- 12 Feb, 2011 5 commits
-
-
Soren Hansen authored
Commit 2a48fc0a ("block: autoconvert trivial BKL users to private mutex") replaced uses of the BKL in the nbd driver with mutex operations. Since then, I've been been seeing these lock ups: INFO: task qemu-nbd:16115 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. qemu-nbd D 0000000000000001 0 16115 16114 0x00000004 ffff88007d775d98 0000000000000082 ffff88007d775fd8 ffff88007d774000 0000000000013a80 ffff8800020347e0 ffff88007d775fd8 0000000000013a80 ffff880133730000 ffff880002034440 ffffea0004333db8 ffffffffa071c020 Call Trace: [<ffffffff815b9997>] __mutex_lock_slowpath+0xf7/0x180 [<ffffffff815b93eb>] mutex_lock+0x2b/0x50 [<ffffffffa071a21c>] nbd_ioctl+0x6c/0x1c0 [nbd] [<ffffffff812cb970>] blkdev_ioctl+0x230/0x730 [<ffffffff811967a1>] block_ioctl+0x41/0x50 [<ffffffff81175c03>] do_vfs_ioctl+0x93/0x370 [<ffffffff81175f61>] sys_ioctl+0x81/0xa0 [<ffffffff8100c0c2>] system_call_fastpath+0x16/0x1b Instrumenting the nbd module's ioctl handler with some extra logging clearly shows the NBD_DO_IT ioctl being invoked which is a long-lived ioctl in the sense that it doesn't return until another ioctl asks the driver to disconnect. However, that other ioctl blocks, waiting for the module-level mutex that replaced the BKL, and then we're stuck. This patch removes the module-level mutex altogether. It's clearly wrong, and as far as I can see, it's entirely unnecessary, since the nbd driver maintains per-device mutexes, and I don't see anything that would require a module-level (or kernel-level, for that matter) mutex. Signed-off-by:
Soren Hansen <soren@linux2go.dk> Acked-by:
Serge Hallyn <serge.hallyn@canonical.com> Acked-by:
Paul Clements <paul.clements@steeleye.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Jens Axboe <axboe@kernel.dk> Cc: <stable@kernel.org> [2.6.37.x] Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Alexander Strakh authored
In file drivers/rtc/rtc-proc.c seq_open() can return -ENOMEM. 86 if (!try_module_get(THIS_MODULE)) 87 return -ENODEV; 88 89 return single_open(file, rtc_proc_show, rtc); In this case before exiting (line 89) from rtc_proc_open the module_put(THIS_MODULE) must be called. Found by Linux Device Drivers Verification Project Signed-off-by:
Alexander Strakh <strakh@ispras.ru> Cc: Alessandro Zummo <a.zummo@towertech.it> Signed-off-by:
-
Roland Stigge authored
Add a mutex to register communication and handling. Without the mutex, GPIOs didn't switch as expected when toggled in a fast sequence of status changes of multiple outputs. Signed-off-by:
Roland Stigge <stigge@antcom.de> Acked-by:
Eric Miao <eric.y.miao@gmail.com> Cc: Grant Likely <grant.likely@secretlab.ca> Cc: Marc Zyngier <maz@misterjones.org> Cc: Ben Gardner <bgardner@wabtec.com> Signed-off-by:
-
Tejun Heo authored
The wake_up_process() call in ptrace_detach() is spurious and not interlocked with the tracee state. IOW, the tracee could be running or sleeping in any place in the kernel by the time wake_up_process() is called. This can lead to the tracee waking up unexpectedly which can be dangerous. The wake_up is spurious and should be removed but for now reduce its toxicity by only waking up if the tracee is in TRACED or STOPPED state. This bug can possibly be used as an attack vector. I don't think it will take too much effort to come up with an attack which triggers oops somewhere. Most sleeps are wrapped in condition test loops and should be safe but we have quite a number of places where sleep and wakeup conditions are expected to be interlocked. Although the window of opportunity is tiny, ptrace can be used by non-privileged users and with some loading the window can definitely be extended and exploited. Signed-off-by:
Tejun Heo <tj@kernel.org> Acked-by:
Roland McGrath <roland@redhat.com> Acked-by:
Oleg Nesterov <oleg@redhat.com> Cc: <stable@kernel.org> Signed-off-by:
-
Boaz Harrosh authored
In commit fa0d7e3d ("fs: icache RCU free inodes"), we use rcu free inode instead of freeing the inode directly. It causes a crash when we rmmod immediately after we umount the volume[1]. So we need to call rcu_barrier after we kill_sb so that the inode is freed before we do rmmod. The idea is inspired by Aneesh Kumar. rcu_barrier will wait for all callbacks to end before preceding. The original patch was done by Tao Ma, but synchronize_rcu() is not enough here. 1. http://marc.info/?l=linux-fsdevel&m=129680863330185&w=2Tested-by:
Tao Ma <boyu.mt@taobao.com> Signed-off-by:
Boaz Harrosh <bharrosh@panasas.com> Cc: Nick Piggin <npiggin@kernel.dk> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Chris Mason <chris.mason@oracle.com> Signed-off-by:
-
- 11 Feb, 2011 3 commits
-
-
Linus Torvalds authored
In commit 31e6b01f ("fs: rcu-walk for path lookup") we started doing path lookup using RCU, which then falls back to a careful non-RCU lookup in case of problems (LOOKUP_REVAL). So do_filp_open() has this "re-do the lookup carefully" looping case. However, that means that we must not release the open-intent file data if we are going to loop around and use it once more! Fix this by moving the release of the open-intent data to the function that allocates it (do_filp_open() itself) rather than the helper functions that can get called multiple times (finish_open() and do_last()). This makes the logic for the lifetime of that field much more obvious, and avoids the possible double free. Reported-by:
J. R. Okajima <hooanon05@yahoo.co.jp> Acked-by:
Al Viro <viro@zeniv.linux.org.uk> Cc: Nick Piggin <npiggin@kernel.dk> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Corey Minyard authored
This patch fixes an OOPS triggered when calling modprobe ipmi_si a second time after the first modprobe returned without finding any ipmi devices. This can happen if you reload the module after having the first module load fail. The driver was not deregistering from PNP in that case. Peter Huewe originally reported this patch and supplied a fix, I have a different patch based on Linus' suggestion that cleans things up a bit more. Cc: stable@kernel.org Cc: openipmi-developer@lists.sourceforge.net Reviewed-by:
Peter Huewe <peterhuewe@gmx.de> Cc: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by:
Corey Minyard <cminyard@mvista.com> Signed-off-by:
-
Linus Torvalds authored
In commit ce6ada35 ("security: Define CAP_SYSLOG") Serge Hallyn introduced CAP_SYSLOG, but broke backwards compatibility by no longer accepting CAP_SYS_ADMIN as an override (it would cause a warning and then reject the operation). Re-instate CAP_SYS_ADMIN - but keeping the warning - as an acceptable capability until any legacy applications have been updated. There are apparently applications out there that drop all capabilities except for CAP_SYS_ADMIN in order to access the syslog. (This is a re-implementation of a patch by Serge, cleaning the logic up and making the code more readable) Acked-by:
Serge Hallyn <serge@hallyn.com> Reviewed-by:
James Morris <jmorris@namei.org> Signed-off-by:
-
- 10 Feb, 2011 9 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6Linus Torvalds authored
* 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (21 commits) USB: cdc-acm: Adding second ACM channel support for Nokia N8 USB, Mass Storage, composite, gadget: Fix build failure and memset of a struct USB: Fix trout build failure with ci13xxx_msm gadget USB: EHCI: fix scheduling while atomic during suspend USB: usb-storage: unusual_devs entry for Coby MP3 player USB: ftdi_sio: Add VID=0x0647, PID=0x0100 for Acton Research spectrograph USB: fix race between root-hub resume and wakeup requests USB: prevent buggy hubs from crashing the USB stack usb: r8a66597-udc: Fixed bufnum of Bulk USB: ftdi_sio: add ST Micro Connect Lite uart support USB: Storage: Add unusual_devs entry for VTech Kidizoom USB SL811HS HCD: Fix memory leak in sl811h_urb_enqueue() USB: ti_usb: fix module removal USB: io_edgeport: fix the reported firmware major and minor usb: ehci-omap: Show fatal probing time errors to end user usb: musb: introduce api for dma code to check compatibility with usb request usb: musb: maintain three states for buffer mappings instead of two usb: musb: disable double buffering when it's broken usb: musb: hsdma: change back to use musb_read/writew usb: musb: core: fix IRQ check ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6Linus Torvalds authored
* 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6: serial: bfin_5xx: split uart RX lock from uart port lock to avoid deadlock 68360serial: Plumb in rs_360_get_icount() n_gsm: copy mtu over when configuring via ioctl interface virtio: console: Move file back to drivers/char/
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6Linus Torvalds authored
* 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6: staging: zram: fix data corruption issue Staging: Comedi: Fix a few NI module dependencies Staging: comedi: Add MODULE_LICENSE and similar to NI modules staging: brcm80211: bugfix for softmac crash on multi cpu configurations staging: sst: Fix for dmic capture on v2 pmic staging: hv: Enable sending GARP packet after live migration
