubJeff Dike2005-11-22
| | | | | | | | | | | | | | | | | | | | We have a bug in the i386 stub_syscall6 which pushes ebp before the system call and pops it afterwards. Because we use syscall6 to remap the stack, the old contents of the stack (and the former value of ebp) are no longer available. Some versions of gcc make from a real local, accessed through ebp, despite my efforts to make it obvious that references to from are really constants. This patch attempts to make it even more obvious by eliminating from and using a macro to access the stub's data explicitly with constants. My original thinking on this was to replace syscall6 with a remap_stack interface which saved ebp someplace and restored it afterwards. The problem is that there are no registers to put it in, except for esp. That could work, since we can store a constant in esp after the mmap because we just replaced the stack. However, this approach seems a tad cleaner. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] net: Fix compiler-error on dgrs.c when !CONFIG_PCIRichard Knutsson2005-11-22
| | | | | | | | | drivers/net/dgrs.c: In function `dgrs_init_module': drivers/net/dgrs.c:1598: `dgrs_pci_driver' undeclared (first use in this function) Signed-off-by: Richard Knutsson <ricknu-0@student.ltu.se> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge branch 'for-linus' of ↵Linus Torvalds2005-11-21
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/scjody/ieee1394
| * sbp2_command_orb_lock must be held when accessing the _orb_inuse list.Jody McIntyre2005-11-18
| | | | | | | | | | | | | | | | | | Fixes an oops in sbp2util_find_command_for_SCpnt after sbp2scsi_abort: https://bugzilla.novell.com/show_bug.cgi?id=113734 Signed-off-by: Jody McIntyre <scjody@steamballoon.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (cherry picked from 7945619794314414a5c44df11fca4d3f2a3389cf commit)
* | Merge master.kernel.org:/home/rmk/linux-2.6-serialLinus Torvalds2005-11-21
|\ \
| * | [SERIAL] imx: Fix missed platform_driver_unregisterRussell King2005-11-21
| | | | | | | | | | | | Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* | | Merge master.kernel.org:/home/rmk/linux-2.6-armLinus Torvalds2005-11-21
|\ \ \
| * | | [ARM] Shut up gcc warning in clps7500 core.cRussell King2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | core.c:263: warning: initialization makes integer from pointer without a cast Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
| * | | [ARM] Shut up gcc warning in assabet.cRussell King2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | assabet.c:291: warning: 'scr' may be used uninitialized in this function Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
| * | | [ARM] ebsa110: __arch_ioremap should be 3 argsRussell King2005-11-21
| | | | | | | | | | | | | | | | Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
| * | | [ARM] Add asm/memory.h to asm/numnodes.hRussell King2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since the defintion of NODES_SHIFT may be overridden in asm/arch/memory.h it's important to include asm/memory.h into asm/numnodes.h to ensure that the correct value is always defined. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
| * | | [ARM] 3171/1: To add missing QMGR region size for IXP4XXKenneth Tan2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Patch from Kenneth Tan To add queue manager region size which is missing from ixp4xx-regs.h Signed-off-by: Kenneth Tan <chong.yin.tan@intel.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
| * | | [ARM] 3170/1: Sharp SL-6000x: platform device conversion fixupDirk Opfer2005-11-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Patch from Dirk Opfer Fix an error in tosa.c after the platform device conversion. Signed-off-by: Dirk Opfer <Dirk@Opfer-Online.de> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* | | Merge branch 'release' of ↵Linus Torvalds2005-11-21
|\ \ \ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
| * | | [IA64-SGI] bte_copy nasid_index fixRuss Anderson2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The nasid_index was not being incremented if the pointer was null, causing an infinite loop. Signed-off-by: Russ Anderson (rja@sgi.com) Signed-off-by: Tony Luck <tony.luck@intel.com>
| * | | [IA64-SGI] support for older versions of PROMJack Steiner2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for old versions of the SN PROMs. Eventually this support will be deleted but it is useful right now to continue supporting older PROMs. Signed-off-by: Jack Steiner <steiner@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
| * | | [IA64] fix bug in sn/ia64 for sparse CPU numberinghawkes@sgi.com2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel's use of the for_each_*cpu(i) macros has allowed for sparse CPU numbering. When I hacked the kernel to test sparse cpu_present_map[] and cpu_possible_map[] cpumasks, I discovered one remaining spot, in sn_hwperf_ioctl() during sn initialization, that needs to be fixed. Signed-off-by: John Hawkes <hawkes@sgi.com> Signed-off-by: Dean Roe <roe@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
| * | | [IA64] Prevent sn2 ptc code from executing on all ia64 subarchesPrarit Bhargava2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Patch to prevent sn2_ptc_init code from attempting to load on non-sn2 systems when sn2_smp.c is built-in to generic kernel. Signed-off-by: Prarit Bhargava <prarit@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
| * | | [IA64] altix: fix copyright in tioce .h filesMark Maule2005-11-18
| | |/ | |/| | | | | | | | | | | | | | | | Fix up copyright in tioce header files Signed-off-by: Mark Maule <maule@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
