- 15 9月, 2011 12 次提交
-
-
由 Al Viro 提交于
while not doing free_irq() from irq handler is commendable, kfree() on the data passed to said handler before free_irq() is Not Good(tm). Freeing the stack it's being run on is also not nice... Solution: delay actually freeing stuff. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NRichard Weinberger <richard@nod.at> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Al Viro 提交于
... so set winch->fd to -1 before doing free_irq(), to avoid having winch_interrupt() come from/during the latter and attempt to do reactivate_fd() on something that's already gone. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NRichard Weinberger <richard@nod.at> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Al Viro 提交于
tty->count is decremented only after ->close() had been called and several tasks can hit it in parallel. As the result, using tty->count to check if you are the last one is broken. We end up leaving line->tty not reset to NULL and the next IRQ on that sucker will blow up trying to dereference pointers from kfree'd struct tty. Fix is obvious: we need to use a counter of our own. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NRichard Weinberger <richard@nod.at> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Ingo van Lil 提交于
Some time ago Jeff prepared 42daba31 ("uml: stop saving process FP state") for UML to stop saving the process FP state between task switches. The assumption was that since with SKAS0 every guest process runs inside a host process context the host OS will take care of keeping the proper FP state. Unfortunately this is not true for multi-threaded applications, where all guest threads share a single host process context yet all may use the FPU on their own. Although I haven't verified it I suspect things to be even worse in SKAS3 mode where all guest processes run inside a single host process. The patch reintroduces the saving and restoring of the FP context between task switches. [richard@nod.at: Ingo posted this patch in 2009, sadly it was never applied and got lost. Now in 2011 the problem was reported by Gunnar.] Signed-off-by: NIngo van Lil <inguin@gmx.de> Signed-off-by: NRichard Weinberger <richard@nod.at> Reported-by: <gunnarlindroth@hotmail.com> Tested-by: <gunnarlindroth@hotmail.com> Cc: Stanislav Meduna <stano@meduna.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Jonathan Neuschäfer 提交于
I could use out_close1, but that seems to be the code path to close the fd returned by os_create_unix_socket, and using it to close the fd returned by mkstemp might lead to some confusion, so I don't do it. Signed-off-by: NJonathan Neuschäfer <j.neuschaefer@gmx.net> Signed-off-by: NRichard Weinberger <richard@nod.at> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
Commit b789ef51 ("slub: Add cmpxchg_double_slab()") tests for cmpxchg_double support in the SLUB code and it breaks UML builds with SLUB. Since UML does not support checking for CPU features, disable CMPXCHG_DOUBLE just like CMPXCHG_LOCAL is disabled for UML. Signed-off-by: NThadeu Lima de Souza Cascardo <cascardo@holoscopio.com> Reviewed-by: NChristoph Lameter <cl@linux.com> Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Signed-off-by: NRichard Weinberger <richard@nod.at> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Rientjes 提交于
The vmstat_text array is only defined for CONFIG_SYSFS or CONFIG_PROC_FS, yet it is referenced for per-node vmstat with CONFIG_NUMA: drivers/built-in.o: In function `node_read_vmstat': node.c:(.text+0x1106df): undefined reference to `vmstat_text' Introduced in commit fa25c503 ("mm: per-node vmstat: show proper vmstats"). Define the array for CONFIG_NUMA as well. [akpm@linux-foundation.org: remove unneeded ifdefs] Signed-off-by: NDavid Rientjes <rientjes@google.com> Reported-by: NCong Wang <amwang@redhat.com> Acked-by: NRandy Dunlap <rdunlap@xenotime.net> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 KAMEZAWA Hiroyuki 提交于
