29 Jul, 2013
1 commit
-
[ Upstream commit 110ecd69a9feea82a152bbf9b12aba57e6396883 ]
p9_release_pages() would attempt to dereference one value past the end of
pages[]. This would cause the following crashes:[ 6293.171817] BUG: unable to handle kernel paging request at ffff8807c96f3000
[ 6293.174146] IP: [] p9_release_pages+0x3b/0x60
[ 6293.176447] PGD 79c5067 PUD 82c1e3067 PMD 82c197067 PTE 80000007c96f3060
[ 6293.180060] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 6293.180060] Modules linked in:
[ 6293.180060] CPU: 62 PID: 174043 Comm: modprobe Tainted: G W 3.10.0-next-20130710-sasha #3954
[ 6293.180060] task: ffff8807b803b000 ti: ffff880787dde000 task.ti: ffff880787dde000
[ 6293.180060] RIP: 0010:[] [] p9_release_pages+0x3b/0x60
[ 6293.214316] RSP: 0000:ffff880787ddfc28 EFLAGS: 00010202
[ 6293.214316] RAX: 0000000000000001 RBX: ffff8807c96f2ff8 RCX: 0000000000000000
[ 6293.222017] RDX: ffff8807b803b000 RSI: 0000000000000001 RDI: ffffea001c7e3d40
[ 6293.222017] RBP: ffff880787ddfc48 R08: 0000000000000000 R09: 0000000000000000
[ 6293.222017] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
[ 6293.222017] R13: 0000000000000001 R14: ffff8807cc50c070 R15: ffff8807cc50c070
[ 6293.222017] FS: 00007f572641d700(0000) GS:ffff8807f3600000(0000) knlGS:0000000000000000
[ 6293.256784] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 6293.256784] CR2: ffff8807c96f3000 CR3: 00000007c8e81000 CR4: 00000000000006e0
[ 6293.256784] Stack:
[ 6293.256784] ffff880787ddfcc8 ffff880787ddfcc8 0000000000000000 ffff880787ddfcc8
[ 6293.256784] ffff880787ddfd48 ffffffff84128be8 ffff880700000002 0000000000000001
[ 6293.256784] ffff8807b803b000 ffff880787ddfce0 0000100000000000 0000000000000000
[ 6293.256784] Call Trace:
[ 6293.256784] [] p9_virtio_zc_request+0x598/0x630
[ 6293.256784] [] ? wake_up_bit+0x40/0x40
[ 6293.256784] [] p9_client_zc_rpc+0x111/0x3a0
[ 6293.256784] [] ? sched_clock_cpu+0x108/0x120
[ 6293.256784] [] p9_client_read+0xe1/0x2c0
[ 6293.256784] [] v9fs_file_read+0x90/0xc0
[ 6293.256784] [] vfs_read+0xc3/0x130
[ 6293.256784] [] ? trace_hardirqs_on+0xd/0x10
[ 6293.256784] [] SyS_read+0x62/0xa0
[ 6293.256784] [] tracesys+0xdd/0xe2
[ 6293.256784] Code: 66 90 48 89 fb 41 89 f5 48 8b 3f 48 85 ff 74 29 85 f6 74 25 45 31 e4 66 0f 1f 84 00 00 00 00 00 e8 eb 14 12 fd 41 ff c4 49 63 c4 8b 3c c3 48 85 ff 74 05 45 39 e5 75 e7 48 83 c4 08 5b 41 5c
[ 6293.256784] RIP [] p9_release_pages+0x3b/0x60
[ 6293.256784] RSP
[ 6293.256784] CR2: ffff8807c96f3000
[ 6293.256784] ---[ end trace 50822ee72cd360fc ]---Signed-off-by: Sasha Levin
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
11 Jun, 2013
1 commit
-
Pull net/9p bug fix from Eric Van Hensbergen:
"zero copy error fix"* tag '9p-3.10-bug-fix-1' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
net/9p: Handle error in zero copy request correctly for 9p2000.u
29 May, 2013
1 commit
-
For zero copy request, error will be encoded in the user space buffer.