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (34 commits) virtio_net: Add schedule check to napi_enable call x25: Do not reference freed memory. pch_can: fix tseg1/tseg2 setting issue isdn: hysdn: Kill (partially buggy) CVS regision log reporting. can: softing_cs needs slab.h pch_gbe: Fix the issue which a driver locks when rx offload is set by ethtool netfilter: nf_conntrack: set conntrack templates again if we return NF_REPEAT pch_can: fix module reload issue with MSI pch_can: fix rmmod issue pch_can: fix 800k comms issue net: Fix lockdep regression caused by initializing netdev queues too early. net/caif: Fix dangling list pointer in freed object on error. USB CDC NCM errata updates for cdc_ncm host driver CDC NCM errata updates for cdc.h ixgbe: update version string ixgbe: cleanup variable initialization ixgbe: limit VF access to network traffic ixgbe: fix for 82599 erratum on Header Splitting ixgbe: fix variable set but not used warnings by gcc 4.6 e1000: add support for Marvell Alaska M88E1118R PHY ...
-
Bruce Rogers authored
Under harsh testing conditions, including low memory, the guest would stop receiving packets. With this patch applied we no longer see any problems in the driver while performing these tests for extended periods of time. Make sure napi is scheduled subsequent to each napi_enable. Signed-off-by:
Bruce Rogers <brogers@novell.com> Signed-off-by:
Olaf Kirch <okir@suse.de> Cc: stable@kernel.org Signed-off-by:
Rusty Russell <rusty@rustcorp.com.au> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Tim Deegan authored
Fixes a hang when booting as dom0 under Xen, when jiffies can be quite large by the time the kernel init gets this far. Signed-off-by:
Tim Deegan <Tim.Deegan@citrix.com> [jbeulich@novell.com: !time_after() -> time_before_eq() as suggested by Jiri Slaby] Signed-off-by:
Jan Beulich <jbeulich@novell.com> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Jeremy Fitzhardinge <jeremy@goop.org> Cc: stable@kernel.org Signed-off-by:
-
David S. Miller authored
In x25_link_free(), we destroy 'nb' before dereferencing 'nb->dev'. Don't do this, because 'nb' might be freed by then. Reported-by:
Randy Dunlap <randy.dunlap@oracle.com> Tested-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6Linus Torvalds authored
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6: deb-pkg: Fix building outside of source tree (O=...). deb-pkg: Use $SRCARCH for include path
-
Tomoya MORINAGA authored
Previous patch "[PATCH 1/3] pch_can: fix 800k comms issue" is wrong. I should have modified tseg1_min not tseg2_min. This patch reverts tseg2_min to 1 and set tseg1_min to 2. Signed-off-by:
Tomoya MORINAGA <tomoya-linux@dsn.okisemi.com> Signed-off-by:
-
- 09 Feb, 2011 16 commits
-
-
David S. Miller authored
Some cases try to modify const strings, and in any event the CVS revision strings have not changed in over ten years making these printouts completely worthless. Just kill all of this stuff off. Reported-by:
-
Randy Dunlap authored
From: Randy Dunlap <randy.dunlap@oracle.com> softing_cs.c uses kzalloc & kfree, so it needs to include linux/slab.h. drivers/net/can/softing/softing_cs.c:234: error: implicit declaration of function 'kfree' drivers/net/can/softing/softing_cs.c:271: error: implicit declaration of function 'kzalloc' Signed-off-by:
-
-
Toshiharu Okada authored
This driver will be in a deadlock, When the rx offload is set by ethtool. The pch_gbe_reinit_locked function was modified. Signed-off-by:
Toshiharu Okada <toshiharu-linux@dsn.okisemi.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linusLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus: virtio: console: Update Copyright virtio: console: Wake up outvq on host notifications
-
git://git.kernel.dk/linux-2.6-blockLinus Torvalds authored
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: cdrom: support devices that have check_events but not media_changed cfq-iosched: Don't wait if queue already has requests. blkio-throttle: Avoid calling blkiocg_lookup_group() for root group cfq: rename a function to give it more appropriate name cciss: make cciss_revalidate not loop through CISS_MAX_LUNS volumes unnecessarily. drivers/block/aoe/Makefile: replace the use of <module>-objs with <module>-y loop: queue_lock NULL pointer derefence in blk_throtl_exit drivers/block/Makefile: replace the use of <module>-objs with <module>-y blktrace: Don't output messages if NOTIFY isn't set.
