- 06 Jan, 2008 5 commits
-
-
Linus Torvalds authored
-
Ingo Molnar authored
make randconfig bootup testing found that the cpufreq code crashes on bootup, if the powernow-k8 driver is enabled and if maxcpus=1 passed on the boot line to a !CONFIG_HOTPLUG_CPU kernel. First lockdep found out that there's an inconsistent unlock sequence: ===================================== [ BUG: bad unlock balance detected! ] ------------------------------------- swapper/1 is trying to release lock (&per_cpu(cpu_policy_rwsem, cpu)) at: [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42 but there are no more locks to release! Call Trace: [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42 [<ffffffff80251c29>] print_unlock_inbalance_bug+0x104/0x12c [<ffffffff80252f3a>] mark_held_locks+0x56/0x94 [<ffffffff806ffd8e>] unlock_policy_rwsem_write+0x3c/0x42 [<ffffffff807008b6>] cpufreq_add_dev+0x2a8/0x5c4 ... then shortly afterwards the cpufreq code crashed on an assert: ------------[ cut here ]------------ kernel BUG at drivers/cpufreq/cpufreq.c:1068! invalid opcode: 0000 [1] SMP [...] Call Trace: [<ffffffff805145d6>] sysdev_driver_unregister+0x5b/0x91 [<ffffffff806ff520>] cpufreq_register_driver+0x15d/0x1a2 [<ffffffff80cc0596>] powernowk8_init+0x86/0x94 [...] ---[ end trace 1e9219be2b4431de ]--- the bug was caused by maxcpus=1 bootup, which brought up the secondary core as !cpu_online() but !cpu_is_offline() either, which on on !CONFIG_HOTPLUG_CPU is always 0 (include/linux/cpu.h): /* CPUs don't go offline once they're online w/o CONFIG_HOTPLUG_CPU */ static inline int cpu_is_offline(int cpu) { return 0; } but the cpufreq code uses cpu_online() and cpu_is_offline() in a mixed way - the low-level drivers use cpu_online(), while the cpufreq core uses cpu_is_offline(). This opened up the possibility to add the non-initialized sysdev device of the secondary core: cpufreq-core: trying to register driver powernow-k8 cpufreq-core: adding CPU 0 powernow-k8: BIOS error - no PSB or ACPI _PSS objects cpufreq-core: initialization failed cpufreq-core: adding CPU 1 cpufreq-core: initialization failed which then blew up. The fix is to make cpu_is_offline() always the negation of cpu_online(). With that fix applied the kernel boots up fine without crashing: Calling initcall 0xffffffff80cc0510: powernowk8_init+0x0/0x94() powernow-k8: Found 1 AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ processors (1 cpu cores) (version 2.20.00) powernow-k8: BIOS error - no PSB or ACPI _PSS objects initcall 0xffffffff80cc0510: powernowk8_init+0x0/0x94() returned -19. initcall 0xffffffff80cc0510 ran for 19 msecs: powernowk8_init+0x0/0x94() Calling initcall 0xffffffff80cc328f: init_lapic_nmi_sysfs+0x0/0x39() We could fix this by making CPU enumeration aware of max_cpus, but that would be more fragile IMO, and the cpu_online(cpu) != cpu_is_offline(cpu) possibility was quite confusing and a continuous source of bugs too. Most distributions have kernels with CPU hotplug enabled, so this bug remained hidden for a long time. Bug forensics: The broken cpu_is_offline() API variant was introduced via: commit a59d2e4e Author: Rusty Russell <rusty@rustcorp.com.au> Date: Mon Mar 8 06:06:03 2004 -0800 [PATCH] minor cleanups for hotplug CPUs ( this predates linux-2.6.git, this commit is available from Thomas's historic git tree. ) Then 1.5 years later the cpufreq code made use of it: commit c32b6b8e Author: Ashok Raj <ashok.raj@intel.com> Date: Sun Oct 30 14:59:54 2005 -0800 [PATCH] create and destroy cpufreq sysfs entries based on cpu notifiers + if (cpu_is_offline(cpu)) + return 0; which is a correct use of the subtly broken new API. v2.6.15 then shipped with this bug included. then it took two more years for random-kernel qa to hit it. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ingo Molnar authored
not sleeping for every codec read/write but doing a short udelay and a conditional reschedule has cut suspend+resume latency by about 1 second on my T60. The patch also fixes the unexpected codec-connection errors that happen more often in the new power-save mode: http://lkml.org/lkml/2007/11/8/255 http://bugzilla.kernel.org/show_bug.cgi?id=9332Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Akos Maroy authored
unfortunately 32 bit apps don't see the joysticks on a 64 bit system. this prevents one playing X-Plane (http://www.x-plane.com/) or other 32-bit games with joysticks. this is a known issue, and already raised several times: http://readlist.com/lists/vger.kernel.org/linux-kernel/28/144411.html http://www.brettcsmith.org/wiki/wiki.cgi?action=browse&diff=1&id=OzyComputer/Joystick unfortunately this is still not fixed in the mainline kernel. it would be nice to have this fixed, so that people can play these games without having to patch their kernel. the following patch solves the problem on 2.6.22. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Christoph Hellwig <hch@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