So copy the error code correctly using copy_from_user. Here we use the
extra bytes we allocate for zero copy request. If total error details
are more than P9_ZC_HDR_SZ - 7 bytes, we return -EFAULT. The patch also
avoid a memory allocation in the error path.Signed-off-by: Aneesh Kumar K.V
Signed-off-by: Eric Van Hensbergen
03 May, 2013
1 commit
-
Pull virtio & lguest updates from Rusty Russell:
"Lots of virtio work which wasn't quite ready for last merge window.Plus I dived into lguest again, reworking the pagetable code so we can
move the switcher page: our fixmaps sometimes take more than 2MB now..."Ugh. Annoying conflicts with the tcm_vhost -> vhost_scsi rename.
Hopefully correctly resolved.* tag 'virtio-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (57 commits)
caif_virtio: Remove bouncing email addresses
lguest: improve code readability in lg_cpu_start.
virtio-net: fill only rx queues which are being used
lguest: map Switcher below fixmap.
lguest: cache last cpu we ran on.
lguest: map Switcher text whenever we allocate a new pagetable.
lguest: don't share Switcher PTE pages between guests.
lguest: expost switcher_pages array (as lg_switcher_pages).
lguest: extract shadow PTE walking / allocating.
lguest: make check_gpte et. al return bool.
lguest: assume Switcher text is a single page.
lguest: rename switcher_page to switcher_pages.
lguest: remove RESERVE_MEM constant.
lguest: check vaddr not pgd for Switcher protection.
lguest: prepare to make SWITCHER_ADDR a variable.
virtio: console: replace EMFILE with EBUSY for already-open port
virtio-scsi: reset virtqueue affinity when doing cpu hotplug
virtio-scsi: introduce multiqueue support
virtio-scsi: push vq lock/unlock into virtscsi_vq_done
virtio-scsi: pass struct virtio_scsi to virtqueue completion function
...
20 Mar, 2013
1 commit
-
virtio_add_buf() is going away, replaced with virtio_add_sgs() which
takes multiple terminated scatterlists.Cc: Eric Van Hensbergen
Signed-off-by: Rusty Russell
09 Mar, 2013
1 commit
-
Commit b67bfe0d42ca ("hlist: drop the node parameter from iterators")
did a lot of nice changes but also contains two small hunks that seem to
have slipped in accidentally and have no apparent connection to the
intent of the patch.This reverts the two extraneous changes.
Signed-off-by: Arnd Bergmann
Cc: Peter Senna Tschudin
Cc: Paul E. McKenney
Cc: Sasha Levin
Cc: Thomas Gleixner
Cc: Rusty Russell
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
28 Feb, 2013
2 commits
-
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;type T;
expression a,c,d,e;
identifier b;
statement S;
@@-T b;
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin
Acked-by: Paul E. McKenney
Signed-off-by: Sasha Levin
Cc: Wu Fengguang
Cc: Marcelo Tosatti
Cc: Gleb Natapov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Convert to the much saner new idr interface.
Signed-off-by: Tejun Heo
Cc: Eric Van Hensbergen
Cc: Ron Minnich
Cc: Latchesar Ionkov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
26 Feb, 2013
1 commit
-
Pull user namespace and namespace infrastructure changes from Eric W Biederman:
"This set of changes starts with a few small enhnacements to the user
namespace. reboot support, allowing more arbitrary mappings, and
support for mounting devpts, ramfs, tmpfs, and mqueuefs as just the
user namespace root.I do my best to document that if you care about limiting your
unprivileged users that when you have the user namespace support
enabled you will need to enable memory control groups.There is a minor bug fix to prevent overflowing the stack if someone
creates way too many user namespaces.The bulk of the changes are a continuation of the kuid/kgid push down
work through the filesystems. These changes make using uids and gids
typesafe which ensures that these filesystems are safe to use when
multiple user namespaces are in use. The filesystems converted for
3.9 are ceph, 9p, afs, ocfs2, gfs2, ncpfs, nfs, nfsd, and cifs. The
changes for these filesystems were a little more involved so I split
the changes into smaller hopefully obviously correct changes.XFS is the only filesystem that remains. I was hoping I could get
that in this release so that user namespace support would be enabled
with an allyesconfig or an allmodconfig but it looks like the xfs
changes need another couple of days before it they are ready."* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (93 commits)
cifs: Enable building with user namespaces enabled.
