commit 79774188b0a7e5930b9e561a153da0ef6a09f6a0 Author: Willy Tarreau Date: Wed Aug 15 10:03:35 2007 +0200 Linux 2.6.20.16 commit 0aa15e9be1e01b76999121cc050c837f17964a30 Author: Stephen Hemminger Date: Mon Jul 9 12:01:31 2007 -0700 [PATCH] sky2: workaround for lost IRQ This patch restores a couple of workarounds from 2.6.16: * restart transmit moderation timer in case it expires during IRQ routine * default to having 10 HZ watchdog timer. At this point it more important not to hang than to worry about the power cost. Signed-off-by: Stephen Hemminger Cc: Jeff Garzik Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit c18580083923eb018b7f9157c061f2a655a342c3 Author: Jason Wessel Date: Mon Jul 2 15:53:44 2007 -0500 [PATCH] i386: fix infinite loop with singlestep int80 syscalls The commit 635cf99a80f4ebee59d70eb64bb85ce829e4591f introduced a regression. Executing a ptrace single step after certain int80 accesses will infinitely loop and never advance the PC. The TIF_SINGLESTEP check should be done on the return from the syscall and not before it. The new test case is below: /* Test whether singlestep through an int80 syscall works. */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include static int child, status; static struct user_regs_struct regs; static void do_child() { char str[80] = "child: int80 test\n"; ptrace(PTRACE_TRACEME, 0, 0, 0); kill(getpid(), SIGUSR1); write(fileno(stdout),str,strlen(str)); asm ("int $0x80" : : "a" (20)); /* getpid */ } static void do_parent() { unsigned long eip, expected = 0; again: waitpid(child, &status, 0); if (WIFEXITED(status) || WIFSIGNALED(status)) return; if (WIFSTOPPED(status)) { ptrace(PTRACE_GETREGS, child, 0, ®s); eip = regs.eip; if (expected) fprintf(stderr, "child stop @ %08lx, expected %08lx %s\n", eip, expected, eip == expected ? "" : " <== ERROR"); if (*(unsigned short *)eip == 0x80cd) { fprintf(stderr, "int 0x80 at %08x\n", (unsigned int)eip); expected = eip + 2; } else expected = 0; ptrace(PTRACE_SINGLESTEP, child, NULL, NULL); } goto again; } int main(int argc, char * const argv[]) { child = fork(); if (child) do_parent(); else do_child(); return 0; } Signed-off-by: Jason Wessel Cc: Jeremy Fitzhardinge Cc: Chuck Ebbert Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 602f7345ec777e44da80a06b60aabd1245509428 Author: Jay Lubomirski Date: Wed Jun 27 14:10:09 2007 -0700 [PATCH] serial: clear proper MPSC interrupt cause bits The interrupt clearing code in mpsc_sdma_intr_ack() mistakenly clears the interrupt for both controllers instead of just the one its supposed to. This can result in the other controller appearing to hang because its interrupt was effectively lost. So, don't clear the interrupt cause bits for both MPSC controllers when clearing the interrupt for one of them. Just clear the one that is supposed to be cleared. Signed-off-by: Jay Lubomirski Acked-by: Mark A. Greer Signed-off-by: Andrew Morton Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 2ead8a28fdb20999c5c90b4cb6cc37f97321117a Author: Jeff Mahoney Date: Wed Jun 27 14:09:58 2007 -0700 [PATCH] saa7134: fix thread shutdown handling This patch changes the test for the thread pid from >= 0 to > 0. When the saa7134 driver initialization fails after a certain point, it goes through the complete shutdown process for the driver. Part of shutting it down includes tearing down the thread for tv audio. The test for tearing down the thread tests for >= 0. Since the dev structure is kzalloc'd, the test will always be true if we haven't tried to start the thread yet. We end up waiting on pid 0 to complete, which will never happen, so we lock up. This bug was observed in Novell Bugzilla 284718, when request_irq() failed. Signed-off-by: Jeff Mahoney Acked-by: Mauro Carvalho Chehab Signed-off-by: Andrew Morton Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 356177f4dac83a81bee944b8776709bb6b62a338 Author: Hugh Dickins Date: Wed Jun 27 14:09:53 2007 -0700 [PATCH] mm: kill validate_anon_vma to avoid mapcount BUG validate_anon_vma gave a useful check on the integrity of the anon_vma list when Andrea was developing obj rmap; but it was not enabled in SLES9 itself, nor in mainline, until Nick changed commented-out RMAP_DEBUG to configurable CONFIG_DEBUG_VM in 2.6.17. Now Petr Vandrovec reports that its BUG_ON(mapcount > 100000) can easily crash a CONFIG_DEBUG_VM=y system. That limit was just an arbitrary number to protect against an infinite loop. We could raise it to something enormous (depending on sizeof struct vma and size of memory?); but I rather think validate_anon_vma has outlived its usefulness, and is better just removed - which gives a magnificent performance boost to anything like Petr's test program ;) Of course, a very long anon_vma list is bad news for preemption latency, and I believe there