1. 18 8月, 2009 1 次提交
    • C
      xfs: fix locking in xfs_iget_cache_hit · a022fe09
      Christoph Hellwig 提交于
      The locking in xfs_iget_cache_hit currently has numerous problems:
      
       - we clear the reclaim tag without i_flags_lock which protects
         modifications to it
       - we call inode_init_always which can sleep with pag_ici_lock
         held (this is oss.sgi.com BZ #819)
       - we acquire and drop i_flags_lock a lot and thus provide no
         consistency between the various flags we set/clear under it
      
      This patch fixes all that with a major revamp of the locking in
      the function.  The new version acquires i_flags_lock early and
      only drops it once we need to call into inode_init_always or before
      calling xfs_ilock.
      
      This patch fixes a bug seen in the wild where we race modifying the
      reclaim tag.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Reviewed-by: NFelix Blyakher <felixb@sgi.com>
      Reviewed-by: NEric Sandeen <sandeen@sandeen.net>
      Signed-off-by: NFelix Blyakher <felixb@sgi.com>
      a022fe09
  2. 12 8月, 2009 3 次提交
  3. 11 8月, 2009 9 次提交
  4. 31 7月, 2009 2 次提交
  5. 27 7月, 2009 1 次提交
    • E
      xfs: reduce bmv_count in xfs_vn_fiemap · 5c04c78a
      Eric Sandeen 提交于
      commit 6321e3ed caused
      the full bmv_count's worth of getbmapx structures to get
      allocated; telling it to do MAXEXTNUM was a bit insane,
      resulting in ENOMEM every time.
      
      Chop it down to something reasonable, the number of slots
      in the caller's input buffer.  If this is too large the
      caller may get ENOMEM but the reason should not be a
      mystery, and they can try again with something smaller.
      
      We add 1 to the value because in the normal getbmap
      world, bmv_count includes the header and xfs_getbmap does:
      
              nex = bmv->bmv_count - 1;
              if (nex <= 0)
                      return XFS_ERROR(EINVAL);
      Signed-off-by: NEric Sandeen <sandeen@sandeen.net>
      Reviewed-by: NOlaf Weber <olaf@sgi.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NFelix Blyakher <felixb@sgi.com>
      5c04c78a
  6. 06 7月, 2009 1 次提交
  7. 03 7月, 2009 1 次提交
  8. 02 7月, 2009 1 次提交
  9. 13 6月, 2009 2 次提交
  10. 12 6月, 2009 2 次提交
  11. 11 6月, 2009 1 次提交
  12. 10 6月, 2009 6 次提交
    • C
      xfs: use generic Posix ACL code · ef14f0c1
      Christoph Hellwig 提交于
      This patch rips out the XFS ACL handling code and uses the generic
      fs/posix_acl.c code instead.  The ondisk format is of course left
      unchanged.
      
      This also introduces the same ACL caching all other Linux filesystems do
      by adding pointers to the acl and default acl in struct xfs_inode.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Reviewed-by: NEric Sandeen <sandeen@sandeen.net>
      ef14f0c1
    • L
      Linux 2.6.30 · 07a2039b
      Linus Torvalds 提交于
      07a2039b
    • P
      char: mxser, fix ISA board lookup · 96050dfb
      Peter Botha 提交于
      There's a bug in the mxser kernel module that still appears in the
      2.6.29.4 kernel.
      
      mxser_get_ISA_conf takes a ioaddress as its first argument, by passing the
      not of the ioaddr, you're effectively passing 0 which means it won't be
      able to talk to an ISA card.  I have tested this, and removing the !
      fixes the problem.
      
      Cc: "Peter Botha" <peterb@goldcircle.co.za>
      Signed-off-by: NJiri Slaby <jirislaby@gmail.com>
      Acked-by: NAlan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      96050dfb
    • J
      jbd: fix race in buffer processing in commit code · a61d90d7
      Jan Kara 提交于
      In commit code, we scan buffers attached to a transaction.  During this
      scan, we sometimes have to drop j_list_lock and then we recheck whether
      the journal buffer head didn't get freed by journal_try_to_free_buffers().
       But checking for buffer_jbd(bh) isn't enough because a new journal head
      could get attached to our buffer head.  So add a check whether the journal
      head remained the same and whether it's still at the same transaction and
      list.
      
      This is a nasty bug and can cause problems like memory corruption (use after
      free) or trigger various assertions in JBD code (observed).
      Signed-off-by: NJan Kara <jack@suse.cz>
      Cc: <stable@kernel.org>
      Cc: <linux-ext4@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a61d90d7
    • I
      autofs4: remove hashed check in validate_wait() · 463aea1a
      Ian Kent 提交于
      The recent ->lookup() deadlock correction required the directory inode
      mutex to be dropped while waiting for expire completion.  We were
      concerned about side effects from this change and one has been identified.
      
      I saw several error messages.
      
      They cause autofs to become quite confused and don't really point to the
      actual problem.
      
      Things like:
      
      handle_packet_missing_direct:1376: can't find map entry for (43,1827932)
      
      which is usually totally fatal (although in this case it wouldn't be
      except that I treat is as such because it normally is).
      
      do_mount_direct: direct trigger not valid or already mounted
      /test/nested/g3c/s1/ss1
      
      which is recoverable, however if this problem is at play it can cause
      autofs to become quite confused as to the dependencies in the mount tree
      because mount triggers end up mounted multiple times.  It's hard to
      accurately check for this over mounting case and automount shouldn't need
      to if the kernel module is doing its job.
      
      There was one other message, similar in consequence of this last one but I
      can't locate a log example just now.
      
      When checking if a mount has already completed prior to adding a new mount
      request to the wait queue we check if the dentry is hashed and, if so, if
      it is a mount point.  But, if a mount successfully completed while we
      slept on the wait queue mutex the dentry must exist for the mount to have
      completed so the test is not really needed.
      
      Mounts can also be done on top of a global root dentry, so for the above
      case, where a mount request completes and the wait queue entry has already
      been removed, the hashed test returning false can cause an incorrect
      callback to the daemon.  Also, d_mountpoint() is not sufficient to check
      if a mount has completed for the multi-mount case when we don't have a
      real mount at the base of the tree.
      Signed-off-by: NIan Kent <raven@themaw.net>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      463aea1a
    • M
      shm: fix unused warnings on nommu · 586c7e6a
      Mike Frysinger 提交于
      The massive nommu update (8feae131) resulted in these warnings:
      ipc/shm.c: In function `sys_shmdt':
      ipc/shm.c:974: warning: unused variable `size'
      ipc/shm.c:972: warning: unused variable `next'
      Signed-off-by: NMike Frysinger <vapier@gentoo.org>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      586c7e6a
  13. 09 6月, 2009 10 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus · 13df635f
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
        kvm: fix kvm reboot crash when MAXSMP is used
        cpumask: alloc zeroed cpumask for static cpumask_var_ts
        cpumask: introduce zalloc_cpumask_var
      13df635f
    • L
      Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block · 9cdba302
      Linus Torvalds 提交于
      * 'for-linus' of git://git.kernel.dk/linux-2.6-block:
        bsg: setting rq->bio to NULL
      9cdba302
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 · fd4d3429
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
        cls_cgroup: Fix oops when user send improperly 'tc filter add' request
        r8169: fix crash when large packets are received
      fd4d3429
    • L
      Merge branch 'for-linus' of git://neil.brown.name/md · 4d11eff6
      Linus Torvalds 提交于
      * 'for-linus' of git://neil.brown.name/md:
        md/raid5: fix bug in reshape code when chunk_size decreases.
        md/raid5 - avoid deadlocks in get_active_stripe during reshape
        md/raid5: use conf->raid_disks in preference to mddev->raid_disk
      4d11eff6
    • F
      bsg: setting rq->bio to NULL · c1d4c41f
      FUJITA Tomonori 提交于
      Due to commit 1cd96c24 ("block: WARN
      in __blk_put_request() for potential bio leak"), BSG SMP requests get
      the false warnings:
      
