- 06 Jun, 2005 26 commits
-
-
Tony Luck authored
-
Yoshinori Sato authored
Make sure that binfmt_flat passes the correct flags into do_mmap(). nommu's validate_mmap_request() will simple return -EINVAL if we try and pass it a flags value of zero. Signed-off-by:
Yoshinori Sato <ysato@users.sourceforge.jp> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org>
-
Al Viro authored
__do_follow_link() passes potentially worng vfsmount to touch_atime(). It matters only in (currently impossible) case of symlink mounted on something, but it's trivial to fix and that actually makes more sense. Signed-off-by:
Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by:
-
Al Viro authored
Cosmetical cleanups - __follow_mount() calls in __link_path_walk() absorbed into do_lookup(). Obviously equivalent transformation. Signed-off-by:
-
Al Viro authored
follow_mount() made void, reordered dput()/mntput() in it. follow_dotdot() switched from struct vfmount ** + struct dentry ** to struct nameidata *; callers updated. Equivalent transformation + fix for too-early-mntput() race. Signed-off-by:
-
Al Viro authored
Conditional mntput() moved into __do_follow_link(). There it collapses with unconditional mntget() on the same sucker, closing another too-early-mntput() race. Signed-off-by:
-
Al Viro authored
Getting rid of sloppy logics: a) in do_follow_link() we have the wrong vfsmount dropped if our symlink had been mounted on something. Currently it worls only because we never get such situation (modulo filesystem playing dirty tricks on us). And it obfuscates already convoluted logics... b) same goes for open_namei(). c) in __link_path_walk() we have another "it should never happen" sloppiness - out_dput: there does double-free on underlying vfsmount and leaks the covering one if we hit it just after crossing a mountpoint. Again, wrong vfsmount getting dropped. d) another too-early-mntput() race - in do_follow_mount() we need to postpone conditional mntput(path->mnt) until after dput(path->dentry). Again, this one happens only in it-currently-never-happens-unless-some-fs-plays-dirty scenario... Signed-off-by:
-
Al Viro authored
shifted conditional mntput() into do_follow_link() - all callers were doing the same thing. Obviously equivalent transformation. Signed-off-by:
-
Al Viro authored
In open_namei() exit_dput: we have mntput() done in the wrong order - if nd->mnt != path.mnt we end up doing mntput(nd->mnt); nd->mnt = path.mnt; dput(nd->dentry); mntput(nd->mnt); which drops nd->dentry too late. Fixed by having path.mnt go first. That allows to switch O_NOFOLLOW under if (__follow_mount(...)) back to exit_dput, while we are at it. Fix for early-mntput() race + equivalent transformation. Signed-off-by:
-
Al Viro authored
In open_namei() we take mntput(nd->mnt);nd->mnt=path.mnt; out of the if (__follow_mount(...)), making it conditional on nd->mnt != path.mnt instead. Then we shift the result downstream. Equivalent transformations. Signed-off-by:
-
Al Viro authored
shifted conditional mntput() calls in __link_path_walk() downstream. Obviously equivalent transformation. Signed-off-by:
-
Al Viro authored
In open_namei(), __follow_down() loop turned into __follow_mount(). Instead of if we are on a mountpoint dentry if O_NOFOLLOW checks fail drop path.dentry drop nd return do equivalent of follow_mount(&path.mnt, &path.dentry) nd->mnt = path.mnt we do if __follow_mount(path) had, indeed, traversed mountpoint /* now both nd->mnt and path.mnt are pinned down */ if O_NOFOLLOW checks fail drop path.dentry drop path.mnt drop nd return mntput(nd->mnt) nd->mnt = path.mnt Now __follow_down() can be folded into follow_down() - no other callers left. We need to reorder dput()/mntput() there - same problem as in follow_mount(). Equivalent transformation + fix for a bug in O_NOFOLLOW handling - we used to get -ELOOP if we had the same fs mounted on /foo and /bar, had something bound on /bar/baz and tried to open /foo/baz with O_NOFOLLOW. And fix of too-early-mntput() race in follow_down() Signed-off-by:
-
Al Viro authored
New helper: __follow_mount(struct path *path). Same as follow_mount(), except that we do *not* do mntput() after the first lookup_mnt(). IOW, original path->mnt stays pinned down. We also take care to do dput() before mntput() in the loop body (follow_mount() also needs that reordering, but that will be done later in the series). The following are equivalent, assuming that path.mnt == x: (1) follow_mount(&path.mnt, &path.dentry) (2) __follow_mount(&path); if (path->mnt != x) mntput(x); (3) if (__follow_mount(&path)) mntput(x); Callers of follow_mount() in __link_path_walk() converted to (2). Equivalent transformation + fix for too-late-mntput() race in __follow_mount() loop. Signed-off-by:
-
Al Viro authored
In open_namei() we never use path.mnt or path.dentry after exit: or ok:. Assignment of path.dentry in case of LAST_BIND is dead code and only obfuscates already convoluted function; assignment of path.mnt after __do_follow_link() can be moved down to the place where we set path.dentry. Obviously equivalent transformations, just to clean the air a bit in that region. Signed-off-by:
-
Al Viro authored
The first argument of __do_follow_link() switched to struct path * (__do_follow_link(path->dentry, ...) -> __do_follow_link(path, ...)). All callers have the same calls of mntget() right before and dput()/mntput() right after __do_follow_link(); these calls have been moved inside. Obviously equivalent transformations. Signed-off-by:
-
Al Viro authored
mntget(path->mnt) in do_follow_link() moved down to right before the __do_follow_link() call and rigth after loop: resp. dput()+mntput() on non-ELOOP branch moved up to right after __do_follow_link() call. resulting loop: mntget(path->mnt); path_release(nd); dput(path->mnt); mntput(path->mnt); replaced with equivalent dput(path->mnt); path_release(nd); Equivalent transformations - the reason why we have that mntget() is that __do_follow_link() can drop a reference to nd->mnt and that's what holds path->mnt. So that call can happen at any point prior to __do_follow_link() touching nd->mnt. The rest is obvious. NOTE: current tree relies on symlinks *never* being mounted on anything. It's not hard to get rid of that assumption (actually, that will come for free later in the series). For now we are just not making the situation worse than it is. Signed-off-by:
-
Al Viro authored
fix for too early mntput() in open_namei() - we pin path.mnt down for the duration of __do_follow_link(). Otherwise we could get the fs where our symlink lived unmounted while we were in __do_follow_link(). That would end up with dentry of symlink staying pinned down through the fs shutdown. Signed-off-by:
-
Al Viro authored
path.mnt in open_namei() set to mirror nd->mnt. nd->mnt is set in 3 places in that function - path_lookup() in the beginning, __follow_down() loop after do_last: and __do_follow_link() call after do_link:. We set path.mnt to nd->mnt after path_lookup() and __do_follow_link(). In __follow_down() loop we use &path.mnt instead of &nd->mnt and set nd->mnt to path.mnt immediately after that loop. Obviously equivalent transformation. Signed-off-by:
-
Al Viro authored
Replaced struct dentry *dentry in namei with struct path path. All uses of dentry replaced with path.dentry there. Obviously equivalent transformation. Signed-off-by:
-
Al Viro authored
All callers of do_follow_link() do mntget() right before it and dput()+mntput() right after. These calls are moved inside do_follow_link() now. Obviously equivalent transformation. Signed-off-by:
-
Al Viro authored
OK, here comes a patch series that hopefully should close all too-early-mntput() races in fs/namei.c. Entire area is convoluted as hell, so I'm splitting that series into _very_ small chunks. Patches alread in the tree close only (very wide) races in following symlinks (see "busy inodes after umount" thread some time ago). Unfortunately, quite a few narrower races of the same nature were not closed. Hopefully this should take care of all of them. Signed-off-by:
-
Kumar Gala authored
Runtime feature support for unified caches was testing a userland feature flag (PPC_FEATURE_UNIFIED_CACHE) instead of a cpu feature flag (CPU_FTR_SPLIT_ID_CACHE). Luckily the current defined bit mask for cpu features and userland features do not overlap so this only causes an issue on machines with a unified cache, which is extremely rare on PPC today. Signed-off-by:
Kumar Gala <kumar.gala@freescale.com> Signed-off-by:
-
Yoshinori Sato authored
h8300 was missing a few definitions. Signed-off-by:
-
Denis Vlasenko authored
Stop using tty internal structure in mxser_receive_chars(), use tty_insert_flip_char(tty, ch flag); instead. Without this change driver ignores any rx'ed chars. Run tested. Cc: Alan Cox <alan@redhat.com> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by:
-
Martin Schwidefsky authored
fault_in_pages_readable() is being passed an incorrect `end' address, which can result in writes accidentally faulting in pages which will not be affected by the write() call. Signed-off-by:
Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by:
-
Linus Torvalds authored
Getting ready for the real release..
-
- 05 Jun, 2005 6 commits
-
-
Yoichi Yuasa authored
- Changed the return value of unknown type to NULL. - Deleted the NULL check of dev_id in siu_interrupt(). - Deleted the NULL check of port->membase in siu_shutdown(). - Added the NULL check of port->membase to siu_startup(). - Removed early_uart_ops. Now using vr41xx_siu standerd one. - Changed KSEG1ADDR() in siu_console_setup() to ioremap(). - When uart_add_one_port() failed, changed to set NULL to port->dev. Signed-off-by:
Yoichi Yuasa <yuasa@hh.iij4u.or.jp> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by:
-
Gerald Schaefer authored
The system might hang when using appldata_mem with high I/O traffic and a large number of devices. The spinlocks bdev_lock and swaplock are acquired via calls to si_meminfo() and si_swapinfo() from a tasklet, i.e. interrupt context, which can lead to a deadlock. Replace tasklet with work queue. Signed-off-by:
-
Martin Schwidefsky authored
The condition for no context in do_exception checks for hard and soft interrupts by using in_interrupt() but not for preemption. This is bad for the users of __copy_from/to_user_inatomic because the fault handler might call schedule although the preemption count is != 0. Use in_atomic() instead in_interrupt(). Signed-off-by:
-
Bodo Stroesser authored
To make UML build and run on s390, I needed to do these two little changes: 1) UML includes some of the subarch's (s390) headers. I had to change one of them with the following one-liner, to make this compile. AFAICS, this change doesn't break compilation of s390 itself. 2) UML needs to intercept syscalls via ptrace to invalidate the syscall, read syscall's parameters and write the result with the result of UML's syscall processing. Also, UML needs to make sure, that the host does no syscall restart processing. On i386 for example, this can be done by writing -1 to orig_eax on the 2nd syscall interception (orig_eax is the syscall number, which after the interception is used as a "interrupt was a syscall" flag only. Unfortunately, s390 holds syscall number and syscall result in gpr2 and its "interrupt was a syscall" flag (trap) is unreachable via ptrace. So I changed the host to set trap to -1, if the syscall number is changed to an invalid value on the first syscall interception. Signed-off-by:
-
Martin Schwidefsky authored
The special cases of peek and poke on acrs[15] and the fpc register are not handled correctly. A poke on acrs[15] will clobber the 4 bytes after the access registers in the thread_info structure. That happens to be the kernel stack pointer. A poke on the fpc with an invalid value is not caught by the validity check. On the next context switch the broken fpc value will cause a program check in the kernel. Improving the checks in peek and poke fixes this. Signed-off-by:
-
Qu Fuping authored
When fsync() runs wait_on_page_writeback_range() it only inspects pages which are actually under I/O (PAGECACHE_TAG_WRITEBACK). If a page completed I/O prior to wait_on_page_writeback_range() looking at it, it is supposed to have recorded its I/O error state in the address_space. But mpage_mpage_end_io_write() forgot to set the address_space error flag in this case. Signed-off-by:
Qu Fuping <fs@ercist.iscas.ac.cn> Signed-off-by:
-
- 04 Jun, 2005 2 commits
-
-
- 03 Jun, 2005 6 commits
-
-
Nathan Lynch authored
A typo in prom_find_machine_type from Ben's recent patch "ppc64: Fix result code handling in prom_init" prevents pSeries LPAR systems from booting. Tested on a pSeries 570 and OpenPower 720 (both Power5 LPAR). Signed-off-by:
Nathan Lynch <ntl@pobox.com> Signed-off-by:
-
Dean Nelson authored
Fix a bug in which shub_1_1_found is not being properly initialized or set, resulting in the improper setting of sn_hub_info->shub_1_1_found. Signed-off-by:
Dean Nelson <dcn@sgi.com> Signed-off-by:
Tony Luck <tony.luck@intel.com>
-
-
Greg Ungerer authored
Re-work the m68knommu specific idle code according to suggestions from Nick Piggin <nickpiggin@yahoo.com.au>. A couple of rules that we need to follow: 1. Preempt should now disabled over idle routines. Should only be enabled to call schedule() then disabled again. 3. When cpu_idle finds (need_resched() == 'true'), it should call schedule(). It should not call schedule() otherwise. Also fix interrupt locking around the need_resched() and cpu stop state so that there is no race condition. Signed-off-by:
Greg Ungerer <gerg@snapgear.com> Signed-off-by:
-
David Brownell authored
This "obvious" one-liner is needed to recognize Zaurus SL 6000; it just checks two GUIDs not just one. OSDL bugids #4512 and #4545 seem to be duplicates of this report. From: Gerald Skerbitz <gsker@tcfreenet.org> Signed-off-by:
David Brownell <dbrownell@users.sourceforge.net> Signed-off-by:
-
Nathan Lynch authored
With CONFIG_DEBUG_SLAB=y I see slab corruption messages during boot on pSeries machines with IPR adapters with any 2.6.12-rc kernel. The change which seems to have introduced the problem is "SCSI: revamp target scanning routines" and may be found at: http://marc.theaimsgroup.com/?l=bk-commits-head&m=111093946426333&w=2 In order to revert that in a 2.6.12-rc1 tree, I had to revert "target code updates to support scanned targets" first: http://marc.theaimsgroup.com/?l=bk-commits-head&m=111094132524649&w=2 With both patches reverted, the corruption messages go away. ipr: IBM Power RAID SCSI Device Driver version: 2.0.13 (February 21, 2005) ipr 0001:d0:01.0: Found IOA with IRQ: 167 ipr 0001:d0:01.0: Starting IOA initialization sequence. ipr 0001:d0:01.0: Adapter firmware version: 020A005C ipr 0001:d0:01.0: IOA initialized. scsi0 : IBM 570B Storage Adapter Vendor: IBM Model: VSBPD4E1 U4SCSI Rev: 4770 Type: Enclosure ANSI SCSI revision: 02 Vendor: IBM H0 Model: HUS103036FL3800 Rev: RPQF Type: Direct-Access ANSI SCSI revision: 04 Vendor: IBM H0 Model: HUS103036FL3800 Rev: RPQF Type: Direct-Access ANSI SCSI revision: 04 Vendor: IBM H0 Model: HUS103036FL3800 Rev: RPQF Type: Direct-Access ANSI SCSI revision: 04 Vendor: IBM H0 Model: HUS103036FL3800 Rev: RPQF Type: Direct-Access ANSI SCSI revision: 04 Vendor: IBM Model: VSBPD4E1 U4SCSI Rev: 4770 Type: Enclosure ANSI SCSI revision: 02 Slab corruption: start=c0000001e8de5268, len=512 Redzone: 0x5a2cf071/0x5a2cf071. Last user: [<c00000000029c3a0>](.scsi_target_dev_release+0x28/0x50) 080: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6a Prev obj: start=c0000001e8de5050, len=512 Redzone: 0x5a2cf071/0x5a2cf071. Last user: [<0000000000000000>](0x0) 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b Next obj: start=c0000001e8de5480, len=512 Redzone: 0x170fc2a5/0x170fc2a5. Last user: [<c000000000228d7c>](.as_init_queue+0x5c/0x228) 000: c0 00 00 01 e8 83 26 08 00 00 00 00 00 00 00 00 010: 00 00 00 00 00 00 00 00 c0 00 00 01 e8 de 54 98 Slab corruption: start=c0000001e8de5268, len=512 Redzone: 0x5a2cf071/0x5a2cf071. Last user: [<c00000000029c3a0>](.scsi_target_dev_release+0x28/0x50) 080: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6a Prev obj: start=c0000001e8de5050, len=512 Redzone: 0x5a2cf071/0x5a2cf071. Last user: [<0000000000000000>](0x0) 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b Next obj: start=c0000001e8de5480, len=512 Redzone: 0x170fc2a5/0x170fc2a5. Last user: [<c000000000228d7c>](.as_init_queue+0x5c/0x228) 000: c0 00 00 01 e8 83 26 08 00 00 00 00 00 00 00 00 010: 00 00 00 00 00 00 00 00 c0 00 00 01 e8 de 54 98 ... I did some digging and the problem seems to be a refcounting issue in __scsi_add_device. The target gets freed in scsi_target_reap, and then __scsi_add_device tries to do another device_put on it. Signed-off-by:
James Bottomley <James.Bottomley@SteelEye.com>
-
