12 Nov, 2010
11 commits
-
clean_sort_range() should return a number of nonempty elements of range
array, but if the array is full clean_sort_range() returns 0.The problem is that the number of nonempty elements is evaluated by
finding the first empty element of the array. If there is no such element
it returns an initial value of local variable nr_range that is zero.The fix is trivial: it changes initial value of nr_range to size of the
array.The bug can lead to loss of information regarding all ranges, since
typically returned value of clean_sort_range() is considered as an actual
number of ranges in the array after a series of add/subtract operations.Found by Analytical Verification project of Linux Verification Center
(linuxtesting.org), thanks to Alexander Kolosov.Signed-off-by: Alexey Khoroshilov
Cc: Yinghai Lu
Cc: "H. Peter Anvin"
Cc: Geert Uytterhoeven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There was a signedness bug so "ret" was never less than zero and that
breaks the error handling. Also in the original code it would overwrite
ret and the result is still negative but it's bogus number instead of the
correct error code.Signed-off-by: Dan Carpenter
Cc: Samu Onkalo
Cc: Jonathan Cameron
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The original code had a null dereference if alloc_percpu() failed. This
was introduced in commit 711d3d2c9bc3 ("memcg: cpu hotplug aware percpu
count updates")Signed-off-by: Dan Carpenter
Reviewed-by: Balbir Singh
Acked-by: KAMEZAWA Hiroyuki
Acked-by: Daisuke Nishimura
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
i2c_smbus_read_byte_data() may return negative error code. This is not
seen to als_sensing_range_store() as the result is stored in unsigned int.Made it signed.
Signed-off-by: Vasiliy Kulikov
Cc: Hong Liu
Cc: Alan Cox
Cc: Anantha Narayanan
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
"ret_val" is supposed to be signed here or the error handling breaks.
Also we should check the return value from i2c_smbus_read_byte_data().Signed-off-by: Dan Carpenter
Signed-off-by: Alan Cox
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 3e4d3af501cc ("mm: stack based kmap_atomic()") introduced the
kmap_atomic_idx_push() function which warns on in_irq() with
CONFIG_DEBUG_HIGHMEM enabled. This patch includes linux/hardirq.h for
the in_irq definition.Signed-off-by: Catalin Marinas
Acked-by: Peter Zijlstra
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Followup of perf tools session in Netfilter WorkShop 2010
In the network stack we make high usage of atomic_inc_not_zero() in
contexts we know the probable value of atomic before increment (2 for udp
sockets for example)Using a special version of atomic_inc_not_zero() giving this hint can help
processor to use less bus transactions.On x86 (MESI protocol) for example, this avoids entering Shared state,
because "lock cmpxchg" issues an RFO (Read For Ownership)akpm: Adds a new include/linux/atomic.h. This means that new code should
henceforth include linux/atomic.h and not asm/atomic.h. The presence of
include/linux/atomic.h will in fact cause checkpatch.pl to warn about use
of asm/atomic.h. The new include/linux/atomic.h becomes the place where
arch-neutral atomic_t code should be placed.[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Eric Dumazet
Cc: Christoph Lameter
Cc: Ingo Molnar
Cc: Andi Kleen
Cc: Arnaldo Carvalho de Melo
Cc: David Miller
Cc: "Paul E. McKenney"
Cc: Nick Piggin
Reviewed-by: "Paul E. McKenney"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Fix the following warning:
usr/include/linux/resource.h:49: found __[us]{8,16,32,64} type without #includeSigned-off-by: Jean Delvare
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The size calculation is done incorrectly here because it should include
both the start and end (end - start + 1). It's easiest to just use
resource_size() which does the right thing.I was worried there was something non-standard going on because the
printk() subtracts "end - 1", but the rest of the file uses the normal
resource size calculations. This function is only called from
fsl_rio_setup() in arch/powerpc/sysdev/fsl_rio.c and the calculation
there is also:port->iores.start = law_start;
port->iores.end = law_start + law_size - 1;So I think this is the correct fix.
