Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68knommu: update the default config for the ColdFire 5407C3 board
m68knommu: update the default config for the ColdFire 5307C3 board
m68knommu: update the default config for the ColdFire 5257EVB board
m68knommu: update the default config for the ColdFire 5249EVB.
m68knommu: add a defconfig for the ColdFire M5272C3 board
m68knommu: update the defconfig for the ColdFire 5208evb board
m68knommu: fix DMA support for ColdFire
m68knommu: remove unused kernel stats offsets
m68knommu: fix missing .data.cacheline_aligned section
m68knommu: Fixed GPIO pin initialization for CONFIG_M5271 FEC.
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: Fix potential inode allocation soft lockup in Orlov allocator
ext4: Make the extent validity check more paranoid
jbd: use SWRITE_SYNC_PLUG when writing synchronous revoke records
jbd2: use SWRITE_SYNC_PLUG when writing synchronous revoke records
ext4: really print the find_group_flex fallback warning only once
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
USB: pwc : do not pass stack allocated buffers to USB core.
USB: otg: Fix bug on remove path without transceiver
USB: correct error handling in cdc-wdm
USB: removal of tty->low_latency hack dating back to the old serial code
USB: serial: sierra driver bug fix for composite interface
USB: gadget: omap_udc uses platform_driver_probe()
USB: ci13xxx_udc: fix build error
USB: musb: Prevent multiple includes of musb.h
USB: pass mem_flags to dma_alloc_coherent
USB: g_file_storage: fix use-after-free bug when closing files
USB: ehci-sched.c: EHCI SITD scheduling bugfix
USB: fix mos7840 problem with minor numbers
USB: mos7840: add new device id
USB: musb: fix build when !CONFIG_PM
USB: musb: Remove my email address from few musb related drivers
USB: Gadget: MIPS CI13xxx UDC bugfixes
USB: Unusual Device support for Gold MP3 Player Energy
USB: serial: fix lifetime and locking problems
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k: Update defconfigs for 2.6.30-rc3
m68k,m68knommu: Wire up preadv and pwritev
scsi: a4000 - Correct driver unregistration in case of failure
Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] update default configuration.
[S390] omit frame pointers on s390 when possible
[S390] Use tape_generic_offline directly.
[S390] /proc/stat idle field for idle cpus
[S390] appldata: avoid deadlock with appldata_mem
[S390] ipl: fix compile breakage
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
MAINTAINERS: update IDE entry
palm_bk3710: palm_bk3710_udmatimings[] CodingStyle fixup
palm_bk3710: those registers/bitfields don't exist
mediabay: fix build for CONFIG_BLOCK=n
ide: Stop disks on reboot for laptop which cuts power
ide-cd: fix kernel crash on hppa regression
palm_bk3710: UDMA performance fix
Niels de Vos [Wed, 22 Apr 2009 14:02:44 +0000 (15:02 +0100)]
serial: remove contact data
Remove my name and emailaddress from note in the source. Wincor Nixdorf
only has some ITE-chips on their mainboards, other chips are not
available for me for testing.
Signed-off-by: Niels de Vos <niels.devos@wincor-nixdorf.com> Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
cfq-iosched: cache prio_tree root in cfqq->p_root
cfq-iosched: fix bug with aliased request and cooperation detection
cfq-iosched: clear ->prio_trees[] on cfqd alloc
block: fix intermittent dm timeout based oops
umem: fix request_queue lock warning
block: simplify I/O stat accounting
pktcdvd.h should include mempool.h
cfq-iosched: use the default seek distance when there aren't enough seek samples
cfq-iosched: make seek_mean converge more quickly
block: make blk_abort_queue() ignore non-request based devices
block: include empty disks in /proc/diskstats
bio: use bio_kmalloc() in copy/map functions
bio: fix bio_kmalloc()
block: fix queue bounce limit setting
block: fix SG_IO vector request data length handling
scatterlist: make sure sg_miter_next() doesn't return 0 sized mappings
Jonathan Corbet [Wed, 22 Apr 2009 11:01:49 +0000 (12:01 +0100)]
Delete slow-work timers properly
Slow-work appears to delete its timer as soon as the first user
unregisters, even though other users could be active. At the same time, it
never seems to delete slow_work_oom_timer. Arrange for both to happen in
the shutdown path.
