From ac9b9c667c2e1194e22ebe0a441ae1c37aaa9b90 Mon Sep 17 00:00:00 2001 From: Hugh Dickins Date: Thu, 20 Oct 2005 16:24:28 +0100 Subject: [PATCH] Fix handling spurious page fault for hugetlb region This reverts commit 3359b54c8c07338f3a863d1109b42eebccdcf379 and replaces it with a cleaner version that is purely based on page table operations, so that the synchronization between inode size and hugetlb mappings becomes moot. Signed-off-by: Hugh Dickins Signed-off-by: Linus Torvalds --- include/linux/hugetlb.h | 16 +++------------- mm/hugetlb.c | 22 ++++++++++++++++++++++ mm/memory.c | 14 ++------------ 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 42cb7d70f9a..d664330d900 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -25,6 +25,8 @@ int is_hugepage_mem_enough(size_t); unsigned long hugetlb_total_pages(void); struct page *alloc_huge_page(void); void free_huge_page(struct page *); +int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, + unsigned long address, int write_access); extern unsigned long max_huge_pages; extern const unsigned long hugetlb_zero, hugetlb_infinity; @@ -99,6 +101,7 @@ static inline unsigned long hugetlb_total_pages(void) do { } while (0) #define alloc_huge_page() ({ NULL; }) #define free_huge_page(p) ({ (void)(p); BUG(); }) +#define hugetlb_fault(mm, vma, addr, write) ({ BUG(); 0; }) #ifndef HPAGE_MASK #define HPAGE_MASK 0 /* Keep the compiler happy */ @@ -155,24 +158,11 @@ static inline void set_file_hugepages(struct file *file) { file->f_op = &hugetlbfs_file_operations; } - -static inline int valid_hugetlb_file_off(struct vm_area_struct *vma, - unsigned long address) -{ - struct inode *inode = vma->vm_file->f_dentry->d_inode; - loff_t file_off = address - vma->vm_start; - - file_off += (vma->vm_pgoff << PAGE_SHIFT); - - return (file_off < inode->i_size); -} - #else /* !CONFIG_HUGETLBFS */ #define is_file_hugepages(file) 0 #define set_file_hugepages(file) BUG() #define hugetlb_zero_setup(size) ERR_PTR(-ENOSYS) -#define valid_hugetlb_file_off(vma, address) 0 #endif /* !CONFIG_HUGETLBFS */ diff --git a/mm/hugetlb.c b/mm/hugetlb.c index a1b30d45459..61d38067803 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -394,6 +394,28 @@ out: return ret; } +/* + * On ia64 at least, it is possible to receive a hugetlb fault from a + * stale zero entry left in the TLB from earlier hardware prefetching. + * Low-level arch code should already have flushed the stale entry as + * part of its fault handling, but we do need to accept this minor fault + * and return successfully. Whereas the "normal" case is that this is + * an access to a hugetlb page which has been truncated off since mmap. + */ +int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, + unsigned long address, int write_access) +{ + int ret = VM_FAULT_SIGBUS; + pte_t *pte; + + spin_lock(&mm->page_table_lock); + pte = huge_pte_offset(mm, address); + if (pte && !pte_none(*pte)) + ret = VM_FAULT_MINOR; + spin_unlock(&mm->page_table_lock); + return ret; +} + int follow_hugetlb_page(struct mm_struct *mm, struct vm_area_struct *vma, struct page **pages, struct vm_area_struct **vmas, unsigned long *position, int *length, int i) diff --git a/mm/memory.c b/mm/memory.c index 8c88b973abc..1db40e935e5 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2045,18 +2045,8 @@ int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct * vma, inc_page_state(pgfault); - if (unlikely(is_vm_hugetlb_page(vma))) { - if (valid_hugetlb_file_off(vma, address)) - /* We get here only if there was a stale(zero) TLB entry - * (because of HW prefetching). - * Low-level arch code (if needed) should have already - * purged the stale entry as part of this fault handling. - * Here we just return. - */ - return VM_FAULT_MINOR; - else - return VM_FAULT_SIGBUS; /* mapping truncation does this. */ - } + if (unlikely(is_vm_hugetlb_page(vma))) + return hugetlb_fault(mm, vma, address, write_access); /* * We need the page table lock to synchronize with kswapd -- cgit v1.2.3 From fda0fd6c5b722cc48e904e0daafedca275d332af Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Fri, 14 Oct 2005 16:38:49 +1000 Subject: [DCCP]: Use skb_set_owner_w in dccp_transmit_skb when skb->sk is NULL David S. Miller wrote: > One thing you can probably do for this bug is to mark data packets > explicitly somehow, perhaps in the SKB control block DCCP already > uses for other data. Put some boolean in there, set it true for > data packets. Then change the test in dccp_transmit_skb() as > appropriate to test the boolean flag instead of "skb_cloned(skb)". I agree. In fact we already have that flag, it's called skb->sk. So here is patch to test that instead of skb_cloned(). Signed-off-by: Herbert Xu Acked-by: Ian McDonald Signed-off-by: Arnaldo Carvalho de Melo --- net/dccp/output.