1. 12 12月, 2011 1 次提交
    • B
      block/swim3: Locking fixes · b3025457
      Benjamin Herrenschmidt 提交于
      The old PowerMac swim3 driver has some "interesting" locking issues,
      using a private lock and failing to lock the queue before completing
      requests, which triggered WARN_ONs among others.
      
      This rips out the private lock, makes everything operate under the
      block queue lock, and generally makes things simpler.
      
      We used to also share a queue between the two possible instances which
      was problematic since we might pick the wrong controller in some cases,
      so make the queue and the current request per-instance and use
      queuedata to point to our private data which is a lot cleaner.
      
      We still share the queue lock but then, it's nearly impossible to actually
      use 2 swim3's simultaneously: one would need to have a Wallstreet
      PowerBook, the only machine afaik with two of these on the motherboard,
      and populate both hotswap bays with a floppy drive (the machine ships
      only with one), so nobody cares...
      
      While at it, add a little fix to clear up stale interrupts when loading
      the driver or plugging a floppy drive in a bay.
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      b3025457
  2. 08 12月, 2011 2 次提交
  3. 02 12月, 2011 1 次提交
  4. 29 11月, 2011 2 次提交
  5. 25 11月, 2011 1 次提交
  6. 16 11月, 2011 4 次提交
    • D
      paride: fix potential information leak in pg_read() · a2c2a0e6
      Dan Carpenter 提交于
      Smatch has a new check for Rosenberg type information leaks where structs
      are copied to the user with uninitialized stack data in them.  i In this
      case, the pg_write_hdr struct has a hole in it.
      
      struct pg_write_hdr {
              char                       magic;                /*     0     1 */
              char                       func;                 /*     1     1 */
              /* XXX 2 bytes hole, try to pack */
              int                        dlen;                 /*     4     4 */
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Cc: Tim Waugh <tim@cyberelk.net>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      a2c2a0e6
    • S
      cciss: auto engage SCSI mid layer at driver load time · 0007a4c9
      Stephen M. Cameron 提交于
      A long time ago, probably in 2002, one of the distros, or maybe more than
      one, loaded block drivers prior to loading the SCSI mid layer.  This meant
      that the cciss driver, being a block driver, could not engage the SCSI mid
      layer at init time without panicking, and relied on being poked by a
      userland program after the system was up (and the SCSI mid layer was
      therefore present) to engage the SCSI mid layer.
      
      This is no longer the case, and cciss can safely rely on the SCSI mid
      layer being present at init time and engage the SCSI mid layer straight
      away.  This means that users will see their tape drives and medium
      changers at driver load time without need for a script in /etc/rc.d that
      does this:
      
      for x in /proc/driver/cciss/cciss*
      do
      	echo "engage scsi" > $x
      done
      
      However, if no tape drives or medium changers are detected, the SCSI mid
      layer will not be engaged.  If a tape drive or medium change is later
      hot-added to the system it will then be necessary to use the above script
      or similar for the device(s) to be acceesible.
      Signed-off-by: NStephen M. Cameron <scameron@beardog.cce.hp.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      0007a4c9
    • D
      loop: cleanup set_status interface · 7035b5df
      Dmitry Monakhov 提交于
      1) Anyone who has read access to loopdev has permission to call set_status
         and may change important parameters such as lo_offset, lo_sizelimit and
         so on, which contradicts to read access pattern and definitely equals
         to write access pattern.
      2) Add lo_offset over i_size check to prevent blkdev_size overflow.
         ##Testcase_bagin
         #dd if=/dev/zero of=./file bs=1k count=1
         #losetup /dev/loop0 ./file
         /* userspace_application */
         struct loop_info64 loinf;
         fd = open("/dev/loop0", O_RDONLY);
         ioctl(fd, LOOP_GET_STATUS64, &loinf);
         /* Set offset to any value which is bigger than i_size, and sizelimit
          * to nonzero value*/
         loinf.lo_offset = 4096*1024;
         loinf.lo_sizelimit = 1024;
         ioctl(fd, LOOP_SET_STATUS64, &loinf);
         /* After this loop device will have size similar to 0x7fffffffffxxxx */
         #blockdev --getsz /dev/loop0
         ##OUTPUT: 36028797018955968
         ##Testcase_end
      
      [akpm@linux-foundation.org: coding-style fixes]
      Signed-off-by: NDmitry Monakhov <dmonakhov@openvz.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      7035b5df
    • D
      loop: prevent information leak after failed read · 3bb90682
      Dmitry Monakhov 提交于
      If read was not fully successful we have to fail whole bio to prevent
      information leak of old pages
      
      ##Testcase_begin
      dd if=/dev/zero of=./file bs=1M count=1
      losetup /dev/loop0 ./file -o 4096
      truncate -s 0 ./file
      # OOps loop offset is now beyond i_size, so read will silently fail.
      # So bio's pages would not be cleared, may which result in information leak.
      hexdump -C /dev/loop0
      ##testcase_end
      Signed-off-by: NDmitry Monakhov <dmonakhov@openvz.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      3bb90682
  7. 12 11月, 2011 1 次提交
  8. 02 11月, 2011 1 次提交
  9. 01 11月, 2011 2 次提交
  10. 31 10月, 2011 1 次提交
  11. 26 10月, 2011 2 次提交
  12. 21 10月, 2011 1 次提交
  13. 18 10月, 2011 1 次提交
  14. 17 10月, 2011 1 次提交
    • C
      loop: remove the incorrect write_begin/write_end shortcut · 456be148
      Christoph Hellwig 提交于
      Currently the loop device tries to call directly into write_begin/write_end
      instead of going through ->write if it can.  This is a fairly nasty shortcut
      as write_begin and write_end are only callbacks for the generic write code
      and expect to be called with filesystem specific locks held.
      
      This code currently causes various issues for clustered filesystems as it
      doesn't take the required cluster locks, and it also causes issues for XFS
      as it doesn't properly lock against the swapext ioctl as called by the
      defragmentation tools.  This in case causes data corruption if
      defragmentation hits a busy loop device in the wrong time window, as
      reported by RH QA.
      
      The reason why we have this shortcut is that it saves a data copy when
      doing a transformation on the loop device, which is the technical term
      for using cryptoloop (or an XOR transformation).  Given that cryptoloop
      has been deprecated in favour of dm-crypt my opinion is that we should
      simply drop this shortcut instead of finding complicated ways to to
      introduce a formal interface for this shortcut.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      456be148
  15. 15 10月, 2011 1 次提交
  16. 13 10月, 2011 10 次提交
  17. 29 9月, 2011 1 次提交
    • S
      xen: modify kernel mappings corresponding to granted pages · 0930bba6
      Stefano Stabellini 提交于
      If we want to use granted pages for AIO, changing the mappings of a user
      vma and the corresponding p2m is not enough, we also need to update the
      kernel mappings accordingly.
      Currently this is only needed for pages that are created for user usages
      through /dev/xen/gntdev. As in, pages that have been in use by the
      kernel and use the P2M will not need this special mapping.
      However there are no guarantees that in the future the kernel won't
      start accessing pages through the 1:1 even for internal usage.
      
      In order to avoid the complexity of dealing with highmem, we allocated
      the pages lowmem.
      We issue a HYPERVISOR_grant_table_op right away in
      m2p_add_override and we remove the mappings using another
      HYPERVISOR_grant_table_op in m2p_remove_override.
      Considering that m2p_add_override and m2p_remove_override are called
      once per page we use multicalls and hypercall batching.
      
      Use the kmap_op pointer directly as argument to do the mapping as it is
      guaranteed to be present up until the unmapping is done.
      Before issuing any unmapping multicalls, we need to make sure that the
      mapping has already being done, because we need the kmap->handle to be
      set correctly.
      Signed-off-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
      [v1: Removed GRANT_FRAME_BIT usage]
      Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      0930bba6
  18. 21 9月, 2011 4 次提交
  19. 15 9月, 2011 3 次提交
新手
引导
客服 返回
顶部