This patch should fix or partly fix this bug:
http://bugzilla.kernel.org/show_bug.cgi?id=8276
The problem is:
- if we see "zero link case" during reading inode operation, we call
ufs_error(which remount fs readonly), but not "mark" inode as bad (1)
- in readonly case we do not fill some data structures, which are used in
read and write case (2)
- VFS call ufs_delete_inode if link count is zero (3)
so (1)->(3)->(2) cause oops, this patch should fix such scenario
Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru>
Cc: Jim Paris <jim@jtan.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
It turns out that the last patch to change set_cs to be kept in the
controller's structure instead of the platform data was an incomplete
change, and did not change the references to platfrom data in the setup
xfer code. (This can prevent an oops.)
Reported-by: <Ling.Alex@iac.com.tw>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
arch/alpha/kernel/sys_sx164.c
Earlier firmware revisions need MVI fix as well.
arch/alpha/kernel/sys_nautilus.c
On UP1500 firmware reports wrong AGP IRQ (10 instead of 5).
This causes interrupt storm if there is a PCI device that
uses IRQ 5.
Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Files:
arch/alpha/kernel/core_mcpcia.c
arch/alpha/kernel/sys_rawhide.c
include/asm-alpha/core_mcpcia.h
Determine correct hose configuration; RAWHIDE family can have
2 or 4 hoses, so make sure non-existent hoses are ignored.
arch/alpha/kernel/err_titan.c
Supply a needed #include <asm/irq_regs.h>
arch/alpha/kernel/module.c
Add some useful output to the relocation overflow messages.
arch/alpha/kernel/sys_noritake.c
Supply necessary noritake_end_irq() to correct interrupt handling.
This fixes a problem first noted by hangs during boot probing with
a DE500-BA TULIP NIC present.
arch/alpha/kernel/sys_sio.c
Correct saving of original PIRQ register (PCI IRQ routing);
change default PIRQ setting to leave PCI IRQs 9 and 14 free to
be used for sound (Multia) and IDE (any), respectively.
include/asm-alpha/io.h
Supply the "isa_virt_to_bus" routine.
Signed-off-by: Jay Estabrook <jay.estabrook@hp.com>
Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Make kernel-doc comments match macro names.
Correct parameter names in a few places.
Remove '#' from beginning of kernel-doc comment macro names.
Remove extra (erroneous) blank lines in kernel-doc.
Warning(plist.h:100): Cannot understand * #PLIST_HEAD_INIT - static struct plist_head initializer on line 100 - I thought it was a doc line
Warning(plist.h:112): Cannot understand * #PLIST_NODE_INIT - static struct plist_node initializer on line 112 - I thought it was a doc line
Warning(plist.h:103): No description found for parameter '_lock'
Warning(plist.h:129): No description found for parameter 'lock'
Warning(plist.h:158): No description found for parameter 'pos'
Warning(plist.h:169): No description found for parameter 'pos'
Warning(plist.h:169): No description found for parameter 'n'
Warning(plist.h:179): No description found for parameter 'mem'
This still leaves one warning & one error that need attention:
Error(plist.h:219): cannot understand prototype: '('
Warning(plist.h): no structured comments found
Acked-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
Cc: Daniel Walker <dwalker@mvista.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The patch checks for "|" in the pattern not the output and doesn't nail a
pid on to a piped name (as it is a program name not a file)
Also fixes a very very obscure security corner case. If you happen to have
decided on a core pattern that starts with the program name then the user
can run a program called "|myevilhack" as it stands. I doubt anyone does
this.
Signed-off-by: Alan Cox <alan@redhat.com>
Confirmed-by: Christopher S. Aker <caker@theshore.net>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The following patch adds support for sysfs/uevent modalias
attribute for scsi devices (like disks, tapes, cdroms etc),
based on whatever current sd.c, sr.c, st.c and osst.c drivers
supports.
The modalias format is like this:
scsi:type-0x04
(for TYPE_WORM, handled by sr.c now).
