1. 01 5月, 2010 5 次提交
    • F
      hw-breakpoints: Change/Enforce some breakpoints policies · b2812d03
      Frederic Weisbecker 提交于
      The current policies of breakpoints in x86 and SH are the following:
      
      - task bound breakpoints can only break on userspace addresses
      - cpu wide breakpoints can only break on kernel addresses
      
      The former rule prevents ptrace breakpoints to be set to trigger on
      kernel addresses, which is good. But as a side effect, we can't
      breakpoint on kernel addresses for task bound breakpoints.
      
      The latter rule simply makes no sense, there is no reason why we
      can't set breakpoints on userspace while performing cpu bound
      profiles.
      
      We want the following new policies:
      
      - task bound breakpoint can set userspace address breakpoints, with
      no particular privilege required.
      - task bound breakpoints can set kernelspace address breakpoints but
      must be privileged to do that.
      - cpu bound breakpoints can do what they want as they are privileged
      already.
      
      To implement these new policies, this patch checks if we are dealing
      with a kernel address breakpoint, if so and if the exclude_kernel
      parameter is set, we tell the user that the breakpoint is invalid,
      which makes a good generic ptrace protection.
      If we don't have exclude_kernel, ensure the user has the right
      privileges as kernel breakpoints are quite sensitive (risk of
      trap recursion attacks and global performance impacts).
      
      [ Paul Mundt: keep addr space check for sh signal delivery and fix
        double function declaration]
      Signed-off-by: NFrederic Weisbecker <fweisbec@gmail.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
      Cc: K. Prasad <prasad@linux.vnet.ibm.com>
      Cc: Paul Mundt <lethal@linux-sh.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Jason Wessel <jason.wessel@windriver.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
      b2812d03
    • F
      hw-breakpoints: Check disabled breakpoints again · 87e9b202
      Frederic Weisbecker 提交于
      We stopped checking disabled breakpoints because we weren't
      allowing breakpoints on NULL addresses. And gdb tends to set
      NULL addresses on inactive breakpoints.
      
      But refusing NULL addresses was actually a regression that has
      been fixed now. There is no reason anymore to not validate
      inactive breakpoint settings.
      Signed-off-by: NFrederic Weisbecker <fweisbec@gmail.com>
      Acked-by: NPaul Mundt <lethal@linux-sh.org>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
      Cc: K. Prasad <prasad@linux.vnet.ibm.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Jason Wessel <jason.wessel@windriver.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      87e9b202
    • F
      hw-breakpoints: Tag ptrace breakpoint as exclude_kernel · 73266fc1
      Frederic Weisbecker 提交于
      Tag ptrace breakpoints with the exclude_kernel attribute set. This
      will make it easier to set generic policies on breakpoints, when it
      comes to ensure nobody unpriviliged try to breakpoint on the kernel.
      Signed-off-by: NFrederic Weisbecker <fweisbec@gmail.com>
      Acked-by: NPaul Mundt <lethal@linux-sh.org>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
      Cc: K. Prasad <prasad@linux.vnet.ibm.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      73266fc1
    • F
      perf: Fix warning while reading ring buffer headers · d00a47cc
      Frederic Weisbecker 提交于
      commit e9e94e3b
      "perf trace: Ignore "overwrite" field if present in
      /events/header_page" makes perf trace launching spurious warnings
      about unexpected tokens read:
      
      	Warning: Error: expected type 6 but read 4
      
      This change tries to handle the overcommit field in the header_page
      file whenever this field is present or not.
      
      The problem is that if this field is not present, we try to find it
      and give up in the middle of the line when we realize we are actually
      dealing with another field, which is the "data" one. And this failure
      abandons the file pointer in the middle of the "data" description
      line:
      
      	field: u64 timestamp;	offset:0;	size:8;	signed:0;
      	field: local_t commit;	offset:8;	size:8;	signed:1;
      	field: char data;	offset:16;	size:4080;	signed:1;
                            ^^^
                            Here
      
      What happens next is that we want to read this line to parse the data
      field, but we fail because the pointer is not in the beginning of the
      line.
      
      We could probably fix that by rewinding the pointer. But in fact we
      don't care much about these headers that only concern the ftrace
      ring-buffer. We don't use them from perf.
      
      Just skip this part of perf.data, but don't remove it from recording
      to stay compatible with olders perf.data
      Signed-off-by: NFrederic Weisbecker <fweisbec@gmail.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      d00a47cc
    • F
      perf: Remove leftover useless options to record trace events from scripts · e5a5f1f0
      Frederic Weisbecker 提交于
      -f, -c 1, -R are now useless for trace events recording, moreover
      -M is useless and event hurts.
      
      Remove them from the documentation examples and from record scripts.
      Signed-off-by: NFrederic Weisbecker <fweisbec@gmail.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Tom Zanussi <tzanussi@gmail.com>
      e5a5f1f0
  2. 30 4月, 2010 16 次提交
    • I
    • I
      Merge commit 'v2.6.34-rc6' into perf/core · 3ca50496
      Ingo Molnar 提交于
      Merge reason: update to the latest -rc.
      Signed-off-by: NIngo Molnar <mingo@elte.hu>
      3ca50496
    • L
      Linux 2.6.34-rc6 · 66f41d4c
      Linus Torvalds 提交于
      66f41d4c
    • L
      Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/linux-2.6-kgdb · b18262ed
      Linus Torvalds 提交于
      * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/linux-2.6-kgdb:
        kgdb: don't needlessly skip PAGE_USER test for Fsl booke
      b18262ed
    • L
      Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs · e97e7120
      Linus Torvalds 提交于
      * 'for-linus' of git://oss.sgi.com/xfs/xfs:
        xfs: add a shrinker to background inode reclaim
      e97e7120
    • W
      kgdb: don't needlessly skip PAGE_USER test for Fsl booke · 56151e75
      Wufei 提交于
      The bypassing of this test is a leftover from 2.4 vintage
      kernels, and is no longer appropriate, or even used by KGDB.
      Currently KGDB uses probe_kernel_write() for all access to
      memory via the KGDB core, so it can simply be deleted.
      
      This fixes CVE-2010-1446.
      
      CC: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      CC: Paul Mackerras <paulus@samba.org>
      CC: Kumar Gala <galak@kernel.crashing.org>
      Signed-off-by: NWufei <fei.wu@windriver.com>
      Signed-off-by: NJason Wessel <jason.wessel@windriver.com>
      56151e75
    • L
      Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block · fed0a9c6
      Linus Torvalds 提交于
      * 'for-linus' of git://git.kernel.dk/linux-2.6-block:
        exofs: Fix "add bdi backing to mount session" fall out
        fs: fs/super.c needs to include backing-dev.h for !CONFIG_BLOCK
      fed0a9c6
    • L
      Merge master.kernel.org:/home/rmk/linux-2.6-arm · 6bec1192
      Linus Torvalds 提交于
      * master.kernel.org:/home/rmk/linux-2.6-arm:
        ARM: 6061/1: PL061 GPIO: Bug fix - setting gpio for HIGH_LEVEL interrupt is not working.
        ARM: 5957/1: ARM: RealView SD/MMC Card detection and write-protect using GPIOLIB
        ARM: 6030/1: KS8695: enable console
        ARM: 6060/1: PL061 GPIO: Setting gpio val after changing direction to OUT.
        ARM: 6059/1: PL061 GPIO: Changing *_irq_chip_data with *_irq_data for real irqs.
        ARM: 6023/1: update bcmring_defconfig to latest version and fix build error
        ARM: fix build error in arch/arm/kernel/process.c
      6bec1192
    • L
      Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc · 553cbf0a
      Linus Torvalds 提交于
      * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
        powerpc/ps3: Update ps3_defconfig
        powerpc/ps3: Update platform maintainer
        powerpc/pseries: Flush lazy kernel mappings after unplug operations
        powerpc/numa: Add form 1 NUMA affinity
        powerpc/fsl-booke: Fix CONFIG_RELOCATABLE support on FSL Book-E ppc32
        powerpc: 2.6.34 update of defconfigs for embedded 6xx/7xxx, 8xx, 8xxx
        powerpc/mpc8xxx defconfigs - turn off SYSFS_DEPRECATED
        powerpc/83xx: configure SIL SATA driver in 83xx-wide defconfig
        powerpc/83xx: enable EPOLL syscall in defconfig
        powerpc/83xx: add RTC drivers in 83xx defconfig
        powerpc/fsl-cpm: Configure clock correctly for SCC
        powerpc/fsl_booke: Correct test for MMU_FTR_BIG_PHYS
        powerpc/85xx/86xx: Fix build w/ CONFIG_PCI=n
      553cbf0a
    • V
      ARM: 6061/1: PL061 GPIO: Bug fix - setting gpio for HIGH_LEVEL interrupt is not working. · db7e1bc4
      viresh kumar 提交于
      In current implementation of PL061, setting type of irq to HIGH_LEVEL is not
      working. This patch fixes this bug.
      Signed-off-by: NViresh Kumar <viresh.kumar@st.com>
      Acked-by: NBaruch Siach <baruch@tkos.co.il>
      Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      db7e1bc4
    • A
      perf test: Initial regression testing command · 1c6a800c
      Arnaldo Carvalho de Melo 提交于
      First an example with the first internal test:
      
      [acme@doppio linux-2.6-tip]$ perf test
       1: vmlinux symtab matches kallsyms: Ok
      
      So it run just one test, that is "vmlinux symtab matches kallsyms", and it was
      successful.
      
      If we run it in verbose mode, we'll see details about errors and extra warnings
      for non-fatal problems:
      
      [acme@doppio linux-2.6-tip]$ perf test -v
       1: vmlinux symtab matches kallsyms:
      --- start ---
      Looking at the vmlinux_path (5 entries long)
      No build_id in vmlinux, ignoring it
      No build_id in /boot/vmlinux, ignoring it
      No build_id in /boot/vmlinux-2.6.34-rc4-tip+, ignoring it
      Using /lib/modules/2.6.34-rc4-tip+/build/vmlinux for symbols
      Maps only in vmlinux:
       ffffffff81cb81b1-ffffffff81e1149b 0 [kernel].init.text
       ffffffff81e1149c-ffffffff9fffffff 0 [kernel].exit.text
       ffffffffff600000-ffffffffff6000ff 0 [kernel].vsyscall_0
       ffffffffff600100-ffffffffff6003ff 0 [kernel].vsyscall_fn
       ffffffffff600400-ffffffffff6007ff 0 [kernel].vsyscall_1
       ffffffffff600800-ffffffffffffffff 0 [kernel].vsyscall_2
      Maps in vmlinux with a different name in kallsyms:
       ffffffffff600000-ffffffffff6000ff 0 [kernel].vsyscall_0 in kallsyms as [kernel].0
       ffffffffff600100-ffffffffff6003ff 0 [kernel].vsyscall_fn in kallsyms as:
      *ffffffffff600100-ffffffffff60012f 0 [kernel].2
       ffffffffff600400-ffffffffff6007ff 0 [kernel].vsyscall_1 in kallsyms as [kernel].6
       ffffffffff600800-ffffffffffffffff 0 [kernel].vsyscall_2 in kallsyms as [kernel].8
      Maps only in kallsyms:
       ffffffffff600130-ffffffffff6003ff 0 [kernel].4
      ---- end ----
      vmlinux symtab matches kallsyms: Ok
      [acme@doppio linux-2.6-tip]$
      
      In the above case we only know the name of the non contiguous kernel ranges in
      the address space when reading the symbol information from the ELF symtab in
      vmlinux.
      
      The /proc/kallsyms file lack this, we only notice they are separate because
      there are modules after the kernel and after that more kernel functions, so we
      need to have a module rbtree backed by the module .ko path to get symtabs in
      the vmlinux case.
      
      The tool uses it to match by address to emit appropriate warning, but don't
      considers this fatal.
      
      The .init.text and .exit.text ines, of course, aren't in kallsyms, so I left
      these cases just as extra info in verbose mode.
      
      The end of the sections also aren't in kallsyms, so we the symbols layer does
      another pass and sets the end addresses as the next map start minus one, which
      sometimes pads, causing harmless mismatches.
      
      But at least the symbols match, tested it by copying /proc/kallsyms to
      /tmp/kallsyms and doing changes to see if they were detected.
      
      This first test also should serve as a first stab at documenting the
      symbol library by providing a self contained example that exercises it
      together with comments about what is being done.
      
      More tests to check if actions done on a monitored app, like doing mmaps, etc,
      makes the kernel generate the expected events should be added next.
      
      Cc: Frédéric Weisbecker <fweisbec@gmail.com>
      Cc: Mike Galbraith <efault@gmx.de>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      LKML-Reference: <new-submission>
      Signed-off-by: NArnaldo Carvalho de Melo <acme@redhat.com>
      1c6a800c
    • D
      xfs: add a shrinker to background inode reclaim · 9bf729c0
      Dave Chinner 提交于
      On low memory boxes or those with highmem, kernel can OOM before the
      background reclaims inodes via xfssyncd. Add a shrinker to run inode
      reclaim so that it inode reclaim is expedited when memory is low.
      
      This is more complex than it needs to be because the VM folk don't
      want a context added to the shrinker infrastructure. Hence we need
      to add a global list of XFS mount structures so the shrinker can
      traverse them.
      Signed-off-by: NDave Chinner <dchinner@redhat.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      9bf729c0
    • B
      exofs: Fix "add bdi backing to mount session" fall out · 3c2023dd
      Boaz Harrosh 提交于
      The patch: add bdi backing to mount session
      	(b3d0ab7e)
      
      Has a bug in the placement of the bdi member at
      struct exofs_sb_info. The layout member must be kept
      last.
      Signed-off-by: NBoaz Harrosh <bharrosh@panasas.com>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      3c2023dd
    • J
      fs: fs/super.c needs to include backing-dev.h for !CONFIG_BLOCK · 5477d0fa
      Jens Axboe 提交于
      When CONFIG_BLOCK is set, it ends up getting backing-dev.h included.
      But for !CONFIG_BLOCK, it isn't so lucky. The proper thing to do is
      include <linux/backing-dev.h> directly from the file it's used from,
      so do that.
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      5477d0fa
    • A
      perf symbols: Add machine helper routines · 5c0541d5
      Arnaldo Carvalho de Melo 提交于
      Created when writing the first 'perf test' regression testing routine.
      
      Cc: Frédéric Weisbecker <fweisbec@gmail.com>
      Cc: Mike Galbraith <efault@gmx.de>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      LKML-Reference: <new-submission>
      Signed-off-by: NArnaldo Carvalho de Melo <acme@redhat.com>
      5c0541d5
    • L
      Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 · 27fb8d7b
      Linus Torvalds 提交于
      * 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
        nfs: fix memory leak in nfs_get_sb with CONFIG_NFS_V4
        nfs: fix some issues in nfs41_proc_reclaim_complete()
        NFS: Ensure that nfs_wb_page() waits for Pg_writeback to clear
        NFS: Fix an unstable write data integrity race
        nfs: testing for null instead of ERR_PTR()
        NFS: rsize and wsize settings ignored on v4 mounts
        NFSv4: Don't attempt an atomic open if the file is a mountpoint
        SUNRPC: Fix a bug in rpcauth_prune_expired
      27fb8d7b
  3. 29 4月, 2010 19 次提交
    • A
      pktcdvd: improve BKL and compat_ioctl.c usage · f80a0ca6
      Arnd Bergmann 提交于
      The pktcdvd driver uses proper locking and does not need the BKL in the
      ioctl and llseek functions of the character device, so kill both.
      
      Moving the compat_ioctl handling from common code into the driver itself
      fixes build problems when CONFIG_BLOCK is disabled.
      Acked-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f80a0ca6
    • B
      exofs: Fix "add bdi backing to mount session" fall out · a36fed12
      Boaz Harrosh 提交于
      Commit b3d0ab7e ("exofs: add bdi backing
      to mount session") has a bug in the placement of the bdi member at
      struct exofs_sb_info.  The layout member must be kept last.
      Signed-off-by: NBoaz Harrosh <bharrosh@panasas.com>
      Acked-by: NJens Axboe <jens.axboe@oracle.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a36fed12
    • L
      Merge branch 'x86-fixes-for-linus' of... · dfad53d4
      Linus Torvalds 提交于
      Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip
      
      * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip:
        x86: Disable large pages on CPUs with Atom erratum AAE44
        x86-64: Clear a 64-bit FS/GS base on fork if selector is nonzero
        x86, mrst: Conditionally register cpu hotplug notifier for apbt
      dfad53d4
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 · 79dba2ea
      Linus Torvalds 提交于
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
        x86/PCI: compute Address Space length rather than using _LEN
        x86/PCI: never allocate PCI MMIO resources below BIOS_END
      79dba2ea
    • A
      nfs d_revalidate() is too trigger-happy with d_drop() · d9e80b7d
      Al Viro 提交于
      If dentry found stale happens to be a root of disconnected tree, we
      can't d_drop() it; its d_hash is actually part of s_anon and d_drop()
      would simply hide it from shrink_dcache_for_umount(), leading to
      all sorts of fun, including busy inodes on umount and oopsen after
      that.
      
      Bug had been there since at least 2006 (commit c636eb already has it),
      so it's definitely -stable fodder.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Cc: stable@kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d9e80b7d
    • C
      ARM: 5957/1: ARM: RealView SD/MMC Card detection and write-protect using GPIOLIB · b56ba8aa
      Colin Tuckley 提交于
      The switch to using GPIOLIB broke the sd/mmc card detection on the
      RealView development boards if GPIO_PL061 was not selected.
      This patch selects GPIO_PL061 if GPIOLIB is selected.
      The sense of the return value from mmc_status has also changed
      and is corrected.
      Signed-off-by: NColin Tuckley <colin.tuckley@arm.com>
      Acked-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      b56ba8aa
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6 · 1d16b0f2
      Linus Torvalds 提交于
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6:
        regulator: fix enabling regulator issue on max8925
      1d16b0f2
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 · 032b734d
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (27 commits)
        sfc: Change falcon_probe_board() to fail for unsupported boards
        sfc: Always close net device at the end of a disabling reset
        sfc: Wait at most 10ms for the MC to finish reading out MAC statistics
        sctp: Fix oops when sending queued ASCONF chunks
        sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set
        sctp: per_cpu variables should be in bh_disabled section
        sctp: fix potential reference of a freed pointer
        sctp: avoid irq lock inversion while call sk->sk_data_ready()
        Revert "tcp: bind() fix when many ports are bound"
        net/usb: add sierra_net.c driver
        cdc_ether: fix autosuspend for mbm devices
        bluetooth: handle l2cap_create_connless_pdu() errors
        gianfar: Wait for both RX and TX to stop
        ipheth: potential null dereferences on error path
        smc91c92_cs: spin_unlock_irqrestore before calling smc_interrupt()
        drivers/usb/net/kaweth.c: add device "Allied Telesyn AT-USB10 USB Ethernet Adapter"
        bnx2: Update version to 2.0.9.
        bnx2: Prevent "scheduling while atomic" warning with cnic, bonding and vlan.
        bnx2: Fix lost MSI-X problem on 5709 NICs.
        cxgb3: Wait longer for control packets on initialization
        ...
      032b734d
    • B
      sfc: Change falcon_probe_board() to fail for unsupported boards · e41c11ee
      Ben Hutchings 提交于
      The driver needs specific PHY and board support code for each SFC4000
      board; there is no point trying to continue if it is missing.
      Currently unsupported boards can trigger an 'oops'.
      Signed-off-by: NBen Hutchings <bhutchings@solarflare.com>
      Cc: stable@kernel.org
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e41c11ee
    • B
      sfc: Always close net device at the end of a disabling reset · f49a4589
      Ben Hutchings 提交于
      This fixes a regression introduced by commit
      eb9f6744 "sfc: Implement ethtool
      reset operation".
      Signed-off-by: NBen Hutchings <bhutchings@solarflare.com>
      Cc: stable@kernel.org
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f49a4589
    • B
      sfc: Wait at most 10ms for the MC to finish reading out MAC statistics · aabc5649
      Ben Hutchings 提交于
      The original code would wait indefinitely if MAC stats DMA failed.
      Signed-off-by: NBen Hutchings <bhutchings@solarflare.com>
      Cc: stable@kernel.org
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      aabc5649
    • V
      sctp: Fix oops when sending queued ASCONF chunks · c0786693
      Vlad Yasevich 提交于
      When we finish processing ASCONF_ACK chunk, we try to send
      the next queued ASCONF.  This action runs the sctp state
      machine recursively and it's not prepared to do so.
      
      kernel BUG at kernel/timer.c:790!
      invalid opcode: 0000 [#1] SMP
      last sysfs file: /sys/module/ipv6/initstate
      Modules linked in: sha256_generic sctp libcrc32c ipv6 dm_multipath
      uinput 8139too i2c_piix4 8139cp mii i2c_core pcspkr virtio_net joydev
      floppy virtio_blk virtio_pci [last unloaded: scsi_wait_scan]
      
      Pid: 0, comm: swapper Not tainted 2.6.34-rc4 #15 /Bochs
      EIP: 0060:[<c044a2ef>] EFLAGS: 00010286 CPU: 0
      EIP is at add_timer+0xd/0x1b
      EAX: cecbab14 EBX: 000000f0 ECX: c0957b1c EDX: 03595cf4
      ESI: cecba800 EDI: cf276f00 EBP: c0957aa0 ESP: c0957aa0
       DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
      Process swapper (pid: 0, ti=c0956000 task=c0988ba0 task.ti=c0956000)
      Stack:
       c0957ae0 d1851214 c0ab62e4 c0ab5f26 0500ffff 00000004 00000005 00000004
      <0> 00000000 d18694fd 00000004 1666b892 cecba800 cecba800 c0957b14
      00000004
      <0> c0957b94 d1851b11 ceda8b00 cecba800 cf276f00 00000001 c0957b14
      000000d0
      Call Trace:
       [<d1851214>] ? sctp_side_effects+0x607/0xdfc [sctp]
       [<d1851b11>] ? sctp_do_sm+0x108/0x159 [sctp]
       [<d1863386>] ? sctp_pname+0x0/0x1d [sctp]
       [<d1861a56>] ? sctp_primitive_ASCONF+0x36/0x3b [sctp]
       [<d185657c>] ? sctp_process_asconf_ack+0x2a4/0x2d3 [sctp]
       [<d184e35c>] ? sctp_sf_do_asconf_ack+0x1dd/0x2b4 [sctp]
       [<d1851ac1>] ? sctp_do_sm+0xb8/0x159 [sctp]
       [<d1863334>] ? sctp_cname+0x0/0x52 [sctp]
       [<d1854377>] ? sctp_assoc_bh_rcv+0xac/0xe1 [sctp]
       [<d1858f0f>] ? sctp_inq_push+0x2d/0x30 [sctp]
       [<d186329d>] ? sctp_rcv+0x797/0x82e [sctp]
      Tested-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: NYuansong Qiao <ysqiao@research.ait.ie>
      Signed-off-by: NShuaijun Zhang <szhang@research.ait.ie>
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0786693
    • W
      sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set · a8170c35
      Wei Yongjun 提交于
      When calculating the INIT/INIT-ACK chunk length, we should not
      only account the length of parameters, but also the parameters
      zero padding length, such as AUTH HMACS parameter and CHUNKS
      parameter. Without the parameters zero padding length we may get
      following oops.
      
      skb_over_panic: text:ce2068d2 len:130 put:6 head:cac3fe00 data:cac3fe00 tail:0xcac3fe82 end:0xcac3fe80 dev:<NULL>
      ------------[ cut here ]------------
      kernel BUG at net/core/skbuff.c:127!
      invalid opcode: 0000 [#2] SMP
      last sysfs file: /sys/module/aes_generic/initstate
      Modules linked in: authenc ......
      
      Pid: 4102, comm: sctp_darn Tainted: G      D    2.6.34-rc2 #6
      EIP: 0060:[<c0607630>] EFLAGS: 00010282 CPU: 0
      EIP is at skb_over_panic+0x37/0x3e
      EAX: 00000078 EBX: c07c024b ECX: c07c02b9 EDX: cb607b78
      ESI: 00000000 EDI: cac3fe7a EBP: 00000002 ESP: cb607b74
       DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
      Process sctp_darn (pid: 4102, ti=cb607000 task=cabdc990 task.ti=cb607000)
      Stack:
       c07c02b9 ce2068d2 00000082 00000006 cac3fe00 cac3fe00 cac3fe82 cac3fe80
      <0> c07c024b cac3fe7c cac3fe7a c0608dec ca986e80 ce2068d2 00000006 0000007a
      <0> cb8120ca ca986e80 cb812000 00000003 cb8120c4 ce208a25 cb8120ca cadd9400
      Call Trace:
       [<ce2068d2>] ? sctp_addto_chunk+0x45/0x85 [sctp]
       [<c0608dec>] ? skb_put+0x2e/0x32
       [<ce2068d2>] ? sctp_addto_chunk+0x45/0x85 [sctp]
       [<ce208a25>] ? sctp_make_init+0x279/0x28c [sctp]
       [<c0686a92>] ? apic_timer_interrupt+0x2a/0x30
       [<ce1fdc0b>] ? sctp_sf_do_prm_asoc+0x2b/0x7b [sctp]
       [<ce202823>] ? sctp_do_sm+0xa0/0x14a [sctp]
       [<ce2133b9>] ? sctp_pname+0x0/0x14 [sctp]
       [<ce211d72>] ? sctp_primitive_ASSOCIATE+0x2b/0x31 [sctp]
       [<ce20f3cf>] ? sctp_sendmsg+0x7a0/0x9eb [sctp]
       [<c064eb1e>] ? inet_sendmsg+0x3b/0x43
       [<c04244b7>] ? task_tick_fair+0x2d/0xd9
       [<c06031e1>] ? sock_sendmsg+0xa7/0xc1
       [<c0416afe>] ? smp_apic_timer_interrupt+0x6b/0x75
       [<c0425123>] ? dequeue_task_fair+0x34/0x19b
       [<c0446abb>] ? sched_clock_local+0x17/0x11e
       [<c052ea87>] ? _copy_from_user+0x2b/0x10c
       [<c060ab3a>] ? verify_iovec+0x3c/0x6a
       [<c06035ca>] ? sys_sendmsg+0x186/0x1e2
       [<c042176b>] ? __wake_up_common+0x34/0x5b
       [<c04240c2>] ? __wake_up+0x2c/0x3b
       [<c057e35c>] ? tty_wakeup+0x43/0x47
       [<c04430f2>] ? remove_wait_queue+0x16/0x24
       [<c0580c94>] ? n_tty_read+0x5b8/0x65e
       [<c042be02>] ? default_wake_function+0x0/0x8
       [<c0604e0e>] ? sys_socketcall+0x17f/0x1cd
       [<c040264c>] ? sysenter_do_call+0x12/0x22
      Code: 0f 45 de 53 ff b0 98 00 00 00 ff b0 94 ......
      EIP: [<c0607630>] skb_over_panic+0x37/0x3e SS:ESP 0068:cb607b74
      
      To reproduce:
      
      # modprobe sctp
      # echo 1 > /proc/sys/net/sctp/addip_enable
      # echo 1 > /proc/sys/net/sctp/auth_enable
      # sctp_test -H 3ffe:501:ffff:100:20c:29ff:fe4d:f37e -P 800 -l
      # sctp_darn -H 3ffe:501:ffff:100:20c:29ff:fe4d:f37e -P 900 -h 192.168.0.21 -p 800 -I -s -t
      sctp_darn ready to send...
      3ffe:501:ffff:100:20c:29ff:fe4d:f37e:900-192.168.0.21:800 Interactive mode> bindx-add=192.168.0.21
      3ffe:501:ffff:100:20c:29ff:fe4d:f37e:900-192.168.0.21:800 Interactive mode> bindx-add=192.168.1.21
      3ffe:501:ffff:100:20c:29ff:fe4d:f37e:900-192.168.0.21:800 Interactive mode> snd=10
      
      ------------------------------------------------------------------
      eth0 has addresses: 3ffe:501:ffff:100:20c:29ff:fe4d:f37e and 192.168.0.21
      eth1 has addresses: 192.168.1.21
      ------------------------------------------------------------------
      Reported-by: NGeorge Cheimonidis <gchimon@gmail.com>
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a8170c35
    • V
      sctp: per_cpu variables should be in bh_disabled section · 81419d86
      Vlad Yasevich 提交于
      Since the change of the atomics to percpu variables, we now
      have to disable BH in process context when touching percpu variables.
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      81419d86
    • V
      sctp: fix potential reference of a freed pointer · 0c42749c
      Vlad Yasevich 提交于
      When sctp attempts to update an assocition, it removes any
      addresses that were not in the updated INITs.  However, the loop
      may attempt to refrence a transport with address after removing it.
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0c42749c
    • W
      sctp: avoid irq lock inversion while call sk->sk_data_ready() · 561b1733
      Wei Yongjun 提交于
      sk->sk_data_ready() of sctp socket can be called from both BH and non-BH
      contexts, but the default sk->sk_data_ready(), sock_def_readable(), can
      not be used in this case. Therefore, we have to make a new function
      sctp_data_ready() to grab sk->sk_data_ready() with BH disabling.
      
      =========================================================
      [ INFO: possible irq lock inversion dependency detected ]
      2.6.33-rc6 #129
      ---------------------------------------------------------
      sctp_darn/1517 just changed the state of lock:
       (clock-AF_INET){++.?..}, at: [<c06aab60>] sock_def_readable+0x20/0x80
      but this lock took another, SOFTIRQ-unsafe lock in the past:
       (slock-AF_INET){+.-...}
      
      and interrupts could create inverse lock ordering between them.
      
      other info that might help us debug this:
      1 lock held by sctp_darn/1517:
       #0:  (sk_lock-AF_INET){+.+.+.}, at: [<cdfe363d>] sctp_sendmsg+0x23d/0xc00 [sctp]
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      561b1733
    • D
      Revert "tcp: bind() fix when many ports are bound" · 8d238b25
      David S. Miller 提交于
      This reverts two commits:
      
      fda48a0d
      tcp: bind() fix when many ports are bound
      
      and a follow-on fix for it:
      
      6443bb1f
      ipv6: Fix inet6_csk_bind_conflict()
      
      It causes problems with binding listening sockets when time-wait
      sockets from a previous instance still are alive.
      
      It's too late to keep fiddling with this so late in the -rc
      series, and we'll deal with it in net-next-2.6 instead.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8d238b25
    • X
      nfs: fix memory leak in nfs_get_sb with CONFIG_NFS_V4 · 9699eda6
      Xiaotian Feng 提交于
      With CONFIG_NFS_V4 and data version 4, nfs_get_sb will allocate memory for
      export_path in nfs4_validate_text_mount_data, so we need to free it then.
      This is addressed in following kmemleak report:
      
      unreferenced object 0xffff88016bf48a50 (size 16):
        comm "mount.nfs", pid 22567, jiffies 4651574704 (age 175471.200s)
        hex dump (first 16 bytes):
          2f 6f 70 74 2f 77 6f 72 6b 00 6b 6b 6b 6b 6b a5  /opt/work.kkkkk.
        backtrace:
          [<ffffffff814b34f9>] kmemleak_alloc+0x60/0xa7
          [<ffffffff81102c76>] kmemleak_alloc_recursive.clone.5+0x1b/0x1d
          [<ffffffff811046b3>] __kmalloc_track_caller+0x18f/0x1b7
          [<ffffffff810e1b08>] kstrndup+0x37/0x54
          [<ffffffffa0336971>] nfs_parse_devname+0x152/0x204 [nfs]
          [<ffffffffa0336af3>] nfs4_validate_text_mount_data+0xd0/0xdc [nfs]
          [<ffffffffa0338deb>] nfs_get_sb+0x325/0x736 [nfs]
          [<ffffffff81113671>] vfs_kern_mount+0xbd/0x17c
          [<ffffffff81113798>] do_kern_mount+0x4d/0xed
          [<ffffffff81129a87>] do_mount+0x787/0x7fe
          [<ffffffff81129b86>] sys_mount+0x88/0xc2
          [<ffffffff81009b42>] system_call_fastpath+0x16/0x1b
      Signed-off-by: NXiaotian Feng <dfeng@redhat.com>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: Benny Halevy <bhalevy@panasas.com>
      Cc: Al Viro <viro@ZenIV.linux.org.uk>
      Cc: Andy Adamson <andros@netapp.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      9699eda6
    • D
      nfs: fix some issues in nfs41_proc_reclaim_complete() · acf82b85
      Dan Carpenter 提交于
      The original code passed an ERR_PTR() to rpc_put_task() and instead of
      returning zero on success it returned -ENOMEM.
      Signed-off-by: NDan Carpenter <error27@gmail.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      acf82b85