- 05 Feb, 2010 5 commits
-
-
Peter Huewe authored
Trivial patch which adds the __init/__exit macros to the module_init/ module_exit functions of drivers/isdn/hardware/mISDN/mISDNisar.c Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Robert P. J. Day authored
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Peter Huewe authored
Trivial patch which adds the __init/__exit macros to the module_init/ module_exit functions of uwb/i1480/i1480-est.c Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Acked-by: David Vrabel <david.vrabel@csr.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Adam Buchbinder authored
Some comments misspell "should" or "shouldn't"; this fixes them. No code changes. Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Adam Buchbinder authored
Some comments misspell "successful" or variants of the word; this fixes them. No code changes. Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
- 04 Feb, 2010 14 commits
-
-
Jasper Spaans authored
Make the comment match the code, this also holds for intel systems, according to probe_64.c in the same directory. Signed-off-by: Jasper Spaans <spaans@fox-it.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Shaun Patterson authored
Signed-off-by: Shaun Patterson <shaunpatterson@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Rudy Matela authored
Added a space separating some if/switch/while keywords from the following parenthesis to conform to the CodingStyle. Signed-off-by: Rudy Matela <rudy.matela@gmail.com> Acked-by: Krzysztof Halasa <khc@pm.waw.pl> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Julia Lawall authored
As an identical match is wanted in this case, strcmp can be used instead. The semantic match that lead to detecting this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression foo; constant char *abc; @@ *strncmp(foo, abc, sizeof(abc)) // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Anders Larsen <al@alarsen.net> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Ali Gholami Rudi authored
Signed-off-by: Ali Gholami Rudi <ali@rudi.ir> Acked-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Adam Buchbinder authored
Some string messages misspell "separate"; this fixes them. No change in functionality. Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Adam Buchbinder authored
Some comments misspell "invocation"; this fixes them. No code changes. Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Adam Buchbinder authored
Some comments misspell "truly"; this fixes them. No code changes. Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Adam Buchbinder authored
A label reads 'truely_dead' rather than 'truly_dead'; this fixes it. No change in functionality. Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Adam Buchbinder authored
Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Sebastian Andrzej Siewior authored
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
Geert Uytterhoeven authored
After commit e0c09786 ("ataflop: remove buggy/commented-out IRQ disable from do_fd_request()") the `flags' variable became unused: drivers/block/ataflop.c:1473: warning: unused variable 'flags' Hence remove it. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
git://git.monstr.eu/linux-2.6-microblazeLinus Torvalds authored
* 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze: microblaze: fix interrupt state restore microblaze: Defconfig update
-
git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6Linus Torvalds authored
* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6: saa7146: stop DMA before de-allocating DMA scatter/gather page buffers V4L/DVB: saa7134: remove stray unlock_kernel
-
- 03 Feb, 2010 21 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2: nilfs2: fix potential leak of dirty data on umount
-
Steven J. Magnani authored
Interrupts must be disabled while an interrupt state restore (prep for interrupt return) is in progress. Code to do this was lost in the port to the mainline kernel. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Michal Simek authored
There were several changes in Microblaze defconfig that's why is good to update defconfigs. Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Linus Torvalds authored
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: kernel/cred.c: use kmem_cache_free
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (23 commits) connector: Delete buggy notification code. be2net: use eq-id to calculate cev-isr reg offset Bluetooth: Use the control channel for raw HID reports Bluetooth: Add DFU driver for Atheros Bluetooth chipset AR3011 Bluetooth: Redo checks in IRQ handler for shared IRQ support Bluetooth: Fix memory leak in L2CAP Bluetooth: Remove double free of SKB pointer in L2CAP cdc_ether: Partially revert "usbnet: Set link down initially ..." be2net: Fix memset() arg ordering. bonding: bond_open error return value ixgbe: if ixgbe_copy_dcb_cfg is going to fail learn about it early ixgbe: set the correct DCB bit for pg tx settings igbvf: fix issue w/ mapped_as_page being left set after unmap drivers/net: ks8851_mll ethernet network driver be2net: Bug fix to support newer generation of BE ASIC starfire: clean up properly if firmware loading fails mac80211: fix NULL pointer dereference when ftrace is enabled netfilter: ctnetlink: fix expectation mask dump ipv6: conntrack: Add member of user to nf_ct_frag6_queue structure ath9k: fix eeprom INI values override for 2GHz-only cards ...
