- 16 Sep, 2011 6 commits
-
-
Nicholas Bellinger authored
This patch fixes a bug in the iscsit_fe_sendpage_sg() transmit codepath that was originally introduced with the v3.1 iscsi-target merge that incorrectly uses hardcoded cmd->iov_data_count values to determine cmd->iov_data[] offsets for extra outgoing padding and DataDigest payload vectors. This code is obviously incorrect for the DataDigest enabled case with sendpage offload, and this fix ensures correct operation for padding + DataDigest, padding only, and DataDigest only cases. The bug was introduced during a pre-merge change in iscsit_fe_sendpage_sg() to natively use struct scatterlist instead of the legacy v3.0 struct se_mem logic. Cc: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by:Nicholas Bellinger <nab@linux-iscsi.org>
-
Nicholas Bellinger authored
This patch makes iscsi-target explictly disable OFMarker=Yes and IFMarker=yes parameter key usage during iscsi login by setting IFMarkInt_Reject and OFMarkInt_Reject values in iscsi_enforce_integrity_rules() to effectively disable iscsi marker usage. With this patch, an initiator proposer asking to enable either marker parameter keys will be issued a 'No' response, and the target sets OFMarkInt + IFMarkInt parameter key response to 'Irrelevant'. With markers disabled during iscsi login, this patch removes the problematic on-stack local-scope array for marker intervals in iscsit_do_rx_data() + iscsit_do_tx_data(), and other related marker code in iscsi_target_util.c. This fixes a potentional stack smashing scenario with small range markers enabled and a large MRDSL as reported by DanC here: [bug report] target: stack can be smashed http://www.spinics.net/lists/target-devel/msg00453.htmlReported-by:
Dan Carpenter <error27@gmail.com> Signed-off-by:
-
Nicholas Bellinger authored
This patch adds target_parse_naa_6h_vendor_specific() to address a bug where the conversion of PRODUCT SERIAL NUMBER to use hex2bin() in target_emulate_evpd_83() was not doing proper isxdigit() checking. This conversion of the vpd_unit_serial configifs attribute is done while generating a VPD=0x83 NAA IEEE Registered Extended DESIGNATOR format's 100 bits of unique VENDOR SPECIFIC IDENTIFIER + VENDOR SPECIFIC IDENTIFIER EXTENSION area. This patch allows vpd_unit_serial (VPD=0x80) and the T10 Vendor ID DESIGNATOR format (VPD=0x83) to continue to use free-form variable length ASCII values, and now skips any non hex characters for fixed length NAA IEEE Registered Extended DESIGNATOR format (VPD=0x83) requring the binary conversion. This was originally reported by Martin after the v3.1-rc1 change to use hex2bin() in commit 11650b85 where the use of non hex characters in vpd_unit_serial generated different values than the original v3.0 internal hex -> binary code. This v3.1 change caused a problem with filesystems who write a NAA DESIGNATOR onto it's ondisk metadata, and this patch will (again) change existing values to ensure that non hex characters are not included in the fixed length NAA DESIGNATOR. Note this patch still expects vpd_unit_serial to be set via existing userspace methods of uuid generation, and does not do strict formatting via configfs input. The original bug report and thread can be found here: NAA breakage http://www.spinics.net/lists/target-devel/msg00477.html The v3.1-rc1 formatting of VPD=0x83 w/o this patch: VPD INQUIRY: Device Identification page Designation descriptor number 1, descriptor length: 20 designator_type: NAA, code_set: Binary associated with the addressed logical unit NAA 6, IEEE Company_id: 0x1405 Vendor Specific Identifier: 0xffde35ebf Vendor Specific Identifier Extension: 0x3092f498ffa820f9 [0x6001405ffde35ebf3092f498ffa820f9] Designation descriptor number 2, descriptor length: 56 designator_type: T10 vendor identification, code_set: ASCII associated with the addressed