cifs: Convert struct cifs_ses to use a kuid_t and a kgid_t
cifs: Convert struct cifs_sb_info to use kuids and kgids
cifs: Modify struct smb_vol to use kuids and kgids
cifs: Convert struct cifsFileInfo to use a kuid
cifs: Convert struct cifs_fattr to use kuid and kgids
cifs: Convert struct tcon_link to use a kuid.
cifs: Modify struct cifs_unix_set_info_args to hold a kuid_t and a kgid_t
cifs: Convert from a kuid before printing current_fsuid
cifs: Use kuids and kgids SID to uid/gid mapping
cifs: Pass GLOBAL_ROOT_UID and GLOBAL_ROOT_GID to keyring_alloc
cifs: Use BUILD_BUG_ON to validate uids and gids are the same size
cifs: Override unmappable incoming uids and gids
nfsd: Enable building with user namespaces enabled.
nfsd: Properly compare and initialize kuids and kgids
nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids
nfsd: Modify nfsd4_cb_sec to use kuids and kgids
nfsd: Handle kuids and kgids in the nfs4acl to posix_acl conversion
nfsd: Convert nfsxdr to use kuids and kgids
nfsd: Convert nfs3xdr to use kuids and kgids
...
24 Feb, 2013
1 commit
-
This member of struct virtio_chan is calculated from nr_free_buffer_pages
so change its type to unsigned long in case of overflow.Signed-off-by: Zhang Yanfei
Cc: David Miller
Cc: Eric Van Hensbergen
Cc: Ron Minnich
Cc: Latchesar Ionkov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
12 Feb, 2013
3 commits
-
9p has thre strucrtures that can encode inode stat information. Modify
all of those structures to contain kuid_t and kgid_t values. Modify
he wire encoders and decoders of those structures to use 'u' and 'g' instead of
'd' in the format string where uids and gids are present.This results in all kuid and kgid conversion to and from on the wire values
being performed by the same code in protocol.c where the client is known
at the time of the conversion.Cc: Eric Van Hensbergen
Cc: Ron Minnich
Cc: Latchesar Ionkov
Signed-off-by: Eric W. Biederman -
Modify the p9_client_rpc format specifiers of every function that
directly transmits a uid or a gid from 'd' to 'u' or 'g' as
appropriate.Modify those same functions to take kuid_t and kgid_t parameters
instead of uid_t and gid_t parameters.Cc: Eric Van Hensbergen
Cc: Ron Minnich
Cc: Latchesar Ionkov
Signed-off-by: Eric W. Biederman -
This allows concentrating all of the conversion to and from kuids and
kgids into the format needed by the 9p protocol into one location.Cc: Eric Van Hensbergen
Cc: Ron Minnich
Cc: Latchesar Ionkov
Signed-off-by: "Eric W. Biederman"
12 Jan, 2013
1 commit
-
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.CC: "David S. Miller"
Signed-off-by: Kees Cook
Acked-by: David S. Miller
22 Oct, 2012
1 commit
-
When using a virtio transport, the 9p net device may pass the physical
address of a kernel buffer to userspace via a scatterlist inside a
virtqueue. If the kernel buffer is mapped outside of the linear mapping
(e.g. highmem), then virt_to_page will return a bogus value and we will
populate the scatterlist with junk.This patch uses kmap_to_page when populating the page array for a kernel
buffer.Cc: stable@kernel.org
Cc: Sasha Levin
Signed-off-by: Will Deacon
Signed-off-by: Rusty Russell
12 Oct, 2012
2 commits
-
Pull v9fs update from Eric Van Hensbergen.
* tag 'for-linus-merge-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
9P: Fix race between p9_write_work() and p9_fd_request()
9P: Fix race in p9_write_work()
9P: fix test at the end of p9_write_work()
9P: Fix race in p9_read_work()
9p: don't use __getname/__putname for uname/aname
net/9p: Check errno validity
fs/9p: avoid debug OOPS when reading a long symlink -
Race scenario:
thread A thread B
p9_write_work() p9_fd_request()
if (list_empty
(&m->unsent_req_list))
...spin_lock(&client->lock);
req->status = REQ_STATUS_UNSENT;
list_add_tail(..., &m->unsent_req_list);
spin_unlock(&client->lock);
....
if (n & POLLOUT &&
!test_and_set_bit(Wworksched, &m->wsched)
schedule_work(&m->wq);
--> not done because Wworksched is setclear_bit(Wworksched, &m->wsched);
return;--> nobody will take care of sending the new request.
