1. 09 Jan, 2012 7 commits
  2. 22 Nov, 2011 2 commits
    • Dan Carpenter's avatar
      ext3: NULL dereference in ext3_evict_inode() · bcdd0c16
      Dan Carpenter authored
      This is an fsfuzzer bug.  ->s_journal is set at the end of
      ext3_load_journal() but we try to use it in the error handling from
      ext3_get_journal() while it's still NULL.
      
      [  337.039041] BUG: unable to handle kernel NULL pointer dereference at 0000000000000024
      [  337.040380] IP: [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30
      [  337.041687] PGD 0
      [  337.043118] Oops: 0002 [#1] SMP
      [  337.044483] CPU 3
      [  337.044495] Modules linked in: ecb md4 cifs fuse kvm_intel kvm brcmsmac brcmutil crc8 cordic r8169 [last unloaded: scsi_wait_scan]
      [  337.047633]
      [  337.049259] Pid: 8308, comm: mount Not tainted 3.2.0-rc2-next-20111121+ #24 SAMSUNG ELECTRONICS CO., LTD. RV411/RV511/E3511/S3511    /RV411/RV511/E3511/S3511
      [  337.051064] RIP: 0010:[<ffffffff816e6539>]  [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30
      [  337.052879] RSP: 0018:ffff8800b1d11ae8  EFLAGS: 00010282
      [  337.054668] RAX: 0000000000000100 RBX: 0000000000000000 RCX: ffff8800b77c2000
      [  337.056400] RDX: ffff8800a97b5c00 RSI: 0000000000000000 RDI: 0000000000000024
      [  337.058099] RBP: ffff8800b1d11ae8 R08: 6000000000000000 R09: e018000000000000
      [  337.059841] R10: ff67366cc2607c03 R11: 00000000110688e6 R12: 0000000000000000
      [  337.061607] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8800a78f06e8
      [  337.063385] FS:  00007f9d95652800(0000) GS:ffff8800b7180000(0000) knlGS:0000000000000000
      [  337.065110] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  337.066801] CR2: 0000000000000024 CR3: 00000000aef2c000 CR4: 00000000000006e0
      [  337.068581] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  337.070321] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      [  337.072105] Process mount (pid: 8308, threadinfo ffff8800b1d10000, task ffff8800b1d02be0)
      [  337.073800] Stack:
      [  337.075487]  ffff8800b1d11b08 ffffffff811f48cf ffff88007ac9b158 0000000000000000
      [  337.077255]  ffff8800b1d11b38 ffffffff8119405d ffff88007ac9b158 ffff88007ac9b250
      [  337.078851]  ffffffff8181bda0 ffffffff8181bda0 ffff8800b1d11b68 ffffffff81131e31
      [  337.080284] Call Trace:
      [  337.081706]  [<ffffffff811f48cf>] log_start_commit+0x1f/0x40
      [  337.083107]  [<ffffffff8119405d>] ext3_evict_inode+0x1fd/0x2a0
      [  337.084490]  [<ffffffff81131e31>] evict+0xa1/0x1a0
      [  337.085857]  [<ffffffff81132031>] iput+0x101/0x210
      [  337.087220]  [<ffffffff811339d1>] iget_failed+0x21/0x30
      [  337.088581]  [<ffffffff811905fc>] ext3_iget+0x15c/0x450
      [  337.089936]  [<ffffffff8118b0c1>] ? ext3_rsv_window_add+0x81/0x100
      [  337.091284]  [<ffffffff816df9a4>] ext3_get_journal+0x15/0xde
      [  337.092641]  [<ffffffff811a2e9b>] ext3_fill_super+0xf2b/0x1c30
      [  337.093991]  [<ffffffff810ddf7d>] ? register_shrinker+0x4d/0x60
      [  337.095332]  [<ffffffff8111c112>] mount_bdev+0x1a2/0x1e0
      [  337.096680]  [<ffffffff811a1f70>] ? ext3_setup_super+0x210/0x210
      [  337.098026]  [<ffffffff8119a770>] ext3_mount+0x10/0x20
      [  337.099362]  [<ffffffff8111cbee>] mount_fs+0x3e/0x1b0
      [  337.100759]  [<ffffffff810eda1b>] ? __alloc_percpu+0xb/0x10
      [  337.102330]  [<ffffffff81135385>] vfs_kern_mount+0x65/0xc0
      [  337.103889]  [<ffffffff8113611f>] do_kern_mount+0x4f/0x100
      [  337.105442]  [<ffffffff811378fc>] do_mount+0x19c/0x890
      [  337.106989]  [<ffffffff810e8456>] ? memdup_user+0x46/0x90
      [  337.108572]  [<ffffffff810e84f3>] ? strndup_user+0x53/0x70
      [  337.110114]  [<ffffffff811383fb>] sys_mount+0x8b/0xe0
      [  337.111617]  [<ffffffff816ed93b>] system_call_fastpath+0x16/0x1b
      [  337.113133] Code: 38 c2 74 0f 66 0f 1f 44 00 00 f3 90 0f b6 03 38 c2 75 f7 48 83 c4 08 5b 5d c3 0f 1f 84 00 00 00 00 00 55 b8 00 01 00 00 48 89 e5 <f0> 66 0f c1 07 0f b6 d4 38 c2 74 0c 0f 1f 00 f3 90 0f b6 07 38
      [  337.116588] RIP  [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30
      [  337.118260]  RSP <ffff8800b1d11ae8>
      [  337.119998] CR2: 0000000000000024
      [  337.188701] ---[ end trace c36d790becac1615 ]---
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      bcdd0c16
    • Yongqiang Yang's avatar
      jbd: clear revoked flag on buffers before a new transaction started · 8c111b3f
      Yongqiang Yang authored
      Currently, we clear revoked flag only when a block is reused.  However,
      this can tigger a false journal error.  Consider a situation when a block
      is used as a meta block and is deleted(revoked) in ordered mode, then the
      block is allocated as a data block to a file.  At this moment, user changes
      the file's journal mode from ordered to journaled and truncates the file.
      The block will be considered re-revoked by journal because it has revoked
      flag still pending from the last transaction and an assertion triggers.
      
