1. 22 10月, 2009 10 次提交
  2. 21 10月, 2009 1 次提交
    • A
      dnotify: ignore FS_EVENT_ON_CHILD · 94552684
      Andreas Gruenbacher 提交于
      Mask off FS_EVENT_ON_CHILD in dnotify_handle_event().  Otherwise, when there
      is more than one watch on a directory and dnotify_should_send_event()
      succeeds, events with FS_EVENT_ON_CHILD set will trigger all watches and cause
      spurious events.
      
      This case was overlooked in commit e42e2773.
      
      	#define _GNU_SOURCE
      
      	#include <stdio.h>
      	#include <stdlib.h>
      	#include <unistd.h>
      	#include <signal.h>
      	#include <sys/types.h>
      	#include <sys/stat.h>
      	#include <fcntl.h>
      	#include <string.h>
      
      	static void create_event(int s, siginfo_t* si, void* p)
      	{
      		printf("create\n");
      	}
      
      	static void delete_event(int s, siginfo_t* si, void* p)
      	{
      		printf("delete\n");
      	}
      
      	int main (void) {
      		struct sigaction action;
      		char *tmpdir, *file;
      		int fd1, fd2;
      
      		sigemptyset (&action.sa_mask);
      		action.sa_flags = SA_SIGINFO;
      
      		action.sa_sigaction = create_event;
      		sigaction (SIGRTMIN + 0, &action, NULL);
      
      		action.sa_sigaction = delete_event;
      		sigaction (SIGRTMIN + 1, &action, NULL);
      
      	#	define TMPDIR "/tmp/test.XXXXXX"
      		tmpdir = malloc(strlen(TMPDIR) + 1);
      		strcpy(tmpdir, TMPDIR);
      		mkdtemp(tmpdir);
      
      	#	define TMPFILE "/file"
      		file = malloc(strlen(tmpdir) + strlen(TMPFILE) + 1);
      		sprintf(file, "%s/%s", tmpdir, TMPFILE);
      
      		fd1 = open (tmpdir, O_RDONLY);
      		fcntl(fd1, F_SETSIG, SIGRTMIN);
      		fcntl(fd1, F_NOTIFY, DN_MULTISHOT | DN_CREATE);
      
      		fd2 = open (tmpdir, O_RDONLY);
      		fcntl(fd2, F_SETSIG, SIGRTMIN + 1);
      		fcntl(fd2, F_NOTIFY, DN_MULTISHOT | DN_DELETE);
      
      		if (fork()) {
      			/* This triggers a create event */
      			creat(file, 0600);
      			/* This triggers a create and delete event (!) */
      			unlink(file);
      		} else {
      			sleep(1);
      			rmdir(tmpdir);
      		}
      
      		return 0;
      	}
      Signed-off-by: NAndreas Gruenbacher <agruen@suse.de>
      Signed-off-by: NEric Paris <eparis@redhat.com>
      94552684
  3. 20 10月, 2009 1 次提交
  4. 19 10月, 2009 3 次提交
    • W
      inotify: fix coalesce duplicate events into a single event in special case · 3de0ef4f
      Wei Yongjun 提交于
      If we do rename a dir entry, like this:
      
        rename("/tmp/ino7UrgoJ.rename1", "/tmp/ino7UrgoJ.rename2")
        rename("/tmp/ino7UrgoJ.rename2", "/tmp/ino7UrgoJ")
      
      The duplicate events should be coalesced into a single event. But those two
      events do not be coalesced into a single event, due to some bad check in
      event_compare(). It can not match the two NULL inodes as the same event.
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: NEric Paris <eparis@redhat.com>
      3de0ef4f
    • E
      inotify: deprecate the inotify kernel interface · cdc321ff
      Eric Paris 提交于
      In 2.6.33 there will be no users of the inotify interface.  Mark it for
      removal as fsnotify is more generic and is easier to use.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      cdc321ff
    • E
      fsnotify: do not set group for a mark before it is on the i_list · 9f0d793b
      Eric Paris 提交于
      fsnotify_add_mark is supposed to add a mark to the g_list and i_list and to
      set the group and inode for the mark.  fsnotify_destroy_mark_by_entry uses
      the fact that ->group != NULL to know if this group should be destroyed or
      if it's already been done.
      