has been one recent report of such: let's not forget that, but validate_anon_vma only makes it worse not better. Signed-off-by: Hugh Dickins Cc: Petr Vandrovec Acked-by: Nick Piggin Cc: Andrea Arcangeli Signed-off-by: Andrew Morton Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 0c53130a7d5da7597548f885e7b3238af18945d3 Author: Paul Mackerras Date: Tue Jun 26 20:10:12 2007 +1000 [PATCH] POWERPC: Fix subtle FP state corruption bug in signal return on SMP This fixes a bug which can cause corruption of the floating-point state on return from a signal handler. If we have a signal handler that has used the floating-point registers, and it happens to context-switch to another task while copying the interrupted floating-point state from the user stack into the thread struct (e.g. because of a page fault, or because it gets preempted), the context switch code will think that the FP registers contain valid FP state that needs to be copied into the thread_struct, and will thus overwrite the values that the signal return code has put into the thread_struct. This can occur because we clear the MSR bits that indicate the presence of valid FP state after copying the state into the thread_struct. To fix this we just move the clearing of the MSR bits to before the copy. A similar potential problem also occurs with the Altivec state, and this fixes that in the same way. Signed-off-by: Paul Mackerras Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 78977b665b8f03c56bbb0f7549200e058b7e067f Author: Tony Jones Date: Sat Jun 23 17:16:47 2007 -0700 [PATCH] audit: fix oops removing watch if audit disabled Removing a watched file will oops if audit is disabled (auditctl -e 0). To reproduce: - auditctl -e 1 - touch /tmp/foo - auditctl -w /tmp/foo - auditctl -e 0 - rm /tmp/foo (or mv) Signed-off-by: Tony Jones Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit ea317f3c75a3ff7316d6abbcfa661df277cf4d98 Author: Thomas Gleixner Date: Sat Jun 23 11:48:40 2007 +0200 [PATCH] FUTEX: Restore the dropped ERSCH fix The return value of futex_find_get_task() needs to be -ESRCH in case that the search fails. This was part of the original futex fixes and got accidentally dropped, when the futex-tidy-up patch was split out. Results in a NULL pointer dereference in case the search fails. Restore it. Signed-off-by: Thomas Gleixner Cc: Ingo Molnar Cc: Ulrich Drepper Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 103f048b6f30360d3251c670b0a6714282ceb2c6 Author: Christoph Lameter Date: Tue Jun 19 21:39:03 2007 +0200 [PATCH] sched: fix next_interval determination in idle_balance() Fix massive SMP imbalance on NUMA nodes observed on 2.6.21.5 with CFS. (and later on reproduced without CFS as well). The intervals of domains that do not have SD_BALANCE_NEWIDLE must be considered for the calculation of the time of the next balance. Otherwise we may defer rebalancing forever and nodes might stay idle for very long times. Siddha also spotted that the conversion of the balance interval to jiffies is missing. Fix that to. From: Srivatsa Vaddagiri also continue the loop if !(sd->flags & SD_LOAD_BALANCE). Tested-by: Paul E. McKenney It did in fact trigger under all three of mainline, CFS, and -rt including CFS -- see below for a couple of emails from last Friday giving results for these three on the AMD box (where it happened) and on a single-quad NUMA-Q system (where it did not, at least not with such severity). Signed-off-by: Christoph Lameter Signed-off-by: Ingo Molnar Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 1155c3c24dcbcbcc51e7f42564698ef2592af636 Author: Olaf Kirch Date: Wed Jun 13 16:00:30 2007 -0400 [PATCH] dm crypt: fix remove first_clone Get rid of first_clone in dm-crypt This gets rid of first_clone, which is not really needed. Apparently, cloned bios used to share their bvec some time way in the past - this is no longer the case. Contrarily, this even hurts us if we try to create a clone off first_clone after it has completed, and crypt_endio has destroyed its bvec. Signed-off-by: Olaf Kirch Signed-off-by: Alasdair G Kergon Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 12e40d6a180f668810e3706ff43e7c7186293c99 Author: Olaf Kirch Date: Wed Jun 13 15:59:16 2007 -0400 [PATCH] dm crypt: fix avoid cloned bio ref after free Do not access the bio after generic_make_request We should never access a bio after generic_make_request - there's no guarantee it still exists. Signed-off-by: Olaf Kirch Signed-off-by: Alasdair G Kergon Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 286f79b20a53299a588789b86f5a435bee5d40cd Author: Olaf Kirch Date: Wed Jun 13 15:57:50 2007 -0400 [PATCH] dm crypt: fix call to clone_init Call clone_init early We need to call clone_init as early as possible - at least before call bio_put(clone) in any error