* | | [PATCH] as-iosched: remove state assertion in as_add_request()Jens Axboe2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kill the arq->state poison statement in as_add_request(), it can trigger for perfectly valid code that just reuses a request after io completion instead of freeing it and allocating a new one. We probably should introduce a blk_init_request() to start from scratch, but for now just kill it as we will be removing the as specific poisoning soon. Signed-off-by: Jens Axboe <axboe@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | | Merge master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgartLinus Torvalds2005-11-21
|\ \ \
| * \ \ Merge ../linus/Dave Jones2005-11-21
| |\ \ \ | | | |/ | | |/|
| * | | [AGPGART] Support VIA P4M800CE bridge.Dave Jones2005-11-21
| | | | | | | | | | | | | | | | Signed-off-by: Dave Jones <davej@redhat.com>
| * | | [AGPGART] Mark AMD64 aperture size structs as constDave Jones2005-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Neither of them are ever written to. Noted by Arjan van de Ven Signed-off-by: Dave Jones <davej@redhat.com>
| * | | [AGPGART] Mark maxes_table as constDave Jones2005-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It's never written to. Noted by Arjan van de Ven Signed-off-by: Dave Jones <davej@redhat.com>
* | | | Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2005-11-21
|\ \ \ \ | |_|/ / |/| | |
| * | | [NET]: kernel-doc fixesRandy Dunlap2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix kernel-doc warnings in network files. Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | [NET]: Use unused bit for ipvs_property field in struct sk_buffPatrick McHardy2005-11-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | [DCCP]: Add missing no_policy flag to struct net_protocolPatrick McHardy2005-11-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | [NETFILTER]: Remove ARRAY_SIZE duplicateNicolas Kaiser2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Nicolas Kaiser <nikai@nikai.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | [NETFILTER]: fixed dependencies between modules related with ip_conntrackYasuyuki Kozakai2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - IP_NF_CONNTRACK_MARK is bool and depends on only IP_NF_CONNTRACK which is tristate. If a variable depends on IP_NF_CONNTRACK_MARK and doesn't care about IP_NF_CONNTRACK, it can be y. This must be avoided. - IP_NF_CT_ACCT has same problem. - IP_NF_TARGET_CLUSTERIP also depends on IP_NF_MANGLE. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | [FIB_TRIE]: Don't show local table in /proc/net/route outputPatrick McHardy2005-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't show local table to behave similar to fib_hash. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | Merge git://git.skbuff.net/gitroot/yoshfuji/linux-2.6.14+advapi-fix/David S. Miller2005-11-20
| |\ \ \
| | * | | [IPV6]: Fix sending extension headers before and including routing header.YOSHIFUJI Hideaki2005-11-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on suggestion from Masahide Nakamura <nakam@linux-ipv6.org>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
| | * | | [IPV6]: Fix calculation of AH length during filling ancillary data.Ville Nuorvala2005-11-19
| | | | | | | | | | | | | | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
| | * | | [IPV6]: Fix memory management error during setting up new advapi sockopts.YOSHIFUJI Hideaki2005-11-19
| | | | | | | | | | | | | | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
| * | | | [IPV6]: Acquire addrconf_hash_lock for read in addrconf_verify(...)Yan Zheng2005-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | addrconf_verify(...) only traverse address hash table when addrconf_hash_lock is held for writing, and it may hold addrconf_hash_lock for a long time. So I think it's better to acquire addrconf_hash_lock for reading instead of writing Signed-off-by: Yan Zheng <yanzheng@21cn.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | | [COMPAT] net: SIOCGIFCONF data corruptionAlexandra Kossovsky2005-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From: Alexandra Kossovsky <Alexandra.Kossovsky@oktetlabs.ru> From http://bugzilla.kernel.org/show_bug.cgi?id=4746 There is user data corruption when using ioctl(SIOCGIFCONF) in 32-bit application running amd64 kernel. I do not think that this problem is exploitable, but any data corruption may lead to security problems. Following code demonstrates the problem #include <stdint.h> #include <stdio.h> #include <sys/time.h> #include <sys/socket.h> #include <net/if.h> #include <sys/ioctl.h> char buf[256]; main() { int s = socket(AF_INET, SOCK_DGRAM, 0); struct ifconf req; int i; req.ifc_buf = buf; req.ifc_len = 41; printf("Result %d\n", ioctl(s, SIOCGIFCONF, &req)); printf("Len %d\n", req.ifc_len); for (i = 41; i < 256; i++) if (buf[i] != 0) printf("Byte %d is corrupted\n", i); } Steps to reproduce: Compile the code above into 32-bit elf and run it. You'll get Result 0 Len 32 Byte 48 is corrupted Byte 52 is corrupted Byte 53 is corrupted Byte 54 is corrupted Byte 55 is corrupted Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | | [NET]: Reject socket filter if division by constant zero is attempted.Kris Katterjohn2005-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This way we don't have to check it in sk_run_filter(). Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | | | [PKT_SCHED]: sch_netem: correctly order packets to be sent simultaneouslyAndrea Bittau2005-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If two packets were queued to be sent at the same time in the future, their order would be reversed. This would occur because the queue is traversed back to front, and a position is found by checking whether the new packet needs to be sent before the packet being examined. If the new packet is to be sent at the same time of a previous packet, it would end up before the old packet in the queue. This patch places packets in the correct order when they are queued to be sent at a same time in the future. Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>