Signed-off-by: Jonathan Corbet <corbet@lwn.net> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (94 commits)
netfilter: ctnetlink: fix gcc warning during compilation
net/netrom: Fix socket locking
netlabel: Always remove the correct address selector
ucc_geth.c: Fix upsmr setting in RMII mode
8139too: fix HW initial flow
af_iucv: Fix race when queuing incoming iucv messages
af_iucv: Test additional sk states in iucv_sock_shutdown
af_iucv: Reject incoming msgs if RECV_SHUTDOWN is set
af_iucv: fix oops in iucv_sock_recvmsg() for MSG_PEEK flag
af_iucv: consider state IUCV_CLOSING when closing a socket
iwlwifi: DMA fixes
iwlwifi: add debugging for TX path
mwl8: fix build warning.
mac80211: fix alignment calculation bug
mac80211: do not print WARN if config interface
iwl3945: use cancel_delayed_work_sync to cancel rfkill_poll
iwlwifi: fix EEPROM validation mask to include OTP only devices
atmel: fix netdev ops conversion
pcnet_cs: add cis(firmware) of the Allied Telesis LA-PCM
mlx4_en: Fix cleanup if workqueue create in mlx4_en_add() fails
...
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc: Fix bus type probing for ESP and LE devices.
sparc32: Update defconfig.
sparc64: Update defconfig.
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
powerpc: Fix modular build of ide-pmac when mediabay is built in
powerpc/pasemi: Fix build error on UP
powerpc: Make macintosh/mediabay driver depend on CONFIG_BLOCK
maintainers: Fix PS3 patterns
powerpc/ps3: Fix CONFIG_PS3_FLASH=n build warning
powerpc/32: Don't clobber personality flags on exec
powerpc: Fix crash on CPU hotplug
powerpc/85xx: Remove defconfigs that mpc85xx_{smp_}defconfig cover
powerpc/85xx: Added SMP defconfig
powerpc/85xx: Enabled a bunch of FSL specific drivers/options
powerpc/85xx: Updated generic mpc85xx_defconfig
powerpc: don't disable SATA interrupts on Freescale MPC8610 HPCD
fsl_rio: Pass the proper device to dma mapping routines
powerpc: Fix of_node_put() exit path in of_irq_map_one()
powerpc/5200: defconfig updates
powerpc/5200: Add FLASH nodes to lite5200 device tree
powerpc/device-tree: Document MTD nodes with multiple "reg" tuples
powerpc/of-device-tree: Factor MTD physmap bindings out of booting-without-of
powerpc/5200: Bring the legacy fsl_spi_platform_data hooks back
write_lock(¤t->fs->lock) guarantees we can't wrongly miss
LSM_UNSAFE_SHARE, this is what we care about. Use rcu_read_lock()
instead of ->siglock to iterate over the sub-threads. We must see
all CLONE_THREAD|CLONE_FS threads which didn't pass exit_fs(), it
takes fs->lock too.
With or without this patch we can miss the freshly cloned thread
and set LSM_UNSAFE_SHARE, we don't care.
do_execve() must not clear fs->in_exec if it was set by another thread
If do_execve() fails after check_unsafe_exec(), it clears fs->in_exec
unconditionally. This is wrong if we race with our sub-thread which
also does do_execve:
Two threads T1 and T2 and another process P, all share the same
->fs.
T1 starts do_execve(BAD_FILE). It calls check_unsafe_exec(), since
->fs is shared, we set LSM_UNSAFE but not ->in_exec.
P exits and decrements fs->users.
T2 starts do_execve(), calls check_unsafe_exec(), now ->fs is not
shared, we set fs->in_exec.
T1 continues, open_exec(BAD_FILE) fails, we clear ->in_exec and
return to the user-space.
T1 does clone(CLONE_FS /* without CLONE_THREAD */).