Signed-off-by: Dan Carpenter
Cc: Alexandre Bounine
Acked-by: Li Yang
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Fix these warnings:
drivers/macintosh/adb-iop.c: In function `adb_iop_complete':
drivers/macintosh/adb-iop.c:85: warning: comparison of distinct pointer types lacks a cast
drivers/macintosh/adb-iop.c:92: warning: comparison of distinct pointer types lacks a cast
drivers/macintosh/adb-iop.c: In function ¡adb_iop_listen¢:
drivers/macintosh/adb-iop.c:111: warning: comparison of distinct pointer types lacks a cast
drivers/macintosh/adb-iop.c:151: warning: comparison of distinct pointer types lacks a castSigned-off-by: Geert Uytterhoeven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Both commits 0a3d763f1a68 ("ptrace: cleanup arch_ptrace() on um") and
9b05a69e0534 ("ptrace: change signature of arch_ptrace()") broke the um
build. This patch fixes the issues.0a3d763f1a68 introduced the undeclared variable "datavp". The patch seems
completely untested. :-(9b05a69e0534 changed arch_ptrace()'s signature but did not update
um/include/asm/ptrace-generic.h.Signed-off-by: Richard Weinberger
Cc: Namhyung Kim
Cc: Jeff Dike
Tested-by: Will Newton
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
10 Nov, 2010
2 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: fix a memleak in cifs_setattr_nounix()
cifs: make cifs_ioctl handle NULL filp->private_data correctly -
As pointed out by Linus, commit dab5855 ("perf_counter: Add mmap event hooks to
mprotect()") is fundamentally wrong as mprotect_fixup() can free 'vma' due to
merging. Fix the problem by moving perf_event_mmap() hook to
mprotect_fixup().Note: there's another successful return path from mprotect_fixup() if old
flags equal to new flags. We don't, however, need to call
perf_event_mmap() there because 'perf' already knows the VMA is
executable.Reported-by: Dave Jones
Analyzed-by: Linus Torvalds
Cc: Ingo Molnar
Reviewed-by: Peter Zijlstra
Signed-off-by: Pekka Enberg
Signed-off-by: Linus Torvalds
09 Nov, 2010
15 commits
-
Andrew Hendry reported a kmemleak warning in 2.6.37-rc1 while editing a
text file with gedit over cifs.unreferenced object 0xffff88022ee08b40 (size 32):
comm "gedit", pid 2524, jiffies 4300160388 (age 2633.655s)
hex dump (first 32 bytes):
5c 2e 67 6f 75 74 70 75 74 73 74 72 65 61 6d 2d \.goutputstream-
35 42 41 53 4c 56 00 de 09 00 00 00 2c 26 78 ee 5BASLV......,&x.
backtrace:
[] kmemleak_alloc+0x2d/0x60
[] __kmalloc+0xe3/0x1d0
[] build_path_from_dentry+0xf0/0x230 [cifs]
[] cifs_setattr+0x9e/0x770 [cifs]
[] notify_change+0x170/0x2e0
[] sys_fchmod+0x10b/0x140
[] system_call_fastpath+0x16/0x1b
[] 0xffffffffffffffffThe commit 1025774c that removed inode_setattr() seems to have introduced this
memleak by returning early without freeing 'full_path'.Reported-by: Andrew Hendry
Cc: Christoph Hellwig
Reviewed-by: Jeff Layton
Signed-off-by: Suresh Jayaraman
Signed-off-by: Steve French -
…s/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
kernel: Constify temporary variable in roundup() -
Fix build error with GCC 3.x caused by commit b28efd54
"kernel: roundup should only reference arguments once" by constifying
temporary variable used in that macro.Signed-off-by: Tetsuo Handa
Suggested-by: Andrew Morton
Acked-by: Eric Paris
Signed-off-by: James Morris -
Fix openpromfs compilation by adding a missing semicolon in
fs/openpromfs/inode.c openprom_mount().Signed-off-by: Meelis Roos
Signed-off-by: David S. Miller
Signed-off-by: Linus Torvalds -
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: Add new ext4 inode tracepoints
ext4: Don't call sb_issue_discard() in ext4_free_blocks()
ext4: do not try to grab the s_umount semaphore in ext4_quota_off
ext4: fix potential race when freeing ext4_io_page structures