This is not very likely to happen though, because p9_write_work()
being called with an empty unsent_req_list is not frequent.
But this also means that taking the lock earlier will not be costly.Signed-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen
03 Oct, 2012
1 commit
-
Pull vfs update from Al Viro:
- big one - consolidation of descriptor-related logics; almost all of
that is moved to fs/file.c(BTW, I'm seriously tempted to rename the result to fd.c. As it is,
we have a situation when file_table.c is about handling of struct
file and file.c is about handling of descriptor tables; the reasons
are historical - file_table.c used to be about a static array of
struct file we used to have way back).A lot of stray ends got cleaned up and converted to saner primitives,
disgusting mess in android/binder.c is still disgusting, but at least
doesn't poke so much in descriptor table guts anymore. A bunch of
relatively minor races got fixed in process, plus an ext4 struct file
leak.- related thing - fget_light() partially unuglified; see fdget() in
there (and yes, it generates the code as good as we used to have).- also related - bits of Cyrill's procfs stuff that got entangled into
that work; _not_ all of it, just the initial move to fs/proc/fd.c and
switch of fdinfo to seq_file.- Alex's fs/coredump.c spiltoff - the same story, had been easier to
take that commit than mess with conflicts. The rest is a separate
pile, this was just a mechanical code movement.- a few misc patches all over the place. Not all for this cycle,
there'll be more (and quite a few currently sit in akpm's tree)."Fix up trivial conflicts in the android binder driver, and some fairly
simple conflicts due to two different changes to the sock_alloc_file()
interface ("take descriptor handling from sock_alloc_file() to callers"
vs "net: Providing protocol type via system.sockprotoname xattr of
/proc/PID/fd entries" adding a dentry name to the socket)* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (72 commits)
MAX_LFS_FILESIZE should be a loff_t
compat: fs: Generic compat_sys_sendfile implementation
fs: push rcu_barrier() from deactivate_locked_super() to filesystems
btrfs: reada_extent doesn't need kref for refcount
coredump: move core dump functionality into its own file
coredump: prevent double-free on an error path in core dumper
usb/gadget: fix misannotations
fcntl: fix misannotations
ceph: don't abuse d_delete() on failure exits
hypfs: ->d_parent is never NULL or negative
vfs: delete surplus inode NULL check
switch simple cases of fget_light to fdget
new helpers: fdget()/fdput()
switch o2hb_region_dev_write() to fget_light()
proc_map_files_readdir(): don't bother with grabbing files
make get_file() return its argument
vhost_set_vring(): turn pollstart/pollstop into bool
switch prctl_set_mm_exe_file() to fget_light()
switch xfs_find_handle() to fget_light()
switch xfs_swapext() to fget_light()
...
27 Sep, 2012
1 commit
-
Both modular callers of sock_map_fd() had been buggy; sctp one leaks
descriptor and file if copy_to_user() fails, 9p one shouldn't be
exposing file in the descriptor table at all.Switch both to sock_alloc_file(), export it, unexport sock_map_fd() and
make it static.Signed-off-by: Al Viro
18 Sep, 2012
3 commits
-
See previous commit about p9_read_work() for details.
This fixes a similar race between p9_write_work() and p9_poll_mux()
Signed-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen -
At the end of p9_write_work() we want to test if there is still data to send.
This means:
- either the current request still has data to send (wsize != 0)
- or there are requests in the unsent queueSigned-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen -
Race scenario between p9_read_work() and p9_poll_mux()
Data arrive, Rworksched is set, p9_read_work() is called.
thread A thread B
p9_read_work()
.
reads data
.
checks if new data ready. No.
.
gets preempted
.
More data arrive, p9_poll_mux() is called. .
.
.
p9_poll_mux() .
.
if (!test_and_set_bit(Rworksched, .
&m->wsched)) { .
schedule_work(&m->rq); .
} .
.
-> does not schedule work because .
