Commit Graph

26681 Commits

Author SHA1 Message Date
Sean Hefty
1b52fa98ed IB: refcount race fixes
Fix race condition during destruction calls to avoid possibility of
accessing object after it has been freed.  Instead of waking up a wait
queue directly, which is susceptible to a race where the object is
freed between the reference count going to 0 and the wake_up(), use a
completion to wait in the function doing the freeing.

Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-12 14:57:52 -07:00
Roland Dreier
6f4bb3d820 IB/ipath: Properly terminate PCI ID table
The ipath driver's table of PCI IDs needs a { 0, } entry at the end.
This makes all of the device aliases visible to userspace so hotplug
loads the module for all supported devices.  Without the patch,
modinfo ipath_core only shows:

    alias:          pci:v00001FC1d0000000Dsv*sd*bc*sc*i*

instead of the correct:

    alias:          pci:v00001FC1d00000010sv*sd*bc*sc*i*
    alias:          pci:v00001FC1d0000000Dsv*sd*bc*sc*i*

Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Bryan O'Sullivan <bos@pathscale.com>
2006-05-12 14:57:52 -07:00
Linus Torvalds
be1fd94fd6 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/i2c-2.6:
  [PATCH] scx200_acb: Fix for the CS5535 errata
  [PATCH] scx200_acb: Fix resource name use after free
  [PATCH] scx200_acb: Fix return on init error
2006-05-12 12:14:52 -07:00
Linus Torvalds
0d38eddab9 Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
  [PATCH] USB: fix omninet driver bug
  [PATCH] USB: add ark3116 usb to serial driver
  [PATCH] usbserial: Fixes leak in serial_open() error path.
  [PATCH] usbserial: Fixes use-after-free in serial_open().
  [PATCH] USB: Emagic USB firmware loading fixes
  [PATCH] USB: add an IBM USB keyboard to the HID_QUIRK_NOGET blacklist
  [PATCH] USB: Add Sieraa Wireless 580 evdo card to airprime.c
  [PATCH] USB: ftdi_sio: add device id for ACT Solutions HomePro ZWave interface
  [PATCH] USB: ftdi_sio: Add support for HCG HF Dual ISO RFID Reader
  [PATCH] USB: ub oops in block_uevent
  [PATCH] USB: usbcore: don't check the device's power source
  [PATCH] USB: fix OHCI PM regression
  [PATCH] USB: pegasus fixes (logstorm, suspend)
  [PATCH] USBATM: fix modinfo output
  [PATCH] USBATM: change the default speedtouch iso altsetting
  [PATCH] USB: fix bug in ohci-hcd.c ohci_restart()
2006-05-12 12:14:19 -07:00
Linus Torvalds
1a2acc9e92 Revert "[BLOCK] Fix oops on removal of SD/MMC card"
This reverts commit 56cf6504fc.

Both Erik Mouw and Andrew Vasquez independently pinpointed this commit
as causing problems, where the slab cache for a driver is never released
(most obviously causing problems when immediately re-loading that
driver, resulting in a "kmem_cache_create: duplicate cache <xyz>"
message, but it can also cause other trouble).

James Bottomley dug into it, and reports:

  "OK, here's the scoop.  The problem patch adds a get of driverfs_dev in
   add_disk(), but doesn't put it again until disk_release() (which occurs
   on final put_disk() of the gendisk).

   However, in SCSI, the driverfs_dev is the sdev_gendev.  That means
   there's a reference held on sdev_gendev  until final disk put.
   Unfortunately, we use the driver model driver_remove to trigger
   del_gendisk (which removes the gendisk from visibility and decrements
   the refcount), so we've introduced an unbreakable deadlock in the
   reference counting with this.

   I suggest simply reversing this patch at the moment.  If Russell and
   Jens can tell me what they're trying to do I'll see if there's another
   way to do it."

so hereby the patch gets reverted, waiting for a better fix.