T2 continues without LSM_UNSAFE_SHARE while ->fs is shared with
another process.
Change check_unsafe_exec() to return res = 1 if we set ->in_exec, and change
do_execve() to clear ->in_exec depending on res.
When do_execve() suceeds, it is safe to clear ->in_exec unconditionally.
It can be set only if we don't share ->fs with another process, and since
we already killed all sub-threads either ->in_exec == 0 or we are the
only user of this ->fs.
Also, we do not need fs->lock to clear fs->in_exec.
Currently we look it up from ->ioprio, but ->ioprio can change if
either the process gets its IO priority changed explicitly, or if
cfq decides to temporarily boost it. So if we are unlucky, we can
end up attempting to remove a node from a different rbtree root than
where it was added.
Fix this by using ->org_ioprio as the prio_tree index, since that
will only change for explicit IO priority settings (not for a boost).
Additionally cache the rbtree root inside the cfqq, then we don't have
to add code to reinsert the cfqq in the prio_tree if IO priority changes.
cfq-iosched: fix bug with aliased request and cooperation detection
cfq_prio_tree_lookup() should return the direct match, yet it always
returns zero. Fix that.
cfq_prio_tree_add() assumes that we don't get a direct match, while
it is very possible that we do. Using O_DIRECT, you can have different
cfqq with matching requests, since you don't have the page cache
to serialize things for you. Fix this bug by only adding the cfqq if
there isn't an existing match.
Hannes Reinecke [Thu, 23 Apr 2009 08:32:59 +0000 (10:32 +0200)]
block: fix intermittent dm timeout based oops
Very rarely under stress testing of dm, oopses are occuring as
something tampers with an old stack frame. This has been traced back
to blk_abort_queue() leaving a timeout_list pointing to the stack.
The reason is that sometimes blk_abort_request() won't delete the
timer (if the request is marked as complete but before the timer has
been removed, a small race window). Fix this by splicing back from
the ususally empty list to the q->timeout_list.
Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Sage Weil [Thu, 23 Apr 2009 06:37:58 +0000 (08:37 +0200)]
umem: fix request_queue lock warning
The umem driver issues two warnings on boot, due to blk_plug_device() and
blk_remove_plug() being called without q->queue_lock held. Starting with 9fea501c (block: extend queue_flag bitops), the queue_flag_* functions
warn if q->queue_lock doesn't appear to be locked. In fact, q->queue_lock
is NULL (though that apparently isn't otherwise a problem as the driver is
using card->lock for everything).
Although blk_init_queue() with take a request_fn_proc and spinlock_t*,
there isn't a corresponding init helper that takes a make_request_fn.
Setting queue_lock to &card->lock explicitly seems to work fine for me.
The warning goes away and the device appears to behave.
This simplifies I/O stat accounting switching code and separates it
completely from I/O scheduler switch code.
Requests are accounted according to the state of their request queue
at the time of the request allocation. There is no need anymore to
flush the request queue when switching I/O accounting state.
Fix this build error:
In file included from fs/compat_ioctl.c:104:
include/linux/pktcdvd.h:285: error: expected specifier-qualifier-list before 'mempool_t'
Signed-off-by: Alexander Beregalov <a.beregalov@gmail.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Nicolas Pitre [Wed, 22 Apr 2009 19:08:17 +0000 (20:08 +0100)]
[ARM] 5460/1: Orion: reduce namespace pollution
Symbols like SOFT_RESET are way too generic to be exported at large.
To avoid this, let's move the mbus bridge register defines into a
separate file and include it where needed. This affects mach-kirkwood,
mach-loki, mach-mv78xx0 and mach-orion5x simultaneously as they all
share code in plat-orion which relies on those defines.
Some other defines have been moved to narrower scopes, or simply deleted
when they had no user.
This fixes compilation problem with mpt2sas on the above listed
platforms.
Signed-off-by: Nicolas Pitre <nico@marvell.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Oliver Neukum [Mon, 20 Apr 2009 15:28:53 +0000 (17:28 +0200)]
USB: removal of tty->low_latency hack dating back to the old serial code
This removes tty->low_latency from all USB serial drivers that push
data into the tty layer at hard interrupt context. It's no longer needed
and actually harmful.
