aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* drivers/net/tokenring: Use status field rather than state fieldJulia Lawall2009-08-13
| | | | | | | | | | | In general in this file, it is the status field, not the state field, that contains values like OPEN and CLOSED. Indeed, in the first error case, it is the field status that is initialized. I have thus assumed that all of the error handling code should be the same, and moved it to the end of the function to emphasize its commonality. Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
* drivres/net: Change constant nameJulia Lawall2009-08-13
| | | | | | | | | In this series of tests the constants have the form XRXMAC_STATUS, except in this one case. The values of XRXMAC_STAT_MSK_RXOCTET_CNT_EXP and XRXMAC_STATUS_RXOCTET_CNT_EXP are furthermore the same. Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
* fakehard: use START-CONFIRM primitive to report START failureDmitry Baryshkov2009-08-13
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* nl802154: support START-CONFIRM primitiveDmitry Baryshkov2009-08-13
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* af_ieee802154: add support for WANT_ACK socket optionDmitry Baryshkov2009-08-13
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* af_ieee802154: minor cleanup in dgram_bindDmitry Baryshkov2009-08-13
| | | | | | | | 1) fix ro->bound protection by socket lock 2) make ro->bound bit instead of int Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* nl802154: add support for dumping WPAN interface informationDmitry Baryshkov2009-08-13
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* documentation: fix wrt. headers renameDmitry Baryshkov2009-08-12
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* nl802154: make ieee802154_policy constantDmitry Baryshkov2009-08-12
| | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* af_ieee802154: drop IEEE802154_SIOC_ADD_SLAVE declarationDmitry Baryshkov2009-08-12
| | | | | | | | IEEE802154_SIOC_ADD_SLAVE was used to allocate 802.15.4 interfaces on the top of radio. It's not used anymore, drop it. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Use correct NET_RX_* returns for atalk_rcv()Mark Smith2009-08-12
| | | | | | | | | | | | | | | | | In all rx'd SKB cases, atalk_rcv() either eventually jumps to or falls through to the label out:, which returns numeric 0. Numeric 0 corresponds to NET_RX_SUCCESS, which is incorrect in failed SKB cases. This patch makes atalk_rcv() provide the correct returns by: o explicitly returning NET_RX_SUCCESS in the two success cases o having the out: label return NET_RX_DROP, instead of numeric 0 o making the failed SKB labels and processing more consistent with other _rcv() routines in the kernel, simplifying validation and removing a backwards goto Signed-off-by: Mark Smith <markzzzsmith@yahoo.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* f_phonet: use page-sized rather than MTU-sized RX buffersRémi Denis-Courmont2009-08-12
| | | | | | | | | | | Instead of a large (physically) linear buffer, we generate a set of paged sk_buff, so no extra memory copy is involved. This removes high-order allocations and saves quite a bit of memory. Phonet MTU is 65541 bytes, so the two buffers were padded to 128 kilo-bytes each. Now, we create 17 page buffers, almost a 75% memory use reduction. Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* f_phonet: lock-less MTU changeRémi Denis-Courmont2009-08-12
| | | | | | | | With the current driver, the MTU is purely indicative, so there is no need to synchronize with the receive path. Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2009-08-12
|\ | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: arch/microblaze/include/asm/socket.h
| * Revert "libertas: Read buffer overflow"David S. Miller2009-08-12
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 57921c312e8cef72ba35a4cfe870b376da0b1b87. On request from John Linville: It has been shown to create a new problem. There is work towards a solution to that one, but it isn't a simple clean-up. Signed-off-by: David S. Miller <davem@davemloft.net>
| * ar9170: fix read & write outside array boundsDan Carpenter2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | queue == __AR9170_NUM_TXQ would cause a bug on the next line. found by Smatch ( http://repo.or.cz/w/smatch.git ). Cc: stable@kernel.org Reported-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@web.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * ar9170usb: fix spurious firmware related messageChristian Lamparter2009-08-10