      We fix the problem by keeping the revoked status more uptodate - we clear
      revoked flag when switching revoke tables to reflect there is no revoked
      buffers in current transaction any more.
      Signed-off-by: default avatarYongqiang Yang <xiaoqiangnk@gmail.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      8c111b3f
  3. 09 Nov, 2011 4 commits
  4. 08 Nov, 2011 18 commits
  5. 07 Nov, 2011 9 commits
    • Al Viro's avatar
      VFS: we need to set LOOKUP_JUMPED on mountpoint crossing · a3fbbde7
      Al Viro authored
      Mountpoint crossing is similar to following procfs symlinks - we do
      not get ->d_revalidate() called for dentry we have arrived at, with
      unpleasant consequences for NFS4.
      
      Simple way to reproduce the problem in mainline:
      
          cat >/tmp/a.c <<'EOF'
          #include <unistd.h>
          #include <fcntl.h>
          #include <stdio.h>
          main()
          {
                  struct flock fl = {.l_type = F_RDLCK, .l_whence = SEEK_SET, .l_len = 1};
                  if (fcntl(0, F_SETLK, &fl))
                          perror("setlk");
          }
          EOF
          cc /tmp/a.c -o /tmp/test
      
      then on nfs4:
      
          mount --bind file1 file2
          /tmp/test < file1		# ok
          /tmp/test < file2		# spews "setlk: No locks available"...
      
      What happens is the missing call of ->d_revalidate() after mountpoint
      crossing and that's where NFS4 would issue OPEN request to server.
      
      The fix is simple - treat mountpoint crossing the same way we deal with
      following procfs-style symlinks.  I.e.  set LOOKUP_JUMPED...
      