      WARNING: at block/blk-core.c:1068 __blk_put_request+0x52/0xc0()
      
      This sets rq->bio to NULL to avoid that false warnings.
      Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      c1d4c41f
    • A
      kvm: fix kvm reboot crash when MAXSMP is used · 8437a617
      Avi Kivity 提交于
      one system was found there is crash during reboot then kvm/MAXSMP
      Sending all processes the KILL signal...                              done
      Please stand by while rebooting the system...
      [ 1721.856538] md: stopping all md devices.
      [ 1722.852139] kvm: exiting hardware virtualization
      [ 1722.854601] BUG: unable to handle kernel NULL pointer dereference at (null)
      [ 1722.872219] IP: [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
      [ 1722.877955] PGD 0
      [ 1722.880042] Oops: 0000 [#1] SMP
      [ 1722.892548] last sysfs file: /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/host0/target0:2:0/0:2:0:0/vendor
      [ 1722.900977] CPU 9
      [ 1722.912606] Modules linked in:
      [ 1722.914226] Pid: 0, comm: swapper Not tainted 2.6.30-rc7-tip-01843-g2305324-dirty #299 ...
      [ 1722.932589] RIP: 0010:[<ffffffff8102c6b6>]  [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
      [ 1722.942709] RSP: 0018:ffffc900010b6ed8  EFLAGS: 00010046
      [ 1722.956121] RAX: 0000000000000000 RBX: ffffc9000e253140 RCX: 0000000000000009
      [ 1722.972202] RDX: 000000000000b020 RSI: ffffc900010c3220 RDI: ffffffffffffd790
      [ 1722.977399] RBP: ffffc900010b6f08 R08: 0000000000000000 R09: 0000000000000000
      [ 1722.995149] R10: 00000000000004b8 R11: 966912b6c78fddbd R12: 0000000000000009
      [ 1723.011551] R13: 000000000000b020 R14: 0000000000000009 R15: 0000000000000000
      [ 1723.019898] FS:  0000000000000000(0000) GS:ffffc900010b3000(0000) knlGS:0000000000000000
      [ 1723.034389] CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
      [ 1723.041164] CR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0
      [ 1723.056192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 1723.072546] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      [ 1723.080562] Process swapper (pid: 0, threadinfo ffff88107e464000, task ffff88047e5a2550)
      [ 1723.096144] Stack:
      [ 1723.099071]  0000000000000046 ffffc9000e253168 966912b6c78fddbd ffffc9000e253140
      [ 1723.115471]  ffff880c7d4304d0 ffffc9000e253168 ffffc900010b6f28 ffffffff81011022
      [ 1723.132428]  ffffc900010b6f48 966912b6c78fddbd ffffc900010b6f48 ffffffff8100b83b
      [ 1723.141973] Call Trace:
      [ 1723.142981]  <IRQ> <0> [<ffffffff81011022>] kvm_arch_hardware_disable+0x26/0x3c
      [ 1723.158153]  [<ffffffff8100b83b>] hardware_disable+0x3f/0x55
      [ 1723.172168]  [<ffffffff810b95f6>] generic_smp_call_function_interrupt+0x76/0x13c
      [ 1723.178836]  [<ffffffff8104cbea>] smp_call_function_interrupt+0x3a/0x5e
      [ 1723.194689]  [<ffffffff81035bf3>] call_function_interrupt+0x13/0x20
      [ 1723.199750]  <EOI> <0> [<ffffffff814ad3b4>] ? acpi_idle_enter_c1+0xd3/0xf4
      [ 1723.217508]  [<ffffffff814ad3ae>] ? acpi_idle_enter_c1+0xcd/0xf4
      [ 1723.232172]  [<ffffffff814ad4bc>] ? acpi_idle_enter_bm+0xe7/0x2ce
      [ 1723.235141]  [<ffffffff81a8d93f>] ? __atomic_notifier_call_chain+0x0/0xac
      [ 1723.253381]  [<ffffffff818c3dff>] ? menu_select+0x58/0xd2
      [ 1723.258179]  [<ffffffff818c2c9d>] ? cpuidle_idle_call+0xa4/0xf3
      [ 1723.272828]  [<ffffffff81034085>] ? cpu_idle+0xb8/0x101
      [ 1723.277085]  [<ffffffff81a80163>] ? start_secondary+0x1bc/0x1d7
      [ 1723.293708] Code: b0 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 8b 04 cd 30 ee 27 82 49 89 cc 49 89 d5 48 8b 04 10 48 8d b8 90 d7 ff ff <48> 8b 87 70 28 00 00 48 8d 98 90 d7 ff ff eb 16 e8 e9 fe ff ff
      [ 1723.335524] RIP  [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
      [ 1723.342076]  RSP <ffffc900010b6ed8>
      [ 1723.352021] CR2: 0000000000000000
      [ 1723.354348] ---[ end trace e2aec53dae150aa1 ]---
      