-
git://neil.brown.name/mdLinus Torvalds authored
* 'for-linus' of git://neil.brown.name/md: FIX: md: process hangs at wait_barrier after 0->10 takeover md_make_request: don't touch the bio after calling make_request md: Don't allow slot_store while resync/recovery is happening. md: don't clear curr_resync_completed at end of resync. md: Don't use remove_and_add_spares to remove failed devices from a read-only array Add raid1->raid0 takeover support md: Remove the AllReserved flag for component devices. md: don't abort checking spares as soon as one cannot be added. md: fix the test for finding spares in raid5_start_reshape. md: simplify some 'if' conditionals in raid5_start_reshape. md: revert change to raid_disks on failure.
-
Nitin Gupta authored
In zram_read() and zram_write() we were not incrementing the index number and thus were reading/writing values from/to incorrect sectors on zram disk, resulting in data corruption. Signed-off-by:
Nitin Gupta <ngupta@vflare.org> Cc: stable <stable@kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Ian Abbott authored
The ni_tio and ni_tio modules do not depend on the 8255 module, but the ni_atmio, ni_mio_cs and ni_pcimio modules do need the 8255 module. The ni_pcimio module also needs the comedi_fc module. Signed-off-by:
Ian Abbott <abbotti@mev.co.uk> Signed-off-by:
-
Ian Abbott authored
As mentioned by W. Trevor King on the devel@linuxdriverproject.org list on "Thu, 27 Jan 2011 18:52:15 -0500", "Message-ID: <20110127235214.GA5107@thialfi.dhcp.drexel.edu>", the ni_pcimio module is missing module metadata, including a license. This patch adds module metadata to all the NI comedi driver modules. It also removes a duplicate MODULE_LICENSE("GPL") line from the "mite" module. Signed-off-by: -
Simon Arlott authored
Commit 93aae17a ("sr: implement sr_check_events()") replaced the media_changed op with the check_events op in drivers/scsi/sr.c All users that check for the CDC_MEDIA_CHANGED capbility try both the check_events op and the media_changed op, but register_cdrom() was requiring media_changed. This patch fixes the capability checking. The cdrom_select_disc ioctl is also using the two operations, so they should be required for CDC_SELECT_DISC too. Signed-off-by:
Simon Arlott <simon@fire.lp0.eu> Cc: Tejun Heo <tj@kernel.org> Cc: Kay Sievers <kay.sievers@vrfy.org> Tested-by:
Chris Clayton <chris2553@googlemail.com> Signed-off-by:
Jens Axboe <jaxboe@fusionio.com>
-
Justin TerAvest authored
Commit 7667aa06 added logic to wait for the last queue of the group to become busy (have at least one request), so that the group does not lose out for not being continuously backlogged. The commit did not check for the condition that the last queue already has some requests. As a result, if the queue already has requests, wait_busy is set. Later on, cfq_select_queue() checks the flag, and decides that since the queue has a request now and wait_busy is set, the queue is expired. This results in early expiration of the queue. This patch fixes the problem by adding a check to see if queue already has requests. If it does, wait_busy is not set. As a result, time slices do not expire early. The queues with more than one request are usually buffered writers. Testing shows improvement in isolation between buffered writers. Cc: stable@kernel.org Signed-off-by:
Justin TerAvest <teravest@google.com> Reviewed-by:
Gui Jianfeng <guijianfeng@cn.fujitsu.com> Acked-by:
Vivek Goyal <vgoyal@redhat.com> Signed-off-by:
-
Pablo Neira Ayuso authored
The TCP tracking code has a special case that allows to return NF_REPEAT if we receive a new SYN packet while in TIME_WAIT state. In this situation, the TCP tracking code destroys the existing conntrack to start a new clean session. [DESTROY] tcp 6 src=192.168.0.2 dst=192.168.1.2 sport=38925 dport=8000 src=192.168.1.2 dst=192.168.1.100 sport=8000 dport=38925 [ASSURED] [NEW] tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.2 sport=38925 dport=8000 [UNREPLIED] src=192.168.1.2 dst=192.168.1.100 sport=8000 dport=38925 However, this is a problem for the iptables' CT target event filtering which will not work in this case since the conntrack template will not be there for the new session. To fix this, we reassign the conntrack template to the packet if we return NF_REPEAT. Signed-off-by:Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