This reverts commit ac40532e, which gets us back the original cleanup of 6f5391c2. It turns out that the bug that was triggered by that commit was apparently not actually triggered by that commit at all, and just the testing conditions had changed enough to make it appear to be due to it. The real problem seems to have been found by Peter Osterlund: "pktcdvd sets it [block device size] when opening the /dev/pktcdvd device, but when the drive is later opened as /dev/scd0, there is nothing that sets it back. (Btw, 40944 is possible if the disk is a CDRW that was formatted with "cdrwtool -m 10236".) The problem is that pktcdvd opens the cd device in non-blocking mode when pktsetup is run, and doesn't close it again until pktsetup -d is run. The effect is that if you meanwhile open the cd device, blkdev.c:do_open() doesn't call bd_set_size() because bdev->bd_openers is non-zero." In particular, to repeat the bug (regardless of whether commit 6f5391c2 is applied or not): " 1. Start with an empty drive. 2. pktsetup 0 /dev/scd0 3. Insert a CD containing an isofs filesystem. 4. mount /dev/pktcdvd/0 /mnt/tmp 5. umount /mnt/tmp 6. Press the eject button. 7. Insert a DVD containing a non-writable filesystem. 8. mount /dev/scd0 /mnt/tmp 9. find /mnt/tmp -type f -print0 | xargs -0 sha1sum >/dev/null 10. If the DVD contains data beyond the physical size of a CD, you get I/O errors in the terminal, and dmesg reports lots of "attempt to access beyond end of device" errors." which in turn is because the nested open after the media change won't cause the size to be set properly (because the original open still holds the block device, and we only do the bd_set_size() when we don't have other people holding the device open). The proper fix for that is probably to just do something like bdev->bd_inode->i_size = (loff_t)get_capacity(disk)<<9; in fs/block_dev.c:do_open() even for the cases where we're not the original opener (but *not* call bd_set_size(), since that will also change the block size of the device). Cc: Peter Osterlund <petero2@telia.com> Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Cc: Matthew Wilcox <matthew@wil.cx> Cc: Ingo Molnar <mingo@elte.hu> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 04 Jan, 2008 14 commits
-
-
Dave Dillow authored
The SCSI SRP transport class currently iterates over all children devices of the host that is being removed in srp_remove_host(). However, not all of those children were created by the SRP transport, and removing them will cause corruption and an oops when their creator tries to remove them. Signed-off-by: David Dillow <dillowda@ornl.gov> Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: [ISDN]: i4l: Fix DLE handling for i4l-audio [ISDN] i4l: 'NO CARRIER' message lost after ldisc flush [CONNECTOR]: Return proper error code in cn_call_callback() [INET]: Fix netdev renaming and inet address labels [CASSINI]: Bump driver version and release date. [CASSINI]: Fix two obvious NAPI bugs. [CASSINI]: Set skb->truesize properly on receive packets. [CASSINI]: Program parent Intel31154 bridge when necessary. [CASSINI]: Revert 'dont touch page_count'. [CASSINI]: Fix endianness bug. [XFRM]: Do not define km_migrate() if !CONFIG_XFRM_MIGRATE [X25]: Add missing x25_neigh_put
-
Matthias Goebl authored
The DLE handling in i4l-audio seems to be broken. It produces spurious DLEs so asterisk 1.2.24 with chan_modem_i4l gets irritated, the error message is: "chan_modem_i4l.c:450 i4l_read: Value of escape is ^ (17)". -> There shouldn't be a DLE-^. If a spurious DLE-ETX occurs, the audio connection even dies. I use a "AVM Fritz!PCI" isdn card. I found two issues that only appear if ISDN_AUDIO_SKB_DLECOUNT(skb) > 0: - The loop in isdn_tty.c:isdn_tty_try_read() doesn't escape a DLE if it's the last character. - The loop in isdn_common.c:isdn_readbchan_tty() doesn't copy its characters, it only remembers the last one ("last = *p;"). Compare it with the loop in isdn_common.c:isdn_readbchan(), that *does* copy them ("*cp++ = *p;") correctly. The special handling of the "last" character made it more difficult. I compared it to linux-2.4.19: There was no "last"-handling and both loops did escape and copy all characters correctly. Signed-off-by: Matthias Goebl <matthias.goebl@goebl.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Matthias Goebl authored