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/dccp/output.c b/net/dccp/output.c index 4786bdcddcc..946ec2db75d 100644 --- a/net/dccp/output.c +++ b/net/dccp/output.c @@ -62,10 +62,8 @@ int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb) skb->h.raw = skb_push(skb, dccp_header_size); dh = dccp_hdr(skb); - /* - * Data packets are not cloned as they are never retransmitted - */ - if (skb_cloned(skb)) + + if (!skb->sk) skb_set_owner_w(skb, sk); /* Build DCCP header and checksum it. */ -- cgit v1.2.3 From ffa29347dfbc158d1f47f5925324a6f5713659c1 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sun, 16 Oct 2005 21:08:46 +1000 Subject: [DCCP]: Make dccp_write_xmit always free the packet icmp_send doesn't use skb->sk at all so even if skb->sk has already been freed it can't cause crash there (it would've crashed somewhere else first, e.g., ip_queue_xmit). I found a double-free on an skb that could explain this though. dccp_sendmsg and dccp_write_xmit are a little confused as to what should free the packet when something goes wrong. Sometimes they both go for the ball and end up in each other's way. This patch makes dccp_write_xmit always free the packet no matter what. This makes sense since dccp_transmit_skb which in turn comes from the fact that ip_queue_xmit always frees the packet. Signed-off-by: Herbert Xu Signed-off-by: Arnaldo Carvalho de Melo --- net/dccp/output.c | 3 ++- net/dccp/proto.c | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/net/dccp/output.c b/net/dccp/output.c index 946ec2db75d..7006549f705 100644 --- a/net/dccp/output.c +++ b/net/dccp/output.c @@ -241,7 +241,8 @@ int dccp_write_xmit(struct sock *sk, struct sk_buff *skb, long *timeo) err = dccp_transmit_skb(sk, skb); ccid_hc_tx_packet_sent(dp->dccps_hc_tx_ccid, sk, 0, len); - } + } else + kfree_skb(skb); return err; } diff --git a/net/dccp/proto.c b/net/dccp/proto.c index a1cfd0e9e3b..a021c3422f6 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -402,8 +402,6 @@ int dccp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, * This bug was _quickly_ found & fixed by just looking at an OSTRA * generated callgraph 8) -acme */ - if (rc != 0) - goto out_discard; out_release: release_sock(sk); return rc ? : len; -- cgit v1.2.3 From 49c5bfaffe8ae6e6440dc4bf78b03800960d93f5 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 18 Oct 2005 12:03:28 +1000 Subject: [DCCP]: Clear the IPCB area Turns out the problem has nothing to do with use-after-free or double-free. It's just that we're not clearing the CB area and DCCP unlike TCP uses a CB format that's incompatible with IP. Signed-off-by: Herbert Xu Signed-off-by: Ian McDonald Signed-off-by: Arnaldo Carvalho de Melo --- net/dccp/ipv4.c | 2 ++ net/dccp/output.c | 1 + 2 files changed, 3 insertions(+) diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c index ae088d1347a..6298cf58ff9 100644 --- a/net/dccp/ipv4.c +++ b/net/dccp/ipv4.c @@ -463,6 +463,7 @@ static int dccp_v4_send_response(struct sock *sk, struct request_sock *req, if (skb != NULL) { const struct inet_request_sock *ireq = inet_rsk(req); + memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr, ireq->rmt_addr, ireq->opt); @@ -647,6 +648,7 @@ int dccp_v4_send_reset(struct sock *sk, enum dccp_reset_codes code) if (skb != NULL) { const struct inet_sock *inet = inet_sk(sk); + memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); err = ip_build_and_send_pkt(skb, sk, inet->saddr, inet->daddr, NULL); if (err == NET_XMIT_CN) diff --git a/net/dccp/output.c b/net/dccp/output.c index 7006549f705..29250749f16 100644 --- a/net/dccp/output.c +++ b/net/dccp/output.c @@ -100,6 +100,7 @@ int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb) DCCP_INC_STATS(DCCP_MIB_OUTSEGS); + memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); err = ip_queue_xmit(skb, 0); if (err <= 0) return err; -- cgit v1.2.3 From b2cc99f04c5a732c793519aca61a20f719b50db4 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 20 Oct 2005 17:13:13 -0200 Subject: [TCP] Allow len == skb->len in tcp_fragment It is legitimate to call tcp_fragment with len == skb->len since that is done for FIN packets and the FIN flag counts as one byte. So we should only check for the len > skb->len case. Signed-off-by: Herbert Xu Signed-off-by: Arnaldo Carvalho de Melo --- net/ipv4/tcp_output.