| | | | | | | | | | | | | | | | When ar9170-2.fw was missing, the driver erroneously complained about missing the initialization values file ar9170-1.fw... Signed-off-by: Christian Lamparter <chunkeey@web.de> Signed-off-by: John W. Linville <linville@tuxdriver.com>
| * mlx4_en: Fix read buffer overflow in mlx4_en_complete_rx_desc()roel kluin2009-08-10
| | | | | | | | | | | | | | | | If the length is less or equal to frag_prefix_size in the first iteration we write skb_frags_rx[-1] and read from priv->frag_info[-1] Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * zorro8390: Fix read buffer overflow in zorro8390_init_one()roel kluin2009-08-10
| | | | | | | | | | | | | | Prevent read from cards[-1] when no card was found. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * pcnet32: Read buffer overflowroel kluin2009-08-10
| | | | | | | | | | | | | | | | An `options[cards_found]' that equals `sizeof(options_mapping)' is already beyond the array. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * sctp: fix missing destroy of percpu counter variable in sctp_proc_exit()Rafael Laufer2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 1748376b6626acf59c24e9592ac67b3fe2a0e026, net: Use a percpu_counter for sockets_allocated added percpu_counter function calls to sctp_proc_init code path, but forgot to add them to sctp_proc_exit(). This resulted in a following Ooops when performing this test # modprobe sctp # rmmod -f sctp # modprobe sctp [ 573.862512] BUG: unable to handle kernel paging request at f8214a24 [ 573.862518] IP: [<c0308b8f>] __percpu_counter_init+0x3f/0x70 [ 573.862530] *pde = 37010067 *pte = 00000000 [ 573.862534] Oops: 0002 [#1] SMP [ 573.862537] last sysfs file: /sys/module/libcrc32c/initstate [ 573.862540] Modules linked in: sctp(+) crc32c libcrc32c binfmt_misc bridge stp bnep lp snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss arc4 joydev snd_pcm ecb pcmcia snd_seq_dummy snd_seq_oss iwlagn iwlcore snd_seq_midi snd_rawmidi snd_seq_midi_event yenta_socket rsrc_nonstatic thinkpad_acpi snd_seq snd_timer snd_seq_device mac80211 psmouse sdhci_pci sdhci nvidia(P) ppdev video snd soundcore serio_raw pcspkr iTCO_wdt iTCO_vendor_support led_class ricoh_mmc pcmcia_core intel_agp nvram agpgart usbhid parport_pc parport output snd_page_alloc cfg80211 btusb ohci1394 ieee1394 e1000e [last unloaded: sctp] [ 573.862589] [ 573.862593] Pid: 5373, comm: modprobe Tainted: P R (2.6.31-rc3 #6) 7663B15 [ 573.862596] EIP: 0060:[<c0308b8f>] EFLAGS: 00010286 CPU: 1 [ 573.862599] EIP is at __percpu_counter_init+0x3f/0x70 [ 573.862602] EAX: f8214a20 EBX: f80faa14 ECX: c48c0000 EDX: f80faa20 [ 573.862604] ESI: f80a7000 EDI: 00000000 EBP: f69d5ef0 ESP: f69d5eec [ 573.862606] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 573.862610] Process modprobe (pid: 5373, ti=f69d4000 task=c2130c70 task.ti=f69d4000) [ 573.862612] Stack: [ 573.862613] 00000000 f69d5f18 f80a70a8 f80fa9fc 00000000 fffffffc f69d5f30 c018e2d4 [ 573.862619] <0> 00000000 f80a7000 00000000 f69d5f88 c010112b 00000000 c07029c0 fffffffb [ 573.862626] <0> 00000000 f69d5f38 c018f83f f69d5f54 c0557cad f80fa860 00000001 c07010c0 [ 573.862634] Call Trace: [ 573.862644] [<f80a70a8>] ? sctp_init+0xa8/0x7d4 [sctp] [ 573.862650] [<c018e2d4>] ? marker_update_probe_range+0x184/0x260 [ 573.862659] [<f80a7000>] ? sctp_init+0x0/0x7d4 [sctp] [ 573.862662] [<c010112b>] ? do_one_initcall+0x2b/0x160 [ 573.862666] [<c018f83f>] ? tracepoint_module_notify+0x2f/0x40 [ 573.862671] [<c0557cad>] ? notifier_call_chain+0x2d/0x70 [ 573.862678] [<c01588fd>] ? __blocking_notifier_call_chain+0x4d/0x60 [ 573.862682] [<c016b2f1>] ? sys_init_module+0xb1/0x1f0 [ 573.862686] [<c0102ffc>] ? sysenter_do_call+0x12/0x28 [ 573.862688] Code: 89 48 08 b8 04 00 00 00 e8 df aa ec ff ba f4 ff ff ff 85 c0 89 43 14 74 31 b8 b0 18 71 c0 e8 19 b9 24 00 a1 c4 18 71 c0 8d 53 0c <89> 50 04 89 43 0c b8 b0 18 71 c0 c7 43 10 c4 18 71 c0 89 15 c4 [ 573.862725] EIP: [<c0308b8f>] __percpu_counter_init+0x3f/0x70 SS:ESP 0068:f69d5eec [ 573.862730] CR2: 00000000f8214a24 [ 573.862734] ---[ end trace 39c4e0b55e7cf54d ]--- Signed-off-by: Rafael Laufer <rlaufer@cisco.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * MAINTAINERS: additional NETWORKING [GENERAL] and NETWORKING DRIVERS patternsJoe Perches2009-08-10
| | | | | | | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * gianfar: keep vlan related state when restartYong Zhang2009-08-10
| | | | | | | | | | | | | | | | | | | | | | If vlan has been enabled. ifdown followed by ifup will lost hardware related state. Also remove duplicated operation in gfar_vlan_rx_register(). Signed-off-by: Yong Zhang <yong.zhang0@gmail.com> Acked-by: Dai Haruki <dai.haruki@freescale.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * e1000e: fix potential NVM corruption on ICH9 with 8K bank sizeBruce Allan2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | The bank offset was being incorrectly calculated on ICH9 parts with a bank size of 8K (instead of the more common 4K bank) which would cause any NVM writes to be done on the wrong address after switching from bank 1 to bank 0. Additionally, assume we are meant to use bank 0 if a valid bank is not detected, and remove the unnecessary acquisition of the SW/FW/HW semaphore when writing to the shadow ram version of the NVM image. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * e1000e: fix acquisition of SW/FW/HW semaphore for ICHx partsBruce Allan2009-08-10
| | | | | | | | | | | | | | | | | | | | | | For ICHx parts, write the EXTCNF_CTRL.SWFLAG bit once when trying to acquire the SW/FW/HW semaphore instead of multiple times to prevent the hardware from having problems (especially for systems with manageability enabled), and extend the timeout for the hardware to set the SWFLAG bit. Signed-off-by: Bruce Allan <bruce.w.allan@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * ixgbe: Disable packet split only on FCoE queues in 82599Yi Zou2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | For 82599, packet split has to be disabled for FCoE direct data placement. However, this is only required on received queues allocated for FCoE. This patch adds a per ring flags to indicate if packet split is disabled on a per queue basis, particularly for FCoE, as packet split must be disabled for large receive using direct data placement (DDP). Signed-off-by: Yi Zou <yi.zou@intel.com> Acked-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * ixgbe: Pass rx_ring directly in ixgbe_configure_srrctl()Yi Zou2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | Instead of passing the register index of the corresponding rx_ring and find the way back to get to corresponding rx_ring in ixgbe_configure_srrctl(), simplify the function ixgbe_configure_srrctl() by passing the rx_ring into it. Then the register index for that rx_ring is already available from rx_ring->reg_idx. Signed-off-by: Yi Zou <yi.zou@intel.com> Acked-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * tun: Extend RTNL lock coverage over whole ioctlHerbert Xu2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As it is, parts of the ioctl runs under the RTNL and parts of it do not. The unlocked section is still protected by the BKL, but there can be subtle races. For example, Eric Biederman and Paul Moore observed that if two threads tried to create two tun devices on the same file descriptor, then unexpected results may occur. As there isn't anything in the ioctl that is expected to sleep indefinitely, we can prevent this from occurring by extending the RTNL lock coverage. This also allows to get rid of the BKL. Finally, I changed tun_get_iff to take a tun device in order to avoid calling tun_put which would dead-lock as it also tries to take the RTNL lock. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
| * fec: fix FEC driver packet transmission breakageGreg Ungerer2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit f0b3fbeae11a526c3d308b691684589ee37c359b ("FEC Buffer rework") breaks transmission of packets where the skb data buffer is not memory aligned according to FEC_ALIGNMENT. It incorrectly passes to dma_sync_single() the buffer address directly from the skb, instead of the address calculated for use (which may be the skb address or one of the bounce buffers). It seems there is no use converting the cpu address of the buffer to a physical either, since dma_map_single() expects the cpu address and will return the dma address to use in the descriptor. So remove the use of __pa() on the buffer address as well. This patch is against 2.6.30-rc5. This breakage is a regression over 2.6.30, which does not have this problem. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * can: Fix raw_getname() leakEric Dumazet2009-08-10