Signed-off-by: Oliver Neukum <oliver@neukum.org> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Elina Pasheva [Wed, 22 Apr 2009 00:54:42 +0000 (17:54 -0700)]
USB: serial: sierra driver bug fix for composite interface
This patch fixes a problem in sierra_send_setup() function when
composite devices are used. One should not be sending ACM commands to
interfaces that are OBEX. Doing this causes an apparent failure as the
ACM command has to time out before the interface can start being used.
Signed-off-by: Elina Pasheva <epasheva@sierrawireless.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mark A. Greer [Wed, 22 Apr 2009 03:52:54 +0000 (20:52 -0700)]
USB: musb: Prevent multiple includes of musb.h
Add #ifndef to musb header file to prevent multiple inclusions.
Signed-off-by: Mark A. Greer <mgreer@mvista.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Oddly, I remembered fixing this and putting in __GFP_NOWARN
because uvcvideo retries a smaller allocation. However, the
allocation function doesn't pass the gfp flags through to
dma_alloc_coherent so we still get the warning!
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Thu, 16 Apr 2009 19:37:28 +0000 (15:37 -0400)]
USB: g_file_storage: fix use-after-free bug when closing files
This patch (as1231) fixes a use-after-free bug in g_file_storage. A
device's name may not be available after the device is unregistered,
even if the device structure itself is still allocated. Since
close_backing_file() prints a LUN's name for debugging, it shouldn't
be called after the LUN has been unregistered.
That whole area needed to be cleaned up; the backing files were
getting closed in a couple of different places. The patch fixes
things so that they get closed in just one place, as part of the
unbind procedure, immediately before the LUN is unregistered.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dan Streetman [Tue, 21 Apr 2009 17:37:12 +0000 (13:37 -0400)]
USB: ehci-sched.c: EHCI SITD scheduling bugfix
Without this patch, the driver won't check that the last fully-occupied
uframe for a new split transaction was vacant beforehand. This can
lead to a situation in which the first 188 bytes of a 192-byte
isochronous transfer are scheduled in the same uframe as an existing
interrupt transfer. The resulting schedule looks like this:
The SSPLITs are intermingled, causing an error in the downstream hub's
TT.
If you are having problems with devices or hub ports resetting, or failed
interrupt transfers, when you start using a USB audio or video (Isochronous)
device, this patch may help.
Signed-off-by: Dan Streetman <ddstreet@ieee.org> Reported-by: Kung James <kong1191@gmail.com> Acked-by: David Brownell <dbrownell@users.sourceforge.net> Cc: Alan Stern <stern@rowland.harvard.edu>
Tony Cook [Sat, 18 Apr 2009 13:12:18 +0000 (22:42 +0930)]
USB: fix mos7840 problem with minor numbers
This patch fixes a problem with any mos7840 device where the use of the field "minor" before it is
initialised results in all the devices being overlaid in memory (minor = 0 for all instances)
Contributed by: Phillip Branch
Signed-off-by: Tony Cook <tony-cook@bigpond.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Chuck Short [Tue, 14 Apr 2009 18:50:31 +0000 (20:50 +0200)]
USB: Unusual Device support for Gold MP3 Player Energy
Reported by Alessio Treglia on
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/125250
User was getting the following errors in dmesg:
[ 2158.139386] sd 5:0:0:1: ioctl_internal_command return code = 8000002
[ 2158.139390] : Current: sense key: No Sense
[ 2158.139393] Additional sense: No additional sense information
Adds unusual device support.
modified: drivers/usb/storage/unusual_devs.h
Signed-off-by: Chuck Short <zulcss@ubuntu.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Tue, 14 Apr 2009 15:31:02 +0000 (11:31 -0400)]
USB: serial: fix lifetime and locking problems
This patch (as1229) fixes a few lifetime and locking problems in the
usb-serial driver. The main symptom is that an invalid kevent is
created when the serial device is unplugged while a connection is
active.