logical unit vendor id: LIO-ORG vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1 The v3.1-final formatting of VPD=0x83 w/ this patch: VPD INQUIRY: Device Identification page Designation descriptor number 1, descriptor length: 20 designator_type: NAA, code_set: Binary associated with the addressed logical unit NAA 6, IEEE Company_id: 0x1405 Vendor Specific Identifier: 0xffde35ec3 Vendor Specific Identifier Extension: 0x924980a82091763 [0x6001405ffde35ec30924980a82091763] Designation descriptor number 2, descriptor length: 56 designator_type: T10 vendor identification, code_set: ASCII associated with the addressed logical unit vendor id: LIO-ORG vendor specific: IBLOCK:ffde35ec-3092-4980-a820-917636ca54f1 (v2: Fix parsing code to dereference + check for string terminator instead of null pointer to ensure a zeroed payload for vpd_unit_serial less than 100 bits of NAA DESIGNATOR VENDOR SPECIFIC area. Also, remove the unnecessary bitwise assignment) Reported-by:
Martin Svec <martin.svec@zoner.cz> Signed-off-by:
-
Christoph Hellwig authored
Problem: Changed from wake_up_interruptible -> wake_up_process and wait_event_interruptible-> schedule_timeout_interruptible broke the FCoE target. Earlier approach of wake_up_interruptible was also looking at 'queue_cnt' which is not necessary, because it increment of 'queue_cnt' with wake_up_inetrriptible / waker_up_process introduces race condition. Fix: Instead of fixing the code which used wake_up_process and remove 'queue_cnt', using work_queue based approach is cleaner and acheives same result. As well, work queue based approach has less programming overhead and OS manages threads which processes work queues. This patch is developed by Christoph Hellwig and reviwed+validated by Kiran Patil. Signed-off-by:
Christoph Hellwig <hch@lst.de> Signed-off-by:
Kiran Patil <kiran.patil@intel.com> Signed-off-by:
-
Kiran Patil authored
Problem: HW DDP context wasn;t invalidated in case of ABORTS, etc... This leads to the problem where memory pages which are used for DDP as user descriptor could get reused for some other purpose (such as to satisfy new memory allocation request either by kernel or user mode threads) and since HW DDP context was not invalidated, HW continue to write to those pages, hence causing memory corruption. Fix: Either on incoming ABORTS or due to exchange time out, allowed the target to cleanup HW DDP context if it was setup for respective ft_cmd. Added new function to perform this cleanup, furthur it can be enhanced for other cleanup activity. Additinal Notes: To avoid calling ddp_done from multiple places, composed the functionality in helper function "ft_invl_hw_context" and it is being called from multiple places. Cleaned up code in function "ft_recv_write_data" w.r.t DDP. Signed-off-by:
-
Roland Dreier authored
When work is scheduled with schedule_work(), the work can end up running on multiple CPUs at the same time -- this happens if the work is already running on one CPU and schedule_work() is called on another CPU. This leads to list corruption with target_qf_do_work(), which is roughly doing: spin_lock(...); list_for_each_entry_safe(...) { list_del(...); spin_unlock(...); // do stuff spin_lock(...); } With multiple CPUs running this code, one CPU can end up deleting the list entry that the other CPU is about to work on. Fix this by splicing the list entries onto a local list and then operating on that in the work function. This way, each invocation of target_qf_do_work() operates on its own local list and so multiple invocations don't corrupt each other's list. This also avoids dropping and reacquiring the lock for each list entry. Signed-off-by:Roland Dreier <roland@purestorage.com> Signed-off-by:
-
- 15 Sep, 2011 31 commits
-
-
Linus Torvalds authored
