linux.git, branch v3.1-rc7 Linux kernel source tree Linux 3.1-rc7 2011-09-21T23:58:15+00:00 Linus Torvalds torvalds@linux-foundation.org 2011-09-21T23:58:15+00:00 d93dc5c4478c1fd5de85a3e8aece9aad7bbae044 






XZ: Fix incorrect XZ_BUF_ERROR
2011-09-21T20:39:59+00:00

Lasse Collin
lasse.collin@tukaani.org

2011-09-21T14:30:50+00:00

9c1f8594df4814ebfd6822ca3c9444fb3445888d

xz_dec_run() could incorrectly return XZ_BUF_ERROR if all of the
following was true:

 - The caller knows how many bytes of output to expect and only provides
   that much output space.

 - When the last output bytes are decoded, the caller-provided input
   buffer ends right before the LZMA2 end of payload marker.  So LZMA2
   won't provide more output anymore, but it won't know it yet and thus
   won't return XZ_STREAM_END yet.

 - A BCJ filter is in use and it hasn't left any unfiltered bytes in the
   temp buffer.  This can happen with any BCJ filter, but in practice
   it's more likely with filters other than the x86 BCJ.

This fixes <https://bugzilla.redhat.com/show_bug.cgi?id=735408> where
Squashfs thinks that a valid file system is corrupt.

This also fixes a similar bug in single-call mode where the uncompressed
size of a block using BCJ + LZMA2 was 0 bytes and caller provided no
output space.  Many empty .xz files don't contain any blocks and thus
don't trigger this bug.

This also tweaks a closely related detail: xz_dec_bcj_run() could call
xz_dec_lzma2_run() to decode into temp buffer when it was known to be
useless.  This was harmless although it wasted a minuscule number of CPU
cycles.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>





xz_dec_run() could incorrectly return XZ_BUF_ERROR if all of the
following was true:

 - The caller knows how many bytes of output to expect and only provides
   that much output space.

 - When the last output bytes are decoded, the caller-provided input
   buffer ends right before the LZMA2 end of payload marker.  So LZMA2
   won't provide more output anymore, but it won't know it yet and thus
   won't return XZ_STREAM_END yet.

 - A BCJ filter is in use and it hasn't left any unfiltered bytes in the
   temp buffer.  This can happen with any BCJ filter, but in practice
   it's more likely with filters other than the x86 BCJ.

This fixes <https://bugzilla.redhat.com/show_bug.cgi?id=735408> where
Squashfs thinks that a valid file system is corrupt.

This also fixes a similar bug in single-call mode where the uncompressed
size of a block using BCJ + LZMA2 was 0 bytes and caller provided no
output space.  Many empty .xz files don't contain any blocks and thus
don't trigger this bug.

This also tweaks a closely related detail: xz_dec_bcj_run() could call
xz_dec_lzma2_run() to decode into temp buffer when it was known to be
useless.  This was harmless although it wasted a minuscule number of CPU
cycles.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>







Merge git://github.com/davem330/net
2011-09-21T20:35:00+00:00

Linus Torvalds
torvalds@linux-foundation.org

2011-09-21T20:35:00+00:00

e5b26a88f13dfe3162acd50490c0c8504af81b26

* git://github.com/davem330/net: (27 commits)
  xfrm: Perform a replay check after return from async codepaths
  fib:fix BUG_ON in fib_nl_newrule when add new fib rule
  ixgbe: fix possible null buffer error
  tg3: fix VLAN tagging regression
  net: pxa168: Fix build errors by including interrupt.h
  netconsole: switch init_netconsole() to late_initcall
  gianfar: Fix overflow check and return value for gfar_get_cls_all()
  ppp_generic: fix multilink fragment MTU calculation (again)
  GRETH: avoid overwrite IP-stack's IP-frags checksum
  GRETH: RX/TX bytes were never increased
  ipv6: fix a possible double free
  b43: Fix beacon problem in ad-hoc mode
  Bluetooth: add support for 2011 mac mini
  Bluetooth: Add MacBookAir4,1 support
  Bluetooth: Fixed BT ST Channel reg order
  r8169: do not enable the TBI for anything but the original 8169.
  r8169: remove erroneous processing of always set bit.
  r8169: fix WOL setting for 8105 and 8111evl
  r8169: add MODULE_FIRMWARE for the firmware of 8111evl
  r8169: fix the reset setting for 8111evl
  ...