| | | | | | | | | | | | | | | | | | | | | | raw_getname() can leak 10 bytes of kernel memory to user (two bytes hole between can_family and can_ifindex, 8 bytes at the end of sockaddr_can structure) Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net>
| * Fix xfrm hash collisions by changing __xfrm4_daddr_saddr_hash to hash ↵Jussi Mäki2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | addresses with addition This patch fixes hash collisions in cases where number of entries have incrementing IP source and destination addresses from single respective subnets (i.e. 192.168.0.1-172.16.0.1, 192.168.0.2-172.16.0.2, and so on.). Signed-off-by: Jussi Maki <joamaki@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * atlx: strncpy does not null terminate stringRoel Kluin2009-08-10
| | | | | | | | | | | | | | | | | | | | | | strlcpy() will always null terminate the string. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Jay Cliburn <jcliburn@gmail.com> Cc: Chris Snook <csnook@redhat.com> Cc: Jie Yang <jie.yang@atheros.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * irda: fix read buffer overflowRoel Kluin2009-08-10
| | | | | | | | | | | | | | | | | | io[i] is read before the bounds check on i, order should be reversed. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * MAINTAINERS: update atlx contact infoChris Snook2009-08-10
| | | | | | | | | | | | | | | | | | | | | | | | Update MAINTAINERS to reflect my current (non-)affiliation. Anyone hiring? Signed-off-by: Chris Snook <chris.snook@gmail.com> Cc: Jay Cliburn <jcliburn@gmail.com> Cc: Jie Yang <jie.yang@atheros.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * Merge branch 'master' of /home/davem/src/GIT/linux-2.6/David S. Miller2009-08-10
| |\
| | * Merge branch 'for-linus' of git://git.infradead.org/ubi-2.6Linus Torvalds2009-08-09
| | |\ | | | | | | | | | | | | | | | | | | | | * 'for-linus' of git://git.infradead.org/ubi-2.6: UBI: compatible fallback in absense of sequence numbers UBI: fix double free on error path
| | | * UBI: compatible fallback in absense of sequence numbersAdrian Hunter2009-07-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fall back onto thinking everything's OK if either of the sequence numbers we are asked to compare is zero, which is what was used before sequence numbers were introduced. [ Artem: modified the patch to be applicable to upstream UBI, added big comment ] Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com> Signed-off-by: Phil Carmody <ext-phil.2.carmody@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
| | | * UBI: fix double free on error pathAdrian Hunter2009-07-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we fail in 'ubi_eba_init_scan()', we free 'ubi->volumes[i]->eba_tbl' in there, but also later free it in 'free_internal_volumes()'. Fix this by assigning NULL to 'ubi->volumes[i]->eba_tbl' after it is freed. Signed-off-by: Adrian Hunter <adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
| | * | Merge branch 'kvm-updates/2.6.31' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds2009-08-09
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 'kvm-updates/2.6.31' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: Avoid redelivery of edge interrupt before next edge KVM: MMU: limit rmap chain length KVM: ia64: fix build failures due to ia64/unsigned long mismatches KVM: Make KVM_HPAGES_PER_HPAGE unsigned long to avoid build error on powerpc KVM: fix ack not being delivered when msi present KVM: s390: fix wait_queue handling KVM: VMX: Fix locking imbalance on emulation failure KVM: VMX: Fix locking order in handle_invalid_guest_state KVM: MMU: handle n_free_mmu_pages > n_alloc_mmu_pages in kvm_mmu_change_mmu_pages KVM: SVM: force new asid on vcpu migration KVM: x86: verify MTRR/PAT validity KVM: PIT: fix kpit_elapsed division by zero KVM: Fix KVM_GET_MSR_INDEX_LIST