ext4: handle writeback of inodes which are being freed
ext4: initialize the percpu counters before replaying the journal
ext4: "ret" may be used uninitialized in ext4_lazyinit_thread()
ext4: fix lazyinit hang after removing request -
Commit 13cfb7334e made cifs_ioctl use the tlink attached to the
cifsFileInfo for a filp. This ignores the case of an open directory
however, which in CIFS can have a NULL private_data until a readdir
is done on it.This patch re-adds the NULL pointer checks that were removed in commit
50ae28f01 and moves the setting of tcon and "caps" variables lower.Long term, a better fix would be to establish a f_op->open routine for
directories that populates that field at open time, but that requires
some other changes to how readdir calls are handled.Reported-by: Kjell Rune Skaaraas
Reviewed-and-Tested-by: Suresh Jayaraman
Signed-off-by: Jeff Layton
Signed-off-by: Steve French -
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
TTY: move .gitignore from drivers/char/ to drivers/tty/vt/
TTY: create drivers/tty/vt and move the vt code there
TTY: create drivers/tty and move the tty core files there -
…egkh/staging-next-2.6
* 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-next-2.6:
Staging: ath6kl: remove empty files that mess with 'distclean'
staging: ath6kl: Fixing the driver to use modified mmc_host structure
Staging: solo6x10: fix build problem -
…nel/git/lethal/sh-2.6
* 'rmobile-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
mmc: sh_mmcif: Convert extern inline to static inline.
ARM: mach-shmobile: Allow GPIO chips to register IRQ mappings.
ARM: mach-shmobile: fix sh7372 after a recent clock framework rework
ARM: mach-shmobile: include drivers/sh/Kconfig
ARM: mach-shmobile: ap4evb: Add HDMI sound support
ARM: mach-shmobile: clock-sh7372: Add FSIDIV clock support
ARM: shmobile: remove sh_timer_config clk member -
* 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
sh: clkfwk: Fix up checkpatch warnings.
sh: make some needlessly global sh7724 clocks static
sh: add clk_round_parent() to optimize parent clock rate
sh: Simplify phys_addr_mask()/PTE_PHYS_MASK for 29/32-bit.
sh: nommu: Support building without an uncached mapping.
sh: nommu: use 32-bit phys mode.
sh: mach-se: Fix up SE7206 no ioport build.
sh: intc: Update for single IRQ reservation helper.
sh: clkfwk: Fix up rate rounding error handling.
sh: mach-se: Rip out superfluous 7751 PIO routines.
sh: mach-se: Rip out superfluous 770x PIO routines.
sh: mach-edosk7705: Kill off machtype, consolidate board def.
sh: mach-edosk7705: update for this century, kill off PIO trapping.
sh: mach-se: Rip out superfluous 7206 PIO routines.
sh: mach-systemh: Kill off dead board.
sh: mach-snapgear: Kill off machtype, consolidate board def.
sh: mach-snapgear: Rip out superfluous PIO routines.
sh: mach-microdev: SuperIO-relative ioport mapping. -
Add ext4_evict_inode, ext4_drop_inode, ext4_mark_inode_dirty, and
ext4_begin_ordered_truncate()Signed-off-by: "Theodore Ts'o"
-
Commit 5c521830cf (ext4: Support discard requests when running in
no-journal mode) attempts to add sb_issue_discard() for data blocks
(in data=writeback mode) and in no-journal mode. Unfortunately, this
no longer works, because in commit dd3932eddf (block: remove
BLKDEV_IFL_WAIT), sb_issue_discard() only presents a synchronous
interface, and there are times when we call ext4_free_blocks() when we
are are holding a spinlock, or are otherwise in an atomic context.For now, I've removed the call to sb_issue_discard() to prevent a
deadlock or (if spinlock debugging is enabled) failures like this:BUG: scheduling while atomic: rc.sysinit/1376/0x00000002
Pid: 1376, comm: rc.sysinit Not tainted 2.6.36-ARCH #1
Call Trace:
[] __schedule_bug+0x5e/0x70