Several comments.
o This hexadecimal type value is because all TYPE_XXX constants
in include/scsi/scsi.h are given in hex, but __stringify() will
not convert them to decimal (so it will NOT be scsi:type-4).
Since it does not really matter in which format it is, while
both modalias in module and modalias attribute match each other,
I descided to go for that 0x%02x format (and added a comment in
include/scsi/scsi.h to keep them that way), instead of changing
them all to decimal.
o There was no .uevent routine for SCSI bus. It might be a good
idea to add some more ueven environment variables in there.
o osst.c driver handles tapes too, like st.c, but only SOME tapes.
With this setup, hotplug scripts (or whatever is used by the
user) will try to load both st and osst modules for all SCSI
tapes found, because both modules have scsi:type-0x01 alias).
It is not harmful, but one extra module is no good either.
It is possible to solve this, by exporting more info in
modalias attribute, including vendor and device identification
strings, so that modalias becomes something like
scsi:type-0x12:vendor-Adaptec LTD:device-OnStream Tape Drive
and having that, match for all 3 attributes, not only device
type. But oh well, vendor and device strings may be large,
and they do contain spaces and whatnot.
So I left them for now, awaiting for comments first.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
This patch (as857) modifies the SG_GET_RESERVED_SIZE and
SG_SET_RESERVED_SIZE ioctls in the sg driver, capping the values at
the device's request_queue's max_sectors value. This will permit
cdrecord to obtain a legal value for the maximum transfer length,
fixing Bugzilla #7026.
The patch also caps the initial reserved_size value. There's no
reason to have a reserved buffer larger than max_sectors, since it
would be impossible to use the extra space.
The corresponding ioctls in the block layer are modified similarly,
and the initial value for the reserved_size is set as large as
possible. This will effectively make it default to max_sectors.
Note that the actual value is meaningless anyway, since block devices
don't have a reserved buffer.
Finally, the BLKSECTGET ioctl is added to sg, so that there will be a
uniform way for users to determine the actual max_sectors value for
any raw SCSI transport.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Acked-by: Jens Axboe <jens.axboe@oracle.com>
Acked-by: Douglas Gilbert <dougg@torque.net>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
I got so sick of seing the check_region warnings from BusLogic.c I actually
fixed it properly. Never use check region, reserve it before the probe
with request region instead and check the error result; free region if
setup fails. Should be functionally identical to the original except for
fixing the potential race.
Signed-off-by: Zachary Amsden <zach@vmware.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Thanks for the help from Steve Fox and Duane Cox investigating this
issue, I'd like to report that we found the problem. The issue is with
the patch Steve Fox isolated below, by not accommodating older adapters
properly and issuing a command they do not support when retrieving
storage parameters about the arrays. This simple patch resolves the
problem (and more accurately mimics the logic of the original code
before the patch).
Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Correct a spelling mistake for the SMC product names (replace 'B' with
'R') in the Documentation/scsi/aacraid.txt file. This is a follow-up to
a documentation patch '[PATCH] aacraid: Add SMC and SUN products to
README' submitted and accepted to scsi-misc-2.6 on March 27 2007.
Signed-off-by: Mark Salyzyn <aacraid@adaptec.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Currently, the scsi error handler will issue a START_UNIT
command if the drive indicates it needs its motor started
and the allow_restart flag is set in the scsi_device. If,
after the scsi error handler invokes a host adapter reset
due to error recovery, a device is in a unit attention
state AND also needs a START_UNIT, that device will be placed
offline. The disk array devices on an ipr RAID adapter
will do exactly this when in a dual initiator configuration.
This patch adds a single retry to the EH initiated
START_UNIT.
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Patch modified and
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
compare_ether_addr() implicitly requires that the addresses
passed are 2-bytes aligned in memory.
This is not true for br_stp_change_bridge_id() and
br_stp_recalculate_bridge_id() in which one of the addresses
is unsigned char *, and thus may not be 2-bytes aligned.