path. Otherwise, the destructor will try to dereference bi_private, which may still be NULL. Signed-off-by: Olaf Kirch Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 9d6effd49c65970b9cc35ce346fa510eeccd5127 Author: Milan Broz Date: Wed Jun 13 15:56:39 2007 -0400 [PATCH] dm crypt: disable barriers Disable barriers in dm-crypt because of current workqueue processing can reorder requests. This must be addresed later but for now disabling barriers is needed to prevent data corruption. Signed-off-by: Milan Broz Signed-off-by: Alasdair G Kergon Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit c6de5adc0aae0e5953968aedcfb24be302d786d2 Author: Mike Accetta Date: Tue Jun 12 11:09:35 2007 +1000 [PATCH] md: Fix bug in error handling during raid1 repair. If raid1/repair (which reads all block and fixes any differences it finds) hits a read error, it doesn't reset the bio for writing before writing correct data back, so the read error isn't fixed, and the device probably gets a zero-length write which it might complain about. Signed-off-by: Neil Brown Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit e8fa943e054165b5e24fa4a6ae3273b6147c47dc Author: NeilBrown Date: Tue Jun 12 11:09:29 2007 +1000 [PATCH] md: Fix two raid10 bugs. 1/ When resyncing a degraded raid10 which has more than 2 copies of each block, garbage can get synced on top of good data. 2/ We round the wrong way in part of the device size calculation, which can cause confusion. Signed-off-by: Neil Brown Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit c740739747dfd54dd7c0ee0673ca0f4d52a90b1c Author: Alexey Kuznetsov Date: Fri Jun 8 10:29:30 2007 +0000 [PATCH] pi-futex: Fix exit races and locking problems 1. New entries can be added to tsk->pi_state_list after task completed exit_pi_state_list(). The result is memory leakage and deadlocks. 2. handle_mm_fault() is called under spinlock. The result is obvious. 3. results in self-inflicted deadlock inside glibc. Sometimes futex_lock_pi returns -ESRCH, when it is not expected and glibc enters to for(;;) sleep() to simulate deadlock. This problem is quite obvious and I think the patch is right. Though it looks like each "if" in futex_lock_pi() got some stupid special case "else if". :-) 4. sometimes futex_lock_pi() returns -EDEADLK, when nobody has the lock. The reason is also obvious (see comment in the patch), but correct fix is far beyond my comprehension. I guess someone already saw this, the chunk: if (rt_mutex_trylock(&q.pi_state->pi_mutex)) ret = 0; is obviously from the same opera. But it does not work, because the rtmutex is really taken at this point: wake_futex_pi() of previous owner reassigned it to us. My fix works. But it looks very stupid. I would think about removal of shift of ownership in wake_futex_pi() and making all the work in context of process taking lock. From: Thomas Gleixner Fix 1) Avoid the tasklist lock variant of the exit race fix by adding an additional state transition to the exit code. This fixes also the issue, when a task with recursive segfaults is not able to release the futexes. Fix 2) Cleanup the lookup_pi_state() failure path and solve the -ESRCH problem finally. Fix 3) Solve the fixup_pi_state_owner() problem which needs to do the fixup in the lock protected section by using the in_atomic userspace access functions. This removes also the ugly lock drop / unqueue inside of fixup_pi_state() Fix 4) Fix a stale lock in the error path of futex_wake_pi() Added some error checks for verification. The -EDEADLK problem is solved by the rtmutex fixups. Cc: Alexey Kuznetsov Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 59313fca40e8b2c7c86898329526a56b46a52ef8 Author: Thomas Gleixner Date: Fri Jun 8 10:29:29 2007 +0000 [PATCH] rt-mutex: Fix chain walk early wakeup bug Alexey Kuznetsov found some problems in the pi-futex code. One of the root causes is: When a wakeup happens, we do not to stop the chain walk so we we follow a non existing locking chain. Drop out when this happens. Cc: Alexey Kuznetsov Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit b3b66101b6dda551a35f98c048951ba9842250fa Author: Thomas Gleixner Date: Fri Jun 8 10:29:28 2007 +0000 [PATCH] rt-mutex: Fix stale return value Alexey Kuznetsov found some problems in the pi-futex code. The major problem is a stale return value in rt_mutex_slowlock(): When the pi chain walk returns -EDEADLK, but the waiter was woken up during the phases where the locks were dropped, the rtmutex could be acquired, but due to the stale return value -EDEADLK returned to the caller. Reset the return value in the woken up path. Cc: Alexey Kuznetsov Signed-off-by: Thomas Gleixner Acked-by: Ingo Molnar Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 61540c3cf703e55fddb9ed6b9bf032b5c4d61813 Author: Bob Picco Date: Thu Jun 7 21:01:35 