The ISDN tty layer doesn't produce a 'NO CARRIER' message after hangup. I suppose it broke when tty_buffer_flush() has been added to tty_ldisc_flush() in the commit below. For isdn_tty_modem_result(RESULT_NO_CARRIER..) the message inserted via isdn_tty_at_cout() -> tty_insert_flip_char() is flushed immediately by tty_ldisc_flush() -> tty_buffer_flush(). More annoyingly, the audio abort sequence DLE-ETX is also lost. This patch fixes only active audio connections, because I assume that nobody changes the line discipline for audio. For non-audio connections the problem remains. Maybe we can remove the tty_ldisc_flush() in isdn_tty_modem_result() at all because it's done at tty_close? On Mon, May 07, 2007 at 04:05:57PM -0500, Paul Fulghum wrote: > Flush the tty flip buffer when the line discipline > input queue is flushed, including the user call > tcflush(TCIFLUSH/TCIOFLUSH). This prevents unexpected > stale data after a user application calls tcflush(). > > Cc: Alan Cox <alan@lxorguk.org.uk> > Cc: Antonino Ingargiola <tritemio@gmail.com> > Signed-off-by: Paul Fulghum <paulkf@microgate.com> > > --- a/drivers/char/tty_io.c 2007-05-04 05:46:55.000000000 -0500 > +++ b/drivers/char/tty_io.c 2007-05-05 03:23:46.000000000 -0500 > @@ -1240,6 +1263,7 @@ void tty_ldisc_flush(struct tty_struct * > ld->flush_buffer(tty); > tty_ldisc_deref(ld); > } > + tty_buffer_flush(tty); [..] Signed-off-by: Matthias Goebl <matthias.goebl@goebl.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Li Zefan authored
Error code should be set to EINVAL instead of ENODEV if !queue_work(). There's another call of queue_work() which may set err to EINVAL. Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mark McLoughlin authored
When re-naming an interface, the previous secondary address labels get lost e.g. $> brctl addbr foo $> ip addr add 192.168.0.1 dev foo $> ip addr add 192.168.0.2 dev foo label foo:00 $> ip addr show dev foo | grep inet inet 192.168.0.1/32 scope global foo inet 192.168.0.2/32 scope global foo:00 $> ip link set foo name bar $> ip addr show dev bar | grep inet inet 192.168.0.1/32 scope global bar inet 192.168.0.2/32 scope global bar:2 Turns out to be a simple thinko in inetdev_changename() - clearly we want to look at the address label, rather than the device name, for a suffix to retain. Signed-off-by: Mark McLoughlin <markmc@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
1) close should do napi_disable() not napi_enable 2) remove unused local var 'todo' Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
skb->truesize was not being incremented at all to reflect the page based data added to RX SKBs. Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
This reverts changeset fa4f0774 ([CASSINI]: dont touch page_count) because it breaks the driver. The local page counting added by this changeset did not account for the asynchronous page count changes done by kfree_skb() and friends. The change adds extra atomics and on top of it all appears to be totally unnecessary as well. Signed-off-by: David S. Miller <davem@davemloft.net> Acked-by: Nick Piggin <npiggin@suse.de>
-
Al Viro authored
Here's proposed fix for RX checksum handling in cassini; it affects little-endian working with half-duplex gigabit, but obviously needs testing on big-endian too. The problem is, we need to convert checksum to fixed-endian *before* correcting for (unstripped) FCS. On big-endian it won't matter (conversion is no-op), on little-endian it will, but only if FCS is not stripped by hardware; i.e. in half-duplex gigabit mode when ->crc_size is set. cassini.c part is that fix, cassini.h one consists of trivial endianness annotations. With that applied the sucker is endian-clean, according to sparse. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
In include/net/xfrm.h we find : #ifdef CONFIG_XFRM_MIGRATE extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type, struct xfrm_migrate *m, int num_bundles); ... #endif We can also guard the function body itself in net/xfrm/xfrm_state.c with same condition. (Problem spoted by sparse checker) make C=2 net/xfrm/xfrm_state.o ... net/xfrm/xfrm_state.c:1765:5: warning: symbol 'km_migrate' was not declared. Should it be static? ... Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Julia Lawall authored