-
Thadeu Lima de Souza Cascardo authored
This is the counterpart to cba76717 ("pktcdvd: remove broken dev_t export of class devices"). Device is not registered using dev_t, so it should not be destroyed using device_destroy which looks up the device by dev_t. This will fail and adding the device again will fail with the "duplicate name" error. This is fixed using device_unregister instead of device_destroy. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Peter Osterlund <petero2@telia.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Jens Axboe <jens.axboe@oracle.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Shaohui Zheng authored
Newly added memory can not be accessed via /dev/mem, because we do not update the variables high_memory, max_pfn and max_low_pfn. Add a function update_end_of_memory_vars() to update these variables for 64-bit kernels. [akpm@linux-foundation.org: simplify comment] Signed-off-by: Shaohui Zheng <shaohui.zheng@intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Li Haicheng <haicheng.li@intel.com> Reviewed-by: Wu Fengguang <fengguang.wu@intel.com> Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Anton Blanchard authored
init_fault_attr_entries() should be init_fault_attr_dentries(). cleanup_fault_attr_entries() should be cleanup_fault_attr_dentries(). Signed-off-by: Anton Blanchard <anton@samba.org> Acked-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Jeff Mahoney authored
hugetlb_sysfs_add_hstate is called by hugetlb_register_node directly during init and also indirectly via sysfs after init. This patch removes the __init tag from hugetlb_sysfs_add_hstate. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Cc: Lee Schermerhorn <lee.schermerhorn@hp.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Richard Röjfors authored
Move the ulite_console_setup to the .devinit section since it might be called on probe, which is in devinit. Fixes the crash below where the uartlite hw is probed after the .init section is freed from the kernel. uartlite: ttyUL0 at MMIO 0xc8000100 (irq = 30) is a uartlite BUG: unable to handle kernel NULL pointer dereference at (null) IP: [<c176720e>] ulite_console_setup+0x6f/0xa8 *pdpt = 0000000036fb0001 *pde = 0000000000000000 Oops: 0000 [#1] PREEMPT SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1f.1/host0/uevent Modules linked in: puffin(+) serio_raw Pid: 151, comm: modprobe Not tainted (2.6.31.5-1.0.b1-b1 #1) POULSBO EIP: 0060:[<c176720e>] EFLAGS: 00010246 CPU: 0 EIP is at ulite_console_setup+0x6f/0xa8 EAX: c16ec824 EBX: c16ec824 ECX: c176719f EDX: 00000000 ESI: 00000000 EDI: c17b42c4 EBP: f6fd1cf0 ESP: f6fd1cd8 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process modprobe (pid: 151, ti=f6fd0000 task=f6fa1020 task.ti=f6fd0000) Stack: c1031f51 00000000 00000000 00000246 c182237c f7742000 f6fd1d5c c11fd316 <0> c16ec85c f77420d4 0000001e 00000000 00000000 c1633e78 4f494d4d 63783020 <0> 30303038 00303031 f6fd1d3c c10e0786 f6fd1d48 00000000 f6fd1d48 00000000 Call Trace: [<c1031f51>] ? register_console+0xf6/0x1fc [<c11fd316>] ? uart_add_one_port+0x237/0x2bb [<c10e0786>] ? sysfs_add_one+0x13/0xd3 [<c10e142f>] ? sysfs_do_create_link+0xba/0xfc [<c146f200>] ? ulite_probe+0x198/0x1eb [<c12064ee>] ? platform_drv_probe+0xc/0xe [<c120597b>] ? driver_probe_device+0x79/0x105 [<c1205a8e>] ? __device_attach+0x28/0x30 [<c120511f>] ? bus_for_each_drv+0x3d/0x67 [<c1205af9>] ? device_attach+0x44/0x58 [<c1205a66>] ? __device_attach+0x0/0x30 [<c1204fb8>] ? bus_probe_device+0x1f/0x34 [<c1203e68>] ? device_add+0x385/0x4c0 [<c148491f>] ? _write_unlock+0x8/0x1f [<c1206aac>] ? platform_device_add+0xd9/0x11c [<c120c685>] ? mfd_add_devices+0x165/0x1bc [<f831b378>] ? puffin_probe+0x2d0/0x390 [puffin] [<c11a08ef>] ? pci_match_device+0xa0/0xa7 [<c11a07bc>] ? local_pci_probe+0xe/0x10 [<c11a11db>] ? pci_device_probe+0x43/0x66 [<c120597b>] ? driver_probe_device+0x79/0x105 [<c1205a4a>] ? __driver_attach+0x43/0x5f [<c120535d>] ? bus_for_each_dev+0x3d/0x67 [<c1205852>] ? driver_attach+0x14/0x16 [<c1205a07>] ? __driver_attach+0x0/0x5f [<c1204dea>] ? bus_add_driver+0xf9/0x220 [<c1205c8f>] ? driver_register+0x8b/0xeb [<c11a1518>] ? __pci_register_driver+0x43/0x9f [<c10477ef>] ? __blocking_notifier_call_chain+0x40/0x4c [<f831f000>] ? puffin_init+0x0/0x48 [puffin] [<f831f017>] ? puffin_init+0x17/0x48 [puffin] [<c1001139>] ? do_one_initcall+0x4c/0x131 [<c105607b>] ? sys_init_module+0xa7/0x1b7 [<c1002a61>] ? syscall_call+0x7/0xb Code: 6e 74 00 00 00 92 33 00 00 18 00 0e 01 73 79 6e 63 65 2d 72 65 67 69 73 74 72 79 0c 00 49 32 00 00 14 00 09 01 61 6c 73 61 2d 69 <6e> 66 6f 00 00 00 42 37 00 00 10 00 07 01 6b 69 6c 6c 61 6c 6c EIP: [<c176720e>] ulite_console_setup+0x6f/0xa8 SS:ESP 0068:f6fd1cd8 CR2: 0000000000000000 Signed-off-by: Richard Röjfors <richard.rojfors@pelagicore.com> Acked-by: Peter Korsgaard <jacmet@sunsite.dk> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Uwe Kleine-König authored
The probe function passes a pointer to a struct fb_info to platform_set_drvdata(), so don't interpret the return value of platform_get_drvdata() as a pointer to struct imxfb_info. The original imxfb_info *fbi backlight_power was NULL but in imxfb_suspend it was 4 resulting in an oops as imxfb_suspend calls imxfb_disable_controller(fbi) which in turn has if (fbi->backlight_power) fbi->backlight_power(0); Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Acked-by: Sascha Hauer <kernel@pengutronix.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Li Zefan authored
In cgroup_create(), if alloc_css_id() returns failure, the errno is not propagated to userspace, so mkdir will fail silently. To trigger this bug, we mount blkio (or memory subsystem), and create more then 65534 cgroups. (The number of cgroups is limited to 65535 if a subsystem has use_id == 1) # mount -t cgroup -o blkio xxx /mnt # for ((i = 0; i < 65534; i++)); do mkdir /mnt/$i; done # mkdir /mnt/65534 (should return ENOSPC) # Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: Paul Menage <menage@google.com> Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Hui Zhu authored
When I use markup_oops.pl parse a x8664 oops, I got: objdump: --start-address: bad number: NaN No matching code found This is because: main::(./m.pl:228): open(FILE, "objdump -dS --adjust-vma=$vmaoffset --start-address=$decodestart --stop-address=$decodestop $filename |") || die "Cannot start objdump"; DB<3> p $decodestart NaN This NaN is from: main::(./m.pl:176): my $decodestart = Math::BigInt->from_hex("0x$target") - Math::BigInt->from_hex("0x$func_offset"); DB<2> p $func_offset 0x175 There is already a "0x" in $func_offset, another 0x makes it a NaN. The $func_offset is from line: if ($line =~ /RIP: 0010:\[\<[0-9a-f]+\>\] \[\<[0-9a-f]+\>\] ([a-zA-Z0-9\_]+)\+(0x[0-9a-f]+)\/0x[a-f0-9]/) { $function = $1; $func_offset = $2; } I make a patch to change "(0x[0-9a-f]+)\/0x[a-f0-9]/)" to "0x([0-9a-f]+)\/0x[a-f0-9]/)". Signed-off-by: Hui Zhu <teawater@gmail.com> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Richard Kennedy authored