Ports should be unregistered when device is disconnected,
not when the parent usb_serial structure is deallocated.
Each open file should hold a reference to the corresponding
port structure, and the reference should be released when
the file is closed.
serial->disc_mutex should be acquired in serial_open(), to
resolve the classic race between open and disconnect.
serial_close() doesn't need to hold both serial->disc_mutex
and port->mutex at the same time.
Release the subdriver's module reference only after releasing
all the other references, in case one of the release routines
needs to invoke some code in the subdriver module.
Replace a call to flush_scheduled_work() (which is prone to
deadlocks) with cancel_work_sync(). Also, add a call to
cancel_work_sync() in the disconnect routine.
Reduce the scope of serial->disc_mutex in serial_disconnect().
The only place it really needs to protect is where the
"disconnected" flag is set.
This fixes the bug reported in
http://bugs.freedesktop.org/show_bug.cgi?id=20703
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: Dan Williams <dcbw@redhat.com> Tested-by: Ming Lei <tom.leiming@gmail.com> Reviewed-by: Oliver Neukum <oliver@neukum.org> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Brownell [Thu, 23 Apr 2009 20:53:43 +0000 (22:53 +0200)]
palm_bk3710: those registers/bitfields don't exist
Bugfixes noted by checking the code against the controller
documentation (TI document number SPRUE21):
- Remove declarations for eight non-existent registers (!);
and remove accesses to two of them.
- Remove access to various non-existent bitfields in some of
the registers which *do* exist (those fields must-be-zero).
- Provide comment to replace bogus reset logic (removed above,
it relied on non-existent bitfields). Resets require GPIO
help; this driver doesn't currently know about that.
With some minor cleanup: relocate a comment, avoid an extra
lookup of the PIO timings.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Always omit frame pointers on s390. They aren't too useful for the
kernel since we have already the kernel stack backchain which allows
us to walk the kernel stack.
So eleminate the extra code for frame pointers. Only allow the extra
code for the function tracer since the gcc compile options -pg and
-fomit-frame-pointer are incompatible.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The cpu idle field in the output of /proc/stat is too small for cpus
that have been idle for more than a tick. Add the architecture hook
arch_idle_time that allows to add the not accounted idle time of a
sleeping cpu without waking the cpu.
The s390 implementation of arch_idle_time uses the already existing
s390_idle_data per_cpu variable to find the sleep time of a neighboring
idle cpu.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The appldata_ops callbacks are called with a spin_lock held. But the
appldata_mem callback then calls all_vm_events(), which calls
get_online_cpus(), which might sleep. This possible deadlock is fixed
by using a mutex instead of a spin_lock.
Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
GFS2: Ensure that the inode goal block settings are updated
GFS2 has a goal block associated with each inode indicating the
search start position for future block allocations (in fact there
are two, but thats for backward compatibility with GFS1 as they
are set to identical locations in GFS2).
In some circumstances, depending on the ordering of updates to
the inode it was possible for the goal block settings to not
be updated on disk. This patch ensures that the goal block will
always get updated, thus reducing the potential for searching
the same (already allocated) blocks again when looking for free
space during block allocation.
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Finds the first set bit in a 64 bit word. This is required in order
to fix a bug in GFS2, but I think it should be a generic function
in case of future users.
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com> Reviewed-by: Christoph Lameter <cl@linux.com> Reviewed-by: Willy Tarreau <w@1wt.eu>
ext4: Fix potential inode allocation soft lockup in Orlov allocator
If the Orlov allocator is having trouble finding an appropriate block
group, the fallback code could loop forever, causing a soft lockup
warning in find_group_orlov():
BUG: soft lockup - CPU#0 stuck for 61s! [cp:11728]
...
Pid: 11728, comm: cp Not tainted (2.6.30-rc1-dirty #77) Lenovo
EIP: 0060:[<c021650e>] EFLAGS: 00000246 CPU: 0
EIP is at ext4_get_group_desc+0x54/0x9d
...
