- 11 4月, 2013 5 次提交
-
-
由 Nicholas Bellinger 提交于
This patch fixes a bug where a handful of informational / control CDBs that should be allowed during ALUA access state Standby/Offline/Transition where incorrectly returning CHECK_CONDITION + ASCQ_04H_ALUA_TG_PT_*. This includes INQUIRY + REPORT_LUNS, which would end up preventing LUN registration when LUN scanning occured during these ALUA access states. Cc: Hannes Reinecke <hare@suse.de> Cc: <stable@vger.kernel.org> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Asias He 提交于
Send bad target to guest in case: 1) we can not allocate the cmd 2) fail to submit the cmd Signed-off-by: NAsias He <asias@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Asias He 提交于
Share the send bad target code with other use cases. Signed-off-by: NAsias He <asias@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Asias He 提交于
If we fail to submit the allocated tv_vmd to tcm_vhost_submission_work, we will leak the tv_vmd. Free tv_vmd on fail path. Signed-off-by: NAsias He <asias@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Asias He 提交于
We did the length of response check twice. Signed-off-by: NAsias He <asias@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
- 09 4月, 2013 2 次提交
-
-
由 Asias He 提交于
This patch fixes guest hang when booting seabios and guest. [ 0.576238] scsi0 : Virtio SCSI HBA [ 0.616754] virtio_scsi virtio1: request:id 0 is not a head! vq->last_used_idx is initialized only when /dev/vhost-scsi is opened or closed. vhost_scsi_open -> vhost_dev_init() -> vhost_vq_reset() vhost_scsi_release() -> vhost_dev_cleanup -> vhost_vq_reset() So, when guest talks to tcm_vhost after seabios does, vq->last_used_idx still contains the old valule for seabios. This confuses guest. Fix this by calling vhost_init_used() to init vq->last_used_idx when we set endpoint. Signed-off-by: NAsias He <asias@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Asias He 提交于
Currently, vs->vs_endpoint is used indicate if the endpoint is setup or not. It is set or cleared in vhost_scsi_set_endpoint() or vhost_scsi_clear_endpoint() under the vs->dev.mutex lock. However, when we check it in vhost_scsi_handle_vq(), we ignored the lock. Instead of using the vs->vs_endpoint and the vs->dev.mutex lock to indicate the status of the endpoint, we use per virtqueue vq->private_data to indicate it. In this way, we can only take the vq->mutex lock which is per queue and make the concurrent multiqueue process having less lock contention. Further, in the read side of vq->private_data, we can even do not take the lock if it is accessed in the vhost worker thread, because it is protected by "vhost rcu". (nab: Do s/VHOST_FEATURES/~VHOST_SCSI_FEATURES) Signed-off-by: NAsias He <asias@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
- 03 4月, 2013 1 次提交
-
-
由 Asias He 提交于
In vhost_scsi_handle_vq: tv_tpg = vs->vs_tpg[target]; if (!tv_tpg) { .... return } tv_cmd = vhost_scsi_allocate_cmd(tv_tpg, &v_req, 1) vs->vs_tpg[target] might change after the NULL check and 2) the above line might access tv_tpg from vs->vs_tpg[target]. To prevent 2), use ACCESS_ONCE. Thanks mst for catching this up! Signed-off-by: NAsias He <asias@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
- 29 3月, 2013 2 次提交
-
-
由 Nicholas Bellinger 提交于
This patch fixes a regression introduced in v3.8-rc1 code where a failed target_check_reservation() check in target_setup_cmd_from_cdb() was causing an incorrect SAM_STAT_GOOD status to be returned during a WRITE operation performed by an unregistered / unreserved iscsi initiator port. This regression is only effecting iscsi-target due to a special case check for TCM_RESERVATION_CONFLICT within iscsi_target_erl1.c:iscsit_execute_cmd(), and was still correctly disallowing WRITE commands from backend submission for unregistered / unreserved initiator ports, while returning the incorrect SAM_STAT_GOOD status due to the missing SAM_STAT_RESERVATION_CONFLICT assignment. This regression was first introduced with: commit de103c93 Author: Christoph Hellwig <hch@lst.de> Date: Tue Nov 6 12:24:09 2012 -0800 target: pass sense_reason as a return value Go ahead and re-add the missing SAM_STAT_RESERVATION_CONFLICT assignment during a target_check_reservation() failure, so that iscsi-target code sends the correct SCSI status. All other fabrics using target_submit_cmd_*() with a RESERVATION_CONFLICT call to transport_generic_request_failure() are not effected by this bug. Reported-by: NJeff Leung <jleung@curriegrad2004.ca> Cc: Christoph Hellwig <hch@lst.de> Cc: <stable@vger.kernel.org> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Nicholas Bellinger 提交于
