1. 06 5月, 2012 5 次提交
  2. 13 4月, 2012 7 次提交
  3. 11 4月, 2012 2 次提交
    • D
      sysfs: handle 'parent deleted before child added' · 3a198886
      Dan Williams 提交于
      In scsi at least two cases of the parent device being deleted before the
      child is added have been observed.
      
      1/ scsi is performing async scans and the device is removed prior to the
         async can thread running (can happen with an in-opportune / unlikely
         unplug during initial scan).
      
      2/ libsas discovery event running after the parent port has been torn
         down (this is a bug in libsas).
      
      Result in crash signatures like:
       BUG: unable to handle kernel NULL pointer dereference at 0000000000000098
       IP: [<ffffffff8115e100>] sysfs_create_dir+0x32/0xb6
       ...
       Process scsi_scan_8 (pid: 5417, threadinfo ffff88080bd16000, task ffff880801b8a0b0)
       Stack:
        00000000fffffffe ffff880813470628 ffff88080bd17cd0 ffff88080614b7e8
        ffff88080b45c108 00000000fffffffe ffff88080bd17d20 ffffffff8125e4a8
        ffff88080bd17cf0 ffffffff81075149 ffff88080bd17d30 ffff88080614b7e8
       Call Trace:
        [<ffffffff8125e4a8>] kobject_add_internal+0x120/0x1e3
        [<ffffffff81075149>] ? trace_hardirqs_on+0xd/0xf
        [<ffffffff8125e641>] kobject_add_varg+0x41/0x50
        [<ffffffff8125e70b>] kobject_add+0x64/0x66
        [<ffffffff8131122b>] device_add+0x12d/0x63a
      
      In this scenario the parent is still valid (because we have a
      reference), but it has been device_del()'d which means its kobj->sd
      pointer is NULL'd via:
      
       device_del()->kobject_del()->sysfs_remove_dir()
      
      ...and then sysfs_create_dir() (without this fix) goes ahead and
      de-references parent_sd via sysfs_ns_type():
      
       return (sd->s_flags & SYSFS_NS_TYPE_MASK) >> SYSFS_NS_TYPE_SHIFT;
      
      This scenario is being fixed in scsi/libsas, but if other subsystems
      present the same ordering the system need not immediately crash.
      
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: James Bottomley <JBottomley@parallels.com>
      Signed-off-by: NDan Williams <dan.j.williams@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3a198886
    • B
      sysfs: Prevent crash on unset sysfs group attributes · 5631f2c1
      Bruno Prémont 提交于
      Do not let the kernel crash when a device is registered with
      sysfs while group attributes are not set (aka NULL).
      
      Warn about the offender with some information about the offending
      device.
      
      This would warn instead of trying NULL pointer deref like:
       BUG: unable to handle kernel NULL pointer dereference at (null)
       IP: [<ffffffff81152673>] internal_create_group+0x83/0x1a0
       PGD 0
       Oops: 0000 [#1] SMP
       CPU 0
       Modules linked in:
      
       Pid: 1, comm: swapper/0 Not tainted 3.4.0-rc1-x86_64 #3 HP ProLiant DL360 G4
       RIP: 0010:[<ffffffff81152673>]  [<ffffffff81152673>] internal_create_group+0x83/0x1a0
       RSP: 0018:ffff88019485fd70  EFLAGS: 00010202
       RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000001
       RDX: ffff880192e99908 RSI: ffff880192e99630 RDI: ffffffff81a26c60
       RBP: ffff88019485fdc0 R08: 0000000000000000 R09: 0000000000000000
       R10: ffff880192e99908 R11: 0000000000000000 R12: ffffffff81a16a00
       R13: ffff880192e99908 R14: ffffffff81a16900 R15: 0000000000000000
       FS:  0000000000000000(0000) GS:ffff88019bc00000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
       CR2: 0000000000000000 CR3: 0000000001a0c000 CR4: 00000000000007f0
       DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
       DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
       Process swapper/0 (pid: 1, threadinfo ffff88019485e000, task ffff880194878000)
       Stack:
        ffff88019485fdd0 ffff880192da9d60 0000000000000000 ffff880192e99908
        ffff880192e995d8 0000000000000001 ffffffff81a16a00 ffff880192da9d60
        0000000000000000 0000000000000000 ffff88019485fdd0 ffffffff811527be
       Call Trace:
        [<ffffffff811527be>] sysfs_create_group+0xe/0x10
        [<ffffffff81376ca6>] device_add_groups+0x46/0x80
        [<ffffffff81377d3d>] device_add+0x46d/0x6a0
        ...
      Signed-off-by: NBruno Prémont <bonbons@linux-vserver.org>
      Acked-by: NIngo Molnar <mingo@elte.hu>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5631f2c1
  4. 10 4月, 2012 2 次提交
  5. 09 4月, 2012 1 次提交
    • A
      dentry leak in simple_fill_super() failure exit · 640946f2
      Al Viro 提交于
      d_genocide() does _not_ evict dentries; it just removes extra ref
      pinning each of those.  Normally it's followed by shrinking the
      tree (it's done just before generic_shutdown_super() by kill_litter_super()),
      but in case of simple_fill_super() nothing of that kind will follow.
      Just do shrink_dcache_parent() manually.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      640946f2
  6. 07 4月, 2012 1 次提交
    • L
      Make the "word-at-a-time" helper functions more commonly usable · f68e556e
      Linus Torvalds 提交于
      I have a new optimized x86 "strncpy_from_user()" that will use these
      same helper functions for all the same reasons the name lookup code uses
      them.  This is preparation for that.
      
      This moves them into an architecture-specific header file.  It's
      architecture-specific for two reasons:
      
       - some of the functions are likely to want architecture-specific
         implementations.  Even if the current code happens to be "generic" in
         the sense that it should work on any little-endian machine, it's
         likely that the "multiply by a big constant and shift" implementation
         is less than optimal for an architecture that has a guaranteed fast
         bit count instruction, for example.
      
       - I expect that if architectures like sparc want to start playing
         around with this, we'll need to abstract out a few more details (in
         particular the actual unaligned accesses).  So we're likely to have
         more architecture-specific stuff if non-x86 architectures start using
         this.
      
         (and if it turns out that non-x86 architectures don't start using
         this, then having it in an architecture-specific header is still the
         right thing to do, of course)
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f68e556e
  7. 06 4月, 2012 8 次提交
  8. 05 4月, 2012 1 次提交
  9. 04 4月, 2012 2 次提交
  10. 02 4月, 2012 2 次提交
  11. 01 4月, 2012 9 次提交