| | | * | KVM: Avoid redelivery of edge interrupt before next edgeGleb Natapov2009-08-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The check for an edge is broken in current ioapic code. ioapic->irr is cleared on each edge interrupt by ioapic_service() and this makes old_irr != ioapic->irr condition in kvm_ioapic_set_irq() to be always true. The patch fixes the code to properly recognise edge. Some HW emulation calls set_irq() without level change. If each such call is propagated to an OS it may confuse a device driver. This is the case with keyboard device emulation and Windows XP x64 installer on SMP VM. Each keystroke produce two interrupts (down/up) one interrupt is submitted to CPU0 and another to CPU1. This confuses Windows somehow and it ignores keystrokes. Signed-off-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: MMU: limit rmap chain lengthMarcelo Tosatti2009-08-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise the host can spend too long traversing an rmap chain, which happens under a spinlock. Cc: stable@kernel.org Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: ia64: fix build failures due to ia64/unsigned long mismatchesAvi Kivity2009-08-05
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: Make KVM_HPAGES_PER_HPAGE unsigned long to avoid build error on powerpcStephen Rothwell2009-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Eliminates this compiler warning: arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:1178: error: integer overflow in expression Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: fix ack not being delivered when msi presentMichael S. Tsirkin2009-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | kvm_notify_acked_irq does not check irq type, so that it sometimes interprets msi vector as irq. As a result, ack notifiers are not called, which typially hangs the guest. The fix is to track and check irq type. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: s390: fix wait_queue handlingChristian Borntraeger2009-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are two waitqueues in kvm for wait handling: vcpu->wq for virt/kvm/kvm_main.c and vpcu->arch.local_int.wq for the s390 specific wait code. the wait handling in kvm_s390_handle_wait was broken by using different wait_queues for add_wait queue and remove_wait_queue. There are two options to fix the problem: o move all the s390 specific code to vcpu->wq and remove vcpu->arch.local_int.wq o move all the s390 specific code to vcpu->arch.local_int.wq This patch chooses the 2nd variant for two reasons: o s390 does not use kvm_vcpu_block but implements its own enabled wait handling. Having a separate wait_queue make it clear, that our wait mechanism is different o the patch is much smaller Report-by: Julia Lawall <julia@diku.dk> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: VMX: Fix locking imbalance on emulation failureJan Kiszka2009-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have to disable preemption and IRQs on every exit from handle_invalid_guest_state, otherwise we generate at least a preempt_disable imbalance. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: VMX: Fix locking order in handle_invalid_guest_stateJan Kiszka2009-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Release and re-acquire preemption and IRQ lock in the same order as vcpu_enter_guest does. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: MMU: handle n_free_mmu_pages > n_alloc_mmu_pages in ↵Marcelo Tosatti2009-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | kvm_mmu_change_mmu_pages kvm_mmu_change_mmu_pages mishandles the case where n_alloc_mmu_pages is smaller then n_free_mmu_pages, by not checking if the result of the subtraction is negative. Its a valid condition which can happen if a large number of pages has been recently freed. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: SVM: force new asid on vcpu migrationMarcelo Tosatti2009-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a migrated vcpu matches the asid_generation value of the target pcpu, there will be no TLB flush via TLB_CONTROL_FLUSH_ALL_ASID. The check for vcpu.cpu in pre_svm_run is meaningless since svm_vcpu_load already updated it on schedule in. Such vcpu will VMRUN with stale TLB entries. Based on original patch from Joerg Roedel (http://patchwork.kernel.org/patch/10021/) Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Acked-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Avi Kivity <avi@redhat.com>
| | | * | KVM: x86: verify MTRR/PAT validityMarcelo Tosatti2009-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not allow invalid memory types in MTRR/PAT (generating a #GP otherwise). Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>