This patch adds a VHOST_SCSI_FEATURES mask minus VIRTIO_RING_F_EVENT_IDX so that vhost-scsi-pci userspace will strip this feature bit once GET_FEATURES reports it as being unsupported on the host. This is to avoid a bug where ->handle_kicks() are missed when EVENT_IDX is enabled by default in userspace code. (mst: Rename to VHOST_SCSI_FEATURES + add comment) Acked-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NAsias He <asias@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
- 20 3月, 2013 2 次提交
-
-
由 Asias He 提交于
We can only have one page of data in each sg element, so we can not cross a page boundary. Fail this case. The 'while (len > 0 && data_len > 0) {}' loop is not necessary. The loop can only be executed once. Signed-off-by: NAsias He <asias@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Nicholas Bellinger 提交于
This patch bumps the default FILEIO backend FD_MAX_SECTORS value from 1024 -> 2048 in order to allow block_size=512 to handle 1M sized I/Os. The current default rejects I/Os larger than 512K in sbc_parse_cdb(): [12015.915146] SCSI OP 2ah with too big sectors 1347 exceeds backend hw_max_sectors: 1024 [12015.977744] SCSI OP 2ah with too big sectors 2048 exceeds backend hw_max_sectors: 1024 This issue is present in >= v3.5 based kernels, introduced after the removal of se_task logic. Reported-by: NViljami Ilola <azmulx@netikka.fi> Cc: <stable@vger.kernel.org> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
- 19 3月, 2013 5 次提交
-
-
由 Asias He 提交于
We also need to flush the vhost_works. It is the completion vhost_work currently. Signed-off-by: NAsias He <asias@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Asias He 提交于
tv_tpg->tv_tpg_vhost_count should be protected by tv_tpg->tv_tpg_mutex. Signed-off-by: NAsias He <asias@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com> Acked-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Wei Yongjun 提交于
'se_tpg->tpg_lun_list' is malloced in core_tpg_register() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. 'se_tpg' is malloced out of this function, and will be freed if we return error, so remove free for 'se_tpg'. Signed-off-by: NWei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Andy Grover 提交于
See https://bugzilla.redhat.com/show_bug.cgi?id=916290 Used a temp var since we take its address in sg_init_one. Signed-off-by: NAndy Grover <agrover@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
由 Hannes Reinecke 提交于
Windows does not expect SYNCHRONIZE_CACHE to be not supported, and will generate a BSOD upon shutdown when using rd_mcp backend. So better use a noop here. Signed-off-by: NHannes Reinecke <hare@suse.de> Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>
-
- 18 3月, 2013 4 次提交
-
-
由 Linus Torvalds 提交于
-
由 David Rientjes 提交于
Commit 1d9d8639 ("perf,x86: fix kernel crash with PEBS/BTS after suspend/resume") introduces a link failure since perf_restore_debug_store() is only defined for CONFIG_CPU_SUP_INTEL: arch/x86/power/built-in.o: In function `restore_processor_state': (.text+0x45c): undefined reference to `perf_restore_debug_store' Fix it by defining the dummy function appropriately. Signed-off-by: NDavid Rientjes <rientjes@google.com> Cc: stable@vger.kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Linus Torvalds 提交于
Commit 1d9d8639 ("perf,x86: fix kernel crash with PEBS/BTS after suspend/resume") fixed a crash when doing PEBS performance profiling after resuming, but in using init_debug_store_on_cpu() to restore the DS_AREA mtrr it also resulted in a new WARN_ON() triggering. init_debug_store_on_cpu() uses "wrmsr_on_cpu()", which in turn uses CPU cross-calls to do the MSR update. Which is not really valid at the early resume stage, and the warning is quite reasonable. Now, it all happens to _work_, for the simple reason that smp_call_function_single() ends up just doing the call directly on the CPU when the CPU number matches, but we really should just do the wrmsr() directly instead. This duplicates the wrmsr() logic, but hopefully we can just remove the wrmsr_on_cpu() version eventually. Reported-and-tested-by: NParag Warudkar <parag.lkml@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs由 Linus Torvalds 提交于