On x86-64, they were just wasteful: with the explicitly added (now unnecessary) padding, the size of the alternatives structure was 16 bytes, and an alignment of 8 bytes didn't hurt much. However, it was still silly, since the natural size and alignment for the structure is actually just 12 bytes, 4-byte aligned since commit 59e97e4d ("x86: Make alternative instruction pointers relative"). So removing the padding, and removing the extra alignment is just a good idea. On x86-32, the alignment of 4 bytes was correct, but was incorrectly hardcoded as 8 bytes in <asm/alternative-asm.h>. That header file had used to be an x86-64 only header file, but various unification efforts have made it be used for x86-32 too (ie the unification of rwlock and rwsem). That in turn caused x86-32 boot failures, because the extra alignment would result in random zero-filled words in the altinstructions section, causing oopses early at boot when doing alternative instruction replacement. So just remove all the alignment noise entirely. It's wrong, and it's unnecessary. The section itself is already properly aligned by the linker scripts, and all additions to the section had better be of the proper 12-byte format, keeping it aligned. So if the align directive were to ever make a difference, that would be an indication of a serious bug to begin with. Reported-by:
Werner Landgraf <w.landgraf@ru.r> Acked-by:
Andrew Lutomirski <luto@mit.edu> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds authored
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: nfs: Do not allow multiple mounts on same mountpoint when using -o noac NFS: Fix a typo in nfs_flush_multi NFSv4: renewd needs to be able to handle the NFS4ERR_CB_PATH_DOWN error NFSv4: The NFSv4.0 client must send RENEW calls if it holds a delegation NFSv4: nfs4_proc_renew should be declared static NFSv4: nfs4_proc_async_renew should use a GFP_NOFS allocation
-
git://github.com/groeck/linuxLinus Torvalds authored
* 'hwmon-for-linus' of git://github.com/groeck/linux: hwmon: (coretemp) Initialize tmin hwmon: (pmbus) Fix low limit temperature alarms
-
Christoph Hellwig authored
generic_check_addressable can't deal with hfsplus's larger than page size allocation blocks, so simply opencode the checks that we actually need in hfsplus_fill_super. Signed-off-by:
Christoph Hellwig <hch@tuxera.com> Reported-by:
Pavel Ivanov <paivanof@gmail.com> Tested-by:
-
Seth Forshee authored
Commit 6596528e ("hfsplus: ensure bio requests are not smaller than the hardware sectors") changed the pointers used for volume header allocations but failed to free the correct pointers in the error path path of hfsplus_fill_super() and hfsplus_read_wrapper. The second hunk came from a separate patch by Pavel Ivanov. Reported-by:
Seth Forshee <seth.forshee@canonical.com> Signed-off-by:
-
Shaohua Li authored
The found entries by find_get_pages() could be all swap entries. In this case we skip the entries, but make sure the skipped entries are accounted, so we don't keep looping. Using nr_found > nr_skip to simplify code as suggested by Eric. Reported-and-tested-by:
Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by:
Shaohua Li <shaohua.li@intel.com> Signed-off-by:
-
Russell King authored
Building a kernel with hotplug disabled results in a link failure: `bgpio_remove' referenced in section `___ksymtab_gpl+bgpio_remove' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o This is because of bgpio_remove() is exported. It is illegal to export symbols which are discarded either at link time or as part of an init/exit section. Fix this by dropping the __devexit attributation from bgpio_remove(). Also drop the __devinit attributation from bgpio_init(). Signed-off-by:
Russell King <rmk+kernel@arm.linux.org.uk> Cc: Grant Likely <grant.likely@secretlab.ca> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Thomas Tuttle authored