Patrick McHardy <kaber@trash.net>
-
Tomoya authored
Currently, in case reload pch_can, pch_can not to be able to catch interrupt. The cause is bus-master is not set in pch_can. Thus, add enabling bus-master processing. Signed-off-by:
-
Tomoya authored
Currently, when rmmod pch_can, kernel failure occurs. The cause is pci_iounmap executed before pch_can_reset. Thus pci_iounmap moves after pch_can_reset. Signed-off-by:
-
Tomoya authored
Currently, 800k comms fails since prop_seg set zero. (EG20T PCH CAN register of prop_seg must be set more than 1) To prevent prop_seg set to zero, change tseg2_min 1 to 2. Signed-off-by:
-
- 08 Feb, 2011 7 commits
-
-
David S. Miller authored
In commit aa942104 ("net: init ingress queue") we moved the allocation and lock initialization of the queues into alloc_netdev_mq() since register_netdevice() is way too late. The problem is that dev->type is not setup until the setup() callback is invoked by alloc_netdev_mq(), and the dev->type is what determines the lockdep class to use for the locks in the queues. Fix this by doing the queue allocation after the setup() callback runs. This is safe because the setup() callback is not allowed to make any state changes that need to be undone on error (memory allocations, etc.). It may, however, make state changes that are undone by free_netdev() (such as netif_napi_add(), which is done by the ipoib driver's setup routine). The previous code also leaked a reference to the &init_net namespace object on RX/TX queue allocation failures. Signed-off-by:
-
David S. Miller authored
rtnl_link_ops->setup(), and the "setup" callback passed to alloc_netdev*(), cannot make state changes which need to be undone on failure. There is no cleanup mechanism available at this point. So we have to add the caif private instance to the global list once we are sure that register_netdev() has succedded in ->newlink(). Otherwise, if register_netdev() fails, the caller will invoke free_netdev() and we will have a reference to freed up memory on the chnl_net_list. Signed-off-by: -
Alexey Orishko authored
Specification links: - CDC NCM errata link: http://www.usb.org/developers/devclass_docs/NCM10_012011.zip - CDC and WMC errata link: http://www.usb.org/developers/devclass_docs/CDC1.2_WMC1.1_012011.zip Changes: - driver updated to match cdc.h header with errata changes - added support for USB_CDC_SET_NTB_INPUT_SIZE control request with 8 byte length - fixes to comply with specification: send only control requests supported by device, set number of datagrams for IN direction, connection speed structure update, etc. - packet loss fixed for tx direction; misleading flag renamed. - adjusted hard_mtu value. Signed-off-by:
Alexey Orishko <alexey.orishko@stericsson.com> Signed-off-by:
-
Alexey Orishko authored
Changes are based on the following documents: - CDC NCM errata: http://www.usb.org/developers/devclass_docs/NCM10_012011.zip - CDC and WMC errata link: http://www.usb.org/developers/devclass_docs/CDC1.2_WMC1.1_012011.zipSigned-off-by:
-
Amit Shah authored
Signed-off-by:
Amit Shah <amit.shah@redhat.com> Signed-off-by:
-
Amit Shah authored
The outvq needs to be woken up on host notifications so that buffers consumed by the host can be reclaimed, outvq freed, and application writes may proceed again. The need for this is now finally noticed when I have qemu patches ready to use nonblocking IO and flow control. CC: Hans de Goede <hdegoede@redhat.com> CC: stable@kernel.org Signed-off-by:
Hans de Goede <hdegoede@redhat.com>
-
David S. Miller authored
-