Signed-off-by: Evgeny Kravtsunov <emkravts@openvz.org>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Pavel Emelianov <xemul@openvz.org>
During the sctp_bindx() call to add additional addresses to the
endpoint, any v4mapped addresses are converted and stored as regular
v4 addresses. However, when trying to remove these addresses, the
v4mapped addresses are not converted and the operation fails. This
patch unmaps the addresses on during the remove operation as well.
Signed-off-by: Paolo Galtieri <pgaltieri@mvista.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In current implementation, LKSCTP does receive buffer accounting for
data in sctp_receive_queue and pd_lobby. However, LKSCTP don't do
accounting for data in frag_list when data is fragmented. In addition,
LKSCTP doesn't do accounting for data in reasm and lobby queue in
structure sctp_ulpq.
When there are date in these queue, assertion failed message is printed
in inet_sock_destruct because sk_rmem_alloc of oldsk does not become 0
when socket is destroyed.
Signed-off-by: Tsutomu Fujii <t-fujii@nb.jp.nec.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Otherwise the following calltrace will lead to a wrong
lockdep warning:
neigh_proxy_process()
`- lock(neigh_table->proxy_queue.lock);
arp_redo /* via tbl->proxy_redo */
arp_process
neigh_event_ns
neigh_update
skb_queue_purge
`- lock(neighbor->arp_queue.lock);
This is not a deadlock actually, as neighbor table's proxy_queue
and the neighbor's arp_queue are different queues.
Lockdep thinks there is a deadlock as both queues are initialized
with skb_queue_head_init() and thus have a common class.
Signed-off-by: David S. Miller <davem@davemloft.net>
In net poll mode, the current checksum function doesn't consider the
kind of packet which is padded to reach a specific minimum length. I
believe that's the problem causing my test case failed. The following
patch fixed this issue.
Signed-off-by: Aubrey.Li <aubreylee@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We should not blindly convert between IPSEC_MODE_xxx and XFRM_MODE_xxx just
by incrementing / decrementing because the assumption is not true any longer.
Signed-off-by: Kazunori MIYAZAWA <miyazawa@linux-ipv6.org>
Singed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Since this was added originally for Xen, and Xen has recently (~2.6.18)
stopped using this function, we can safely get rid of it. Good timing
too since this function has started to bit rot.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
This is on a custom board with a mapping driver access to an ST
M50LPW080 chip. This chip is probed successfully with
do_map_probe("jedec_probe",...). If I use the mtdchar interface to
perform unlock->erase->program->lock on any of the 16 eraseblocks in the
chip, the chip is left in FL_STATUS mode while the data structures
believe that the chip is in FL_READY mode. Hence, any subsequent reads
to any flash byte results in 0x80 being read.
Signed-off-by: Shashi Rao <shashi@sun.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Remove excessive scanning of empty flash after a clean
marker for users of the point/unpoint method. cfi_cmdset_0001
uses point/unpoint by default iff flash mapping is linear.
The speedup is several orders of magnitude if FS is less than
half full.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
In read inode we have an optimization which prevents one
min. I/O unit (e.g. NAND page) to be read more then once.
Namely, at the beginning we do not know which node type we read,
so we read so we assume we read the directory entry, because it
has the smallest node header. When we read it, we read up to the
next min. I/O unit, just because if later we'll need to read more,
we already have this data.
If it turns out to be that the node is not directory entry, and
we need more data, and we did not read it because it sits in the
next min. I/O unit, we read the whole next (or several next)
min. I/O unit(s). And if it happens to be that we read a data node,
and we've read part of its data, we calculate partial CRC.
So if later we need to check data CRC, we'll only read the rest
of the data from further min. I/O units and continue CRC checking.
This code was a bit messy and buggy. The bug was that it assumed
relatively large min. I/O unit, so that the largest node header
could overlap only one min. I/O unit boundary.
This parch clean-ups the code a bit and fixes this bug.