Pull btrfs fixes from Chris Mason: "Eric's rcu barrier patch fixes a long standing problem with our unmount code hanging on to devices in workqueue helpers. Liu Bo nailed down a difficult assertion for in-memory extent mappings." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: fix warning of free_extent_map Btrfs: fix warning when creating snapshots Btrfs: return as soon as possible when edquot happens Btrfs: return EIO if we have extent tree corruption btrfs: use rcu_barrier() to wait for bdev puts at unmount Btrfs: remove btrfs_try_spin_lock Btrfs: get better concurrency for snapshot-aware defrag work
-
- 16 3月, 2013 9 次提交
-
-
由 Liu Bo 提交于
Users report that an extent map's list is still linked when it's actually going to be freed from cache. The story is that a) when we're going to drop an extent map and may split this large one into smaller ems, and if this large one is flagged as EXTENT_FLAG_LOGGING which means that it's on the list to be logged, then the smaller ems split from it will also be flagged as EXTENT_FLAG_LOGGING, and this is _not_ expected. b) we'll keep ems from unlinking the list and freeing when they are flagged with EXTENT_FLAG_LOGGING, because the log code holds one reference. The end result is the warning, but the truth is that we set the flag EXTENT_FLAG_LOGGING only during fsync. So clear flag EXTENT_FLAG_LOGGING for extent maps split from a large one. Reported-by: NJohannes Hirte <johannes.hirte@fem.tu-ilmenau.de> Reported-by: NDarrick J. Wong <darrick.wong@oracle.com> Signed-off-by: NLiu Bo <bo.li.liu@oracle.com> Signed-off-by: NChris Mason <chris.mason@fusionio.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild由 Linus Torvalds 提交于
Pull kbuild fix from Michal Marek: "One fix for for make headers_install/headers_check to not require make 3.81. The requirement has been accidentally introduced in 3.7." * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kbuild: fix make headers_check with make 3.80
-
git://openrisc.net/jonas/linux由 Linus Torvalds 提交于
Pull OpenRISC bug fixes from Jonas Bonn: - The GPIO descriptor work has exposed how broken the non-GPIOLIB bits for OpenRISC were. We now require GPIOLIB as this is the preferred way forward. - The system.h split introduced a bug in llist.h for arches using asm-generic/cmpxchg.h directly, which is currently only OpenRISC. The patch here moves two defines from asm-generic/atomic.h to asm-generic/cmpxchg.h to make things work as they should. - The VIRT_TO_BUS selector was added for OpenRISC, but OpenRISC does not have the virt_to_bus methods, so there's a patch to remove it again. * tag 'for-3.9-rc3' of git://openrisc.net/jonas/linux: openrisc: remove HAVE_VIRT_TO_BUS asm-generic: move cmpxchg*_local defs to cmpxchg.h openrisc: require gpiolib
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc由 Linus Torvalds 提交于
Pull char/misc fixes from Greg Kroah-Hartman: "Here are some tiny fixes for the w1 drivers and the final removal patch for getting rid of CONFIG_EXPERIMENTAL (all users of it are now gone from your tree, this just drops the Kconfig item itself.) All have been in the linux-next tree for a while" * tag 'char-misc-3.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: final removal of CONFIG_EXPERIMENTAL w1: fix oops when w1_search is called from netlink connector w1-gpio: fix unused variable warning w1-gpio: remove erroneous __exit and __exit_p() ARM: w1-gpio: fix erroneous gpio requests
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound由 Linus Torvalds 提交于
Pull sound fixes from Takashi Iwai: "A collection of small fixes, as expected for the middle rc: - A couple of fixes for potential NULL dereferences and out-of-range array accesses revealed by static code parsers - A fix for the wrong error handling detected by trinity - A regression fix for missing audio on some MacBooks - CA0132 DSP loader fixes - Fix for EAPD control of IDT codecs on machines w/o speaker - Fix a regression in the HD-audio widget list parser code - Workaround for the NuForce UDH-100 USB audio" * tag 'sound-3.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda - Fix missing EAPD/GPIO setup for Cirrus codecs sound: sequencer: cap array index in seq_chn_common_event() ALSA: hda/ca0132 - Remove extra setting of dsp_state. ALSA: hda/ca0132 - Check download state of DSP. ALSA: hda/ca0132 - Check if dspload_image succeeded. ALSA: hda - Disable IDT eapd_switch if there are no internal speakers ALSA: hda - Fix snd_hda_get_num_raw_conns() to return a correct value ALSA: usb-audio: add a workaround for the NuForce UDH-100 ALSA: asihpi - fix potential NULL pointer dereference ALSA: seq: Fix missing error handling in snd_seq_timer_open()