When compiling mm/mempolicy.c with struct user copy checks the following warning is shown: In file included from arch/x86/include/asm/uaccess.h:572, from include/linux/uaccess.h:5, from include/linux/highmem.h:7, from include/linux/pagemap.h:10, from include/linux/mempolicy.h:70, from mm/mempolicy.c:68: In function `copy_from_user', inlined from `compat_sys_get_mempolicy' at mm/mempolicy.c:1415: arch/x86/include/asm/uaccess_64.h:64: warning: call to `copy_from_user_overflow' declared with attribute warning: copy_from_user() buffer size is not provably correct LD mm/built-in.o Fix this by passing correct buffer size value. Signed-off-by: NKAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Caspar Zhang 提交于
commit 9d8cebd4 ("mm: fix mbind vma merge problem") didn't really fix the mbind vma merge problem due to wrong pgoff value passing to vma_merge(), which made vma_merge() always return NULL. Before the patch applied, we are getting a result like: addr = 0x7fa58f00c000 [snip] 7fa58f00c000-7fa58f00d000 rw-p 00000000 00:00 0 7fa58f00d000-7fa58f00e000 rw-p 00000000 00:00 0 7fa58f00e000-7fa58f00f000 rw-p 00000000 00:00 0 here 7fa58f00c000->7fa58f00f000 we get 3 VMAs which are expected to be merged described as described in commit 9d8cebd4. Re-testing the patched kernel with the reproducer provided in commit 9d8cebd4, we get the correct result: addr = 0x7ffa5aaa2000 [snip] 7ffa5aaa2000-7ffa5aaa6000 rw-p 00000000 00:00 0 7fffd556f000-7fffd5584000 rw-p 00000000 00:00 0 [stack] Signed-off-by: NCaspar Zhang <caspar@casparzhang.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: Mel Gorman <mel@csn.ul.ie> Cc: Lee Schermerhorn <lee.schermerhorn@hp.com> Cc: Minchan Kim <minchan.kim@gmail.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6由 Linus Torvalds 提交于
* git://bedivere.hansenpartnership.com/git/scsi-rc-fixes-2.6: (25 commits) [SCSI] bnx2i: Fixed the endian on TTT for NOP out transmission [SCSI] libfc: fix referencing to fc_fcp_pkt from the frame pointer via fr_fsp() [SCSI] libfc: block SCSI eh thread for blocked rports [SCSI] libfc: fix fc_eh_host_reset [SCSI] fcoe: Fix deadlock between fip's recv_work and rtnl [SCSI] qla2xxx: Update version number to 8.03.07.07-k. [SCSI] qla2xxx: Set the task attributes after memsetting fcp cmnd. [SCSI] qla2xxx: Correct inadvertent loop state transitions during port-update handling. [SCSI] qla2xxx: Save and restore irq in the response queue interrupt handler. [SCSI] qla2xxx: Double check for command completion if abort mailbox command fails. [SCSI] qla2xxx: Acquire hardware lock while manipulating dsd list. [SCSI] qla2xxx: Fix qla24xx revision check while enabling interrupts. [SCSI] qla2xxx: T10 DIF - Fix incorrect error reporting. [SCSI] qla2xxx: T10 DIF - Handle uninitalized sectors. [SCSI] hpsa: fix physical device lun and target numbering problem [SCSI] hpsa: fix problem that OBDR devices are not detected [SCSI] isci: add version number [SCSI] isci: fix event-get pointer increment [SCSI] isci: dynamic interrupt coalescing [SCSI] isci: Leave requests alone if already terminating. ...
-
git://oss.sgi.com/xfs/xfs由 Linus Torvalds 提交于
* 'for-linus' of git://oss.sgi.com/xfs/xfs: xfs: fix a use after free in xfs_end_io_direct_write
-
由 Al Viro 提交于
We used to get the victim pinned by dentry_unhash() prior to commit 64252c75 ("vfs: remove dget() from dentry_unhash()") and ->rmdir() and ->rename() instances relied on that; most of them don't care, but ones that used d_delete() themselves do. As the result, we are getting rmdir() oopses on NFS now. Just grab the reference before locking the victim and drop it explicitly after unlocking, same as vfs_rename_other() does. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Tested-by: NSimon Kirby <sim@hostway.ca> Cc: stable@kernel.org (3.0.x) Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 14 9月, 2011 3 次提交
-
-
由 Christoph Hellwig 提交于
There is a window in which the ioend that we call inode_dio_wake on in xfs_end_io_direct_write is already free. Fix this by storing the inode pointer in a local variable. This is a fix for the regression introduced in 3.1-rc by "fs: move inode_dio_done to the end_io handler". Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NAlex Elder <aelder@sgi.com>