[] schedule+0x950/0xa70
[] ? insert_work+0x7d/0x90
[] ? queue_work_on+0x1d/0x30
[] ? queue_work+0x37/0x60
[] schedule_timeout+0x21d/0x360
[] ? generic_make_request+0x2c3/0x540
[] wait_for_common+0xc0/0x150
[] ? default_wake_function+0x0/0x10
[] ? submit_bio+0x7c/0x100
[] ? wake_bit_function+0x0/0x40
[] wait_for_completion+0x18/0x20
[] blkdev_issue_discard+0x1b9/0x210
[] ext4_free_blocks+0x68e/0xb60
[] ? __ext4_handle_dirty_metadata+0x110/0x120
[] ext4_ext_truncate+0x8cc/0xa70
[] ? pagevec_lookup+0x1e/0x30
[] ext4_truncate+0x178/0x5d0
[] ? unmap_mapping_range+0xab/0x280
[] vmtruncate+0x56/0x70
[] ext4_setattr+0x14b/0x460
[] notify_change+0x194/0x380
[] do_truncate+0x60/0x90
[] ? security_inode_permission+0x1a/0x20
[] ? tomoyo_path_truncate+0x11/0x20
[] do_last+0x5d9/0x770
[] do_filp_open+0x1ed/0x680
[] ? page_fault+0x1f/0x30
[] ? alloc_fd+0xec/0x140
[] do_sys_open+0x61/0x120
[] sys_open+0x1b/0x20
[] system_call_fastpath+0x16/0x1bhttps://bugzilla.kernel.org/show_bug.cgi?id=22302
Reported-by: Mathias Burén
Signed-off-by: "Theodore Ts'o"
Cc: jiayingz@google.com -
It's not needed to sync the filesystem, and it fixes a lock_dep complaint.
Signed-off-by: Dmitry Monakhov
Signed-off-by: "Theodore Ts'o"
Reviewed-by: Jan Kara -
Use an atomic_t and make sure we don't free the structure while we
might still be submitting I/O for that page.Signed-off-by: "Theodore Ts'o"
-
The following BUG can occur when an inode which is getting freed when
it still has dirty pages outstanding, and it gets deleted (in this
because it was the target of a rename). In ordered mode, we need to
make sure the data pages are written just in case we crash before the
rename (or unlink) is committed. If the inode is being freed then
when we try to igrab the inode, we end up tripping the BUG_ON at
fs/ext4/page-io.c:146.To solve this problem, we need to keep track of the number of io
callbacks which are pending, and avoid destroying the inode until they
have all been completed. That way we don't have to bump the inode
count to keep the inode from being destroyed; an approach which
doesn't work because the count could have already been dropped down to
zero before the inode writeback has started (at which point we're not
allowed to bump the count back up to 1, since it's already started
getting freed).Thanks to Dave Chinner for suggesting this approach, which is also
used by XFS.kernel BUG at /scratch_space/linux-2.6/fs/ext4/page-io.c:146!
Call Trace:
[] ext4_bio_write_page+0x172/0x307
[] mpage_da_submit_io+0x2f9/0x37b
[] mpage_da_map_and_submit+0x2cc/0x2e2
[] mpage_add_bh_to_extent+0xc6/0xd5
[] write_cache_pages_da+0x2a4/0x3ac
[] ext4_da_writepages+0x2d6/0x44d
[] do_writepages+0x1c/0x25
[] __filemap_fdatawrite_range+0x4b/0x4d
[] filemap_fdatawrite_range+0xe/0x10
[] jbd2_journal_begin_ordered_truncate+0x7b/0xa2
[] ext4_evict_inode+0x57/0x24c
[] evict+0x22/0x92
[] iput+0x212/0x249
[] dentry_iput+0xa1/0xb9
[] d_kill+0x3d/0x5d
[] dput+0x13a/0x147
[] sys_renameat+0x1b5/0x258
[] ? _atomic_dec_and_lock+0x2d/0x4c
[] ? cp_new_stat+0xde/0xea
[] ? sys_newlstat+0x2d/0x38
[] sys_rename+0x16/0x18
[] system_call_fastpath+0x16/0x1bReported-by: Nick Bowler
Signed-off-by: "Theodore Ts'o"
Tested-by: Nick Bowler
08 Nov, 2010
5 commits
-
…xtension' into sh-fixes-for-linus
-
The clk_round_parent() change introduced various checkpatch warnings,
tidy them up.Signed-off-by: Paul Mundt
-
These clocks are currently only used inside one .c file and are not
declared in any headers, therefore having them global is useless.Signed-off-by: Guennadi Liakhovetski
Signed-off-by: Paul Mundt -
Sometimes it is possible and reasonable to adjust the parent clock rate to
improve precision of the child clock, e.g., if the child clock has no siblings.