When git has been set to always use color in .gitconfig then I get the warning message Bad divisor in main::vcs_assign: 0 This is caused by vcs_file_signoffs not matching any commits due to the pattern not understand the colour codes. Fix this by telling git log to never use colour. Signed-off-by: Richard Kennedy <richard@rsk.demon.co.uk> Acked-by: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Wu Fengguang authored
write_kmem() used to assume vwrite() always return the full buffer length. However now vwrite() could return 0 to indicate memory hole. This creates a bug that "buf" is not advanced accordingly. Fix it to simply ignore the return value, hence the memory hole. Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Tejun Heo <tj@kernel.org> Cc: Nick Piggin <npiggin@suse.de> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
KAMEZAWA Hiroyuki authored
Otherwise vmalloc_to_page() will BUG(). This also makes the kmem read/write implementation aligned with mem(4): "References to nonexistent locations cause errors to be returned." Here we return -ENXIO (inspired by Hugh) if no bytes have been transfered to/from user space, otherwise return partial read/write results. Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
anfei zhou authored
The cache alias problem will happen if the changes of user shared mapping is not flushed before copying, then user and kernel mapping may be mapped into two different cache line, it is impossible to guarantee the coherence after iov_iter_copy_from_user_atomic. So the right steps should be: flush_dcache_page(page); kmap_atomic(page); write to page; kunmap_atomic(page); flush_dcache_page(page); More precisely, we might create two new APIs flush_dcache_user_page and flush_dcache_kern_page to replace the two flush_dcache_page accordingly. Here is a snippet tested on omap2430 with VIPT cache, and I think it is not ARM-specific: int val = 0x11111111; fd = open("abc", O_RDWR); addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0); *(addr+0) = 0x44444444; tmp = *(addr+0); *(addr+1) = 0x77777777; write(fd, &val, sizeof(int)); close(fd); The results are not always 0x11111111 0x77777777 at the beginning as expected. Sometimes we see 0x44444444 0x77777777. Signed-off-by: Anfei <anfei.zhou@gmail.com> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Cc: <linux-arch@vger.kernel.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Randy Dunlap authored
Fix kfifo kernel-doc warnings: Warning(kernel/kfifo.c:361): No description found for parameter 'total' Warning(kernel/kfifo.c:402): bad line: @ @lenout: pointer to output variable with copied data Warning(kernel/kfifo.c:412): No description found for parameter 'lenout' Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: Stefani Seibold <stefani@seibold.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Sergey Matyukevich authored
Add missing braces for multiline 'if' statements in fm3130_probe. Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> Signed-off-by: Alessandro Zummo <a.zummo@towertech.it> Cc: Sergey Lapin <slapin@ossfans.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Alberto Panizzo authored
Fix the kernel oops when dev_dbg is called with mx3_fbi->txd == NULL Fix the late initialisation of mx3fb->backlight_level. If not, in the chain of function started by init_fb_chan(), in __blank() call sdc_set_brightness(mx3fb, mx3fb->backlight_level) that will shut down the CONTRAST PWM output. Signed-off-by: Alberto Panizzo <maramaopercheseimorto@gmail.com> Acked-by: Guennadi Liakhovetski <g.liakhovetski <at> gmx.de> Cc: Sascha Hauer <s.hauer@pengutronix.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Tejun Heo authored