      it turns out that we need clear cpus_hardware_enabled in that case.
      Reported-and-tested-by: NYinghai Lu <yinghai@kernel.org>
      Signed-off-by: NYinghai Lu <yinghai@kernel.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      8437a617
    • Y
      cpumask: alloc zeroed cpumask for static cpumask_var_ts · eaa95840
      Yinghai Lu 提交于
      These are defined as static cpumask_var_t so if MAXSMP is not used,
      they are cleared already.  Avoid surprises when MAXSMP is enabled.
      Signed-off-by: NYinghai Lu <yinghai.lu@kernel.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      eaa95840
    • Y
      cpumask: introduce zalloc_cpumask_var · 0281b5dc
      Yinghai Lu 提交于
      So can get cpumask_var with cpumask_clear
      Signed-off-by: NYinghai Lu <yinghai@kernel.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      0281b5dc
    • M
      cls_cgroup: Fix oops when user send improperly 'tc filter add' request · 52ea3a56
      Minoru Usui 提交于
      I found a bug in cls_cgroup_change() in cls_cgroup.c.
      cls_cgroup_change() expected tca[TCA_OPTIONS] was set from user space properly,
      but tc in iproute2-2.6.29-1 (which I used) didn't set it.
      
      In the current source code of tc in git, it set tca[TCA_OPTIONS].
      
        git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
      
      If we always use a newest iproute2 in git when we use cls_cgroup, 
      we don't face this oops probably.
      But I think, kernel shouldn't panic regardless of use program's behaviour. 
      Signed-off-by: NMinoru Usui <usui@mxm.nes.nec.co.jp>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      52ea3a56
    • E
      r8169: fix crash when large packets are received · fdd7b4c3
      Eric Dumazet 提交于
      Michael Tokarev reported receiving a large packet could crash
      a machine with RTL8169 NIC.
      ( original thread at http://lkml.org/lkml/2009/6/8/192 )
      
      Problem is this driver tells that NIC frames up to 16383 bytes
      can be received but provides skb to rx ring allocated with
      smaller sizes (1536 bytes in case standard 1500 bytes MTU is used)
      
      When a frame larger than what was allocated by driver is received,
      dma transfert can occurs past the end of buffer and corrupt
      kernel memory.
      
      Fix is to tell to NIC what is the maximum size a frame can be.
      
      This bug is very old, (before git introduction, linux-2.6.10), and 
      should be backported to stable versions.
      Reported-by: NMichael Tokarev <mjt@tls.msk.ru>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Tested-by: NMichael Tokarev <mjt@tls.msk.ru>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fdd7b4c3