Call Trace:
[<c0218021>] find_group_orlov+0x2ee/0x334
[<c0120a5f>] ? sched_clock+0x8/0xb
[<c02188e3>] ext4_new_inode+0x2cf/0xb1a
ext4: Make the extent validity check more paranoid
Instead of just checking that the extent block number is greater or
equal than s_first_data_block, make sure it it is not pointing into
the block group descriptors, since that is clearly wrong. This helps
prevent filesystem from getting very badly corrupted in case an extent
block is corrupted.
eCryptfs: Larger buffer for encrypted symlink targets
When using filename encryption with eCryptfs, the value of the symlink
in the lower filesystem is encrypted and stored as a Tag 70 packet.
This results in a longer symlink target than if the target value wasn't
encrypted.
Users were reporting these messages in their syslog:
[ 45.653441] ecryptfs_parse_tag_70_packet: max_packet_size is [56]; real
packet size is [51]
[ 45.653444] ecryptfs_decode_and_decrypt_filename: Could not parse tag
70 packet from filename; copying through filename as-is
This was due to bufsiz, one the arguments in readlink(), being used to
when allocating the buffer passed to the lower inode's readlink().
That symlink target may be very large, but when decoded and decrypted,
could end up being smaller than bufsize.
To fix this, the buffer passed to the lower inode's readlink() will
always be PATH_MAX in size when filename encryption is enabled. Any
necessary truncation occurs after the decoding and decrypting.
eCryptfs: Lock lower directory inode mutex during lookup
This patch locks the lower directory inode's i_mutex before calling
lookup_one_len() to find the appropriate dentry in the lower filesystem.
This bug was found thanks to the warning set in commit 7e7fa649.
scsi: a4000 - Correct driver unregistration in case of failure
commit ed0338d7e62800bb0930a7d1ac66e65f7cbec7ef ("platform driver: fix
incorrect use of 'platform_bus_type' with 'struct device_driver') turned a
driver_UNregister into platform_driver_REGISTER. Correct this to
platform_driver_UNregister.
On Tuesday 14 April 2009 20:31:21 Subrata Modak wrote:
> Observed the following build error:
> ---
> CC drivers/macintosh/mediabay.o
> In file included from drivers/macintosh/mediabay.c:21:
> include/linux/ide.h:605: error: field ‘request_sense_rq’ has incomplete
> type
> make[2]: *** [drivers/macintosh/mediabay.o] Error 1
> make[1]: *** [drivers/macintosh] Error 2
> make: *** [drivers] Error 2
> ---
mediabay shouldn't include <linux/ide.h> unconditionally so
remove the superfluous include from mediabay.c (<asm/mediabay.h>
will pull <linux/ide.h> in for CONFIG_BLK_DEV_IDE_PMAC=y).
This crash seems to happen due to an uninitialized variable "rc".
The compiler even warns about that:
CC drivers/ide/ide-cd.o
/mnt/sda4/home/cvs/parisc/git-kernel/linus-linux-2.6/drivers/ide/ide-cd.c: In function `cdrom_newpc_intr':
/mnt/sda4/home/cvs/parisc/git-kernel/linus-linux-2.6/drivers/ide/ide-cd.c:612: warning: `rc' might be used uninitialized in this function
After applying the trivial patch below, which just initializes
the variable to zero, the kernel doesn't crash any longer:
David Brownell [Wed, 22 Apr 2009 18:33:40 +0000 (20:33 +0200)]
palm_bk3710: UDMA performance fix
Fix UDMA throughput bug: tCYC averages t2CYCTYP/2, but the code
previously assumed it was the same as t2CYCTYP. (That is, it was
using just one clock edge, not both.) Move the table's type
declaration so it's adjacent to the table, making it more clear
what those numbers mean.
On one system this change increased throughput by almost 4x: UDMA/66
sometimes topped 23 MB/sec (on a drive known to do much better). On
another system it was around a 10% win (UDMA/66 up to 7+ MB/sec).