Cc: Jens Axboe <axboe@suse.de>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: James Bottomley <James.Bottomley@SteelEye.com>
Cc: Erik Mouw <erik@harddisk-recovery.com>
Cc: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-12 12:08:46 -07:00
Greg Kroah-Hartman
df3fccb14a [PATCH] USB: fix omninet driver bug
I introduced this way back in 2.6.13 when adding the port lock logic.
This device talks out through different "ports" all at the same time, so
the lock logic was wrong, preventing any data from ever being sent
properly.

Thanks a lot to Bernhard Reiter <bernhard@intevation.de> for being
patient and helping with debugging this.

Cc: Bernhard Reiter <bernhard@intevation.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:10 -07:00
Greg Kroah-Hartman
815ddc99dd [PATCH] USB: add ark3116 usb to serial driver
Based on Simon's original driver, with some minor code cleanups and
tidying by me.

Cc: Simon Schulz <simon@auctionant.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Luiz Fernando Capitulino
71a84163ca [PATCH] usbserial: Fixes leak in serial_open() error path.
If serial_open() fails at the port assignment or mutex_lock_interruptible()
is interrupted, the 'serial' object will never be freed.

We should call kref_put() when those errors happens.

Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Luiz Fernando Capitulino
704936a25b [PATCH] usbserial: Fixes use-after-free in serial_open().
If the device is disconnected while serial_open() is executing and
either try_module_get() or the device specific open function fails, the
kref_put() call in the 'bailout_kref_put' label will free the memory
pointed out by 'port'.

The subsequent dereferences in the 'bailout_kref_put' label will be
invalid.

The fix is just to assure kref_put() is called after any 'port' usage.

Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Monty
16c23f7d88 [PATCH] USB: Emagic USB firmware loading fixes
It's become apparent as machines get faster that the emagic kernel firmware
loaders (based on the ezusb loader) have a reset race.  a 400MHz TiBook
never tripped it, but a 2GHz Pentium M seems to hit it about 30% of the
time.  The bug is seen as a hung USB box and the kernel error:

drivers/usb/misc/emi62.c: emi62_load_firmware - error loading firmware:
error = -110

The patch below inserts a delay after deasserting reset to allow the box to
settle before a new command is issued.  This affects only device startup.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Olaf Hering
332bbf6138 [PATCH] USB: add an IBM USB keyboard to the HID_QUIRK_NOGET blacklist
After recent changes, the USB keyboard as shipped with IBM pSeries systems
does not work anymore, unless the keyboard is replugged after reboot.
Adding this model to the blacklist fixes it.

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:09 -07:00
Ken Brush
b68f7de02a [PATCH] USB: Add Sieraa Wireless 580 evdo card to airprime.c
This adds the Sierra Wireless card to airprime.c.

I tested this on my laptop.