Rworksched is set .
.
clear_bit(Rworksched, &m->wsched);
return;No work has been scheduled, and yet data are waiting.
Currently p9_read_work() checks if there is data to read,
and if not, it clears Rworksched.I think it should clear Rworksched first, and then check if there is data to read.
Signed-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen
07 Sep, 2012
1 commit
-
While working on a modified server I had the Linux clients crash
a few times. This lead me to find this:Some error codes are directly extracted from the server replies.
A malformed server reply could contain an invalid error code, with a
very large value. If this value is then passed to ERR_PTR() it will
not be properly detected as an error code by IS_ERR() and as a result
the kernel will dereference an invalid pointer.This patch tries to avoid this.
Signed-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen
21 Aug, 2012
1 commit
-
flush[_delayed]_work_sync() are now spurious. Mark them deprecated
and convert all users to flush[_delayed]_work().If you're cc'd and wondering what's going on: Now all workqueues are
non-reentrant and the regular flushes guarantee that the work item is
not pending or running on any CPU on return, so there's no reason to
use the sync flushes at all and they're going away.This patch doesn't make any functional difference.
Signed-off-by: Tejun Heo
Cc: Russell King
Cc: Paul Mundt
Cc: Ian Campbell
Cc: Jens Axboe
Cc: Mattia Dongili
Cc: Kent Yoder
Cc: David Airlie
Cc: Jiri Kosina
Cc: Karsten Keil
Cc: Bryan Wu
Cc: Benjamin Herrenschmidt
Cc: Alasdair Kergon
Cc: Mauro Carvalho Chehab
Cc: Florian Tobias Schandinat
Cc: David Woodhouse
Cc: "David S. Miller"
Cc: linux-wireless@vger.kernel.org
Cc: Anton Vorontsov
Cc: Sangbeom Kim
Cc: "James E.J. Bottomley"
Cc: Greg Kroah-Hartman
Cc: Eric Van Hensbergen
Cc: Takashi Iwai
Cc: Steven Whitehouse
Cc: Petr Vandrovec
Cc: Mark Fasheh
Cc: Christoph Hellwig
Cc: Avi Kivity
11 Jul, 2012
1 commit
-
Fix incorrect start markers, wrapped summary lines, missing section
breaks, incorrect separators, and some name mismatches.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller
29 Jun, 2012
2 commits
-
Conflicts:
drivers/net/caif/caif_hsi.c
drivers/net/usb/qmi_wwan.cThe qmi_wwan merge was trivial.
The caif_hsi.c, on the other hand, was not. It's a conflict between
1c385f1fdf6f9c66d982802cd74349c040980b50 ("caif-hsi: Replace platform
device with ops structure.") in the net-next tree and commit
39abbaef19cd0a30be93794aa4773c779c3eb1f3 ("caif-hsi: Postpone init of
HIS until open()") in the net tree.I did my best with that one and will ask Sjur to check it out.
Signed-off-by: David S. Miller
-
Pull networking update from David Miller:
1) Pairing and deadlock fixes in bluetooth from Johan Hedberg.
2) Add device IDs for AR3011 and AR3012 bluetooth chips. From
Giancarlo Formicuccia and Marek Vasut.3) Fix wireless regulatory deadlock, from Eliad Peller.
4) Fix full TX ring panic in bnx2x driver, from Eric Dumazet.
5) Revert the two commits that added skb_orphan_try(), it causes
erratic bonding behavior with UDP clients and the gains it used to
give are mostly no longer happening due to how BQL works. From Eric
Dumazet.6) It took two tries, but Thomas Graf fixed a problem wherein we
registered ipv6 routing procfs files before their backend data were
initialized properly.7) Fix max GSO size setting in be2net, from Sarveshwar Bandi.