      But fsnotify_add_mark sets the group and inode before it actually adds the
      mark to the i_list and g_list.  This can result in a race in inotify, it
      requires 3 threads.
      
      sys_inotify_add_watch("file")	sys_inotify_add_watch("file")	sys_inotify_rm_watch([a])
      inotify_update_watch()
      inotify_new_watch()
      inotify_add_to_idr()
         ^--- returns wd = [a]
      				inotfiy_update_watch()
      				inotify_new_watch()
      				inotify_add_to_idr()
      				fsnotify_add_mark()
      				   ^--- returns wd = [b]
      				returns to userspace;
      								inotify_idr_find([a])
      								   ^--- gives us the pointer from task 1
      fsnotify_add_mark()
         ^--- this is going to set the mark->group and mark->inode fields, but will
      return -EEXIST because of the race with [b].
      								fsnotify_destroy_mark()
      								   ^--- since ->group != NULL we call back
      									into inotify_freeing_mark() which calls
      								inotify_remove_from_idr([a])
      
      since fsnotify_add_mark() failed we call:
      inotify_remove_from_idr([a])     <------WHOOPS it's not in the idr, this could
      					have been any entry added later!
      
      The fix is to make sure we don't set mark->group until we are sure the mark is
      on the inode and fsnotify_add_mark will return success.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      9f0d793b
  5. 18 10月, 2009 4 次提交
  6. 17 10月, 2009 13 次提交
  7. 16 10月, 2009 8 次提交
    • D
      KVM: Prevent kvm_init from corrupting debugfs structures · 0ea4ed8e
      Darrick J. Wong 提交于
      I'm seeing an oops condition when kvm-intel and kvm-amd are modprobe'd
      during boot (say on an Intel system) and then rmmod'd:
      
         # modprobe kvm-intel
           kvm_init()
           kvm_init_debug()
           kvm_arch_init()  <-- stores debugfs dentries internally
           (success, etc)
      
         # modprobe kvm-amd
           kvm_init()
           kvm_init_debug() <-- second initialization clobbers kvm's
                                internal pointers to dentries
           kvm_arch_init()
           kvm_exit_debug() <-- and frees them
      
         # rmmod kvm-intel
           kvm_exit()
           kvm_exit_debug() <-- double free of debugfs files!
      
           *BOOM*
      
      If execution gets to the end of kvm_init(), then the calling module has been
      established as the kvm provider.  Move the debugfs initialization to the end of
      the function, and remove the now-unnecessary call to kvm_exit_debug() from the
      error path.  That way we avoid trampling on the debugfs entries and freeing
      them twice.
      
      Cc: stable@kernel.org
      Signed-off-by: NDarrick J. Wong <djwong@us.ibm.com>
      Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
      0ea4ed8e
    • F
      KVM: MMU: fix pointer cast · 8a8365c5
      Frederik Deweerdt 提交于
      On a 32 bits compile, commit 3da0dd43
      introduced the following warnings:
      
      arch/x86/kvm/mmu.c: In function ‘kvm_set_pte_rmapp’:
      arch/x86/kvm/mmu.c:770: warning: cast to pointer from integer of different size
      arch/x86/kvm/mmu.c: In function ‘kvm_set_spte_hva’:
      arch/x86/kvm/mmu.c:849: warning: cast from pointer to integer of different size
      
      The following patch uses 'unsigned long' instead of u64 to match the
      pointer size on both arches.
      Signed-off-by: NFrederik Deweerdt <frederik.deweerdt@xprog.eu>
      Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
      8a8365c5
    • M
      KVM: use proper hrtimer function to retrieve expiration time · ace15464
      Marcelo Tosatti 提交于
      hrtimer->base can be temporarily NULL due to racing hrtimer_start.
      See switch_hrtimer_base/lock_hrtimer_base.
      