      Cc: stable@kernel.org
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a3fbbde7
    • Jonathan Corbet's avatar
      PM / devfreq: fix private_data · 1a51cfdc
      Jonathan Corbet authored
      The "private_date" field in struct devfreq_dev_status almost certainly
      wants to be "private_data"; since there are no in-tree users of this
      functionality, now seems like an easy time to make the fix.
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      1a51cfdc
    • Rafael J. Wysocki's avatar
      Documentation: Fix typo in freezer-subsystem.txt · 5f111616
      Rafael J. Wysocki authored
      Fix a typo in Documentation/cgroups/freezer-subsystem.txt.
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      Reviewed-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Acked-by: default avatarRandy Dunlap <rdunlap@xenotime.net>
      5f111616
    • Dominik Brodowski's avatar
      PM / QoS: Set cpu_dma_pm_qos->name · a6f05b97
      Dominik Brodowski authored
      Since commit 4a31a334, the name of this misc device is not initialized,
      which leads to a funny device named /dev/(null) being created and
      /proc/misc containing an entry with just a number but no name. The latter
      leads to complaints by cryptsetup, which caused me to investigate this
      matter.
      Signed-off-by: default avatarDominik Brodowski <linux@dominikbrodowski.net>
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      a6f05b97
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 54a0f913
      Linus Torvalds authored
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf top: Fix live annotation in the --stdio interface
        perf top tui: Don't recalc column widths considering just the first page
        perf report: Add progress bar when processing time ordered events
        perf hists browser: Warn about lost events
        perf tools: Fix a typo of command name as trace-cmd
        perf hists: Fix recalculation of total_period when sorting entries
        perf header: Fix build on old systems
        perf ui browser: Handle K_RESIZE in dialog windows
        perf ui browser: No need to switch char sets that often
        perf hists browser: Use K_TIMER
        perf ui: Rename ui__warning_paranoid to ui__error_paranoid
        perf ui: Reimplement the popup windows using libslang
        perf ui: Reimplement ui__popup_menu using ui__browser
        perf ui: Reimplement ui_helpline using libslang
        perf ui: Improve handling sigwinch a bit
        perf ui progress: Reimplement using slang
        perf evlist: Fix grouping of multiple events
      54a0f913
    • Tony Lindgren's avatar
      d30cc16c
    • Tony Lindgren's avatar
      ARM: OMAP: Fix export.h or module.h includes · a1bcc1dc
      Tony Lindgren authored
      Commit 32aaeffb (Merge branch
      'modsplit-Oct31_2011'...) caused some build errors. Fix these
      and make sure we always have export.h or module.h included
      for MODULE_ and EXPORT_SYMBOL users:
      
      $ grep -rl ^MODULE_ arch/arm/*omap*/*.c | xargs \
        grep -L linux/module.h
        arch/arm/mach-omap2/dsp.c
        arch/arm/mach-omap2/mailbox.c
        arch/arm/mach-omap2/omap-iommu.c
        arch/arm/mach-omap2/smartreflex.c
      
      Also check we either have export.h or module.h included
      for the files exporting symbols:
      
      $ grep -rl EXPORT_SYMBOL arch/arm/*omap*/*.c | xargs \
        grep -L linux/export.h | xargs grep -L linux/module.h
      
      Cc: Russell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarTony Lindgren <tony@atomide.com>
      a1bcc1dc
    • Axel Lin's avatar
      ARM: OMAP: omap_device: Include linux/export.h · 55581415
      Axel Lin authored
      Include linux/export.h to fix below build warning:
      
        CC      arch/arm/plat-omap/omap_device.o
      arch/arm/plat-omap/omap_device.c:1055: warning: data definition has no type or storage class
      arch/arm/plat-omap/omap_device.c:1055: warning: type defaults to 'int' in declaration of 'EXPORT_SYMBOL'
      arch/arm/plat-omap/omap_device.c:1055: warning: parameter names (without types) in function declaration
      Signed-off-by: default avatarAxel Lin <axel.lin@gmail.com>
      Signed-off-by: default avatarTony Lindgren <tony@atomide.com>
      55581415
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 94956eed
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
        forcedeth: fix a few sparse warnings (variable shadowing)
        forcedeth: Improve stats counters
        forcedeth: remove unneeded stats updates
        forcedeth: Acknowledge only interrupts that are being processed
        forcedeth: fix race when unloading module
        MAINTAINERS/rds: update maintainer
        wanrouter: Remove kernel_lock annotations
        usbnet: fix oops in usbnet_start_xmit
        ixgbe: Fix compile for kernel without CONFIG_PCI_IOV defined
        etherh: Add MAINTAINERS entry for etherh
        bonding: comparing a u8 with -1 is always false
        sky2: fix regression on Yukon Optima
        netlink: clarify attribute length check documentation
        netlink: validate NLA_MSECS length
        i825xx:xscale:8390:freescale: Fix Kconfig dependancies
        macvlan: receive multicast with local address
        tg3: Update version to 3.121
        tg3: Eliminate timer race with reset_task
        tg3: Schedule at most one tg3_reset_task run
        tg3: Obtain PCI function number from device
        ...
      94956eed