An error occurred fetching the project authors.
  1. 16 Jul, 2015 1 commit
    • Seymour, Shane M's avatar
      st: null pointer dereference panic caused by use after kref_put by st_open · e7ac6c66
      Seymour, Shane M authored
      Two SLES11 SP3 servers encountered similar crashes simultaneously
      following some kind of SAN/tape target issue:
      
      ...
      qla2xxx [0000:81:00.0]-801c:3: Abort command issued nexus=3:0:2 --  1 2002.
      qla2xxx [0000:81:00.0]-801c:3: Abort command issued nexus=3:0:2 --  1 2002.
      qla2xxx [0000:81:00.0]-8009:3: DEVICE RESET ISSUED nexus=3:0:2 cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-800c:3: do_reset failed for cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-800f:3: DEVICE RESET FAILED: Task management failed nexus=3:0:2 cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-8009:3: TARGET RESET ISSUED nexus=3:0:2 cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-800c:3: do_reset failed for cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-800f:3: TARGET RESET FAILED: Task management failed nexus=3:0:2 cmd=ffff882f89c2c7c0.
      qla2xxx [0000:81:00.0]-8012:3: BUS RESET ISSUED nexus=3:0:2.
      qla2xxx [0000:81:00.0]-802b:3: BUS RESET SUCCEEDED nexus=3:0:2.
      qla2xxx [0000:81:00.0]-505f:3: Link is operational (8 Gbps).
      qla2xxx [0000:81:00.0]-8018:3: ADAPTER RESET ISSUED nexus=3:0:2.
      qla2xxx [0000:81:00.0]-00af:3: Performing ISP error recovery - ha=ffff88bf04d18000.
       rport-3:0-0: blocked FC remote port time out: removing target and saving binding
      qla2xxx [0000:81:00.0]-505f:3: Link is operational (8 Gbps).
      qla2xxx [0000:81:00.0]-8017:3: ADAPTER RESET SUCCEEDED nexus=3:0:2.
       rport-2:0-0: blocked FC remote port time out: removing target and saving binding
      sg_rq_end_io: device detached
      BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
      IP: [<ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
      PGD 7e6586f067 PUD 7e5af06067 PMD 0 [1739975.390354] Oops: 0002 [#1] SMP
      CPU 0
      ...
      Supported: No, Proprietary modules are loaded [1739975.390463]
      Pid: 27965, comm: ABCD Tainted: PF           X 3.0.101-0.29-default #1 HP ProLiant DL580 Gen8
      RIP: 0010:[<ffffffff8133b268>]  [<ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
      RSP: 0018:ffff8839dc1e7c68  EFLAGS: 00010202
      RAX: 0000000000000000 RBX: ffff883f0592fc00 RCX: 0000000000000090
      RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000138
      RBP: 0000000000000138 R08: 0000000000000010 R09: ffffffff81bd39d0
      R10: 00000000000009c0 R11: ffffffff81025790 R12: 0000000000000001
      R13: ffff883022212b80 R14: 0000000000000004 R15: ffff883022212b80
      FS:  00007f8e54560720(0000) GS:ffff88407f800000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      CR2: 00000000000002a8 CR3: 0000007e6ced6000 CR4: 00000000001407f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process ABCD (pid: 27965, threadinfo ffff8839dc1e6000, task ffff883592e0c640)
      Stack:
       ffff883f0592fc00 00000000fffffffa 0000000000000001 ffff883022212b80
       ffff883eff772400 ffffffffa03fa309 0000000000000000 0000000000000000
       ffffffffa04003a0 ffff883f063196c0 ffff887f0379a930 ffffffff8115ea1e
      Call Trace:
       [<ffffffffa03fa309>] st_open+0x129/0x240 [st]
       [<ffffffff8115ea1e>] chrdev_open+0x13e/0x200
       [<ffffffff811588a8>] __dentry_open+0x198/0x310
       [<ffffffff81167d74>] do_last+0x1f4/0x800
       [<ffffffff81168fe9>] path_openat+0xd9/0x420
       [<ffffffff8116946c>] do_filp_open+0x4c/0xc0
       [<ffffffff8115a00f>] do_sys_open+0x17f/0x250
       [<ffffffff81468d92>] system_call_fastpath+0x16/0x1b
       [<00007f8e4f617fd0>] 0x7f8e4f617fcf
      Code: eb d3 90 48 83 ec 28 40 f6 c6 04 48 89 6c 24 08 4c 89 74 24 20 48 89 fd 48 89 1c 24 4c 89 64 24 10 41 89 f6 4c 89 6c 24 18 74 11 <f0> ff 8f 70 01 00 00 0f 94 c0 45 31 ed 84 c0 74 2b 4c 8d a5 a0
      RIP  [<ffffffff8133b268>] __pm_runtime_idle+0x28/0x90
       RSP <ffff8839dc1e7c68>
      CR2: 00000000000002a8
      