Eric Paris located a bug in idr. With IDR_BITS of 6, it grows to three layers when id 4096 is first allocated. When that happens, idr wraps incorrectly and searches the idr array ignoring the high bits. The following test code from Eric demonstrates the bug nicely. #include <linux/idr.h> #include <linux/kernel.h> #include <linux/module.h> static DEFINE_IDR(test_idr); int init_module(void) { int ret, forty95, forty96; void *addr; /* add 2 entries both with 4095 as the start address */ again1: if (!idr_pre_get(&test_idr, GFP_KERNEL)) return -ENOMEM; ret = idr_get_new_above(&test_idr, (void *)4095, 4095, &forty95); if (ret) { if (ret == -EAGAIN) goto again1; return ret; } if (forty95 != 4095) printk(KERN_ERR "hmmm, forty95=%d\n", forty95); again2: if (!idr_pre_get(&test_idr, GFP_KERNEL)) return -ENOMEM; ret = idr_get_new_above(&test_idr, (void *)4096, 4095, &forty96); if (ret) { if (ret == -EAGAIN) goto again2; return ret; } if (forty96 != 4096) printk(KERN_ERR "hmmm, forty96=%d\n", forty96); /* try to find the 2 entries, noticing that 4096 broke */ addr = idr_find(&test_idr, forty95); if ((int)addr != forty95) printk(KERN_ERR "hmmm, after find forty95=%d addr=%d\n", forty95, (int)addr); addr = idr_find(&test_idr, forty96); if ((int)addr != forty96) printk(KERN_ERR "hmmm, after find forty96=%d addr=%d\n", forty96, (int)addr); /* really weird, the entry which should be at 4096 is actually at 0!! */ addr = idr_find(&test_idr, 0); if ((int)addr) printk(KERN_ERR "found an entry at id=0 for addr=%d\n", (int)addr); idr_remove(&test_idr, forty95); idr_remove(&test_idr, forty96); return 0; } void cleanup_module(void) { } MODULE_AUTHOR("Eric Paris <eparis@redhat.com>"); MODULE_DESCRIPTION("Simple idr test"); MODULE_LICENSE("GPL"); This happens because when sub_alloc() back tracks it doesn't always do it step-by-step while the over-the-limit detection assumes step-by-step backtracking. The logic in sub_alloc() looks like the following. restart: clear pa[top level + 1] for end cond detection l = top level while (true) { search for empty slot at this level if (not found) { push id to the next possible value l++ A: if (pa[l] is clear) failed, return asking caller to grow the tree if (going up 1 level gives more slots to search) continue the while loop above with the incremented l else C: goto restart } adjust id accordingly to the found slot if (l == 0) return found id; create lower level if not there yet record pa[l] and l-- } Test A is the fail exit condition but this assumes that failure is propagated upwared one level at a time but the B optimization path breaks the assumption and restarts the whole thing with a start value which is above the possible limit with the current layers. sub_alloc() assumes the start id value is inside the limit when called and test A is the only exit condition check, so it ends up searching for empty slot while ignoring high set bit. So, for 4095->4096 test, level0 search fails but pa[1] contains a valid pointer. However, going up 1 level wouldn't give any more empty slot so it takes C and when the whole thing restarts nobody notices the high bit set beyond the top level. This patch fixes the bug by changing the fail exit condition check to full id limit check. Based-on-patch-from: Eric Paris <eparis@redhat.com> Reported-by: Eric Paris <eparis@redhat.com> Signed-off-by: Tejun Heo <tj@kernel.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-