Signed-off-by: Ken Brush <ken@cgi101.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-12 11:58:08 -07:00
Linus Torvalds
d8c3291c73 Linux v2.6.17-rc4 2006-05-11 16:31:53 -07:00
Linus Torvalds
d649dafd07 Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 3508/1: Update collie defconfig
  [ARM] Fix thread struct allocator for SMP case
  [ARM] Update mach-types
  [ARM] Update versatile_defconfig
2006-05-11 15:46:59 -07:00
Linus Torvalds
2bf9d6d0f2 Merge master.kernel.org:/home/rmk/linux-2.6-serial
* master.kernel.org:/home/rmk/linux-2.6-serial:
  [SERIAL] 8250: add locking to console write function
  [SERIAL] Remove unconditional enable of TX irq for console
  [SERIAL] 8250: set divisor register correctly for AMD Alchemy SoC uart
  [SERIAL] AMD Alchemy UART: claim memory range
  [SERIAL] Clean up serial locking when obtaining a reference to a port
2006-05-11 15:46:42 -07:00
Linus Torvalds
6572b2064a Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [NET_SCHED]: HFSC: fix thinko in hfsc_adjust_levels()
  [IPV6]: skb leakage in inet6_csk_xmit
  [BRIDGE]: Do sysfs registration inside rtnl.
  [NET]: Do sysfs registration as part of register_netdevice.
  [TG3]: Fix possible NULL deref in tg3_run_loopback().
  [NET] linkwatch: Handle jiffies wrap-around
  [IRDA]: Switching to a workqueue for the SIR work
  [IRDA]: smsc-ircc: Minimal hotplug support.
  [IRDA]: Removing unused EXPORT_SYMBOLs
  [IRDA]: New maintainer.
  [NET]: Make netdev_chain a raw notifier.
  [IPV4]: ip_options_fragment() has no effect on fragmentation
  [NET]: Add missing operstates documentation.
2006-05-11 15:35:54 -07:00
Linus Torvalds
f7a014af2d Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: (25 commits)
  [SCSI] mptfc: race between mptfc_register_dev and mptfc_target_alloc
  [SCSI] lpfc 8.1.6 : Fix Data Corruption in Bus Reset Path
  [SCSI] mptspi: revalidate negotiation parameters after host reset and resume
  [SCSI] srp.h: avoid padding of structs
  [SCSI] ibmvscsi: fix leak when failing to send srp event
  [SCSI] qla2xxx: Correct eh_abort recovery logic.
  [SCSI] megaraid_{mm,mbox}: fix a bug in reset handler
  [SCSI] fusion - bug fix stack overflow in mptbase
  [SCSI] scsi: Add IBM 2104-DU3 to blist
  [SCSI] Fix DVD burning issues.
  [SCSI] SCSI: aic7xxx_osm_pci resource leak fix.
  [SCSI] - fusion - mptfc bug fix's to prevent deadlock situations
  [SCSI] mptfusion: bug fix's for raid components adding/deleting
  [SCSI] aic7xxx: ahc_pci_write_config() fix
  [SCSI] megaraid: unused variable
  [SCSI] qla2xxx: only free_irq() after request_irq() succeeds
  [SCSI] Overrun in drivers/scsi/sim710.c
  [SCSI] lpfc 8.1.5 : Change version number to 8.1.5
  [SCSI] lpfc 8.1.5 : Misc small fixes
  [SCSI] lpfc 8.1.5 : Additional fixes to LOGO, PLOGI, and RSCN processing
  ...
2006-05-11 15:34:33 -07:00
Jens Axboe
dac07ec121 [BLOCK] limit request_fn recursion
Don't recurse back into the driver even if the unplug threshold is met,
when the driver asks for a requeue. This is both silly from a logical
point of view (requeues typically happen due to driver/hardware
shortage), and also dangerous since we could hit an endless request_fn
-> requeue -> unplug -> request_fn loop and crash on stack overrun.

Also limit blk_run_queue() to one level of recursion, similar to how
blk_start_queue() works.

This patch fixed a real problem with SLES10 and lpfc, and it could hit
any SCSI lld that returns non-zero from it's ->queuecommand() handler.

Signed-off-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-11 12:38:59 -07:00
Patrick McHardy
210525d65d [NET_SCHED]: HFSC: fix thinko in hfsc_adjust_levels()
When deleting the last child the level of a class should drop to zero.

Noticed by Andreas Mueller <andreas@stapelspeicher.org>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-11 12:22:03 -07:00
Linus Torvalds
f358166a94 ptrace_attach: fix possible deadlock schenario with irqs
Eric Biederman points out that we can't take the task_lock while holding
tasklist_lock for writing, because another CPU that holds the task lock
might take an interrupt that then tries to take tasklist_lock for writing.

Which would be a nasty deadlock, with one CPU spinning forever in an
interrupt handler (although admittedly you need to really work at
triggering it ;)

Since the ptrace_attach() code is special and very unusual, just make it
be extra careful, and use trylock+repeat to avoid the possible deadlock.

Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-11 11:08:49 -07:00
Linus Torvalds
0e44dc3837 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  IB/mthca: FMR ioremap fix
  IPoIB: Free child interfaces properly
  IB/mthca: Fix race in reference counting
  IB/srp: Fix tracking of pending requests during error handling
  IB: Fix display of 4-bit port counters in sysfs
2006-05-10 15:37:47 -07:00
Michael S. Tsirkin
ce477ae4f8 IB/mthca: FMR ioremap fix
Addresses for ioremap must be calculated off of pci_resource_start;
we can't directly use the bus address as seen by the HCA.  Fix the
code that remaps device memory for FMR access.