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 7114031fdc7..b907456a79f 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -435,17 +435,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss int nsize, old_factor; u16 flags; - if (unlikely(len >= skb->len)) { - if (net_ratelimit()) { - printk(KERN_DEBUG "TCP: seg_size=%u, mss=%u, seq=%u, " - "end_seq=%u, skb->len=%u.\n", len, mss_now, - TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq, - skb->len); - WARN_ON(1); - } - return 0; - } - + BUG_ON(len > skb->len); nsize = skb_headlen(skb) - len; if (nsize < 0) nsize = 0; -- cgit v1.2.3 From b2640b420a806c91f6b8799314ca96bb88a246d2 Mon Sep 17 00:00:00 2001 From: Matt Reimer Date: Thu, 20 Oct 2005 23:21:18 +0100 Subject: [ARM] 3025/1: Add I2S platform device for PXA Patch from Matt Reimer Adds an I2S platform_device for PXA. I2S is used to interface with sound chips on systems like iPAQ h1910/h2200/hx4700 and Asus 716. Signed-off-by: mreimer@vpop.net Signed-off-by: Russell King --- arch/arm/mach-pxa/generic.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm/mach-pxa/generic.c b/arch/arm/mach-pxa/generic.c index d327c127edd..1d7677669a7 100644 --- a/arch/arm/mach-pxa/generic.c +++ b/arch/arm/mach-pxa/generic.c @@ -250,6 +250,25 @@ void __init pxa_set_i2c_info(struct i2c_pxa_platform_data *info) i2c_device.dev.platform_data = info; } +static struct resource i2s_resources[] = { + { + .start = 0x40400000, + .end = 0x40400083, + .flags = IORESOURCE_MEM, + }, { + .start = IRQ_I2S, + .end = IRQ_I2S, + .flags = IORESOURCE_IRQ, + }, +}; + +static struct platform_device i2s_device = { + .name = "pxa2xx-i2s", + .id = -1, + .resource = i2c_resources, + .num_resources = ARRAY_SIZE(i2s_resources), +}; + static struct platform_device *devices[] __initdata = { &pxamci_device, &udc_device, @@ -258,6 +277,7 @@ static struct platform_device *devices[] __initdata = { &btuart_device, &stuart_device, &i2c_device, + &i2s_device, }; static int __init pxa_init(void) -- cgit v1.2.3 From a7ce8edc8232da51dc3a804ec9c734019d115b40 Mon Sep 17 00:00:00 2001 From: Ben Dooks Date: Thu, 20 Oct 2005 23:21:18 +0100 Subject: [ARM] 3026/1: S3C2410 - avoid possible overflow in pll calculations Patch from Ben Dooks Avoid the possiblity that if the board is using a 16.9334 or higher crystal with a high PLL multiplier, then the pll value could overflow the capability of an int. Also fix the value types of the intermediate variables to unsigned int. Rewrite of patch from Guillaume Gourat Signed-off-by: Ben Dooks Signed-off-by: Russell King --- include/asm-arm/arch-s3c2410/regs-clock.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/asm-arm/arch-s3c2410/regs-clock.h b/include/asm-arm/arch-s3c2410/regs-clock.h index 16f4c3cc138..66794b13e18 100644 --- a/include/asm-arm/arch-s3c2410/regs-clock.h +++ b/include/asm-arm/arch-s3c2410/regs-clock.h @@ -18,7 +18,8 @@ * 10-Feb-2005 Ben Dooks Fixed CAMDIVN address (Guillaume Gourat) * 10-Mar-2005 Lucas Villa Real Changed S3C2410_VA to S3C24XX_VA * 27-Aug-2005 Ben Dooks Add clock-slow info - */ + * 20-Oct-2005 Ben Dooks Fixed overflow in PLL (Guillaume Gourat) +*/ #ifndef __ASM_ARM_REGS_CLOCK #define __ASM_ARM_REGS_CLOCK "$Id: clock.h,v 1.4 2003/04/30 14:50:51 ben Exp $" @@ -83,10 +84,13 @@ #ifndef __ASSEMBLY__ +#include + static inline unsigned int -s3c2410_get_pll(int pllval, int baseclk) +s3c2410_get_pll(unsigned int pllval, unsigned int baseclk) { - int mdiv, pdiv, sdiv; + unsigned int mdiv, pdiv, sdiv; + uint64_t fvco; mdiv = pllval >> S3C2410_PLLCON_MDIVSHIFT; pdiv = pllval >> S3C2410_PLLCON_PDIVSHIFT; @@ -96,7 +100,10 @@ s3c2410_get_pll(int pllval, int baseclk) pdiv &= S3C2410_PLLCON_PDIVMASK; sdiv &= S3C2410_PLLCON_SDIVMASK; - return (baseclk * (mdiv + 8)) / ((pdiv + 2) << sdiv); + fvco = (uint64_t)baseclk * (mdiv + 8); + do_div(fvco, (pdiv + 2) << sdiv); + + return (unsigned int)fvco; } #endif /* __ASSEMBLY__ */ -- cgit v1.2.3 From b048dbf4d428c89f219efc2eddf2771f13500503 Mon Sep 17 00:00:00 2001 From: Ben Dooks Date: Thu, 20 Oct 2005 23:21:19 +0100 Subject: [ARM] 3027/1: BAST - reduce NAND timings slightly Patch from Ben Dooks The current Simtec BAST nand area timings are a little too slow to be obtained by a 2410 running at 266MHz, so reduce the timings slightly to bring them into the acceptable range. Signed-off-by: Ben Dooks Signed-off-by: Russell King --- arch/arm/mach-s3c2410/mach-bast.