clk_round_parent() is a new addition to the SH clock-framework API, that
implements such an optimization for child clocks with divisors, taking all
integer values in a range.Signed-off-by: Guennadi Liakhovetski
Signed-off-by: Paul Mundt
07 Nov, 2010
1 commit
-
These two .h files would get removed from the tree when doing
make distcleanIt turns out they are not needed at all, so just delete them which fixes
people's git trees when doing development.Reported-by: Andi Kleen
Signed-off-by: Greg Kroah-Hartman
06 Nov, 2010
6 commits
-
While scanning the floopy code due to c093ee4f07f4 ("floppy: fix
use-after-free in module load failure path"), I found one more instance
of trying to access disk->queue pointer after doing put_disk() on
gendisk. For some reason , floppy moule still loads/unloads fine. The
object is probably still around with right pointer values.o There seems to be one more instance of trying to cleanup the request
queue after we have called put_disk() on associated gendisk.o This fix is more out of code inspection. Even without this fix for
some reason I am able to load/unload floppy module without any
issues.o Floppy module loads/unloads fine after the fix.
Signed-off-by: Vivek Goyal
Signed-off-by: Linus Torvalds -
The autogenerated files (consolemap_deftbl.c and defkeymap.c) need to
be ignored by git, so move the .gitignore file that was doing it to the
properly location now that the files have moved as well.Cc: Arnd Bergmann
Cc: Jiri Slaby
Cc: Alan Cox
Signed-off-by: Greg Kroah-Hartman -
Commit 27ae60f8f7aa ("ipw2x00: replace "ieee80211" with "libipw" where
appropriate") changed DRV_NAME to be "libipw", but didn't properly fix
up the places where it was used to specify the name for the /proc/net/
directory.For backwards compatibility reasons, that directory name remained
"ieee80211", but due to the DRV_NAME change, the error case printouts
and the cleanup functions now used "libipw" instead. Which made it all
fail badly.For example, on module unload as reported by Randy:
WARNING: at fs/proc/generic.c:816 remove_proc_entry+0x156/0x35e()
name 'libipw'because it's trying to unregister a /proc directory that obviously
doesn't even exist.Clean it all up to use DRV_PROCNAME for the actual /proc directory name.
Reported-and-tested-by: Randy Dunlap
Cc: Pavel Roskin
Cc: John W. Linville
Signed-off-by: Linus Torvalds -
* 'kvm-updates/2.6.37' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: PPC: BookE: Load the lower half of MSR
KVM: PPC: BookE: fix sleep with interrupts disabled
KVM: PPC: e500: Call kvm_vcpu_uninit() before kvmppc_e500_tlb_uninit().
PPC: KVM: Book E doesn't have __end_interrupts.
KVM: x86: Issue smp_call_function_many with preemption disabled
KVM: x86: fix information leak to userland
KVM: PPC: fix information leak to userland
KVM: MMU: fix rmap_remove on non present sptes
KVM: Write protect memory after slot swap -
Commit 488211844e0c ("floppy: switch to one queue per drive instead of
sharing a queue") introduced a use-after-free. We do "put_disk()" on
the disk device _before_ we then clean up the queue associated with that
disk.Move the put_disk() down to avoid dereferencing a free'd data structure.
Cc: Jens Axboe
Cc: Vivek Goyal
Reported-and-tested-by: Randy Dunlap
Signed-off-by: Linus Torvalds -
Commit d9ca07a05ce1 ("watchdog: Avoid kernel crash when disabling
watchdog") introduces a section mismatch.Now that we reference no_watchdog from non-__init code it can no longer
be __initdata.Signed-off-by: David Daney
Cc: Stephane Eranian
Cc: Peter Zijlstra
Cc: Ingo Molnar
Signed-off-by: Linus Torvalds