The function x25_get_neigh increments a reference count. At the point of the second goto out, the result of calling x25_get_neigh is only stored in a local variable, and thus no one outside the function will be able to decrease the reference count. Thus, x25_neigh_put should be called before the return in this case. The problem was found using the following semantic match. (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ type T,T1,T2; identifier E; statement S; expression x1,x2,x3; int ret; @@ T E; ... * if ((E = x25_get_neigh(...)) == NULL) S ... when != x25_neigh_put(...,(T1)E,...) when != if (E != NULL) { ... x25_neigh_put(...,(T1)E,...); ...} when != x1 = (T1)E when != E = x3; when any if (...) { ... when != x25_neigh_put(...,(T2)E,...) when != if (E != NULL) { ... x25_neigh_put(...,(T2)E,...); ...} when != x2 = (T2)E ( * return; | * return ret; ) } // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 03 Jan, 2008 15 commits
-
-
Russ Anderson authored
Montecito and Montvale behaves slightly differently than previous Itanium processors, resulting in the MCA due to a failed PIO read to sometimes surfacing outside the nofault code. This code is based on discussions with Intel CPU architects and verified at customer sites. Signed-off-by: Russ Anderson <rja@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
-
Russ Anderson authored
I neglected to send Tony the most recent version of the patch ("Fix Altix BTE error return status") applied as commit: 64135fa9 This patch gets it up to date. Without this patch on shub2, if there is no error xpcBteUnmappedError is returned instead of xpcSuccess. Signed-off-by: Russ Anderson (rja@sgi.com) Signed-off-by: Tony Luck <tony.luck@intel.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/roland/infinibandLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: IB/srp: Fix list corruption/oops on module reload
-
Samuel Thibault authored
The console is now by default in UTF-8 mode. Fix the documentation on the default value, so that we can explain behaviour that otherwise causes bug-reports like this: http://bugzilla.kernel.org/show_bug.cgi?id=9319 Also add the needed "vt." prefix, so that the boot-time config options to switch back to the legacy 8-bit mode is actually documented correctly. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://lm-sensors.org/kernel/mhoffman/hwmon-2.6Linus Torvalds authored
* 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6: hwmon: (w83627ehf) Be more careful when changing VID input level
-
git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-schedLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched: sched: fix gcc warnings
-
git://git.linux-nfs.org/pub/linux/nfs-2.6Linus Torvalds authored
* git://git.linux-nfs.org/pub/linux/nfs-2.6: NFSv4: Fix open_to_lock_owner sequenceid allocation... NFSv4: nfs4_open_confirm must not set the open_owner as confirmed on error NFS: add newline to kernel warning message in auth_gss code NFSv4: Fix circular locking dependency in nfs4_kill_renewd NFS: Fix a possible Oops in fs/nfs/super.c
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: [SCSI] scsi_sysfs: restore prep_fn when ULD is removed
-
David Dillow authored
Add a missing call to srp_remove_host() in srp_remove_one() so that we don't leak SRP transport class list entries. Tested-by: David Dillow <dillowda@ornl.gov> Acked-by: FUJITA Tomonori <tomof@acm.org> Signed-off-by: Roland Dreier <rolandd@cisco.com>
-
Trond Myklebust authored
NFSv4 file locking is currently completely broken since it doesn't respect the OPEN sequencing when it is given an unconfirmed lock_owner and needs to do an open_to_lock_owner. Worse: it breaks the sunrpc rules by doing a GFP_KERNEL allocation inside an rpciod callback. Fix is to preallocate the open seqid structure in nfs4_alloc_lockdata if we see that the lock_owner is unconfirmed. Then, in nfs4_lock_prepare() we wait for either the open_seqid, if the lock_owner is still unconfirmed, or else fall back to waiting on the standard lock_seqid. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Trond Myklebust authored
RFC3530 states that the open_owner is confirmed if and only if the client sends an OPEN_CONFIRM request with the appropriate sequence id and stateid within the lease period. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
James Morris authored
Add newline to kernel warning message in gss_create(). Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Trond Myklebust authored