2007 -0400 [PATCH] sparsemem: fix oops in x86_64 show_mem We aren't sampling for holes in memory. Thus we encounter a section hole with empty section map pointer for SPARSEMEM and OOPs for show_mem. This issue has been seen in 2.6.21, current git and current mm. This patch is for 2.6.21 stable. It was tested against sparsemem. Previous to commit f0a5a58aa812b31fd9f197c4ba48245942364eae memory_present was called for node_start_pfn to node_end_pfn. This would cover the hole(s) with reserved pages and valid sections. Most SPARSEMEM supported arches do a pfn_valid check in show_mem before computing the page structure address. This issue was brought to my attention on IRC by Arnaldo Carvalho de Melo at acme@redhat.com. Thanks to Arnaldo for testing. Signed-off-by: Bob Picco Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 6f86cc30ff0f6610b6ec1d41d7d1ab1061e0cc47 Author: Zou Nan hai Date: Fri Jun 1 00:46:28 2007 -0700 [PATCH] x86_64: allocate sparsemem memmap above 4G On systems with huge amount of physical memory, VFS cache and memory memmap may eat all available system memory under 4G, then the system may fail to allocate swiotlb bounce buffer. There was a fix for this issue in arch/x86_64/mm/numa.c, but that fix dose not cover sparsemem model. This patch add fix to sparsemem model by first try to allocate memmap above 4G. Signed-off-by: Zou Nan hai Acked-by: Suresh Siddha Cc: Andi Kleen Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds [chrisw: trivial backport] Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit d83b4fd0889e37f57f7e5f7f73394aa81fbcbcdf Author: Jason Gaston Date: Fri Jun 1 00:46:38 2007 -0700 [PATCH] pci_ids: update patch for Intel ICH9M This patch updates the Intel ICH9M LPC Controller DID's, due to a specification change. Signed-off-by: Jason Gaston Cc: Cc: Greg KH Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit e4adbfafa30ab794dddbfe2fa039c400b7d96189 Author: Auke Kok Date: Fri Jun 1 10:22:39 2007 -0700 [PATCH] e1000: disable polling before registering netdevice To assure the symmetry of poll enable/disable in up/down, we should initialize the netdevice to be poll_disabled at load time. Doing this after register_netdevice leaves us open to another race, so lets move all the netif_* calls above register_netdevice so the stack starts out how we expect it to be. Signed-off-by: Auke Kok Cc: Herbert Xu Cc: Doug Chapman Signed-off-by: Jeff Garzik Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit ed5582cc968044612c7ff79bb22cd2a20cd2bc8f Author: Jiri Slaby Date: Wed May 23 13:57:56 2007 -0700 [PATCH] Char: cyclades, fix deadlock An omitted unlock. Signed-off-by: Jiri Slaby Signed-off-by: Andrew Morton Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit ce9eb635d4de5404582046329bc7e74c2a0546ae Author: Oleg Nesterov Date: Mon May 21 16:51:29 2007 -0400 [PATCH] make freezeable workqueues singlethread It is a known fact that freezeable multithreaded workqueues doesn't like CPU_DEAD. We keep them only for the incoming CPU-hotplug rework. Sadly, we can't just kill create_freezeable_workqueue() right now, make them singlethread. Signed-off-by: Oleg Nesterov Cc: "Rafael J. Wysocki" Cc: Gautham R Shenoy Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit c39cf5329632f239bbf8fd2b2d32bd4e3cb405a9 Author: NeilBrown Date: Mon May 21 11:33:10 2007 +1000 [PATCH] md: Don't write more than is required of the last page of a bitmap It is possible that real data or metadata follows the bitmap without full page alignment. So limit the last write to be only the required number of bytes, rounded up to the hard sector size of the device. Signed-off-by: Neil Brown Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit cb9072a6c6322f4615576537b024a42252b7ac15 Author: NeilBrown Date: Mon May 21 11:33:03 2007 +1000 [PATCH] md: Avoid overflow in raid0 calculation with large components. If a raid0 has a component device larger than 4TB, and is accessed on a 32bit machines, then as 'chunk' is unsigned lock, chunk << chunksize_bits can overflow (this can be as high as the size of the device in KB). chunk itself will not overflow (without triggering a BUG). So change 'chunk' to be 'sector_t, and get rid of the 'BUG' as it becomes impossible to hit. Cc: "Jeff Zheng" Signed-off-by: Neil Brown Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 5c648b32393875e46f767405eb41911a149eb008 Author: Andi Kleen Date: Mon May 21 14:31:45 2007 +0200 [PATCH] i386: Fix K8/core2 oprofile on multiple CPUs Only try to allocate MSRs once instead of for every CPU. This assumes the MSRs are the same on all CPUs which is currently true. P4-HT is a special case for different SMT threads, but the code always saves/restores all MSRs so it works identical. Signed-off-by: Andi Kleen Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman