1. 04 8月, 2012 1 次提交
  2. 24 7月, 2012 10 次提交
  3. 12 6月, 2012 3 次提交
    • L
      drbd: fix null pointer dereference with on-congestion policy when diskless · 0d5934e3
      Lars Ellenberg 提交于
      We must not look at mdev->actlog, unless we have a get_ldev() reference.
      It also does not make much sense to try to disconnect or pull-ahead of
      the peer, if we don't have good local data.
      
      Only even consider congestion policies, if our local disk is D_UP_TO_DATE.
      Signed-off-by: NPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: NLars Ellenberg <lars.ellenberg@linbit.com>
      0d5934e3
    • L
      drbd: fix list corruption by failing but already aborted reads · 1ed25b26
      Lars Ellenberg 提交于
      If a read is aborted due to force-detach of a supposedly unresponsive
      local backing device, and retried on the peer, it can happen that the
      local request later still completes (hopefully with an error).
      As it may already have been completed to upper layers meanwhile,
      it must not be retried again now.
      Signed-off-by: NPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: NLars Ellenberg <lars.ellenberg@linbit.com>
      1ed25b26
    • L
      drbd: fix access of unallocated pages and kernel panic · 4eccc579
      Lars Ellenberg 提交于
      BUG: unable to handle kernel NULL pointer dereference at (null)
      ...
       [<d1e17561>] ? _drbd_bm_set_bits+0x151/0x240 [drbd]
       [<d1e236f8>] ? receive_bitmap+0x4f8/0xbc0 [drbd]
      
      This fixes an off-by-one error in the receive_bitmap() path,
      if run-length encoded bitmap transfer is enabled.
      
      If the bitmap is an exact multiple of PAGE_SIZE, which means the visible
      capacity of the drbd device is an exact multiple of 128 MiB (for 4k page
      size), and bitmap compression (use-rle) is enabled (which became default
      with 8.4), and the very last bit is dirty and reported in an rle
      comressed bitmap packet, we ended up trying to kmap_atomic a page pointer
      that does not exist (bitmap->bm_pages[last index + 1]).
      
      bug introduced by:
          Date:   Fri Jul 24 15:33:24 2009 +0200
          set bits: optimize for complete last word, fix off-by-one-word corner case
      
      made effective by:
          Date:   Thu Dec 16 00:32:38 2010 +0100
          drbd: get rid of unused debug code
      
          Long time ago, we had paranoia code in the bitmap that allocated one
          extra word, assigned a magic value, and checked on every occasion that
          the magic value was still unchanged.
      
          That debug code is unused, the extra long word complicates code a bit.
          Get rid of it.
      
      No-one triggered this bug in the last few years, because a large subset
      of our userbase is unaffected:
       * typically the last few blocks of a device are not modified
         frequently, and remain unset
       * use-rle was disabled by default in drbd < 8.4
       * those with slightly "odd" device sizes, or
       * drbd internal meta data (which will skew the device size slightly,
         thus makes it harder to have a bug relevant device size)
      Signed-off-by: NPhilipp Reisner <philipp.reisner@linbit.com>
      Signed-off-by: NLars Ellenberg <lars.ellenberg@linbit.com>
      4eccc579
  4. 11 5月, 2012 1 次提交
    • E
      connector/userns: replace netlink uses of cap_raised() with capable() · 38bf1953
      Eric W. Biederman 提交于
      In 2009 Philip Reiser notied that a few users of netlink connector
      interface needed a capability check and added the idiom
      cap_raised(nsp->eff_cap, CAP_SYS_ADMIN) to a few of them, on the premise
      that netlink was asynchronous.
      
      In 2011 Patrick McHardy noticed we were being silly because netlink is
      synchronous and removed eff_cap from the netlink_skb_params and changed
      the idiom to cap_raised(current_cap(), CAP_SYS_ADMIN).
      
      Looking at those spots with a fresh eye we should be calling
      capable(CAP_SYS_ADMIN).  The only reason I can see for not calling capable
      is that it once appeared we were not in the same task as the caller which
      would have made calling capable() impossible.
      
      In the initial user_namespace the only difference between between
      cap_raised(current_cap(), CAP_SYS_ADMIN) and capable(CAP_SYS_ADMIN) are a
      few sanity checks and the fact that capable(CAP_SYS_ADMIN) sets
      PF_SUPERPRIV if we use the capability.
      
      Since we are going to be using root privilege setting PF_SUPERPRIV seems
      the right thing to do.
      
      The motivation for this that patch is that in a child user namespace
      cap_raised(current_cap(),...) tests your capabilities with respect to that
      child user namespace not capabilities in the initial user namespace and
      thus will allow processes that should be unprivielged to use the kernel
      services that are only protected with cap_raised(current_cap(),..).
      
      To fix possible user_namespace issues and to just clean up the code
      replace cap_raised(current_cap(), CAP_SYS_ADMIN) with
      capable(CAP_SYS_ADMIN).
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Cc: Patrick McHardy <kaber@trash.net>
      Cc: Philipp Reisner <philipp.reisner@linbit.com>
      Acked-by: NSerge E. Hallyn <serge.hallyn@canonical.com>
      Acked-by: NAndrew G. Morgan <morgan@kernel.org>
      Cc: Vasiliy Kulikov <segoon@openwall.com>
      Cc: David Howells <dhowells@redhat.com>
      Reviewed-by: NJames Morris <james.l.morris@oracle.com>
      Cc: David Miller <davem@davemloft.net>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      38bf1953
  5. 10 5月, 2012 2 次提交
  6. 09 5月, 2012 23 次提交