-
git://git.linaro.org/people/mszyprowski/linux-dma-mapping由 Linus Torvalds 提交于
Pull DMA-mapping fix from Marek Szyprowski: "An important fix for all ARM architectures which use ZONE_DMA. Without it dma_alloc_* calls with GFP_ATOMIC flag might have allocated buffers outsize DMA zone." * 'fixes-for-3.9' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping: ARM: DMA-mapping: add missing GFP_DMA flag for atomic buffer allocation
-
git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-fixes由 Linus Torvalds 提交于
Pull MFD fixes from Samuel Ortiz: "This is the first batch of MFD fixes for 3.9. With this one we have: - An ab8500 build failure fix. - An ab8500 device tree parsing fix. - A fix for twl4030_madc remove routine to work properly (when built-in). - A fix for properly registering palmas interrupt handler. - A fix for omap-usb init routine to actually write into the hostconfig register. - A couple of warning fixes for ab8500-gpadc and tps65912" * tag 'mfd-fixes-3.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-fixes: mfd: twl4030-madc: Remove __exit_p annotation mfd: ab8500: Kill "reg" property from binding mfd: ab8500-gpadc: Complain if we fail to enable vtvout LDO mfd: wm831x: Don't forward declare enum wm831x_auxadc mfd: twl4030-audio: Fix argument type for twl4030_audio_disable_resource() mfd: tps65912: Declare and use tps65912_irq_exit() mfd: palmas: Provide irq flags through DT/platform data mfd: Make AB8500_CORE select POWER_SUPPLY to fix build error mfd: omap-usb-host: Actually update hostconfig
-
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging由 Linus Torvalds 提交于
Pull hwmon fixes from Guenter Roeck: "Bug fixes for pmbus, ltc2978, and lineage-pem drivers Added specific maintainer for some hwmon drivers" * tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (pmbus/ltc2978) Fix temperature reporting hwmon: (pmbus) Fix krealloc() misuse in pmbus_add_attribute() hwmon: (lineage-pem) Add missing terminating entry for pem_[input|fan]_attributes MAINTAINERS: Add maintainer for MAX6697, INA209, and INA2XX drivers
-
由 Stephane Eranian 提交于
This patch fixes a kernel crash when using precise sampling (PEBS) after a suspend/resume. Turns out the CPU notifier code is not invoked on CPU0 (BP). Therefore, the DS_AREA (used by PEBS) is not restored properly by the kernel and keeps it power-on/resume value of 0 causing any PEBS measurement to crash when running on CPU0. The workaround is to add a hook in the actual resume code to restore the DS Area MSR value. It is invoked for all CPUS. So for all but CPU0, the DS_AREA will be restored twice but this is harmless. Reported-by: NLinus Torvalds <torvalds@linux-foundation.org> Signed-off-by: NStephane Eranian <eranian@google.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 15 3月, 2013 10 次提交
-
-
由 Takashi Iwai 提交于
During the transition to the generic parser, the hook to the codec specific automute function was forgotten. This resulted in the silent output on some MacBooks. Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Dan Carpenter 提交于
"chn" here is a number between 0 and 255, but ->chn_info[] only has 16 elements so there is a potential write beyond the end of the array. If the seq_mode isn't SEQ_2 then we let the individual drivers (either opl3.c or midi_synth.c) handle it. Those functions all do a bounds check on "chn" so I haven't changed anything here. The opl3.c driver has up to 18 channels and not 16. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Arnd Bergmann 提交于
4740f73f "mfd: remove use of __devexit" removed the __devexit annotation on the twl4030_madc_remove function, but left an __exit_p() present on the pointer to this function. Using __exit_p was as wrong with the devexit in place as it is now, but now we get a gcc warning about an unused function. In order for the twl4030_madc_remove to work correctly in built-in code, we have to remove the __exit_p. Cc: Bill Pemberton <wfp5p@virginia.edu> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NArnd Bergmann <arnd@arndb.de> Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com>