Based on patch by Klaus Smolin.

Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-10 15:16:57 -07:00
Linus Torvalds
6314410dd1 Merge branch 'upstream' of master.kernel.org:/pub/scm/linux/kernel/git/shemminger/netdev-2.6
* 'upstream' of master.kernel.org:/pub/scm/linux/kernel/git/shemminger/netdev-2.6:
  sis900: phy for FoxCon motherboard
  dl2k: use DMA_48BIT_MASK constant
  phy: mdiobus_register(): initialize all phy_map entries
  sky2: ifdown kills irq mask
2006-05-10 14:59:29 -07:00
James Cameron
d8e95e52a9 sis900: phy for FoxCon motherboard
661FX7MI-S motherboard which uses the SiS 661FX chipset.  The patch adds
an entry to mii_chip_info for the transceiver.

The PHY ids were found using the sis900_c_122.diff patch from
http://brownhat.org/sis900.html but that patch didn't solve the problem,
because the PHY at address 1 was already being chosen.

Without my patch, when bursts of packets arrive from other hosts on a
LAN, the interface dropped one roughly 10% of the time, causing
retransmits.  There were fifth second pauses in refresh of large xterms,
and it made Netrek suck.  I can provide further test data.

Workaround in lieu of patch is to use mii-tool to advertise
100baseTx-HD, then force renegotiation.

I wasn't able to identify the actual transceiver, so the description
field is a guess.

This patch is similar to Artur Skawina's patch:
http://marc.theaimsgroup.com/?l=linux-netdev&m=114297516729079&w=2

I'm not sure, but I wonder if it means the default behaviour should be
changed, so as to better handle future transceivers.

Diff is against 2.6.16.13.

Signed-off-by: James Cameron <james.cameron@hp.com>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-10 14:04:52 -07:00
Francois Romieu
4c1b46226c dl2k: use DMA_48BIT_MASK constant
Typo will be harder with this one.

Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-10 14:04:22 -07:00
Herbert Valerio Riedel
64b1c2b42b phy: mdiobus_register(): initialize all phy_map entries
make sure phy_map entries whose PHY address is masked are initialized
to NULL, given that other code (such as mdiobus_unregister for
instance) assumes that non-NULL phy_map entries are allocated
phy_devices

Signed-off-by: Herbert Valerio Riedel <hvr@gnu.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-10 14:03:57 -07:00
Stephen Hemminger
f4ea431bb7 sky2: ifdown kills irq mask
Bringing down a port also masks off the status and other IRQ's
needed for device to function due to missing paren's.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
2006-05-10 14:03:41 -07:00
Harald Welte
7fc5b1e3a1 [Cardman 40x0] Fix udev device creation
This patch corrects the order of the calls to register_chrdev() and
pcmcia_register_driver().  Now udev correctly creates userspace device
files /dev/cmmN and /dev/cmxN respectively.

Based on an earlier patch by Jan Niehusmann <jan@gondor.com>.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-10 13:46:02 -07:00
Alexey Kuznetsov
b0013fd47b [IPV6]: skb leakage in inet6_csk_xmit
inet6_csk_xit does not free skb when routing fails.

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-10 13:24:38 -07:00
Stephen Hemminger
ac05202e8b [BRIDGE]: Do sysfs registration inside rtnl.
Now that netdevice sysfs registration is done as part of
register_netdevice; bridge code no longer has to be tricky when adding
it's kobjects to bridges.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-10 13:21:53 -07:00
Stephen Hemminger
b17a7c179d [NET]: Do sysfs registration as part of register_netdevice.
The last step of netdevice registration was being done by a delayed
call, but because it was delayed, it was impossible to return any error
code if the class_device registration failed.

Side effects:
 * one state in registration process is unnecessary.
 * register_netdevice can sleep inside class_device registration/hotplug
 * code in netdev_run_todo only does unregistration so it is simpler.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-10 13:21:17 -07:00
mdr@sgi.com
6dd727da92 [SCSI] mptfc: race between mptfc_register_dev and mptfc_target_alloc
A race condition exists in mptfc between the thread registering a device
with the fc transport and the scan work generated by the transport.
This race existed prior to the application of the mptfc bug fix patch.

mptfc_register_dev() calls fc_remote_port_add() with the FC_RPORT_ROLE_TARGET
bit set in the rport ids passed to the function.  Having this bit set causes
fc_remote_port_add() to schedule a scan of the device.