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm/mach-s3c2410/mach-bast.c b/arch/arm/mach-s3c2410/mach-bast.c index 8ca95598464..7b51bfd0ba6 100644 --- a/arch/arm/mach-s3c2410/mach-bast.c +++ b/arch/arm/mach-s3c2410/mach-bast.c @@ -307,9 +307,9 @@ static void bast_nand_select(struct s3c2410_nand_set *set, int slot) } static struct s3c2410_platform_nand bast_nand_info = { - .tacls = 40, - .twrph0 = 80, - .twrph1 = 80, + .tacls = 30, + .twrph0 = 60, + .twrph1 = 60, .nr_sets = ARRAY_SIZE(bast_nand_sets), .sets = bast_nand_sets, .select_chip = bast_nand_select, -- cgit v1.2.3 From 7fe8785e4198ad6b5dfd4a76c44c97e9b4463534 Mon Sep 17 00:00:00 2001 From: Ben Dooks Date: Thu, 20 Oct 2005 23:21:20 +0100 Subject: [ARM] 3028/1: S3C2410 - add DCLK mask definitions Patch from Ben Dooks From: Guillaume Gourat Add MASK definitions for DCLK0 and DCLK1 Signed-off-by: Guillaume Gourat Signed-off-by: Ben Dooks Signed-off-by: Russell King --- include/asm-arm/arch-s3c2410/regs-clock.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/asm-arm/arch-s3c2410/regs-clock.h b/include/asm-arm/arch-s3c2410/regs-clock.h index 66794b13e18..34360706e01 100644 --- a/include/asm-arm/arch-s3c2410/regs-clock.h +++ b/include/asm-arm/arch-s3c2410/regs-clock.h @@ -19,6 +19,7 @@ * 10-Mar-2005 Lucas Villa Real Changed S3C2410_VA to S3C24XX_VA * 27-Aug-2005 Ben Dooks Add clock-slow info * 20-Oct-2005 Ben Dooks Fixed overflow in PLL (Guillaume Gourat) + * 20-Oct-2005 Ben Dooks Add masks for DCLK (Guillaume Gourat) */ #ifndef __ASM_ARM_REGS_CLOCK @@ -67,11 +68,16 @@ #define S3C2410_DCLKCON_DCLK0_UCLK (1<<1) #define S3C2410_DCLKCON_DCLK0_DIV(x) (((x) - 1 )<<4) #define S3C2410_DCLKCON_DCLK0_CMP(x) (((x) - 1 )<<8) +#define S3C2410_DCLKCON_DCLK0_DIV_MASK ((0xf)<<4) +#define S3C2410_DCLKCON_DCLK0_CMP_MASK ((0xf)<<8) #define S3C2410_DCLKCON_DCLK1EN (1<<16) #define S3C2410_DCLKCON_DCLK1_PCLK (0<<17) #define S3C2410_DCLKCON_DCLK1_UCLK (1<<17) #define S3C2410_DCLKCON_DCLK1_DIV(x) (((x) - 1) <<20) +#define S3C2410_DCLKCON_DCLK1_CMP(x) (((x) - 1) <<24) +#define S3C2410_DCLKCON_DCLK1_DIV_MASK ((0xf) <<20) +#define S3C2410_DCLKCON_DCLK1_CMP_MASK ((0xf) <<24) #define S3C2410_CLKDIVN_PDIVN (1<<0) #define S3C2410_CLKDIVN_HDIVN (1<<1) -- cgit v1.2.3 From d18566376055046fca0b51ad536f1778ef34966a Mon Sep 17 00:00:00 2001 From: Russell King Date: Fri, 21 Oct 2005 10:17:37 +0100 Subject: [ARM] Fix Integrator IM/PD-1 support Signed-off-by: Russell King --- arch/arm/mach-integrator/impd1.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm/mach-integrator/impd1.c b/arch/arm/mach-integrator/impd1.c index c3c2f17d030..a1b153d1626 100644 --- a/arch/arm/mach-integrator/impd1.c +++ b/arch/arm/mach-integrator/impd1.c @@ -67,7 +67,7 @@ static void impd1_setvco(struct clk *clk, struct icst525_vco vco) } writel(0, impd1->base + IMPD1_LOCK); -#if DEBUG +#ifdef DEBUG vco.v = val & 0x1ff; vco.r = (val >> 9) & 0x7f; vco.s = (val >> 16) & 7; @@ -427,17 +427,18 @@ static int impd1_probe(struct lm_device *dev) return ret; } +static int impd1_remove_one(struct device *dev, void *data) +{ + device_unregister(dev); + return 0; +} + static void impd1_remove(struct lm_device *dev) { struct impd1_module *impd1 = lm_get_drvdata(dev); - struct list_head *l, *n; int i; - list_for_each_safe(l, n, &dev->dev.children) { - struct device *d = list_to_dev(l); - - device_unregister(d); - } + device_for_each_child(&dev->dev, NULL, impd1_remove_one); for (i = 0; i < ARRAY_SIZE(impd1->vcos); i++) clk_unregister(&impd1->vcos[i]); -- cgit v1.2.3 From 024358eeafd44ecffd0e7a1002ef3ccc1d0acd4d Mon Sep 17 00:00:00 2001 From: Eric Moore Date: Fri, 21 Oct 2005 20:56:36 +0200 Subject: [PATCH] mptsas: fix phy identifiers This fixes handling of the phy identifiers in mptsas. Signed-off-by: Eric Moore [ split it a pre-2.6.14 portion from Eric's bigger patch ] Signed-off-by: Christoph Hellwig Signed-off-by: Linus Torvalds --- drivers/message/fusion/mptsas.