The kernel has for random historical reasons allowed ptrace() accesses
to access (and insert) pages into the page cache above the size of the
file.
However, Nick broke that by mistake when doing the new fault handling in
commit 54cb8821de ("mm: merge populate and
nopage into fault (fixes nonlinear)". The breakage caused a hang with
gdb when trying to access the invalid page.
The ptrace "feature" really isn't worth resurrecting, since it really is
wrong both from a portability _and_ from an internal page cache validity
standpoint. So this removes those old broken remnants, and fixes the
ptrace() hang in the process.
Noticed and bisected by Duane Griffin, who also supplied a test-case
(quoth Nick: "Well that's probably the best bug report I've ever had,
thanks Duane!").
Cc: Duane Griffin <duaneg@dghda.com>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
It is referenced both from __devinit code (ivtv_probe) and
normal .text (ivtv_process_eeprom), and therefore cannot
be discarded via __devexit.
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
On PowerPC allmodconfig build we get this:
net/key/af_key.c:400: warning: comparison is always false due to limited range of data type
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6:
add SubmittingPatches to Documentation/ja_JP
fix typo in SubmittingPatches
Driver Core: fix bug in device_rename() for SYSFS_DEPRECATED=y
sysfs: make sysfs_{get,put}_active() static
kobject: check for duplicate names in kobject_rename
Driver core: remove class_device_*_bin_file
This patch adds SubmittingPatches translated into Japanese to
Documentation/ja_JP directory.
I attach the patch because there is a possibility that MUA
will change the character encoding sometimes.
Signed-off-by: Keiichi KII <k-keiichi@bx.jp.nec.com>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This should fix the sysfs warnings that renaming network devices is
causing to show up with CONFIG_SYSFS_DEPRECATED=y
The code just shouldn't run if class devices are real directories, it's
an update for the symlink in the class directory. Nobody noticed that as
long as the creation of sysfs files silently failed, and we both missed
it before the merge, because we don't run SYSFS_DEPRECATED=y.
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: David Miller <davem@davemloft.net>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This should catch any duplicate names before we try to tell sysfs to
rename the object. This happens a lot with older versions of udev and
the network rename scripts.
Cc: David Miller <davem@davemloft.net>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
These functions are not used by anyone, so remove them from the tree.
The class_device code will be removed soon anyway, so no future users
will ever be possible.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
It wants string functions like memcpy() for inline
routines, and these define userland interfaces.
The only clean way to deal with this is to simply
put linux/string.h into unifdef-y and have it
include <string.h> when not-__KERNEL__.
Signed-off-by: David S. Miller <davem@davemloft.net>
Remove a spurious call to kfree_skb() in the connector rx_skb handler.
This fixes a regression introduced by the '[NET]: make netlink user ->
kernel interface synchronious' patch (cd40b7d398)
Signed-off-by: Michal Januszewski <spock@gentoo.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
A stray semicolon slipped in the patch that updated dev_ifname32 to
not be inline, causing it to always return -EFAULT. This fixes it.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This fixes scatterlist corruptions added by
commit 68e3f5dd4d
[CRYPTO] users: Fix up scatterlist conversion errors
The issue is that the code calls sg_mark_end() which clobbers the
sg_page() pointer of the final scatterlist entry.
The first part fo the fix makes skb_to_sgvec() do __sg_mark_end().
After considering all skb_to_sgvec() call sites the most correct
solution is to call __sg_mark_end() in skb_to_sgvec() since that is
what all of the callers would end up doing anyways.
I suspect this might have fixed some problems in virtio_net which is
the sole non-crypto user of skb_to_sgvec().
Other similar sg_mark_end() cases were converted over to
__sg_mark_end() as well.
Arguably sg_mark_end() is a poorly named function because it doesn't
just "mark", it clears out the page pointer as a side effect, which is
what led to these bugs in the first place.
The one remaining plain sg_mark_end() call is in scsi_alloc_sgtable()
and arguably it could be converted to __sg_mark_end() if only so that
we can delete this confusing interface from linux/scatterlist.h
Signed-off-by: David S. Miller <davem@davemloft.net>
It's under CONFIG_IP_VS_LBLCR_DEBUG option which never existed.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
The file /proc/net/if_inet6 is removed twice.
First time in:
inet6_exit
->addrconf_cleanup
And followed a few lines after by:
inet6_exit
-> if6_proc_exit
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When a network namespace reference is held by a network subsystem,
and when this reference is decremented in a rcu update callback, we
must ensure that there is no more outstanding rcu update before
trying to free the network namespace.
In the normal case, the rcu_barrier is called when the network namespace
is exiting in the cleanup_net function.
But when a network namespace creation fails, and the subsystems are
undone (like the cleanup), the rcu_barrier is missing.
This patch adds the missing rcu_barrier.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Point 1:
The unregistering of a network device schedule a netdev_run_todo.
This function calls dev->destructor when it is set and the
destructor calls free_netdev.
Point 2:
In the case of an initialization of a network device the usual code
is:
* alloc_netdev
* register_netdev
-> if this one fails, call free_netdev and exit with error.
Point 3:
In the register_netdevice function at the later state, when the device
is at the registered state, a call to the netdevice_notifiers is made.
If one of the notification falls into an error, a rollback to the
registered state is done using unregister_netdevice.
Conclusion:
When a network device fails to register during initialization because
one network subsystem returned an error during a notification call
chain, the network device is freed twice because of fact 1 and fact 2.
The second free_netdev will be done with an invalid pointer.
Proposed solution:
The following patch move all the code of unregister_netdevice *except*
the call to net_set_todo, to a new function "rollback_registered".
The following functions are changed in this way:
* register_netdevice: calls rollback_registered when a notification fails
* unregister_netdevice: calls rollback_register + net_set_todo, the call
order to net_set_todo is changed because it is the
latest now. Since it justs add an element to a list
that should not break anything.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/fmr_pool: Stop ib_fmr threads from contributing to load average
IB/ipath: Fix incorrect use of sizeof on msg buffer (function argument)
IB/ipath: Limit length checksummed in eeprom
IB/ipath: Fix a race where s_last is updated without lock held
IB/mlx4: Lock SQ lock in mlx4_ib_post_send()
IPoIB/cm: Fix receive QP cleanup
I noticed my machine was at a constant load average of 1. This was
because ib_create_fmr_pool calls kthread_create but does not
immediately wake the thread up.
Change to using kthread_run so we enter ib_fmr_cleanup_thread(), set
TASK_INTERRUPTIBLE, then go to sleep.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Fix links to files in Documentation/* in various Kconfig files
Signed-off-by: Dirk Hohndel <hohndel@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit commit 65b8291c40 ("dio: invalidate
clean pages before dio write") introduced a bug which stopped dio from
ever invalidating the page cache after writes. It still invalidated it
before writes so most users were fine.
Karl Schendel reported ( http://lkml.org/lkml/2007/10/26/481 ) hitting
this bug when he had a buffered reader immediately reading file data
after an O_DIRECT wirter had written the data. The kernel issued
read-ahead beyond the position of the reader which overlapped with the
O_DIRECT writer. The failure to invalidate after writes caused the
reader to see stale data from the read-ahead.
The following patch is originally from Karl. The following commentary
is his:
The below 3rd try takes on your suggestion of just invalidating
no matter what the retval from the direct_IO call. I ran it
thru the test-case several times and it has worked every time.
The post-invalidate is probably still too early for async-directio,
but I don't have a testcase for that; just sync. And, this
won't be any worse in the async case.
I added a test to the aio-dio-regress repository which mimics Karl's IO
pattern. It verifed the bad behaviour and that the patch fixed it. I
agree with Karl, this still doesn't help the case where a buffered
reader follows an AIO O_DIRECT writer. That will require a bit more
work.
This gives up on the idea of returning EIO to indicate to userspace that
stale data remains if the invalidation failed.
Signed-off-by: Zach Brown <zach.brown@oracle.com>
Cc: Karl Schendel <kschendel@datallegro.com>
Cc: Benjamin LaHaise <bcrl@kvack.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: Leonid Ananiev <leonid.i.ananiev@linux.intel.com>
Cc: Chris Mason <chris.mason@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] Fix incorrect return value from ia64_setup_msi_irq()
[IA64] arch/ia64/sn/kernel/mca.c: undo lock when sn_oemdata can't be extended
[IA64] update sn2 defconfig to 64kb pages
[IA64] fix typo in per_cpu_offset
[IA64] /proc/cpuinfo "physical id" field cleanups
[IA64] vDSO vs --build-id
[IA64] check-segrel.lds vs --build-id
[IA64] vmcore_find_descriptor_size should be in __init
[IA64] ia64/mm/init.c: fix section mismatches
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
ixgb: fix TX hangs under heavy load
e1000e: Fix typo ! &
ixgbe: minor sparse fixes
e1000: sparse warnings fixes
ixgb: fix sparse warnings
e1000e: fix sparse warnings
mv643xx_eth: Fix MV643XX_ETH offsets used by Pegasos 2
Blackfin EMAC driver: Fix Ethernet communication bug (dupliated and lost packets)
DM9601: Support for ADMtek ADM8515 NIC
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata: implement and use ATA_QCFLAG_QUIET
libata: stop being overjealous about non-IO commands
libata: flush is an IO command
sata_promise: cleanups
sata_promise: ASIC PRD table bug workaround, take 2
A merge error occurred where we merged the wrong block here
in version 1.0.120. The right condition for frags is slightly
different then for the skb, so account for the difference properly
and trim the TSO based size right.
Originally part of a fix reported by IBM to fix TSO hangs on
pSeries hardware.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Cc: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Make strings const if possible, and fix includes so forward definitions
are seen.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Fix sparse warnings and problems from e1000 driver.
Added a sparse fix for the module param array index
-- Auke
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Fix sparse warnings in ixgb driver for net-2.6.24.