Take cwq->gcwq->lock to avoid racing between drain_workqueue checking to make sure the workqueues are empty and cwq_dec_nr_in_flight decrementing and then incrementing nr_active when it activates a delayed work. We discovered this when a corner case in one of our drivers resulted in us trying to destroy a workqueue in which the remaining work would always requeue itself again in the same workqueue. We would hit this race condition and trip the BUG_ON on workqueue.c:3080. Signed-off-by:
Thomas Tuttle <ttuttle@chromium.org> Acked-by:
Tejun Heo <tj@kernel.org> Cc: <stable@kernel.org> Signed-off-by:
-
Benny Halevy authored
Acked-by:
Boaz Harrosh <bharrosh@panasas.com> Signed-off-by:
Benny Halevy <bhalevy@tonian.com> Signed-off-by:
-
Naga Chumbalkar authored
per_cpu(processors, n) can be NULL, resulting in: Loading CPUFreq modules[ 437.661360] BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<ffffffffa0434314>] pcc_cpufreq_cpu_init+0x74/0x220 [pcc_cpufreq] It's better to avoid the oops by failing the driver, and allowing the system to boot. Signed-off-by:
Naga Chumbalkar <nagananda.chumbalkar@hp.com> Cc: Dave Jones <davej@codemonkey.org.uk> Cc: Len Brown <lenb@kernel.org> Cc: <stable@kernel.org> Signed-off-by:
-
Donggeun Kim authored
The driver does not generate an alarm interrupt even though a time for an alarm is set. This results from disabling rtc_clk after setting the alarm time. To generate an alarm interrupt the driver should maintain its enabled state for rtc_clk the until alarm interrupt occurs. This patch permits generation of an alarm interrupt. [akpm@linux-foundation.org: make s3c_rtc_alarm_clk_lock local to s3c_rtc_alarm_clk_enable()] Signed-off-by:
Donggeun Kim <dg77.kim@samsung.com> Signed-off-by:
MyungJoo Ham <myungjoo.ham@samsung.com> Signed-off-by:
Kyungmin Park <kyungmin.park@samsung.com> Signed-off-by:
-
Johan Hovold authored
Fix regression introduced by commit 5ada28bf ("led-class: always implement blinking") which broke sysfs delay handling by not storing the updated value. Consequently it was only possible to set one of the delays through the sysfs interface as the other delay was automatically restored to it's default value. Reading the parameters always gave the defaults. Signed-off-by:
Johan Hovold <jhovold@gmail.com> Acked-by:
Florian Fainelli <florian@openwrt.org> Acked-by:
Richard Purdie <richard.purdie@linuxfoundation.org> Cc: <stable@kernel.org> [2.6.37+] Signed-off-by:
-
Jesper Juhl authored
In drivers/misc/pti.c::pti_control_frame_built_and_sent() we assign 'comm' to 'thread_name_p' if (!thread_name). The problem is that 'comm' then goes out of scope and later we use 'thread_name_p' which now refers to an out-of-scope variable. To fix that, simply move 'comm' up to have function scope. Signed-off-by:
Jesper Juhl <jj@chaosbits.net> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: J Freyensee <james_p_freyensee@linux.intel.com> Cc: Jeremy Rocher <rocher.jeremy@gmail.com> Cc: Sergei Trofimovich <slyfox@gentoo.org> Signed-off-by:
-
WANG Cong authored
Fix these errors: drivers/tty/serial/crisv10.c:4453: error: 'if_ser0' undeclared (first use in this function): 2 errors in 2 logs drivers/tty/serial/crisv10.c:4453: error: (Each undeclared identifier is reported only once: 2 errors in 2 logs drivers/tty/serial/crisv10.c:4453: error: for each function it appears in.): 2 errors in 2 logs "if_ser0" is a typo, it should be "if_serial_0". Signed-off-by:WANG Cong <xiyou.wangcong@gmail.com> Cc: Mikael Starvik <starvik@axis.com> Cc: Jesper Nilsson <jesper.nilsson@axis.com> Signed-off-by:
-
David Vrabel authored