Erez Zadok reports: ======================================================= [ INFO: possible circular locking dependency detected ] 2.6.24-rc6-unionfs2 #80 ------------------------------------------------------- umount.nfs4/4017 is trying to acquire lock: (&(&clp->cl_renewd)->work){--..}, at: [<c0223e53>] __cancel_work_timer+0x83/0x17f but task is already holding lock: (&clp->cl_sem){----}, at: [<f8879897>] nfs4_kill_renewd+0x17/0x29 [nfs] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&clp->cl_sem){----}: [<c0230699>] __lock_acquire+0x9cc/0xb95 [<c0230c39>] lock_acquire+0x5f/0x78 [<c0397cb8>] down_read+0x3a/0x4c [<f88798e6>] nfs4_renew_state+0x1c/0x1b8 [nfs] [<c0223821>] run_workqueue+0xd9/0x1ac [<c0224220>] worker_thread+0x7a/0x86 [<c0226b49>] kthread+0x3b/0x62 [<c02033a3>] kernel_thread_helper+0x7/0x10 [<ffffffff>] 0xffffffff -> #0 (&(&clp->cl_renewd)->work){--..}: [<c0230589>] __lock_acquire+0x8bc/0xb95 [<c0230c39>] lock_acquire+0x5f/0x78 [<c0223e87>] __cancel_work_timer+0xb7/0x17f [<c0223f5a>] cancel_delayed_work_sync+0xb/0xd [<f887989e>] nfs4_kill_renewd+0x1e/0x29 [nfs] [<f885a8f6>] nfs_free_client+0x37/0x9e [nfs] [<f885ab20>] nfs_put_client+0x5d/0x62 [nfs] [<f885ab9a>] nfs_free_server+0x75/0xae [nfs] [<f8862672>] nfs4_kill_super+0x27/0x2b [nfs] [<c0258aab>] deactivate_super+0x3f/0x51 [<c0269668>] mntput_no_expire+0x42/0x67 [<c025d0e4>] path_release_on_umount+0x15/0x18 [<c0269d30>] sys_umount+0x1a3/0x1cb [<c0269d71>] sys_oldumount+0x19/0x1b [<c02026ca>] sysenter_past_esp+0x5f/0xa5 [<ffffffff>] 0xffffffff Looking at the code, it would seem that taking the clp->cl_sem in nfs4_kill_renewd is completely redundant, since we're already guaranteed to have exclusive access to the nfs_client (we're shutting down). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Trond Myklebust authored
Sigh... commit 4584f520 (NFS: Fix NFS mountpoint crossing...) had a slight flaw: server can be NULL if sget() returned an existing superblock. Fix the fix by dereferencing s->s_fs_info. Thanks to Coverity/Adrian Bunk and Frank Filz for spotting the bug. (See http://bugzilla.kernel.org/show_bug.cgi?id=9647) Also add in the same namespace Oops fix for NFSv4 in both the mountpoint crossing case, and the referral case. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Jean Delvare authored
The VID input level change has been reported to cause trouble. Be more careful in this respect: * Only change the level on the W83627EHF/EHG. The W83627DHG is more complex in this respect. * Don't change the level if the VID pins are in output mode. * Only set the level to TTL if VRM 9.x is used. Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
-
- 02 Jan, 2008 6 commits
-
-
Linus Torvalds authored
The previous commit missed one use of "may_attach()" that had been renamed to __ptrace_may_attach(). Tssk, tssk, Al. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Al Viro authored
Contents of /proc/*/maps is sensitive and may become sensitive after open() (e.g. if target originally shares our ->mm and later does exec on suid-root binary). Check at read() (actually, ->start() of iterator) time that mm_struct we'd grabbed and locked is - still the ->mm of target - equal to reader's ->mm or the target is ptracable by reader. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Rik van Riel <riel@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ingo Molnar authored
This reverts commit 6f5391c2 ("[SCSI] Get rid of scsi_cmnd->done") that was supposed to be a cleanup commit, but apparently it causes regressions: Bug 9370 - v2.6.24-rc2-409-g9418d5dc: attempt to access beyond end of device http://bugzilla.kernel.org/show_bug.cgi?id=9370 this patch should be reintroduced in a more split-up form to make testing of it easier. Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Matthew Wilcox <matthew@wil.cx> Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
Both SLUB and SLAB really did almost exactly the same thing for /proc/slabinfo setup, using duplicate code and per-allocator #ifdef's. This just creates a common CONFIG_SLABINFO that is enabled by both SLUB and SLAB, and shares all the setup code. Maybe SLOB will want this some day too. Reviewed-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
James Bottomley authored
A recent bug report: http://bugzilla.kernel.org/show_bug.cgi?id=9674 Was caused because the ULDs now set their own prep functions, but don't necessarily reset the prep function back to the SCSI default when they are removed. This leads to panics if commands are sent to the device after the module is removed because the prep_fn is still pointing to the old module code. The fix for this is to implement a bus remove method that resets the prep_fn pointer correctly before calling the ULD specific driver remove method. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-
Pekka Enberg authored
We need to register slabinfo to procfs when CONFIG_SLUB is enabled to make the file actually visible to user-space. Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-