-
由 H Hartley Sweeten 提交于
Include <linux/cryptohash.h> to pickup the declarations for sha_transform and sha_init to quite the sparse noise: warning: symbol 'sha_transform' was not declared. Should it be static? warning: symbol 'sha_init' was not declared. Should it be static? Signed-off-by: NH Hartley Sweeten <hsweeten@visionengravers.com> Acked-by: NMandeep Singh Baines <msb@chromium.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Benjamin Herrenschmidt 提交于
In pcie_find_smpss(), we have the following statement: if (dev->is_hotplug_bridge && (!list_is_singular(&dev->bus->devices) || dev->bus->self->pcie_type != PCI_EXP_TYPE_ROOT_PORT)) The problem is that at least on my machine, this gets called for the root complex (virtual P2P bridge), and dev->bus->self is NULL since the parent bus for this is not itself anchor to a PCI device. This adds the necessary NULL check. Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: NJon Mason <mason@myri.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 13 9月, 2011 11 次提交
-
-
git://github.com/lenb/linux由 Linus Torvalds 提交于
* 'acpi' of git://github.com/lenb/linux: acpica: ACPI_MAX_SLEEP should be 2 sec, not 20 ACPI APEI: Add Kconfig option IRQ_WORK for GHES PNP: update pnp.debug usage (needs value on command line) APEI: Fix WHEA _OSC call
-
git://github.com/jsgf/linux-xen由 Linus Torvalds 提交于
* 'upstream/bugfix' of git://github.com/jsgf/linux-xen: xen: use non-tracing preempt in xen_clocksource_read()
-
由 Len Brown 提交于
-
由 Linus Torvalds 提交于
-
git://people.freedesktop.org/~airlied/linux由 Linus Torvalds 提交于
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm: Remove duplicate "return" statement drm/nv04/crtc: Bail out if FB is not bound to crtc drm/nouveau: fix nv04_sgdma_bind on non-"4kB pages" archs drm/nouveau: properly handle allocation failure in nouveau_sgdma_populate drm/nouveau: fix oops on pre-semaphore hardware drm/nv50/crtc: Bail out if FB is not bound to crtc drm/radeon/kms: fix DP detect and EDID fetch for DP bridges
-
git://git.linaro.org/people/arnd/arm-soc由 Linus Torvalds 提交于
* 'fixes' of git://git.linaro.org/people/arnd/arm-soc: ARM: CSR: add missing sentinels to of_device_id tables ARM: cns3xxx: Fix newly introduced warnings in the PCIe code ARM: cns3xxx: Fix compile error caused by hardware.h removed ARM: davinci: fix cache flush build error ARM: davinci: correct MDSTAT_STATE_MASK ARM: davinci: da850 EVM: read mac address from SPI flash OMAP: omap_device: fix !CONFIG_SUSPEND case in _noirq handlers OMAP2430: hwmod: musb: add missing terminator to omap2430_usbhsotg_addrs[] OMAP3: clock: indicate that gpt12_fck and wdt1_fck are in the WKUP clockdomain OMAP4: clock: fix compile warning OMAP4: clock: re-enable previous clockdomain enable/disable sequence OMAP: clockdomain: Wait for powerdomain to be ON when using clockdomain force wakeup OMAP: powerdomains: Make all powerdomain target states as ON at init
-
由 Mathieu Desnoyers 提交于
The LTTng 2.0 kernel tracer (stand-alone module package, available at http://lttng.org) uses the 0xF6 ioctl range for tracer control and transport operations. Signed-off-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://github.com/chrismason/linux由 Linus Torvalds 提交于
* 'for-linus' of git://github.com/chrismason/linux: Btrfs: add dummy extent if dst offset excceeds file end in Btrfs: calc file extent num_bytes correctly in file clone btrfs: xattr: fix attribute removal Btrfs: fix wrong nbytes information of the inode Btrfs: fix the file extent gap when doing direct IO Btrfs: fix unclosed transaction handle in btrfs_cont_expand Btrfs: fix misuse of trans block rsv Btrfs: reset to appropriate block rsv after orphan operations Btrfs: skip locking if searching the commit root in csum lookup btrfs: fix warning in iput for bad-inode Btrfs: fix an oops when deleting snapshots
-
由 Miklos Szeredi 提交于