      Use hrtimer_get_remaining which is robust against it.
      
      CC: stable@kernel.org
      Signed-off-by: NMarcelo Tosatti <mtosatti@redhat.com>
      Signed-off-by: NAvi Kivity <avi@redhat.com>
      ace15464
    • G
      sata_mv: Prevent PIO commands to be defered too long if traffic in progress. · 159a7ff7
      Gwendal Grignou 提交于
      Use excl_link when non NCQ commands are defered, to be sure they are processed
      as soon as outstanding commands are completed. It prevents some commands to be
      defered indifinitely when using a port multiplier.
      Signed-off-by: NGwendal Grignou <gwendal@google.com>
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      159a7ff7
    • A
      pata_sc1200: Fix crash on boot · 6d4f950e
      Alan Cox 提交于
      The SC1200 needs a NULL terminator or it may cause a crash on boot.
      
      Bug #14227
      
      Also correct a bogus comment as the driver had serializing added so can run
      dual port.
      Signed-off-by: NAlan Cox <alan@linux.intel.com>
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      6d4f950e
    • T
      libata: fix internal command failure handling · f4b31db9
      Tejun Heo 提交于
      When an internal command fails, it should be failed directly without
      invoking EH.  In the original implemetation, this was accomplished by
      letting internal command bypass failure handling in ata_qc_complete().
      However, later changes added post-successful-completion handling to
      that code path and the success path is no longer adequate as internal
      command failure path.  One of the visible problems is that internal
      command failure due to timeout or other freeze conditions would
      spuriously trigger WARN_ON_ONCE() in the success path.
      
      This patch updates failure path such that internal command failure
      handling is contained there.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Cc: stable@kernel.org
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      f4b31db9
    • T
      libata: fix PMP initialization · 4f7c2874
      Tejun Heo 提交于
      Commit 842faa6c fixed error handling
      during attach by not committing detected device class to dev->class
      while attaching a new device.  However, this change missed the PMP
      class check in the configuration loop causing a new PMP device to go
      through ata_dev_configure() as if it were an ATA or ATAPI device.
      
      As PMP device doesn't have a regular IDENTIFY data, this makes
      ata_dev_configure() tries to configure a PMP device using an invalid
      data.  For the most part, it wasn't too harmful and went unnoticed but
      this ends up clearing dev->flags which may have ATA_DFLAG_AN set by
      sata_pmp_attach().  This means that SATA_PMP_FEAT_NOTIFY ends up being
      disabled on PMPs and on PMPs which honor the flag breaks hotplug
      support.
      
      This problem was discovered and reported by Ethan Hsiao.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Reported-by: NEthan Hsiao <ethanhsiao@jmicron.com>
      Cc: stable@kernel.org
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      4f7c2874
    • T
      sata_nv: make sure link is brough up online when skipping hardreset · 6489e326
      Tejun Heo 提交于
      prereset doesn't bring link online if hardreset is about to happen and
      nv_hardreset() may skip if conditions are not right so softreset may
      be entered with non-working link status if the system firmware didn't
      bring it up before entering OS code which can happen during resume.
      This patch makes nv_hardreset() to bring up the link if it's skipping
      reset.
      
      This bug was reported by frodone@gmail.com in the following bug entry.
      
        http://bugzilla.kernel.org/show_bug.cgi?id=14329Signed-off-by: NTejun Heo <tj@kernel.org>
      Reported-by: frodone@gmail.com
      Cc: stable@kernel.org
      Signed-off-by: NJeff Garzik <jgarzik@redhat.com>
      6489e326