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c index 429820e48c6..7de19a84dc7 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -257,8 +257,8 @@ static void mptsas_print_device_pg0(SasDevicePage0_t *pg0) printk("SAS Address=0x%llX\n", le64_to_cpu(sas_address)); printk("Target ID=0x%X\n", pg0->TargetID); printk("Bus=0x%X\n", pg0->Bus); - printk("PhyNum=0x%X\n", pg0->PhyNum); - printk("AccessStatus=0x%X\n", le16_to_cpu(pg0->AccessStatus)); + printk("Parent Phy Num=0x%X\n", pg0->PhyNum); + printk("Access Status=0x%X\n", le16_to_cpu(pg0->AccessStatus)); printk("Device Info=0x%X\n", le32_to_cpu(pg0->DeviceInfo)); printk("Flags=0x%X\n", le16_to_cpu(pg0->Flags)); printk("Physical Port=0x%X\n", pg0->PhysicalPort); @@ -270,7 +270,7 @@ static void mptsas_print_expander_pg1(SasExpanderPage1_t *pg1) printk("---- SAS EXPANDER PAGE 1 ------------\n"); printk("Physical Port=0x%X\n", pg1->PhysicalPort); - printk("PHY Identifier=0x%X\n", pg1->Phy); + printk("PHY Identifier=0x%X\n", pg1->PhyIdentifier); printk("Negotiated Link Rate=0x%X\n", pg1->NegotiatedLinkRate); printk("Programmed Link Rate=0x%X\n", pg1->ProgrammedLinkRate); printk("Hardware Link Rate=0x%X\n", pg1->HwLinkRate); @@ -604,7 +604,7 @@ mptsas_sas_expander_pg1(MPT_ADAPTER *ioc, struct mptsas_phyinfo *phy_info, mptsas_print_expander_pg1(buffer); /* save config data */ - phy_info->phy_id = buffer->Phy; + phy_info->phy_id = buffer->PhyIdentifier; phy_info->port_id = buffer->PhysicalPort; phy_info->negotiated_link_rate = buffer->NegotiatedLinkRate; phy_info->programmed_link_rate = buffer->ProgrammedLinkRate; @@ -825,6 +825,8 @@ mptsas_probe_hba_phys(MPT_ADAPTER *ioc, int *index) mptsas_sas_device_pg0(ioc, &port_info->phy_info[i].identify, (MPI_SAS_DEVICE_PGAD_FORM_GET_NEXT_HANDLE << MPI_SAS_DEVICE_PGAD_FORM_SHIFT), handle); + port_info->phy_info[i].identify.phy_id = + port_info->phy_info[i].phy_id; handle = port_info->phy_info[i].identify.handle; if (port_info->phy_info[i].attached.handle) { @@ -881,6 +883,8 @@ mptsas_probe_expander_phys(MPT_ADAPTER *ioc, u32 *handle, int *index) (MPI_SAS_DEVICE_PGAD_FORM_HANDLE << MPI_SAS_DEVICE_PGAD_FORM_SHIFT), port_info->phy_info[i].identify.handle); + port_info->phy_info[i].identify.phy_id = + port_info->phy_info[i].phy_id; } if (port_info->phy_info[i].attached.handle) { -- cgit v1.2.3 From a1c7e111934b6375baf07a970d6c890d18d7e34f Mon Sep 17 00:00:00 2001 From: Paul Mackerras Date: Fri, 21 Oct 2005 22:39:36 +1000 Subject: [PATCH] ppc64: Fix typo in time calculations This fixes a typo in the div128_by_32 function used in the timekeeping calculations on ppc64. If you look at the code it's quite obvious that we need (rb + c) rather than (rb + b). The "b" is clearly just a typo. Signed-off-by: Paul Mackerras Signed-off-by: Linus Torvalds --- arch/ppc64/kernel/time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ppc64/kernel/time.c b/arch/ppc64/kernel/time.c index 9939c206afa..b56c6a324e1 100644 --- a/arch/ppc64/kernel/time.c +++ b/arch/ppc64/kernel/time.c @@ -870,7 +870,7 @@ void div128_by_32( unsigned long dividend_high, unsigned long dividend_low, rb = ((ra + b) - (x * divisor)) << 32; y = (rb + c)/divisor; - rc = ((rb + b) - (y * divisor)) << 32; + rc = ((rb + c) - (y * divisor)) << 32; z = (rc + d)/divisor; -- cgit v1.2.3 From 5d96551541a8f5521dcc8c634a18d42a3d349ec9 Mon Sep 17 00:00:00 2001 From: Benjamin Herrenschmidt Date: Fri, 21 Oct 2005 14:12:51 +1000 Subject: [PATCH] ppc64: Fix pages marked dirty abusively While working on 64K pages, I found this little buglet in our update_mmu_cache() implementation. The code calls __hash_page() passing it an "access" parameter (the type of access that triggers the hash) containing the bits _PAGE_RW and _PAGE_USER of the linux PTE. The latter is useless in this case and the former is wrong. In fact, if we have a writeable PTE and we pass _PAGE_RW to hash_page(), it will set _PAGE_DIRTY (since we track dirty that way, by hash faulting !dirty) which is not what we want. In fact, the correct fix is to always pass 0. That means that only read-only or already dirty read write PTEs will be preloaded. The (hopefully rare) case of a non dirty read write PTE can't be preloaded this way, it will have to fault in hash_page on the actual access. Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Linus Torvalds --- arch/ppc64/mm/init.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/ppc64/mm/init.c b/arch/ppc64/mm/init.c index c2157c9c3ac..be64b157afc 100644 --- a/arch/ppc64/mm/init.c +++ b/arch/ppc64/mm/init.c @@ -799,8 +799,7 @@ void update_mmu_cache(struct vm_area_struct *vma, unsigned long ea, if (cpus_equal(vma->vm_mm->cpu_vm_mask, tmp)) local = 1; - __hash_page(ea, pte_val(pte) & (_PAGE_USER|_PAGE_RW), vsid, ptep, - 0x300, local); + __hash_page(ea, 0, vsid, ptep, 0x300, local); local_irq_restore(flags); } -- cgit v1.2.3 From e29971f9a4ca08c3c31b98be96c293ef9f7dcc32 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Thu, 20 Oct 2005 23:49:00 +0100 Subject: [PATCH] drm: another mga bug The wrong state emission routines were being called for G550, and consistent maps weren't correctly mapped... Signed-off-by: Dave Airlie Signed-off-by: Linus Torvalds --- drivers/char/drm/drm_vm.c | 3 ++- drivers/char/drm/mga_drv.h | 2 +- drivers/char/drm/mga_state.c | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/char/drm/drm_vm.c b/drivers/char/drm/drm_vm.c index ced4215e227..39ea96e42c5 100644 --- a/drivers/char/drm/drm_vm.c +++ b/drivers/char/drm/drm_vm.c @@ -148,7 +148,8 @@ static __inline__ struct page *drm_do_vm_shm_nopage(struct vm_area_struct *vma, offset = address - vma->vm_start; i = (unsigned long)map->handle + offset; - page = vmalloc_to_page((void *)i); + page = (map->type == _DRM_CONSISTENT) ? + virt_to_page((void *)i) : vmalloc_to_page((void *)i); if (!page) return NOPAGE_OOM; get_page(page); diff --git a/drivers/char/drm/mga_drv.h b/drivers/char/drm/mga_drv.h index b22fdbd4f83..6059c5a5b10 100644 --- a/drivers/char/drm/mga_drv.h +++ b/drivers/char/drm/mga_drv.h @@ -227,7 +227,7 @@ static inline u32 _MGA_READ(u32 *addr) #define MGA_EMIT_STATE( dev_priv, dirty ) \ do { \ if ( (dirty) & ~MGA_UPLOAD_CLIPRECTS ) { \ - if ( dev_priv->chipset == MGA_CARD_TYPE_G400 ) { \ + if ( dev_priv->chipset >= MGA_CARD_TYPE_G400 ) { \ mga_g400_emit_state( dev_priv ); \ } else { \ mga_g200_emit_state( dev_priv ); \ diff --git a/drivers/char/drm/mga_state.c b/drivers/char/drm/mga_state.c index 05bbb471937..6ac5e006226 100644 --- a/drivers/char/drm/mga_state.c +++ b/drivers/char/drm/mga_state.c @@ -53,7 +53,7 @@ static void mga_emit_clip_rect( drm_mga_private_t *dev_priv, /* Force reset of DWGCTL on G400 (eliminates clip disable bit). */ - if (dev_priv->chipset == MGA_CARD_TYPE_G400) { + if (dev_priv->chipset >= MGA_CARD_TYPE_G400) { DMA_BLOCK(MGA_DWGCTL, ctx->dwgctl, MGA_LEN + MGA_EXEC, 0x80000000, MGA_DWGCTL, ctx->dwgctl, -- cgit v1.2.3 From 3078fcc1d18c7235b034dc889642c5300959fa20 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Fri, 21 Oct 2005 13:41:19 +1000 Subject: [PATCH] ppc64: Fix typo bug in iSeries hash code This fixes a stupid typo bug in the iSeries hash table code. When we place a hash PTE in the secondary bucket, instead of setting the SECONDARY flag bit, as we should, we (redundantly) set the VALID flag. This was introduced with the patch abolishing bitfields from the hash table code. Mea culpa, oops. It hasn't been noticed until now because in practice we don't hit the secondary bucket terribly often. Signed-off-by: David Gibson Signed-off-by: Linus Torvalds --- arch/ppc64/kernel/iSeries_htab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/ppc64/kernel/iSeries_htab.c b/arch/ppc64/kernel/iSeries_htab.c index 2192055a90a..073b7666174 100644 --- a/arch/ppc64/kernel/iSeries_htab.c +++ b/arch/ppc64/kernel/iSeries_htab.c @@ -66,7 +66,7 @@ static long iSeries_hpte_insert(unsigned long hpte_group, unsigned long va, } if (slot < 0) { /* MSB set means secondary group */ - vflags |= HPTE_V_VALID; + vflags |= HPTE_V_SECONDARY; secondary = 1; slot &= 0x7fffffffffffffff; } -- cgit v1.2.3 From 0213df74315bbab9ccaa73146f3e11972ea6de46 Mon Sep 17 00:00:00 2001 From: Dave Jones Date: Fri, 21 Oct 2005 17:21:03 -0400 Subject: [PATCH] cpufreq: fix pending powernow timer stuck condition AMD recently discovered that on some hardware, there is a race condition possible when a C-state change request goes onto the bus at the same time as a P-state change request. Both requests happen, but the southbridge hardware only acknowledges the C-state change. The PowerNow! driver is then stuck in a loop, waiting for the P-state change acknowledgement. The driver eventually times out, but can no longer perform P-state changes. It turns out the solution is to resend the P-state change, which the southbridge will acknowledge normally. Thanks to Johannes Winkelmann for reporting this and testing the fix. Signed-off-by: Mark Langsdorf Signed-off-by: Dave Jones Signed-off-by: Linus Torvalds --- arch/i386/kernel/cpu/cpufreq/powernow-k8.