This scan can execute before mptfc_register_dev() can fill in the dd_data
in the rport structure.  When this happens, mptfc_target_alloc() will fail
because dd_data is null.

Attached is a patch which fixes the problem.  The patch changes the rport ids
passed to fc_remote_port_add() to not have the TARGET bit set.  This prevents
the scan from being scheduled.  After mptfc_register_dev() fills in the rport
dd_data field, fc_remote_port_rolechg() is called, changing the role of the
rport to TARGET.  Thus, the scan is scheduled after dd_data is filled
in which prevents the failure in mptfc_target_alloc().

Signed-off-by: Michael Reed <mdr@sgi.com>
Signed-off-by: Eric Moore <Eric.Moore@lsil.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2006-05-10 09:54:42 -05:00
Jesper Juhl
a50bb7b9af [TG3]: Fix possible NULL deref in tg3_run_loopback().
tg3_run_loopback doesn't check that dev_alloc_skb() returns anything
useful.

Even if dev_alloc_skb() fails to return an skb to us we'll happily go
on and assume it did, so we risk dereferencing a NULL pointer.  Much
better to fail gracefully by returning -ENOMEM than crashing here.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 23:14:35 -07:00
Roland Dreier
5941d079f2 IPoIB: Free child interfaces properly
When deleting a child interface with a non-default P_Key via
/sys/class/net/ibX/delete_child, the interface must be freed with
free_netdev() (rather than kfree() on the private data).

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-09 22:54:59 -07:00
Herbert Xu
8c1056839e [NET] linkwatch: Handle jiffies wrap-around
The test used in the linkwatch does not handle wrap-arounds correctly.
Since the intention of the code is to eliminate bursts of messages we
can afford to delay things up to a second.  Using that fact we can
easily handle wrap-arounds by making sure that we don't delay things
by more than one second.

This is based on diagnosis and a patch by Stefan Rompf.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Stefan Rompf <stefan@loplof.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 15:27:54 -07:00
Christoph Hellwig
788252e661 [IRDA]: Switching to a workqueue for the SIR work
Since sir_kthread.c pretty much duplicates the workqueue
functionality, we'd better switch.  The SIR fsm has been merged into
sir_dev.c and thus sir_kthread.c is deleted.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 15:27:04 -07:00
David Brownell
d94c77b9b5 [IRDA]: smsc-ircc: Minimal hotplug support.
Minimal PNP hotplug support for the smsc-ircc2 driver.  A modular
driver will be modprobed via hotplug, but still bypasses driver model
probing.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 15:26:11 -07:00
Adrian Bunk
11766199a0 [IRDA]: Removing unused EXPORT_SYMBOLs
This patch removes the following unused EXPORT_SYMBOL's:
- irias_find_attrib
- irias_new_string_value
- irias_new_octseq_value

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 15:25:25 -07:00
Samuel Ortiz
f353976dc2 [IRDA]: New maintainer.
As agreed with Jean Tourrilhes, I am taking over IrDA maintainership.

Signed-off-by: Samuel Ortiz <samuel.ortiz@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 15:24:49 -07:00
Alan Stern
f07d5b9465 [NET]: Make netdev_chain a raw notifier.
From: Alan Stern <stern@rowland.harvard.edu>

This chain does it's own locking via the RTNL semaphore, and
can also run recursively so adding a new mutex here was causing
deadlocks.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 15:23:03 -07:00
Wei Yongjun
63cbd2fda3 [IPV4]: ip_options_fragment() has no effect on fragmentation
Fix error point to options in ip_options_fragment(). optptr get a
error pointer to the ipv4 header, correct is pointer to ipv4 options.