The patch was not tested on flash with small min. I/O unit, like
NOR-ECC, nut it was tested on NAND with 512 bytes NAND page, so
it at least does not break NAND. It was also tested with mtdram
so it should not break NOR.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
After a write error, any data in the write buffer must
be relocated. This is handled by the jffs2_wbuf_recover
function. This function does not fix up the erase block
summary information that is collected for writing at the
end of the block, which results in an incorrect summary
(or BUG if the summary was found to be empty).
As the summary is not essential (it is an optimisation),
it may be disabled for the current erase block when this
situation arises. This patch does that.
Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
If a write error occurs, the affected block is placed on the
bad_used_list. In the case that the write error occured
when writing summary data the block was also being placed on
the dirty_list, which caused list corruption and ultimately
a soft lockup in jffs2_mark_node_obsolete. This fixes that.
Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
A new module parameter has been added called 'overridesize',
which overrides the size that would be determined by the
ID bytes. 'overridesize' is specified in erase blocks and
as the exponent of a power of two e.g. 5 means a size of
32 erase blocks.
Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
New module parameters have been added to nandsim to
simulate:
bitflips random bit flips
badblocks blocks that are initially marked bad
weakblocks blocks that fail to erase after a
small number of erase cycles
weakpages pages that fail to write after a
small number of successful writes
gravepages pages that fail to read after a
small number of successful reads
Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Enhance nandsim to be able to create more than 1 partition.
A new module parameter 'parts' may be used to specify partition
sizes.
Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
When the MTD driver returns write failure, the following deadlock
occurs:
We are in __jffs2_flush_wbuf(), we hold &c->wbuf_sem. Write failure.
jffs2_wbuf_recover()->jffs2_reserve_space_gc()->jffs2_do_reserve_space()
->jffs2_erase_pending_blocks()->jffs2_flash_read()
and it tries to lock &c->wbuf_sem again. Deadlock.
Reported-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
There is a slight bug in nand_default_block_markbad, where the offset is
cast to an integer, prior to being shifted. This means that on large
offsets, it is incorrectly doing a signed shift & losing bits. Fixed
this by doing the cast after the shift (as is done elsewhere in the code).
Signed-off-by: Andre Renaud <andre@bluewatersys.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Add support for AT26Fxxx dataflash devices. These devices have a quite different
commandset than the AT45xxx chips, which are handled by at91_dataflash.c, so a
combined driver turned out to be more ugly than useful.
Tested only on AT26F004.
Signed-off-by: Hans-Jürgen Koch <hjk@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
The ops.len member is not initialized, because it is unused for this
operation. The length check needs to use ops.ooblen instead
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
The support for obsolete ancient NAND chips adds .data size and one
of the old ids conflicts with a modern one. Make the support for
such chips depending on a config option.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Use the functions in the ecc structure instead of the default ones,
so the override by the board driver is effective also for software ecc
code paths.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Check the node CRC on scan before doing anything else with the node.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
o A dependency on the processor architecture does not make sense;
delete it.
o The Alchemy and MTX drivers requires MTD_PARTITIONS and MTD_CFI to work,
make those dependencies.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
cache_k8_northbridges() is storing config values to incorrect locations
(in flush_words) and also its overflowing beyond the allocation, causing
slab verification failures.
Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In mthca_arbel_fmr_unmap(), the high bits of the key are masked off.
This gets rid of the effect of adjust_key(), which makes sure that
bits 3 and 23 of the key are equal when the Sinai throughput
optimization is enabled, and so it may happen that an FMR will end up
with bits 3 and 23 in the key being different. This causes data
corruption, because when enabling the throughput optimization, the
driver promises the HCA firmware that bits 3 and 23 of all memory keys
will always be equal.
Fix by re-applying adjust_key() after masking the key.
Thanks to Or Gerlitz for reproducing the problem, and Ariel Shahar for
help in debug.
Signed-off-by: Michael S. Tsirkin <mst@dev.mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Factor out a bit of messy code by creating posix-to-flock counterparts
to the existing flock-to-posix helper functions.
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