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/arch/i386/kernel/cpu/cpufreq/powernow-k8.c b/arch/i386/kernel/cpu/cpufreq/powernow-k8.c index ab6e0611303..ec3a9e335aa 100644 --- a/arch/i386/kernel/cpu/cpufreq/powernow-k8.c +++ b/arch/i386/kernel/cpu/cpufreq/powernow-k8.c @@ -44,7 +44,7 @@ #define PFX "powernow-k8: " #define BFX PFX "BIOS error: " -#define VERSION "version 1.50.3" +#define VERSION "version 1.50.4" #include "powernow-k8.h" /* serialize freq changes */ @@ -111,8 +111,8 @@ static int query_current_values_with_pending_wait(struct powernow_k8_data *data) u32 i = 0; do { - if (i++ > 0x1000000) { - printk(KERN_ERR PFX "detected change pending stuck\n"); + if (i++ > 10000) { + dprintk("detected change pending stuck\n"); return 1; } rdmsr(MSR_FIDVID_STATUS, lo, hi); @@ -159,6 +159,7 @@ static int write_new_fid(struct powernow_k8_data *data, u32 fid) { u32 lo; u32 savevid = data->currvid; + u32 i = 0; if ((fid & INVALID_FID_MASK) || (data->currvid & INVALID_VID_MASK)) { printk(KERN_ERR PFX "internal error - overflow on fid write\n"); @@ -170,10 +171,13 @@ static int write_new_fid(struct powernow_k8_data *data, u32 fid) dprintk("writing fid 0x%x, lo 0x%x, hi 0x%x\n", fid, lo, data->plllock * PLL_LOCK_CONVERSION); - wrmsr(MSR_FIDVID_CTL, lo, data->plllock * PLL_LOCK_CONVERSION); - - if (query_current_values_with_pending_wait(data)) - return 1; + do { + wrmsr(MSR_FIDVID_CTL, lo, data->plllock * PLL_LOCK_CONVERSION); + if (i++ > 100) { + printk(KERN_ERR PFX "internal error - pending bit very stuck - no further pstate changes possible\n"); + retrun 1; + } + } while (query_current_values_with_pending_wait(data)); count_off_irt(data); @@ -197,6 +201,7 @@ static int write_new_vid(struct powernow_k8_data *data, u32 vid) { u32 lo; u32 savefid = data->currfid; + int i = 0; if ((data->currfid & INVALID_FID_MASK) || (vid & INVALID_VID_MASK)) { printk(KERN_ERR PFX "internal error - overflow on vid write\n"); @@ -208,10 +213,13 @@ static int write_new_vid(struct powernow_k8_data *data, u32 vid) dprintk("writing vid 0x%x, lo 0x%x, hi 0x%x\n", vid, lo, STOP_GRANT_5NS); - wrmsr(MSR_FIDVID_CTL, lo, STOP_GRANT_5NS); - - if (query_current_values_with_pending_wait(data)) - return 1; + do { + wrmsr(MSR_FIDVID_CTL, lo, STOP_GRANT_5NS); + if (i++ > 100) { + printk(KERN_ERR PFX "internal error - pending bit very stuck - no further pstate changes possible\n"); + return 1; + } + } while (query_current_values_with_pending_wait(data)); if (savefid != data->currfid) { printk(KERN_ERR PFX "fid changed on vid trans, old 0x%x new 0x%x\n", -- cgit v1.2.3 From 9465bee863bc4c6cf1566c12d6f92a8133e3da5c Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Fri, 21 Oct 2005 15:36:00 -0700 Subject: Revert "Fix cpu timers exit deadlock and races" Revert commit e03d13e985d48ac4885382c9e3b1510c78bd047f, to be replaced by a much nicer fix from Roland. --- kernel/posix-cpu-timers.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c index b3f3edc475d..7a51a5597c3 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c @@ -387,19 +387,25 @@ int posix_cpu_timer_del(struct k_itimer *timer) if (unlikely(p == NULL)) return 0; - spin_lock(&p->sighand->siglock); if (!list_empty(&timer->it.cpu.entry)) { - /* - * Take us off the task's timer list. We don't need to - * take tasklist_lock and check for the task being reaped. - * If it was reaped, it already called posix_cpu_timers_exit - * and posix_cpu_timers_exit_group to clear all the timers - * that pointed to it. - */ - list_del(&timer->it.cpu.entry); - put_task_struct(p); + read_lock(&tasklist_lock); + if (unlikely(p->signal == NULL)) { + /* + * We raced with the reaping of the task. + * The