Xen backend drivers (e.g., blkback and netback) would sometimes fail to map grant pages into the vmalloc address space allocated with alloc_vm_area(). The GNTTABOP_map_grant_ref would fail because Xen could not find the page (in the L2 table) containing the PTEs it needed to update. (XEN) mm.c:3846:d0 Could not find L1 PTE for address fbb42000 netback and blkback were making the hypercall from a kernel thread where task->active_mm != &init_mm and alloc_vm_area() was only updating the page tables for init_mm. The usual method of deferring the update to the page tables of other processes (i.e., after taking a fault) doesn't work as a fault cannot occur during the hypercall. This would work on some systems depending on what else was using vmalloc. Fix this by reverting ef691947 ("vmalloc: remove vmalloc_sync_all() from alloc_vm_area()") and add a comment to explain why it's needed. Signed-off-by:
David Vrabel <david.vrabel@citrix.com> Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Ian Campbell <Ian.Campbell@citrix.com> Cc: Keir Fraser <keir.xen@gmail.com> Cc: <stable@kernel.org> [3.0.x] Signed-off-by:
-
Johannes Weiner authored
Revert the post-3.0 commit 82f9d486 ("memcg: add memory.vmscan_stat"). The implementation of per-memcg reclaim statistics violates how memcg hierarchies usually behave: hierarchically. The reclaim statistics are accounted to child memcgs and the parent hitting the limit, but not to hierarchy levels in between. Usually, hierarchical statistics are perfectly recursive, with each level representing the sum of itself and all its children. Since this exports statistics to userspace, this may lead to confusion and problems with changing things after the release, so revert it now, we can try again later. Signed-off-by:
Johannes Weiner <jweiner@redhat.com> Acked-by:
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> Cc: Michal Hocko <mhocko@suse.cz> Cc: Ying Han <yinghan@google.com> Cc: Balbir Singh <bsingharora@gmail.com> Signed-off-by:
-
Johannes Weiner authored
Without swap, anonymous pages are not scanned. As such, they should not count when considering force-scanning a small target if there is no swap. Otherwise, targets are not force-scanned even when their effective scan number is zero and the other conditions--kswapd/memcg--apply. This fixes 246e87a9 ("memcg: fix get_scan_count() for small targets"). [akpm@linux-foundation.org: fix comment] Signed-off-by:
Michal Hocko <mhocko@suse.cz> Cc: Ying Han <yinghan@google.com> Cc: Balbir Singh <bsingharora@gmail.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp> Acked-by:
Mel Gorman <mel@csn.ul.ie> Signed-off-by:
-
Axel Lin authored
Include linux/sched.h to fix below build error. CC drivers/rtc/rtc-imxdi.o drivers/rtc/rtc-imxdi.c: In function 'di_write_wait': drivers/rtc/rtc-imxdi.c:168: error: 'TASK_INTERRUPTIBLE' undeclared (first use in this function) drivers/rtc/rtc-imxdi.c:168: error: (Each undeclared identifier is reported only once drivers/rtc/rtc-imxdi.c:168: error: for each function it appears in.) drivers/rtc/rtc-imxdi.c:168: error: implicit declaration of function 'signal_pending' drivers/rtc/rtc-imxdi.c:168: error: implicit declaration of function 'schedule_timeout' drivers/rtc/rtc-imxdi.c: In function 'dryice_norm_irq': drivers/rtc/rtc-imxdi.c:329: error: 'TASK_INTERRUPTIBLE' undeclared (first use in this function) Signed-off-by:Axel Lin <axel.lin@gmail.com> Cc: Baruch Siach <baruch@tkos.co.il> Cc: Wan ZongShun <mcuos.com@gmail.com> Cc: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by:
-
Ben Hutchings authored
Since GPIOLIB is optional on alpha, GENERIC_GPIO must not be selected by default. If GPIOLIB is enabled, it will select GENERIC_GPIO. See <http://bugs.debian.org/638696> for an example of what 'def_bool y' breaks. Reported-by:
Michael Cree <mcree@orcon.net.nz> Signed-off-by:
Ben Hutchings <ben@decadent.org.uk> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Matt Turner <mattst88@gmail.com> Cc: Michael Cree <mcree@orcon.net.nz> Cc: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by:
-
Al Viro authored