* git://github.com/davem330/net: (27 commits)
  xfrm: Perform a replay check after return from async codepaths
  fib:fix BUG_ON in fib_nl_newrule when add new fib rule
  ixgbe: fix possible null buffer error
  tg3: fix VLAN tagging regression
  net: pxa168: Fix build errors by including interrupt.h
  netconsole: switch init_netconsole() to late_initcall
  gianfar: Fix overflow check and return value for gfar_get_cls_all()
  ppp_generic: fix multilink fragment MTU calculation (again)
  GRETH: avoid overwrite IP-stack's IP-frags checksum
  GRETH: RX/TX bytes were never increased
  ipv6: fix a possible double free
  b43: Fix beacon problem in ad-hoc mode
  Bluetooth: add support for 2011 mac mini
  Bluetooth: Add MacBookAir4,1 support
  Bluetooth: Fixed BT ST Channel reg order
  r8169: do not enable the TBI for anything but the original 8169.
  r8169: remove erroneous processing of always set bit.
  r8169: fix WOL setting for 8105 and 8111evl
  r8169: add MODULE_FIRMWARE for the firmware of 8111evl
  r8169: fix the reset setting for 8111evl
  ...







Merge branch 'for-linus' of git://git.kernel.dk/linux-block
2011-09-21T20:20:21+00:00

Linus Torvalds
torvalds@linux-foundation.org

2011-09-21T20:20:21+00:00

fed678dc8a8b839c8189b5d889a94e865cd327dd

* 'for-linus' of git://git.kernel.dk/linux-block:
  floppy: use del_timer_sync() in init cleanup
  blk-cgroup: be able to remove the record of unplugged device
  block: Don't check QUEUE_FLAG_SAME_COMP in __blk_complete_request
  mm: Add comment explaining task state setting in bdi_forker_thread()
  mm: Cleanup clearing of BDI_pending bit in bdi_forker_thread()
  block: simplify force plug flush code a little bit
  block: change force plug flush call order
  block: Fix queue_flag update when rq_affinity goes from 2 to 1
  block: separate priority boosting from REQ_META
  block: remove READ_META and WRITE_META
  xen-blkback: fixed indentation and comments
  xen-blkback: Don't disconnect backend until state switched to XenbusStateClosed.





* 'for-linus' of git://git.kernel.dk/linux-block:
  floppy: use del_timer_sync() in init cleanup
  blk-cgroup: be able to remove the record of unplugged device
  block: Don't check QUEUE_FLAG_SAME_COMP in __blk_complete_request
  mm: Add comment explaining task state setting in bdi_forker_thread()
  mm: Cleanup clearing of BDI_pending bit in bdi_forker_thread()
  block: simplify force plug flush code a little bit
  block: change force plug flush call order
  block: Fix queue_flag update when rq_affinity goes from 2 to 1
  block: separate priority boosting from REQ_META
  block: remove READ_META and WRITE_META
  xen-blkback: fixed indentation and comments
  xen-blkback: Don't disconnect backend until state switched to XenbusStateClosed.







init: carefully handle loglevel option on kernel cmdline.
2011-09-21T20:18:52+00:00

Alexander Sverdlin
alexander.sverdlin@sysgo.com

2011-09-21T07:51:40+00:00

808bf29b9195c52239b9aaeda7c6082a0ddf07c6

When a malformed loglevel value (for example "${abc}") is passed on the
kernel cmdline, the loglevel itself is being set to 0.

That then suppresses all following messages, including all the errors
and crashes caused by other malformed cmdline options.  This could make
debugging process quite tricky.

This patch leaves the previous value of loglevel if the new value is
incorrect and reports an error code in this case.

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@sysgo.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>





When a malformed loglevel value (for example "${abc}") is passed on the
kernel cmdline, the loglevel itself is being set to 0.

That then suppresses all following messages, including all the errors
and crashes caused by other malformed cmdline options.  This could make
debugging process quite tricky.

This patch leaves the previous value of loglevel if the new value is
incorrect and reports an error code in this case.

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@sysgo.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>







teach /proc/$pid/numa_maps about transparent hugepages
2011-09-21T20:15:44+00:00

Dave Hansen
dave@linux.vnet.ibm.com

2011-09-20T22:19:41+00:00

32ef43848f283e0ef945d3c67e851c143fea3970

This is modeled after the smaps code.

It detects transparent hugepages and then does a single gather_stats()
for the page as a whole.  This has two benifits:
 1. It is more efficient since it does many pages in a single shot.
 2. It does not have to break down the huge page.

Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>





This is modeled after the smaps code.

It detects transparent hugepages and then does a single gather_stats()
for the page as a whole.  This has two benifits:
 1. It is more efficient since it does many pages in a single shot.
 2. It does not have to break down the huge page.

Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>







break out numa_maps gather_pte_stats() checks
2011-09-21T20:15:44+00:00

Dave Hansen
dave@linux.vnet.ibm.com

2011-09-20T22:19:39+00:00

3200a8aaab0c9ccdc0f59b0dac2d4a47029137fa

gather_pte_stats() does a number of checks on a target page
to see whether it should even be considered for statistics.
This breaks that code out in to a separate function so that
we can use it in the transparent hugepage case in the next
patch.

Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Christoph Lameter <cl@gentwo.org>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>





gather_pte_stats() does a number of checks on a target page
to see whether it should even be considered for statistics.
This breaks that code out in to a separate function so that
we can use it in the transparent hugepage case in the next
patch.

Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Christoph Lameter <cl@gentwo.org>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>







make /proc/$pid/numa_maps gather_stats() take variable page size
2011-09-21T20:15:44+00:00

Dave Hansen
dave@linux.vnet.ibm.com

2011-09-20T22:19:38+00:00

eb4866d0066ffd5446751c102d64feb3318d8bd1

We need to teach the numa_maps code about transparent huge pages.  The
first step is to teach gather_stats() that the pte it is dealing with
might represent more than one page.

Note that will we use this in a moment for transparent huge pages since
they have use a single pmd_t which _acts_ as a "surrogate" for a bunch
of smaller pte_t's.

I'm a _bit_ unhappy that this interface counts in hugetlbfs page sizes
for hugetlbfs pages and PAGE_SIZE for normal pages.  That means that to
figure out how many _bytes_ "dirty=1" means, you must first know the
hugetlbfs page size.  That's easier said than done especially if you
don't have visibility in to the mount.

But, that's probably a discussion for another day especially since it
would change behavior to fix it.  But, just in case anyone wonders why
this patch only passes a '1' in the hugetlb case...

Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>





We need to teach the numa_maps code about transparent huge pages.  The
first step is to teach gather_stats() that the pte it is dealing with
might represent more than one page.

Note that will we use this in a moment for transparent huge pages since
they have use a single pmd_t which _acts_ as a "surrogate" for a bunch
of smaller pte_t's.

I'm a _bit_ unhappy that this interface counts in hugetlbfs page sizes
for hugetlbfs pages and PAGE_SIZE for normal pages.  That means that to
figure out how many _bytes_ "dirty=1" means, you must first know the
hugetlbfs page size.  That's easier said than done especially if you
don't have visibility in to the mount.

But, that's probably a discussion for another day especially since it
would change behavior to fix it.  But, just in case anyone wonders why
this patch only passes a '1' in the hugetlb case...

Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>







xfrm: Perform a replay check after return from async codepaths
2011-09-21T19:20:57+00:00

Steffen Klassert
steffen.klassert@secunet.com

2011-09-20T23:38:58+00:00

bcf66bf54aabffc150acd1c99e0f4bc51935eada

When asyncronous crypto algorithms are used, there might be many
packets that passed the xfrm replay check, but the replay advance
function is not called yet for these packets. So the replay check
function would accept a replay of all of these packets. Also the
system might crash if there are more packets in async processing
than the size of the anti replay window, because the replay advance
function would try to update the replay window beyond the bounds.

This pach adds a second replay check after resuming from the async
processing to fix these issues.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>





When asyncronous crypto algorithms are used, there might be many
packets that passed the xfrm replay check, but the replay advance
function is not called yet for these packets. So the replay check
function would accept a replay of all of these packets. Also the
system might crash if there are more packets in async processing
than the size of the anti replay window, because the replay advance
function would try to update the replay window beyond the bounds.

This pach adds a second replay check after resuming from the async
processing to fix these issues.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>







fib:fix BUG_ON in fib_nl_newrule when add new fib rule
2011-09-21T19:16:40+00:00

Gao feng
gaofeng@cn.fujitsu.com

2011-09-11T15:36:05+00:00

561dac2d410ffac0b57a23b85ae0a623c1a076ca

add new fib rule can cause BUG_ON happen
the reproduce shell is
ip rule add pref 38
ip rule add pref 38
ip rule add to 192.168.3.0/24 goto 38
ip rule del pref 38
ip rule add to 192.168.3.0/24 goto 38
ip rule add pref 38

then the BUG_ON will happen
del BUG_ON and use (ctarget == NULL) identify whether this rule is unresolved

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>





add new fib rule can cause BUG_ON happen
the reproduce shell is
ip rule add pref 38
ip rule add pref 38
ip rule add to 192.168.3.0/24 goto 38
ip rule del pref 38
ip rule add to 192.168.3.0/24 goto 38
ip rule add pref 38

then the BUG_ON will happen
del BUG_ON and use (ctarget == NULL) identify whether this rule is unresolved

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>