kmemleak is reporting that 32 bytes are being leaked by FUSE: unreferenced object 0xe373b270 (size 32): comm "fusermount", pid 1207, jiffies 4294707026 (age 2675.187s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<b05517d7>] kmemleak_alloc+0x27/0x50 [<b0196435>] kmem_cache_alloc+0xc5/0x180 [<b02455be>] fuse_alloc_forget+0x1e/0x20 [<b0245670>] fuse_alloc_inode+0xb0/0xd0 [<b01b1a8c>] alloc_inode+0x1c/0x80 [<b01b290f>] iget5_locked+0x8f/0x1a0 [<b0246022>] fuse_iget+0x72/0x1a0 [<b02461da>] fuse_get_root_inode+0x8a/0x90 [<b02465cf>] fuse_fill_super+0x3ef/0x590 [<b019e56f>] mount_nodev+0x3f/0x90 [<b0244e95>] fuse_mount+0x15/0x20 [<b019d1bc>] mount_fs+0x1c/0xc0 [<b01b5811>] vfs_kern_mount+0x41/0x90 [<b01b5af9>] do_kern_mount+0x39/0xd0 [<b01b7585>] do_mount+0x2e5/0x660 [<b01b7966>] sys_mount+0x66/0xa0 This leak report is consistent and happens once per boot on 3.1.0-rc5-dirty. This happens if a FORGET request is queued after the fuse device was released. Reported-by: NSitsofe Wheeler <sitsofe@yahoo.com> Signed-off-by: NMiklos Szeredi <mszeredi@suse.cz> Tested-by: NSitsofe Wheeler <sitsofe@yahoo.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Miklos Szeredi 提交于
Commit 37fb3a30 ("fuse: fix flock") added in 3.1-rc4 caused flock() to fail with ENOSYS with the kernel ABI version 7.16 or earlier. Fix by falling back to testing FUSE_POSIX_LOCKS for ABI versions 7.16 and earlier. Reported-by: NMartin Ziegler <ziegler@email.mathematik.uni-freiburg.de> Signed-off-by: NMiklos Szeredi <mszeredi@suse.cz> Tested-by: NMartin Ziegler <ziegler@email.mathematik.uni-freiburg.de> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
-
- 12 9月, 2011 3 次提交
-
-
由 Arnd Bergmann 提交于
-
git://linuxtv.org/mchehab/for_linus由 Linus Torvalds 提交于
* 'v4l_for_linus' of git://linuxtv.org/mchehab/for_linus: [media] vp7045: fix buffer setup [media] nuvoton-cir: simplify raw IR sample handling [media] [Resend] viacam: Don't explode if pci_find_bus() returns NULL [media] v4l2: Fix documentation of the codec device controls [media] gspca - sonixj: Fix the darkness of sensor om6802 in 320x240 [media] gspca - sonixj: Fix wrong register mask for sensor om6802 [media] gspca - ov519: Fix LED inversion of some ov519 webcams [media] pwc: precedence bug in pwc_init_controls()
-
git://openrisc.net/~jonas/linux由 Linus Torvalds 提交于
* 'for-linus' of git://openrisc.net/~jonas/linux: Add missing DMA ops openrisc: don't use pt_regs in struct sigcontext
-
- 11 9月, 2011 11 次提交
-
-
由 Li Zefan 提交于
You can see there's no file extent with range [0, 4096]. Check this by btrfsck: # btrfsck /dev/sda7 root 5 inode 258 errors 100 ... Signed-off-by: NLi Zefan <lizf@cn.fujitsu.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Li Zefan 提交于
num_bytes should be 4096 not 12288. Signed-off-by: NLi Zefan <lizf@cn.fujitsu.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 David Sterba 提交于
An attribute is not removed by 'setfattr -x attr file' and remains visible in attr list. This makes xfstests/062 pass again. Signed-off-by: NDavid Sterba <dsterba@suse.cz> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Miao Xie 提交于
If we write some data into the data hole of the file(no preallocation for this hole), Btrfs will allocate some disk space, and update nbytes of the inode, but the other element--disk_i_size needn't be updated. At this condition, we must update inode metadata though disk_i_size is not changed(btrfs_ordered_update_i_size() return 1). # mkfs.btrfs /dev/sdb1 # mount /dev/sdb1 /mnt # touch /mnt/a # truncate -s 856002 /mnt/a # dd if=/dev/zero of=/mnt/a bs=4K count=1 conv=nocreat,notrunc # umount /mnt # btrfsck /dev/sdb1 root 5 inode 257 errors 400 found 32768 bytes used err is 1 Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Miao Xie 提交于