8) PHY device id mask is wrong for KSZ9021 and KS8001 chips, fix from
Jason Wang.9) Fix use of stale SKB data pointer after skb_linearize() call in
batman-adv, from Antonio Quartulli.10) Fix memory leak in IXGBE due to missing __GFP_COMP, from Alexander
Duyck.11) Fix probing of Gobi devices in qmi_wwan usbnet driver, from Bjørn
Mork.12) Fix suspend/resume and open failure handling in usbnet from Ming
Lei.13) Attempt to fix device r8169 hangs for certain chips, from Francois
Romieu.14) Fix advancement of RX dirty pointer in some situations in sh_eth
driver, from Yoshihiro Shimoda.15) Attempt to fix restart of IPV6 routing table dumps when there is an
intervening table update. From Eric Dumazet.16) Respect security_inet_conn_request() return value in ipv6 TCP. From
Neal Cardwell.17) Add another iPAD device ID to ipheth driver, from Davide Gerhard.
18) Fix access to freed SKB in l2tp_eth_dev_xmit(), and fix l2tp lockdep
splats, from Eric Dumazet.19) Make sure all bridge devices, regardless of whether they were
created via netlink or ioctls, have their rtnetlink ops hooked up.
From Thomas Graf and Stephen Hemminger.* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (81 commits)
9p: fix min_t() casting in p9pdu_vwritef()
can: flexcan: use be32_to_cpup to handle the value of dt entry
xen/netfront: teardown the device before unregistering it.
bridge: Assign rtnl_link_ops to bridge devices created via ioctl (v2)
vhost: use USER_DS in vhost_worker thread
ixgbe: Do not pad FCoE frames as this can cause issues with FCoE DDP
net: l2tp_eth: use LLTX to avoid LOCKDEP splats
mac802154: add missed braces
net: l2tp_eth: fix l2tp_eth_dev_xmit race
net/mlx4_en: Release QP range in free_resources
net/mlx4: Use single completion vector after NOP failure
net/mlx4_en: Set correct port parameters during device initialization
ipheth: add support for iPad
caif-hsi: Add missing return in error path
caif-hsi: Bugfix - Piggyback'ed embedded CAIF frame lost
caif: Clear shutdown mask to zero at reconnect.
tcp: heed result of security_inet_conn_request() in tcp_v6_conn_request()
ipv6: fib: fix fib dump restart
batman-adv: fix race condition in TT full-table replacement
batman-adv: only drop packets of known wifi clients
...
28 Jun, 2012
1 commit
-
I don't think we're actually likely to hit this limit but if we do
then the comparison should be done as size_t. The original code
is equivalent to:
len = strlen(sptr) % USHRT_MAX;Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
11 Jun, 2012
1 commit
-
The BUG_ON() in pack_sg_list() would get triggered only one time after we've
corrupted some memory by sg_set_buf() into an invalid sg buffer.I'm still working on figuring out why I manage to trigger that bug...
Signed-off-by: Sasha Levin
Signed-off-by: Eric Van Hensbergen
05 Jun, 2012
1 commit
-
A recent commit that removed unnecessary casts of pointers
to the same type uncovered a missing __force cast.Add it.
Reported by: Ben Hutchings
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
04 Jun, 2012
1 commit
-
Adding casts of objects to the same type is unnecessary
and confusing for a human reader.For example, this cast:
int y;
int *p = (int *)&y;I used the coccinelle script below to find and remove these
unnecessary casts. I manually removed the conversions this
script produces of casts with __force and __user.@@
type T;
T *p;
@@- (T *)p
+ pSigned-off-by: Joe Perches
Signed-off-by: David S. Miller
22 May, 2012
2 commits
-
…sty/linux-2.6-for-linus
Pull virtio updates from Rusty Russell.
* tag 'virtio-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
virtio: fix typo in comment
virtio-mmio: Devices parameter parsing
virtio_blk: Drop unused request tracking list
virtio-blk: Fix hot-unplug race in remove method
virtio: Use ida to allocate virtio index
virtio: balloon: separate out common code between remove and freeze functions
virtio: balloon: drop restore_common()
9p: disconnect channel when PCI device is removed
virtio: update documentation to v0.9.5 of spec -
When a virtio_9p pci device is being removed, we should close down any
active channels and free up resources, we're not supposed to BUG() if there's
still an open channel since it's a valid case when removing the PCI device.Otherwise, removing the PCI device with an open channel would cause the
following BUG():[ 1184.671416] ------------[ cut here ]------------
[ 1184.672057] kernel BUG at net/9p/trans_virtio.c:618!