richard@nod.at: Fixes: /usr/lib/gcc/x86_64-linux-gnu/4.4.5/../../../../lib/libc.a(strrchr.o): In function `rindex': (.text+0x0): multiple definition of `strrchr' If both STATIC_LINK and UML_NET_VDE are set to "y" libc's strrchr may clash with the kernel implementation. This workaround comes originally from Jeff Dike: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494995#35Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
Richard Weinberger <richard@nod.at> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by:
-
Al Viro authored
1) take subarch-specific stuff to subarch_ptrace() 2) PTRACE_{PEEK,POKE}{TEXT,DATA} is handled by ptrace_request() just fine... Signed-off-by: -
Al Viro authored
It's 32bit-only, not 64bit-only... And while we are at it, it's set_fpxregs(), not set_fpregs()... Signed-off-by:
-
Al Viro authored
while not doing free_irq() from irq handler is commendable, kfree() on the data passed to said handler before free_irq() is Not Good(tm). Freeing the stack it's being run on is also not nice... Solution: delay actually freeing stuff. Signed-off-by:
-
Al Viro authored
... so set winch->fd to -1 before doing free_irq(), to avoid having winch_interrupt() come from/during the latter and attempt to do reactivate_fd() on something that's already gone. Signed-off-by:
-
Al Viro authored
tty->count is decremented only after ->close() had been called and several tasks can hit it in parallel. As the result, using tty->count to check if you are the last one is broken. We end up leaving line->tty not reset to NULL and the next IRQ on that sucker will blow up trying to dereference pointers from kfree'd struct tty. Fix is obvious: we need to use a counter of our own. Signed-off-by:
-
Ingo van Lil authored
Some time ago Jeff prepared 42daba31 ("uml: stop saving process FP state") for UML to stop saving the process FP state between task switches. The assumption was that since with SKAS0 every guest process runs inside a host process context the host OS will take care of keeping the proper FP state. Unfortunately this is not true for multi-threaded applications, where all guest threads share a single host process context yet all may use the FPU on their own. Although I haven't verified it I suspect things to be even worse in SKAS3 mode where all guest processes run inside a single host process. The patch reintroduces the saving and restoring of the FP context between task switches. [richard@nod.at: Ingo posted this patch in 2009, sadly it was never applied and got lost. Now in 2011 the problem was reported by Gunnar.] Signed-off-by:
Ingo van Lil <inguin@gmx.de> Signed-off-by:
-
Jonathan Neuschäfer authored
I could use out_close1, but that seems to be the code path to close the fd returned by os_create_unix_socket, and using it to close the fd returned by mkstemp might lead to some confusion, so I don't do it. Signed-off-by:
Jonathan Neuschäfer <j.neuschaefer@gmx.net> Signed-off-by:
-
Thadeu Lima de Souza Cascardo authored
Commit b789ef51 ("slub: Add cmpxchg_double_slab()") tests for cmpxchg_double support in the SLUB code and it breaks UML builds with SLUB. Since UML does not support checking for CPU features, disable CMPXCHG_DOUBLE just like CMPXCHG_LOCAL is disabled for UML. Signed-off-by:
Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com> Reviewed-by:
Christoph Lameter <cl@linux.com> Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Signed-off-by:
-
David Rientjes authored
The vmstat_text array is only defined for CONFIG_SYSFS or CONFIG_PROC_FS, yet it is referenced for per-node vmstat with CONFIG_NUMA: drivers/built-in.o: In function `node_read_vmstat': node.c:(.text+0x1106df): undefined reference to `vmstat_text' Introduced in commit fa25c503 ("mm: per-node vmstat: show proper vmstats"). Define the array for CONFIG_NUMA as well. [akpm@linux-foundation.org: remove unneeded ifdefs] Signed-off-by:
David Rientjes <rientjes@google.com> Reported-by:
Cong Wang <amwang@redhat.com> Acked-by:
Randy Dunlap <rdunlap@xenotime.net> Signed-off-by:
-
KAMEZAWA Hiroyuki authored
When compiling mm/mempolicy.c with struct user copy checks the following warning is shown: In file included from arch/x86/include/asm/uaccess.h:572, from include/linux/uaccess.h:5, from include/linux/highmem.h:7, from include/linux/pagemap.h:10, from include/linux/mempolicy.h:70, from mm/mempolicy.c:68: In function `copy_from_user', inlined from `compat_sys_get_mempolicy' at mm/mempolicy.c:1415: arch/x86/include/asm/uaccess_64.h:64: warning: call to `copy_from_user_overflow' declared with attribute warning: copy_from_user() buffer size is not provably correct LD mm/built-in.o Fix this by passing correct buffer size value. Signed-off-by: -
Caspar Zhang authored
commit 9d8cebd4 ("mm: fix mbind vma merge problem") didn't really fix the mbind vma merge problem due to wrong pgoff value passing to vma_merge(), which made vma_merge() always return NULL. Before the patch applied, we are getting a result like: addr = 0x7fa58f00c000 [snip] 7fa58f00c000-7fa58f00d000 rw-p 00000000 00:00 0 7fa58f00d000-7fa58f00e000 rw-p 00000000 00:00 0 7fa58f00e000-7fa58f00f000 rw-p 00000000 00:00 0 here 7fa58f00c000->7fa58f00f000 we get 3 VMAs which are expected to be merged described as described in commit 9d8cebd4. Re-testing the patched kernel with the reproducer provided in commit 9d8cebd4, we get the correct result: addr = 0x7ffa5aaa2000 [snip] 7ffa5aaa2000-7ffa5aaa6000 rw-p 00000000 00:00 0 7fffd556f000-7fffd5584000 rw-p 00000000 00:00 0 [stack] Signed-off-by:
Caspar Zhang <caspar@casparzhang.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: Mel Gorman <mel@csn.ul.ie> Cc: Lee Schermerhorn <lee.schermerhorn@hp.com> Cc: Minchan Kim <minchan.kim@gmail.com> Signed-off-by:
-
- 14 Sep, 2011 3 commits
-
-
git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6Linus Torvalds authored
* git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6: (25 commits) [SCSI] bnx2i: Fixed the endian on TTT for NOP out transmission [SCSI] libfc: fix referencing to fc_fcp_pkt from the frame pointer via fr_fsp() [SCSI] libfc: block SCSI eh thread for blocked rports [SCSI] libfc: fix fc_eh_host_reset [SCSI] fcoe: Fix deadlock between fip's recv_work and rtnl [SCSI] qla2xxx: Update version number to 8.03.07.07-k. [SCSI] qla2xxx: Set the task attributes after memsetting fcp cmnd. [SCSI] qla2xxx: Correct inadvertent loop state transitions during port-update handling. [SCSI] qla2xxx: Save and restore irq in the response queue interrupt handler. [SCSI] qla2xxx: Double check for command completion if abort mailbox command fails. [SCSI] qla2xxx: Acquire hardware lock while manipulating dsd list. [SCSI] qla2xxx: Fix qla24xx revision check while enabling interrupts. [SCSI] qla2xxx: T10 DIF - Fix incorrect error reporting. [SCSI] qla2xxx: T10 DIF - Handle uninitalized sectors. [SCSI] hpsa: fix physical device lun and target numbering problem [SCSI] hpsa: fix problem that OBDR devices are not detected [SCSI] isci: add version number [SCSI] isci: fix event-get pointer increment [SCSI] isci: dynamic interrupt coalescing [SCSI] isci: Leave requests alone if already terminating. ...
-
git://oss.sgi.com/xfs/xfsLinus Torvalds authored
* 'for-linus' of git://oss.sgi.com/xfs/xfs: xfs: fix a use after free in xfs_end_io_direct_write
-
Al Viro authored
We used to get the victim pinned by dentry_unhash() prior to commit 64252c75 ("vfs: remove dget() from dentry_unhash()") and ->rmdir() and ->rename() instances relied on that; most of them don't care, but ones that used d_delete() themselves do. As the result, we are getting rmdir() oopses on NFS now. Just grab the reference before locking the victim and drop it explicitly after unlocking, same as vfs_rename_other() does. Signed-off-by:
Simon Kirby <sim@hostway.ca> Cc: stable@kernel.org (3.0.x) Signed-off-by:
-