The difference might be caused by the ratio between memory and IDE
clocks. In the system with large speedup, this was exactly 2 (as a
workaround for a rev 1.1 silicon bug). The other system used a more
standard ratio of 1.63 (and rev 2.1 silicon) ... clock domain synch
might have some issues, they're not unheard-of.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Acked-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Jan Kiszka [Mon, 13 Apr 2009 09:59:32 +0000 (11:59 +0200)]
KVM: Fix overlapping check for memory slots
When checking for overlapping slots on registration of a new one, kvm
currently also considers zero-length (ie. deleted) slots and rejects
requests incorrectly. This finally denies user space from joining slots.
Fix the check by skipping deleted slots and advertise this via a
KVM_CAP_JOIN_MEMORY_REGIONS_WORKS.
Cc: stable@kernel.org Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Avi Kivity <avi@redhat.com>
Reorder locking as down_read() may return with local interrupts enabled,
which means we could go into vti_vcpu_run() with interrupts enabled.
This caused random crashes on the Altix as the timer interrupt tried
to read a memory mapped clock source, for which the TLB had not yet been
reinstated in the exit, before ipsr was retored.
Avi Kivity [Sun, 29 Mar 2009 13:31:25 +0000 (16:31 +0300)]
KVM: MMU: Fix off-by-one calculating large page count
The large page initialization code concludes there are two large pages spanned
by a slot covering 1 (small) page starting at gfn 1. This is incorrect, and
also results in incorrect write_count initialization in some cases (base = 1,
npages = 513 for example).
Cc: stable@kernel.org Signed-off-by: Avi Kivity <avi@redhat.com>
David S. Miller [Fri, 17 Apr 2009 11:14:15 +0000 (04:14 -0700)]
sparc: Fix bus type probing for ESP and LE devices.
If there is a dummy "espdma" or "ledma" parent device above ESP scsi
or LE ethernet device nodes, we have to match the bus as SBUS.
Otherwise the address and size cell counts are wrong and we don't
calculate the final physical device resource values correctly at all.
Commit b132378b7c5b26adb61de0a1cedef3d4e67358c7 ("sparc: Fix handling
of LANCE and ESP parent nodes in of_device.c") was meant to fix this
problem, but that only influences the inner loop of
build_device_resources(). We need this logic to also kick in at the
beginning of build_device_resources() as well, when we make the first
attempt to determine the device's immediate parent bus type for 'reg'
property element extraction.
Based almost entirely upon a patch by Friedrich Oslage.
Tested-by: Meelis Roos <mroos@linux.ee> Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: ctnetlink: fix gcc warning during compilation
This patch fixes a (bogus?) gcc warning during compilation:
net/netfilter/nf_conntrack_netlink.c:1234: warning: 'helpname' may be used uninitialized in this function
net/netfilter/nf_conntrack_netlink.c:991: warning: 'helpname' may be used uninitialized in this function
In fact, helpname is initialized by ctnetlink_parse_help() so
I cannot see a way to use it without being initialized.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
A feature was added to the eCryptfs umount helper to automatically
unlink the keys used for an eCryptfs mount from the kernel keyring upon
umount. This patch keeps the unrecognized mount option warnings for
ecryptfs_unlink_sigs out of the logs.
eCryptfs: Fix data corruption when using ecryptfs_passthrough
ecryptfs_passthrough is a mount option that allows eCryptfs to allow
data to be written to non-eCryptfs files in the lower filesystem. The
passthrough option was causing data corruption due to it not always
being treated as a non-eCryptfs file.
The first 8 bytes of an eCryptfs file contains the decrypted file size.
This value was being written to the non-eCryptfs files, too. Also,
extra 0x00 characters were being written to make the file size a
multiple of PAGE_CACHE_SIZE.
Tyler Hicks [Mon, 16 Mar 2009 17:35:12 +0000 (12:35 -0500)]
eCryptfs: Print FNEK sig properly in /proc/mounts
The filename encryption key signature is not properly displayed in
/proc/mounts. The "ecryptfs_sig=" mount option name is displayed for
all global authentication tokens, included those for filename keys.
This patch checks the global authentication token flags to determine if
the key is a FEKEK or FNEK and prints the appropriate mount option name
before the signature.