When we write some data to the place that is beyond the end of the file in direct I/O mode, a data hole will be created. And Btrfs should insert a file extent item that point to this hole into the fs tree. But unfortunately Btrfs forgets doing it. The following is a simple way to reproduce it: # mkfs.btrfs /dev/sdc2 # mount /dev/sdc2 /test4 # touch /test4/a # dd if=/dev/zero of=/test4/a seek=8 count=1 bs=4K oflag=direct conv=nocreat,notrunc # umount /test4 # btrfsck /dev/sdc2 root 5 inode 257 errors 100 Reported-by: NTsutomu Itoh <t-itoh@jp.fujitsu.com> Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com> Tested-by: NTsutomu Itoh <t-itoh@jp.fujitsu.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Miao Xie 提交于
The function - btrfs_cont_expand() forgot to close the transaction handle before it jump out the while loop. Fix it. Signed-off-by: NMiao Xie <miaox@cn.fujitsu.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Liu Bo 提交于
At the beginning of create_pending_snapshot, trans->block_rsv is set to pending->block_rsv and is used for snapshot things, however, when it is done, we do not recover it as will. Signed-off-by: NLiu Bo <liubo2009@cn.fujitsu.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Liu Bo 提交于
While truncating free space cache, we forget to change trans->block_rsv back to the original one, but leave it with the orphan_block_rsv, and then with option inode_cache enable, it leads to countless warnings of btrfs_alloc_free_block and btrfs_orphan_commit_root: WARNING: at fs/btrfs/extent-tree.c:5711 btrfs_alloc_free_block+0x180/0x350 [btrfs]() ... WARNING: at fs/btrfs/inode.c:2193 btrfs_orphan_commit_root+0xb0/0xc0 [btrfs]() Signed-off-by: NLiu Bo <liubo2009@cn.fujitsu.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Josef Bacik 提交于
It's not enough to just search the commit root, since we could be cow'ing the very block we need to search through, which would mean that its locked and we'll still deadlock. So use path->skip_locking as well. Thanks, Signed-off-by: NJosef Bacik <josef@redhat.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Sergei Trofimovich 提交于
iput() shouldn't be called for inodes in I_NEW state. We need to mark inode as constructed first. WARNING: at fs/inode.c:1309 iput+0x20b/0x210() Call Trace: [<ffffffff8103e7ba>] warn_slowpath_common+0x7a/0xb0 [<ffffffff8103e805>] warn_slowpath_null+0x15/0x20 [<ffffffff810eaf0b>] iput+0x20b/0x210 [<ffffffff811b96fb>] btrfs_iget+0x1eb/0x4a0 [<ffffffff811c3ad6>] btrfs_run_defrag_inodes+0x136/0x210 [<ffffffff811ad55f>] cleaner_kthread+0x17f/0x1a0 [<ffffffff81035b7d>] ? sub_preempt_count+0x9d/0xd0 [<ffffffff811ad3e0>] ? transaction_kthread+0x280/0x280 [<ffffffff8105af86>] kthread+0x96/0xa0 [<ffffffff814336d4>] kernel_thread_helper+0x4/0x10 [<ffffffff8105aef0>] ? kthread_worker_fn+0x190/0x190 [<ffffffff814336d0>] ? gs_change+0xb/0xb Signed-off-by: NSergei Trofimovich <slyfox@gentoo.org> CC: Konstantin Khlebnikov <khlebnikov@openvz.org> Tested-by: NDavid Sterba <dsterba@suse.cz> CC: Josef Bacik <josef@redhat.com> CC: Chris Mason <chris.mason@oracle.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-
由 Liu Bo 提交于
We can reproduce this oops via the following steps: $ mkfs.btrfs /dev/sdb7 $ mount /dev/sdb7 /mnt/btrfs $ for ((i=0; i<3; i++)); do btrfs sub snap /mnt/btrfs /mnt/btrfs/s_$i; done $ rm -fr /mnt/btrfs/* $ rm -fr /mnt/btrfs/* then we'll get ------------[ cut here ]------------ kernel BUG at fs/btrfs/inode.c:2264! [...] Call Trace: [<ffffffffa05578c7>] btrfs_rmdir+0xf7/0x1b0 [btrfs] [<ffffffff81150b95>] vfs_rmdir+0xa5/0xf0 [<ffffffff81153cc3>] do_rmdir+0x123/0x140 [<ffffffff81145ac7>] ? fput+0x197/0x260 [<ffffffff810aecff>] ? audit_syscall_entry+0x1bf/0x1f0 [<ffffffff81153d0d>] sys_unlinkat+0x2d/0x40 [<ffffffff8147896b>] system_call_fastpath+0x16/0x1b RIP [<ffffffffa054f7b9>] btrfs_orphan_add+0x179/0x1a0 [btrfs] When it comes to btrfs_lookup_dentry, we may set a snapshot's inode->i_ino to BTRFS_EMPTY_SUBVOL_DIR_OBJECTID instead of BTRFS_FIRST_FREE_OBJECTID, while the snapshot's location.objectid remains unchanged. However, btrfs_ino() does not take this into account, and returns a wrong ino, and causes the oops. Signed-off-by: NLiu Bo <liubo2009@cn.fujitsu.com> Signed-off-by: NChris Mason <chris.mason@oracle.com>
-