Signed-off-by: Wei Yongjun <weiyj@soft.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 15:18:50 -07:00
Stefan Rompf
3a01c1ef75 [NET]: Add missing operstates documentation.
Signed-off-by: Stefan Rompf <stefan@loplof.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-09 15:15:35 -07:00
Pavel Machek
41b11afb04 [ARM] 3508/1: Update collie defconfig
Patch from Pavel Machek

Update collie defconfig to something that can bring closer-to-working
system to its user.

Signed-off-by: Pavel Machek <pavel@suse.cz>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-09 22:27:51 +01:00
Russell King
1929ab8c68 [ARM] Fix thread struct allocator for SMP case
The ARM thread struct allocator is racy on SMP systems.  Fix it by
turning it into a per-cpu based allocator.  This also allows keeps
the cache cache warm for thread structs and kernel stacks.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-05-09 22:14:28 +01:00
Jordan Crouse
95563d343f [PATCH] scx200_acb: Fix for the CS5535 errata
This is a fix for the CS5535 errata 111:

When the SMBus controller tries to access a non-existing device, it sets
the NEGACK bit, SMBus I/O offset 01h[4], to 1 after it detects no
acknowledge at the ninth clock.  The specification states that the bit
can be cleared by writing a 1 to it, but under certain circumstances it
is possible for this bit to not clear.

Writing a 0 to the bit resets the internal state machine and clears the
issue.

Since all writable bits in ACBST are W1C bits (write-one-to-clear) the
second write doesn't affect any other logic except the buggy NEGACK
state machine. The second write clears an internal register which is
responsible for "overwriting" the NEGACK bit in ACBST.

Signed-off-by: Jordan Crouse <jordan.crouse@amd.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-09 13:04:21 -07:00
Jean Delvare
b33d0798e6 [PATCH] scx200_acb: Fix resource name use after free
We can't pass a string on the stack to request_region. As soon as we
leave the function that stack is gone and the string is lost. Let's
use the same string we identify the i2c_adapter with instead, it's
more simple, more consistent, and just works.

This is the second half of fix to bug #6445.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-09 13:04:21 -07:00
Jean Delvare
6f9c296388 [PATCH] scx200_acb: Fix return on init error
The scx200_acb driver shouldn't return failure after initialization
if it successfully registered at least one i2c_adapter, else we are
leaking resources. The driver was OK in that respect up to 2.6.16, a
recent change broke it.

This is part of the fix to bug #6445.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Ben Gardner <bgardner@wabtec.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-05-09 13:04:21 -07:00
Roland Dreier
a3285aa4ee IB/mthca: Fix race in reference counting
Fix races in in destroying various objects.  If a destroy routine
waits for an object to become free by doing

	wait_event(&obj->wait, !atomic_read(&obj->refcount));
	/* now clean up and destroy the object */

and another place drops a reference to the object by doing

	if (atomic_dec_and_test(&obj->refcount))
		wake_up(&obj->wait);

then this is susceptible to a race where the wait_event() and final
freeing of the object occur between the atomic_dec_and_test() and the
wake_up().  And this is a use-after-free, since wake_up() will be
called on part of the already-freed object.

Fix this in mthca by replacing the atomic_t refcounts with plain old
integers protected by a spinlock.  This makes it possible to do the
decrement of the reference count and the wake_up() so that it appears
as a single atomic operation to the code waiting on the wait queue.

While touching this code, also simplify mthca_cq_clean(): the CQ being
cleaned cannot go away, because it still has a QP attached to it.  So
there's no reason to be paranoid and look up the CQ by number; it's
perfectly safe to use the pointer that the callers already have.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-09 10:50:29 -07:00
Roland Dreier
d945e1df28 IB/srp: Fix tracking of pending requests during error handling
If a SCSI abort completes, or the command completes successfully, then
the driver must remove the command from its queue of pending
commands.  Similarly, if a device reset succeeds, then all commands
queued for the given device must be removed from the queue.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-09 10:50:28 -07:00
Ralph Campbell
d8b9f23b23 IB: Fix display of 4-bit port counters in sysfs
The code to display local_link_integrity_errors and
excessive_buffer_overrun_errors in
/sys/class/infiniband/<hca>/ports/<n>/counters/
uses the wrong shift to extract the 4 bit values.

Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2006-05-09 10:50:28 -07:00