Tyler Hicks [Sun, 15 Mar 2009 19:17:01 +0000 (14:17 -0500)]
eCryptfs: NULL pointer dereference in ecryptfs_send_miscdev()
If data is NULL, msg_ctx->msg is set to NULL and then dereferenced
afterwards. ecryptfs_send_raw_message() is the only place that
ecryptfs_send_miscdev() is called with data being NULL, but the only
caller of that function (ecryptfs_process_helo()) is never called. In
short, there is currently no way to trigger the NULL pointer
dereference.
This patch removes the two unused functions and modifies
ecryptfs_send_miscdev() to remove the NULL dereferences.
Tyler Hicks [Thu, 12 Mar 2009 05:19:46 +0000 (00:19 -0500)]
eCryptfs: Copy lower inode attrs before dentry instantiation
Copies the lower inode attributes to the upper inode before passing the
upper inode to d_instantiate(). This is important for
security_d_instantiate().
The problem was discovered by a user seeing SELinux denials like so:
Jean Delvare [Wed, 22 Apr 2009 07:49:51 +0000 (00:49 -0700)]
net/netrom: Fix socket locking
Patch "af_rose/x25: Sanity check the maximum user frame size"
(commit 170077adb80aa1321ced68fac2edd0be3f7e4d5e) from Alan Cox got
locking wrong. If we bail out due to user frame size being too large,
we must unlock the socket beforehand.
Signed-off-by: Jean Delvare <jdelvare@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Moore [Tue, 21 Apr 2009 10:04:22 +0000 (10:04 +0000)]
netlabel: Always remove the correct address selector
The NetLabel address selector mechanism has a problem where it can get
mistakenly remove the wrong selector when similar addresses are used. The
problem is caused when multiple addresses are configured that have different
netmasks but the same address, e.g. 127.0.0.0/8 and 127.0.0.0/24. This patch
fixes the problem.
Reported-by: Etienne Basset <etienne.basset@numericable.fr> Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Tested-by: Etienne Basset <etienne.basset@numericable.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
Jianjun kong [Mon, 20 Apr 2009 23:48:25 +0000 (23:48 +0000)]
8139too: fix HW initial flow
While ifconfig eth0 up kernel calls open() of 8139 driver(8139too.c).
In rtl8139_hw_start() of rtl8139_open(), 8139 driver enable RX before
setting up the DMA buffer address. In this interval where RX was
enabled and DMA buffer address is not yet set up, any incoming
broadcast packet would be send to a strange physical address:
0x003e8800 which is the default value of DMA buffer address.
Unfortunately, this address is used by Linux kernel. So kernel panics.
This patch fix it by setting up DMA buffer address before RX enabled
and everything is fine even under broadcast packets attack.
Signed-off-by: Jonathan Lin <jon.lin@vatics.com> Signed-off-by: Amos Kong <jianjun@zeuux.org> Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
af_iucv: Fix race when queuing incoming iucv messages
AF_IUCV runs into a race when queuing incoming iucv messages
and receiving the resulting backlog.
If the Linux system is under pressure (high load or steal time),
the message queue grows up, but messages are not received and queued
onto the backlog queue. In that case, applications do not
receive any data with recvmsg() even if AF_IUCV puts incoming
messages onto the message queue.
The race can be avoided if the message queue spinlock in the
message_pending callback is spreaded across the entire callback
function.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
af_iucv: Test additional sk states in iucv_sock_shutdown
Add few more sk states in iucv_sock_shutdown().
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
af_iucv: Reject incoming msgs if RECV_SHUTDOWN is set
Reject incoming iucv messages if the receive direction has been shut down.
It avoids that the queue of outstanding messages increases and exceeds the
message limit of the iucv communication path.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
af_iucv: fix oops in iucv_sock_recvmsg() for MSG_PEEK flag
If iucv_sock_recvmsg() is called with MSG_PEEK flag set, the skb is enqueued
twice. If the socket is then closed, the pointer to the skb is freed twice.
Remove the skb_queue_head() call for MSG_PEEK, because the skb_recv_datagram()
function already handles MSG_PEEK (does not dequeue the skb).
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
projects / kernel.git / log