-
由 Dylan Reid 提交于
spec->dsp_state is initialized to DSP_DOWNLOAD_INIT, no need to reset and check it in ca0132_download_dsp(). Signed-off-by: NDylan Reid <dgreid@chromium.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Dylan Reid 提交于
Instead of using the dspload_is_loaded() function, check the dsp_state that is kept in the spec. The dspload_is_loaded() function returns true if the DSP transfer was never started. This false-positive leads to multiple second delays when ca0132_setup_efaults() times out on each write. Signed-off-by: NDylan Reid <dgreid@chromium.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Dylan Reid 提交于
If dspload_image() fails, it was ignored and dspload_wait_loaded() was still called. dsp_loaded should never be set to true in this case, skip it. The check in dspload_wait_loaded() return true if the DSP is loaded or if it never started. Signed-off-by: NDylan Reid <dgreid@chromium.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Michel Lespinasse 提交于
The vm_flags introduced in 6d7825b1 ("mm/fremap.c: fix oops on error path") is supposed to avoid a compiler warning about unitialized vm_flags without changing the generated code. However I am concerned that this is going to be very brittle, and fail with some compiler versions. The failure could be either of: - compiler could actually load vma->vm_flags before checking for the !vma condition, thus reintroducing the oops - compiler could optimize out the !vma check, since the pointer just got dereferenced shortly before (so the compiler knows it can't be NULL!) I propose reversing this part of the change and initializing vm_flags to 0 just to avoid the bogus uninitialized use warning. Signed-off-by: NMichel Lespinasse <walken@google.com> Cc: Tommi Rantala <tt.rantala@gmail.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu由 Linus Torvalds 提交于
Pull fix for hlist_entry_safe() regression from Paul McKenney: "This contains a single commit that fixes a regression in hlist_entry_safe(). This macro references its argument twice, which can cause NULL-pointer errors. This commit applies a gcc statement expression, creating a temporary variable to avoid the double reference. This has been posted to LKML at https://lkml.org/lkml/2013/3/9/75. Kudos to CAI Qian, whose testing uncovered this, to Eric Dumazet, who spotted root cause, and to Li Zefan, who tested this commit." * 'rcu/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu: list: Fix double fetch of pointer in hlist_entry_safe()
-
由 Paul E. McKenney 提交于
The current version of hlist_entry_safe() fetches the pointer twice, once to test for NULL and the other to compute the offset back to the enclosing structure. This is OK for normal lock-based use because in that case, the pointer cannot change. However, when the pointer is protected by RCU (as in "rcu_dereference(p)"), then the pointer can change at any time. This use case can result in the following sequence of events: 1. CPU 0 invokes hlist_entry_safe(), fetches the RCU-protected pointer as sees that it is non-NULL. 2. CPU 1 invokes hlist_del_rcu(), deleting the entry that CPU 0 just fetched a pointer to. Because this is the last entry in the list, the pointer fetched by CPU 0 is now NULL. 3. CPU 0 refetches the pointer, obtains NULL, and then gets a NULL-pointer crash. This commit therefore applies gcc's "({ })" statement expression to create a temporary variable so that the specified pointer is fetched only once, avoiding the above sequence of events. Please note that it is the caller's responsibility to use rcu_dereference() as needed. This allows RCU-protected uses to work correctly without imposing any additional overhead on the non-RCU case. Many thanks to Eric Dumazet for spotting root cause! Reported-by: NCAI Qian <caiqian@redhat.com> Reported-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com> Tested-by: NLi Zefan <lizefan@huawei.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs由 Linus Torvalds 提交于
Pull ext2, ext3, reiserfs, quota fixes from Jan Kara: "A fix for regression in ext2, and a format string issue in ext3. The rest isn't too serious." * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: ext2: Fix BUG_ON in evict() on inode deletion reiserfs: Use kstrdup instead of kmalloc/strcpy ext3: Fix format string issues quota: add missing use of dq_data_lock in __dquot_initialize
-