      Analysis reveals the cause of the crash to be due to STp->device
      being NULL. The pointer was NULLed via scsi_tape_put(STp) when it
      calls scsi_tape_release(). In st_open() we jump to err_out after
      scsi_block_when_processing_errors() completes and returns the
      device as offline (sdev_state was SDEV_DEL):
      
      1180 /* Open the device. Needs to take the BKL only because of incrementing the SCSI host
      1181    module count. */
      1182 static int st_open(struct inode *inode, struct file *filp)
      1183 {
      1184         int i, retval = (-EIO);
      1185         int resumed = 0;
      1186         struct scsi_tape *STp;
      1187         struct st_partstat *STps;
      1188         int dev = TAPE_NR(inode);
      1189         char *name;
      ...
      1217         if (scsi_autopm_get_device(STp->device) < 0) {
      1218                 retval = -EIO;
      1219                 goto err_out;
      1220         }
      1221         resumed = 1;
      1222         if (!scsi_block_when_processing_errors(STp->device)) {
      1223                 retval = (-ENXIO);
      1224                 goto err_out;
      1225         }
      ...
      1264  err_out:
      1265         normalize_buffer(STp->buffer);
      1266         spin_lock(&st_use_lock);
      1267         STp->in_use = 0;
      1268         spin_unlock(&st_use_lock);
      1269         scsi_tape_put(STp); <-- STp->device = 0 after this
      1270         if (resumed)
      1271                 scsi_autopm_put_device(STp->device);
      1272         return retval;
      
      The ref count for the struct scsi_tape had already been reduced
      to 1 when the .remove method of the st module had been called.
      The kref_put() in scsi_tape_put() caused scsi_tape_release()
      to be called:
      
      0266 static void scsi_tape_put(struct scsi_tape *STp)
      0267 {
      0268         struct scsi_device *sdev = STp->device;
      0269
      0270         mutex_lock(&st_ref_mutex);
      0271         kref_put(&STp->kref, scsi_tape_release); <-- calls this
      0272         scsi_device_put(sdev);
      0273         mutex_unlock(&st_ref_mutex);
      0274 }
      
      In scsi_tape_release() the struct scsi_device in the struct
      scsi_tape gets set to NULL:
      
      4273 static void scsi_tape_release(struct kref *kref)
      4274 {
      4275         struct scsi_tape *tpnt = to_scsi_tape(kref);
      4276         struct gendisk *disk = tpnt->disk;
      4277
      4278         tpnt->device = NULL; <<<---- where the dev is nulled
      4279
      4280         if (tpnt->buffer) {
      4281                 normalize_buffer(tpnt->buffer);
      4282                 kfree(tpnt->buffer->reserved_pages);
      4283                 kfree(tpnt->buffer);
      4284         }
      4285
      4286         disk->private_data = NULL;
      4287         put_disk(disk);
      4288         kfree(tpnt);
      4289         return;
      4290 }
      
      Although the problem was reported on SLES11.3 the problem appears
      in linux-next as well.
      
      The crash is fixed by reordering the code so we no longer access
      the struct scsi_tape after the kref_put() is done on it in st_open().
      Signed-off-by: default avatarShane Seymour <shane.seymour@hp.com>
      Signed-off-by: default avatarDarren Lavender <darren.lavender@hp.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.com>
      Acked-by: default avatarKai Mäkisara <kai.makisara@kolumbus.fi>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJames Bottomley <JBottomley@Odin.com>
      e7ac6c66
  2. 02 Jun, 2015 1 commit
    • Seymour, Shane M's avatar
      st: implement tape statistics · 05545c92
      Seymour, Shane M authored
      This patch implements tape statistics in the st module via
      sysfs. Current no statistics are available for tape I/O and there
      is no easy way to reuse the block layer statistics for tape
      as tape is a character device and does not have perform I/O in
      sector sized chunks (the size of the data written to tape
      can change). For tapes we also need extra stats related to
      things like tape movement (via other I/O).
      
      There have been multiple end users requesting statistics
      including AT&T (and some HP customers who have not given
      permission to be named). It is impossible for them
      to investigate any issues related to tape performance
      in a non-invasive way.
      
      [jejb: eliminate PRId64]
      Signed-off-by: default avatarShane Seymour <shane.seymour@hp.com>
      Tested-by: default avatarShane Seymour <shane.seymour@hp.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Odin.com>
      05545c92
  3. 12 Feb, 2015 1 commit
  4. 24 Nov, 2014 1 commit
  5. 12 Nov, 2014 5 commits
  6. 15 Sep, 2014 1 commit
    • Subhash Jadavani's avatar
      scsi: balance out autopm get/put calls in scsi_sysfs_add_sdev() · 6fe8c1db
      Subhash Jadavani authored
      SCSI Well-known logical units generally don't have any scsi driver
      associated with it which means no one will call scsi_autopm_put_device()
      on these wlun scsi devices and this would result in keeping the
      corresponding scsi device always active (hence LLD can't be suspended as
      well). Same exact problem can be seen for other scsi device representing
      normal logical unit whose driver is yet to be loaded. This patch fixes
      the above problem with this approach:
      
      - make the scsi_autopm_put_device call at the end of scsi_sysfs_add_sdev
        to make it balance out the get earlier in the function.
      - let drivers do paired get/put calls in their probe methods.
      Signed-off-by: default avatarSubhash Jadavani <subhashj@codeaurora.org>
      Signed-off-by: default avatarDolev Raviv <draviv@codeaurora.org>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      6fe8c1db
  7. 28 Aug, 2014 1 commit
    • Joe Lawrence's avatar
      block,scsi: fixup blk_get_request dead queue scenarios · a492f075
      Joe Lawrence authored
      The blk_get_request function may fail in low-memory conditions or during
      device removal (even if __GFP_WAIT is set). To distinguish between these
      errors, modify the blk_get_request call stack to return the appropriate
      ERR_PTR. Verify that all callers check the return status and consider
      IS_ERR instead of a simple NULL pointer check.
      
      For consistency, make a similar change to the blk_mq_alloc_request leg
      of blk_get_request.  It may fail if the queue is dead, or the caller was
      unwilling to wait.
      Signed-off-by: default avatarJoe Lawrence <joe.lawrence@stratus.com>
      Acked-by: Jiri Kosina <jkosina@suse.cz> [for pktdvd]
      Acked-by: Boaz Harrosh <bharrosh@panasas.com> [for osd]
      Reviewed-by: default avatarJeff Moyer <jmoyer@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      a492f075
  8. 17 Jul, 2014 1 commit
  9. 06 Jun, 2014 1 commit
    • Jens Axboe's avatar
      block: add blk_rq_set_block_pc() · f27b087b
      Jens Axboe authored
      With the optimizations around not clearing the full request at alloc
      time, we are leaving some of the needed init for REQ_TYPE_BLOCK_PC
      up to the user allocating the request.
      
      Add a blk_rq_set_block_pc() that sets the command type to
      REQ_TYPE_BLOCK_PC, and properly initializes the members associated
      with this type of request. Update callers to use this function instead
      of manipulating rq->cmd_type directly.
      
      Includes fixes from Christoph Hellwig <hch@lst.de> for my half-assed
      attempt.
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      f27b087b
  10. 15 Mar, 2014 1 commit
    • Maurizio Lombardi's avatar
      [SCSI] st: fix corruption of the st_modedef structures in st_set_options() · d6216c47
      Maurizio Lombardi authored
      When copying the st_modedef structures the devs pointers must be preserved
      in the same way as with the cdevs pointers.
      
      This fixes bug 70271: https://bugzilla.kernel.org/show_bug.cgi?id=70271
      
      [  135.037052] BUG: unable to handle kernel NULL pointer dereference at 0000000000000098
      [  135.045048] IP: [<ffffffff812af6a1>] kernfs_find_ns+0x21/0x150
      [  135.050999] PGD 220623067 PUD 222171067 PMD 0
      [  135.055593] Oops: 0000 [#1] SMP
      [  135.058938] Modules linked in: bnx2fc cnic uio fcoe libfcoe libfc 8021q mrp scsi_transport_fc garp scsi_tgt stp llc binfmt_misc dm_round_robin dm_multipath uinput iTCO_wdt iTCO_vendor_support microcode sg pcspkr serio_raw osst st(-) i2c_i801 lpc_ich mfd_core e1000e ptp pps_core ipmi_si ipmi_msghandler video tpm_infineon ext4(F) jbd2(F) mbcache(F) sd_mod(F) crc_t10dif(F) crct10dif_common(F) sr_mod(F) cdrom(F) pata_acpi(F) ata_generic(F) ata_piix(F) libata(F) mpt2sas(F) scsi_transport_sas(F) raid_class(F) ast(F) ttm(F) drm_kms_helper(F) drm(F) i2c_algo_bit(F) sysimgblt(F) sysfillrect(F) i2c_core(F) syscopyarea(F) dm_mirror(F) dm_region_hash(F) dm_log(F) dm_mod(F)
      [  135.119686] CPU: 2 PID: 2028 Comm: rmmod Tainted: GF            3.14.0-rc1-linux-mainline+ #14
      [  135.128453] Hardware name: wortmann To be filled by O.E.M./P8B-M Series, BIOS 6103 12/06/2012
      [  135.137127] task: ffff880001de29d0 ti: ffff8802206e4000 task.ti: ffff8802206e4000
      [  135.144742] RIP: 0010:[<ffffffff812af6a1>]  [<ffffffff812af6a1>] kernfs_find_ns+0x21/0x150
      [  135.153148] RSP: 0018:ffff8802206e5c98  EFLAGS: 00010282
      [  135.158562] RAX: ffff880001de29d0 RBX: 0000000000000000 RCX: 0000000000000006
      [  135.165814] RDX: 0000000000000000 RSI: ffffffff817627e0 RDI: 0000000000000000
      [  135.173040] RBP: ffff8802206e5cc8 R08: 0000000000000000 R09: 0000000000000001
      [  135.180303] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff817627e0
      [  135.187554] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
      [  135.194774] FS:  00007f817c720700(0000) GS:ffff880227200000(0000) knlGS:0000000000000000
      [  135.202995] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  135.208878] CR2: 0000000000000098 CR3: 00000002219b0000 CR4: 00000000000407e0
      [  135.216139] Stack:
      [  135.218185]  ffffffff81af63a0 0000000000000000 ffffffff817627e0 0000000000000000
      [  135.225783]  0000000000000000 0000000000000001 ffff8802206e5cf8 ffffffff812af8de
      [  135.233347]  ffff880226801900 ffffffff81b43320 0000000000000000 ffff880221a7c1c0
      [  135.240972] Call Trace:
      [  135.243463]  [<ffffffff812af8de>] kernfs_find_and_get_ns+0x3e/0x70
      [  135.249743]  [<ffffffff812ae27d>] sysfs_unmerge_group+0x1d/0x60
      [  135.255716]  [<ffffffff81464da9>] pm_qos_sysfs_remove_latency+0x19/0x20
      [  135.262430]  [<ffffffff81466a91>] dev_pm_qos_constraints_destroy+0x31/0x1e0
      [  135.269500]  [<ffffffff81464de6>] dpm_sysfs_remove+0x16/0x50
      [  135.275263]  [<ffffffff8145c077>] device_del+0x47/0x1e0
      [  135.280554]  [<ffffffff8145c232>] device_unregister+0x22/0x60
      [  135.286406]  [<ffffffffa02e23bd>] remove_cdevs+0x4d/0x90 [st]
      [  135.292247]  [<ffffffffa02e78ff>] st_remove+0x3f/0xb0 [st]
      [  135.297851]  [<ffffffff8145f39f>] __device_release_driver+0x7f/0xf0
      [  135.304237]  [<ffffffff8145f4e8>] driver_detach+0xd8/0xe0
      [  135.309722]  [<ffffffff8145e0fc>] bus_remove_driver+0x5c/0xd0
      [  135.315553]  [<ffffffff81460170>] driver_unregister+0x30/0x70
      [  135.321366]  [<ffffffffa02e97f4>] exit_st+0x5c/0x868 [st]
      [  135.326861]  [<ffffffff8111b31a>] SyS_delete_module+0x19a/0x1f0
      [  135.332891]  [<ffffffff810e336d>] ? trace_hardirqs_on+0xd/0x10
      [  135.338811]  [<ffffffff81141974>] ? __audit_syscall_entry+0x94/0x100
      [  135.345282]  [<ffffffff8135b1fe>] ? trace_hardirqs_on_thunk+0x3a/0x3f
      [  135.351806]  [<ffffffff816e8de9>] system_call_fastpath+0x16/0x1b
      [  135.357859] Code: ff eb e3 0f 1f 80 00 00 00 00 55 48 89 e5 48 83 ec 30 48 89 5d d8 4c 89 65 e0 4c 89 6d e8 4c 89 75 f0 4c 89 7d f8 66 66 66 66 90 <44> 0f b7 bf 98 00 00 00 8b 05 71 6d 87 00 48 89 fb 49 89 f4 49
      [  135.378282] RIP  [<ffffffff812af6a1>] kernfs_find_ns+0x21/0x150
      [  135.384355]  RSP <ffff8802206e5c98>
      [  135.387881] CR2: 0000000000000098
      [  135.391298] ---[ end trace 1968409221ddb3c8 ]---
      Signed-off-by: default avatarMaurizio Lombardi <mlombard@redhat.com>
      Acked-by: default avatarKai Mäkisara <kai.makisara@kolumbus.fi>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
      d6216c47
  11. 20 Dec, 2013 1 commit
  12. 21 Aug, 2013 1 commit
  13. 06 Apr, 2013 1 commit
  14. 28 Feb, 2013 1 commit
  15. 23 Feb, 2013 1 commit
  16. 24 Sep, 2012 1 commit
  17. 14 Sep, 2012 4 commits
  18. 28 Mar, 2012 1 commit
  19. 27 Mar, 2012 1 commit
    • Lee Duncan's avatar
      [SCSI] st: expand ability to write immediate filemarks · c743e44f
      Lee Duncan authored
      The st tape driver recently added the MTWEOFI ioctl, which writes
      a tape filemark (EOF), like the MTWEOF ioctl, except that MTWEOFI
      returns immediately. This makes certain applications, like backup
      software, run much more quickly on buffered tape drives.
      
      Since legacy applications do not know about this new MTWEOFI ioctl,
      this patch adds a new ioctl option that tells the st driver to return
      immediately when writing an EOF (i.e. a filemark). This new flag
      is much like the existing flag that tells the st driver to perform
      writes (and certain other IOs) immediately, but this new flag only
      applies to writing EOFs.
      
      This new feature is controlled via the MTSETDRVBUFFER ioctl, using
      the newly-defined MT_ST_NOWAIT_EOF flag.
      
      Use of this new feature is displayed via the sysfs tape "options"
      attribute.
      
      The st documentation was updated to mention this new flag, as well
      as the problems that can occur from using it.
      Signed-off-by: default avatarLee Duncan <lduncan@suse.com>
      Acked-by: default avatarKai Makisara <kai.makisara@kolumbus.fi>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
      c743e44f
  20. 19 Feb, 2012 1 commit
  21. 30 Oct, 2011 1 commit
  22. 23 Dec, 2010 2 commits
  23. 08 Oct, 2010 1 commit
  24. 05 Oct, 2010 1 commit
    • Arnd Bergmann's avatar
      block: autoconvert trivial BKL users to private mutex · 2a48fc0a
      Arnd Bergmann authored
      The block device drivers have all gained new lock_kernel
      calls from a recent pushdown, and some of the drivers
      were already using the BKL before.
      
      This turns the BKL into a set of per-driver mutexes.
      Still need to check whether this is safe to do.
      
      file=$1
      name=$2
      if grep -q lock_kernel ${file} ; then
          if grep -q 'include.*linux.mutex.h' ${file} ; then
                  sed -i '/include.*<linux\/smp_lock.h>/d' ${file}
          else
                  sed -i 's/include.*<linux\/smp_lock.h>.*$/include <linux\/mutex.h>/g' ${file}
          fi
          sed -i ${file} \
              -e "/^#include.*linux.mutex.h/,$ {
                      1,/^\(static\|int\|long\)/ {
                           /^\(static\|int\|long\)/istatic DEFINE_MUTEX(${name}_mutex);
      
      } }"  \
          -e "s/\(un\)*lock_kernel\>[ ]*()/mutex_\1lock(\&${name}_mutex)/g" \
          -e '/[      ]*cycle_kernel_lock();/d'
      else
          sed -i -e '/include.*\<smp_lock.h\>/d' ${file}  \
                      -e '/cycle_kernel_lock()/d'
      fi
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      2a48fc0a
  25. 27 May, 2010 1 commit
    • Jan Blunck's avatar
      st: use noop_llseek() instead of default_llseek() · b4d878e2
      Jan Blunck authored
      st_open() suggests that llseek() doesn't work: "We really want to do
      nonseekable_open(inode, filp); here, but some versions of tar incorrectly
      call lseek on tapes and bail out if that fails.  So we disallow pread()
      and pwrite(), but permit lseeks."
      
      Instead of using the fallback default_llseek() the driver should use
      noop_llseek() which leaves the file->f_pos untouched but succeeds.
      Signed-off-by: default avatarJan Blunck <jblunck@suse.de>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Kai Makisara <Kai.Makisara@kolumbus.fi>
      Cc: Willem Riede <osst@riede.org>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b4d878e2
  26. 30 Mar, 2010 1 commit
    • Tejun Heo's avatar
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo authored
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Guess-its-ok-by: default avatarChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  27. 26 Feb, 2010 1 commit
  28. 10 Dec, 2009 1 commit
  29. 04 Dec, 2009 1 commit
  30. 02 Oct, 2009 1 commit
    • David Jeffery's avatar
      [SCSI] st: fix possible memory use after free after MTSETBLK ioctl · 2c2ed8bf
      David Jeffery authored
      A memory use after free bug can manifest if the MTSETBLK or SET_DENS_AND_BLK
      ioctl features are used to set the tape's blocksize from 0 to non-zero.
      After the driver sets the new block size, in this one case it calls
      normalize_buffer() to free the device's internal data buffers.  However, the
      ioctl code assumes there is always a buffer and does not check or allocate
      a buffer if there isn't one.  So any following ioctl calls can corrupt
      a part of memory by writing data to memory that the st driver had freed.
      
      This patch removes the normalize_buffer() call and the specialness of
      changing from a 0 to non-zero blocksize to fix the possible use of
      memory after it has been freed by the st driver.
      signed-off-by: default avatarDavid Jeffery <djeffery@redhat.com>
      Acked-by: default avatarKai Makisara <kai.makisara@kolumbus.fi>
      Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
      2c2ed8bf
  31. 23 May, 2009 1 commit
  32. 22 May, 2009 1 commit