deletion should have cleared us off the list. + */ + BUG_ON(!list_empty(&timer->it.cpu.entry)); + } else { + /* + * Take us off the task's timer list. + */ + spin_lock(&p->sighand->siglock); + list_del(&timer->it.cpu.entry); + spin_unlock(&p->sighand->siglock); + } + read_unlock(&tasklist_lock); } - spin_unlock(&p->sighand->siglock); + put_task_struct(p); return 0; } -- cgit v1.2.3 From 25f407f0b668f5e4ebd5d13e1fb4306ba6427ead Mon Sep 17 00:00:00 2001 From: Roland McGrath Date: Fri, 21 Oct 2005 15:03:29 -0700 Subject: [PATCH] Call exit_itimers from do_exit, not __exit_signal When I originally moved exit_itimers into __exit_signal, that was the only place where we could reliably know it was the last thread in the group dying, without races. Since then we've gotten the signal_struct.live counter, and do_exit can reliably do group-wide cleanup work. This patch moves the call to do_exit, where it's made without locks. This avoids the deadlock issues that the old __exit_signal code's comment talks about, and the one that Oleg found recently with process CPU timers. [ This replaces e03d13e985d48ac4885382c9e3b1510c78bd047f, which is why it was just reverted. ] Signed-off-by: Roland McGrath Signed-off-by: Linus Torvalds --- kernel/exit.c | 1 + kernel/posix-timers.c | 2 +- kernel/signal.c | 14 +------------- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/kernel/exit.c b/kernel/exit.c index 43077732619..3b25b182d2b 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -843,6 +843,7 @@ fastcall NORET_TYPE void do_exit(long code) group_dead = atomic_dec_and_test(&tsk->signal->live); if (group_dead) { del_timer_sync(&tsk->signal->real_timer); + exit_itimers(tsk->signal); acct_process(code); } exit_mm(tsk); diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c index b7b532acd9f..dda3cda73c7 100644 --- a/kernel/posix-timers.c +++ b/kernel/posix-timers.c @@ -1157,7 +1157,7 @@ retry_delete: } /* - * This is called by __exit_signal, only when there are no more + * This is called by do_exit or de_thread, only when there are no more * references to the shared signal_struct. */ void exit_itimers(struct signal_struct *sig) diff --git a/kernel/signal.c b/kernel/signal.c index 50c99264377..f2b96b08fb4 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -397,20 +397,8 @@ void __exit_signal(struct task_struct *tsk) flush_sigqueue(&tsk->pending); if (sig) { /* - * We are cleaning up the signal_struct here. We delayed - * calling exit_itimers until after flush_sigqueue, just in - * case our thread-local pending queue contained a queued - * timer signal that would have been cleared in - * exit_itimers. When that called sigqueue_free, it would - * attempt to re-take the tasklist_lock and deadlock. This - * can never happen if we ensure that all queues the - * timer's signal might be queued on have been flushed - * first. The shared_pending queue, and our own pending - * queue are the only queues the timer could be on, since - * there are no other threads left in the group and timer - * signals are constrained to threads inside the group. + * We are cleaning up the signal_struct here. */ - exit_itimers(sig); exit_thread_group_keys(sig); kmem_cache_free(signal_cachep, sig); } -- cgit v1.2.3 From 63172cb3d5ef762dcb60a292bc7f016b85cf6e1f Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Fri, 21 Oct 2005 16:56:08 -0700 Subject: [PATCH] typo fix in last cpufreq powernow patch Not sure how it slipped by, but here's a trivial typo fix for powernow. Signed-off-by: Chris Wright [ It's "nurter" backwards.. Maybe we have a hillbilly The Shining fan? ] Signed-off-by: Linus Torvalds --- arch/i386/kernel/cpu/cpufreq/powernow-k8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/i386/kernel/cpu/cpufreq/powernow-k8.c b/arch/i386/kernel/cpu/cpufreq/powernow-k8.c index ec3a9e335aa..58ca98fdc2c 100644 --- a/arch/i386/kernel/cpu/cpufreq/powernow-k8.c +++ b/arch/i386/kernel/cpu/cpufreq/powernow-k8.c @@ -175,7 +175,7 @@ static int write_new_fid(struct powernow_k8_data *data, u32 fid) wrmsr(MSR_FIDVID_CTL, lo, data->plllock * PLL_LOCK_CONVERSION); if (i++ > 100) { printk(KERN_ERR PFX "internal error - pending bit very stuck - no further pstate changes possible\n"); - retrun 1; + return 1; } } while (query_current_values_with_pending_wait(data)); -- cgit v1.2.3