[ 1184.672057] invalid opcode: 0000 [#1] PREEMPT SMP
[ 1184.672057] CPU 3
[ 1184.672057] Pid: 5, comm: kworker/u:0 Tainted: G W 3.4.0-rc2-next-20120413-sasha-dirty #76
[ 1184.672057] RIP: 0010:[] [] p9_virtio_remove+0x16/0x90
[ 1184.672057] RSP: 0018:ffff88000d653ac0 EFLAGS: 00010202
[ 1184.672057] RAX: ffffffff836bfb40 RBX: ffff88000c9b2148 RCX: ffff88000d658978
[ 1184.672057] RDX: 0000000000000006 RSI: 0000000000000000 RDI: ffff880028868000
[ 1184.672057] RBP: ffff88000d653ad0 R08: 0000000000000000 R09: 0000000000000000
[ 1184.672057] R10: 0000000000000000 R11: 0000000000000001 R12: ffff880028868000
[ 1184.672057] R13: ffffffff835aa7c0 R14: ffff880041630000 R15: ffff88000d653da0
[ 1184.672057] FS: 0000000000000000(0000) GS:ffff880035a00000(0000) knlGS:0000000000000000
[ 1184.672057] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1184.672057] CR2: 0000000001181000 CR3: 000000000eba1000 CR4: 00000000000406e0
[ 1184.672057] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
x000000000117a190 *[ 1184.672057] DR3: 00000000000000**
00 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1184.672057] Process kworker/u:0 (pid: 5, threadinfo ffff88000d652000, task ffff88000d658000)
[ 1184.672057] Stack:
[ 1184.672057] ffff880028868000 ffffffff836bfb40 ffff88000d653af0 ffffffff8193661b
[ 1184.672057] ffff880028868008 ffffffff836bfb40 ffff88000d653b10 ffffffff81af1c81
[ 1184.672057] ffff880028868068 ffff880028868008 ffff88000d653b30 ffffffff81af257a
[ 1184.795301] Call Trace:
[ 1184.795301] [] virtio_dev_remove+0x1b/0x60
[ 1184.795301] [] __device_release_driver+0x81/0xd0
[ 1184.795301] [] device_release_driver+0x2a/0x40
[ 1184.795301] [] bus_remove_device+0x138/0x150
[ 1184.795301] [] device_del+0x14d/0x1b0
[ 1184.795301] [] device_unregister+0x48/0x60
[ 1184.795301] [] unregister_virtio_device+0xd/0x10
[ 1184.795301] [] virtio_pci_remove+0x2a/0x6c
[ 1184.795301] [] pci_device_remove+0x4d/0x110
[ 1184.795301] [] __device_release_driver+0x81/0xd0
[ 1184.795301] [] device_release_driver+0x2a/0x40
[ 1184.795301] [] bus_remove_device+0x138/0x150
[ 1184.795301] [] device_del+0x14d/0x1b0
[ 1184.795301] [] device_unregister+0x48/0x60
[ 1184.795301] [] pci_stop_bus_device+0x6a/0x90
[ 1184.795301] [] pci_stop_and_remove_bus_device+0x11/0x20
[ 1184.795301] [] remove_callback+0x9/0x10
[ 1184.795301] [] sysfs_schedule_callback_work+0x21/0x60
[ 1184.795301] [] process_one_work+0x281/0x430
[ 1184.795301] [] ? process_one_work+0x220/0x430
[ 1184.795301] [] ? sysfs_read_file+0x1c0/0x1c0
[ 1184.795301] [] worker_thread+0x1f3/0x320
[ 1184.795301] [] ? manage_workers.clone.13+0x130/0x130
[ 1184.795301] [] kthread+0xb2/0xc0
[ 1184.795301] [] kernel_thread_helper+0x4/0x10
[ 1184.795301] [] ? finish_task_switch+0x78/0xf0
[ 1184.795301] [] ? retint_restore_args+0x13/0x13
[ 1184.795301] [] ? kthread_flush_work_fn+0x10/0x10
[ 1184.795301] [] ? gs_change+0x13/0x13
[ 1184.795301] Code: c1 9e 0a 00 48 83 c4 08 5b c9 c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 54 49 89 fc 53 48 8b 9f a8 04 00 00 80 3b 00 74 0a 0b 0f 1f 84 00 00 00 00 00 48 8b 87 88 04 00 00 ff 50 30 31
[ 1184.795301] RIP [] p9_virtio_remove+0x16/0x90
[ 1184.795301] RSP
[ 1184.952618] ---[ end trace a307b3ed40206b4c ]---Signed-off-by: Sasha Levin
Signed-off-by: Rusty Russell
16 Apr, 2012
1 commit
-
Use of "unsigned int" is preferred to bare "unsigned" in net tree.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
27 Feb, 2012
2 commits
-
When a Tclunk or Tremove request is flushed, the fid is not freed on the
server.p9_client_clunk() should retry once on interrupt, then if interrupted
again, leak the fid for the duration of the connection.p9_client_remove() should call p9_client_clunk() on interrupt
instead of unconditionally destroying the fid.Signed-off-by: Jim Garlick
Signed-off-by: Eric Van Hensbergen -
When a signal is received while sending a Tflush, the client,
which has recursed into p9_client_rpc() while sending another request,
should wait for Rflush as long as the transport is still up.Signed-off-by: Jim Garlick
Signed-off-by: Eric Van Hensbergen
12 Jan, 2012
1 commit
-
Remove wrapper functions. This makes the allocation type explicit in
all callers; I used GPF_KERNEL where it seemed obvious, left it at
GFP_ATOMIC otherwise.Signed-off-by: Rusty Russell
Reviewed-by: Christoph Hellwig
06 Jan, 2012
1 commit
-
Reduce object size by deduplicating formats.
Use vsprintf extension %pV.
Rename P9_DPRINTK uses to p9_debug, align arguments.
Add function for _p9_debug and macro to add __func__.
Add missing "\n"s to p9_debug uses.
Remove embedded function names as p9_debug adds it.
Remove P9_EPRINTK macro and convert use to pr_.
Add and use pr_fmt and pr_.$ size fs/9p/built-in.o*
text data bss dec hex filename
62133 984 16000 79117 1350d fs/9p/built-in.o.new
67342 984 16928 85254 14d06 fs/9p/built-in.o.old
$ size net/9p/built-in.o*
text data bss dec hex filename
88792 4148 22024 114964 1c114 net/9p/built-in.o.new
94072 4148 23232 121452 1da6c net/9p/built-in.o.oldSigned-off-by: Joe Perches
Signed-off-by: Eric Van Hensbergen
25 Oct, 2011
2 commits
-
This helps in more control over debugging.
root@qemu-img-64:~# ls /pass/123
ls: cannot access /pass/123: No such file or directory
root@qemu-img-64:~# cat /sys/kernel/debug/tracing/trace
# tracer: nop
#
# TASK-PID CPU# TIMESTAMP FUNCTION
# | | | | |
ls-1536 [001] 70.928584: 9p_protocol_dump: clnt 18446612132784021504 P9_TWALK(tag = 1)
000: 16 00 00 00 6e 01 00 01 00 00 00 02 00 00 00 01
010: 00 03 00 31 32 33 00 00 00 ff ff ff ff 00 00 00ls-1536 [001] 70.928587:
=> trace_9p_protocol_dump
=> p9pdu_finalize
=> p9_client_rpc
=> p9_client_walk
=> v9fs_vfs_lookup
=> d_alloc_and_lookup
=> walk_component
=> path_lookupat
ls-1536 [000] 70.929696: 9p_protocol_dump: clnt 18446612132784021504 P9_RLERROR(tag = 1)
000: 0b 00 00 00 07 01 00 02 00 00 00 4e 03 00 02 00
010: 00 00 00 00 03 00 02 00 00 00 00 00 ff 43 00 00ls-1536 [000] 70.929697:
=> trace_9p_protocol_dump
=> p9_client_rpc
=> p9_client_walk
=> v9fs_vfs_lookup
=> d_alloc_and_lookup
=> walk_component
=> path_lookupat
=> do_path_lookupSigned-off-by: Aneesh Kumar K.V
Signed-off-by: Eric Van Hensbergen -
Without this msize=4294967295 will result in a crash
Signed-off-by: Dan Carpenter
Signed-off-by: Aneesh Kumar K.V
Signed-off-by: Eric Van Hensbergen