Added a sparse fix for invalid declaration using non-constant value
in ixgb_set_multi. Added a fix for the module param array index
and allows int params in the array. --Auke
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Fix sparse warnings from e1000e driver in net-2.6.24.
Added a sparse fix for module param arrays which can have int values
but only the array index needs to be unsigned. --Auke
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Auke Kok <auke-jan.h.kok@intel.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
In the mv643xx_eth driver, we now use offsets from the ethernet
register block within the chip, but the pegasos 2 platform still
needs offsets from the full chip's register base address.
Signed-off-by: Dale Farnsworth <dale@farnsworth.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Fix Ethernet communication bug(dupliated and lost packets)
in RMII PHY mode- dont call mac_disable and mac_enable during
10/100 REFCLK changes - mac_enable screws up the DMA descriptor chain
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Bryan Wu <bryan.wu@analog.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Add device ID for the ADMtek ADM8515 USB NIC to the DM9601 driver.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Inside a function declared as
void foo(char bar[512])
the value of sizeof bar is the size of a pointer, not 512. So avoid
constructions like this by passing the size explicitly.
Also reduce the size of the buffer to 128 bytes (512 was overly generous).
Signed-off-by: Dave Olson <dave.olson@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
The small eeprom that holds the GUID etc. contains a data-length, but if
the actual eeprom is new or has been erased, that byte will be 0xFF,
which is greater than the maximum physical length of the eeprom, and
more importantly greater than the length of the buffer we vmalloc'd.
Sanity-check the length to avoid the possbility of reading past end of
buffer.
Signed-off-by: Michael Albaugh <Michael.Albaugh@Qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
There is a small window where a send work queue entry could be
overwritten by ib_post_send() because s_last is updated before the
entry is read.
This patch closes the window by acquiring the lock and updating
the last send work queue entry index after reading the wr_id.
Signed-off-by: Ralph Campbell <ralph.campbell@qlogic.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Because of a typo, mlx4_ib_post_send() takes the same lock rq.lock as
mlx4_ib_post_recv(). Correct the code so the intended sq.lock is
taken when posting a send.
Noticed by Yossi Leybovitch and pointed out by Jack Morgenstein from
Mellanox.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Fix the problem that pci_enable_msi() fails on ia64 platform. The cause of
this problem is incorrect return value of ia64_setup_msi_irq(). It must
return 0 on success, instead of irq number.
Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
It's currently possible to send posix_locks_deadlock() into an infinite
loop (under the BKL).
For now, fix this just by bailing out after a few iterations. We may
want to fix this in a way that better clarifies the semantics of
deadlock detection. But that will take more time, and this minimal fix
is probably adequate for any realistic scenario, and is simple enough to
be appropriate for applying to stable kernels now.
Thanks to George Davis for reporting the problem.
Cc: "George G. Davis" <gdavis@mvista.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/blackfin-2.6:
Blackfin arch: use a less common define name in BF549
Blackfin arch: Add missing definitions for BF561
Blackfin arch: reclaim a few bytes from the end of our init section
Blackfin arch: fix libata data struct member from irq_type to irq_flags
Blackfin arch: Do not pollute name space used in linux-2.6.x/sound
Blackfin arch: Fix bug set correct baud for spi mmc and enable SPI after DMA.
Blackfin arch: update board defconfig files according to latest information from ADI datasheet
Blackfin arch: ensure that speculative loads of bad pointers don't cause us to do bad things.
Blackfin arch: Add missing definitions of BF54x
Blackfin arch: Fix random crash issue found by Michael.
Blackfin arch: fix bug: tell users if the kernel is recovering from a fault condition
Blackfin arch: add support for checking/clearing overruns in generic purpose Timer API
Blackfin arch: cleanup arch/blackfin/kernel/traps.c handling code.
Blackfin arch: Apply Bluetchnix vendor patch provided by Harald Krapfenbauer
Blackfin arch: fix bug BlueTechnix CM-BF537 board config uses wrong IRQ for net2272 driver
Blackfin arch: fix bug: kernel prints out error message twice
Blackfin arch: add NFC driver support in BF527-EZKIT board
Blackfin arch: Added support for HV Sistemas H8606 board
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
[TIPC]: Add tipc_config.h to include/linux/Kbuild.
[WAN]: lmc_ioctl: don't return with locks held
[SUNRPC]: fix rpc debugging
[TCP]: Saner thash_entries default with much memory.
[SUNRPC] rpc_rdma: we need to cast u64 to unsigned long long for printing
[IPv4] SNMP: Refer correct memory location to display ICMP out-going statistics
[NET]: Fix error reporting in sys_socketpair().
[NETFILTER]: nf_ct_alloc_hashtable(): use __GFP_NOWARN
[NET]: Fix race between poll_napi() and net_rx_action()
[TCP] MD5: Remove some more unnecessary casting.
[TCP] vegas: Fix a bug in disabling slow start by gamma parameter.
[IPVS]: use proper timeout instead of fixed value
[IPV6] NDISC: Fix setting base_reachable_time_ms variable.
Signed-off-by: Krzysztof Helt <krzysztof.h1@wp.pl>
Acked-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Since commit 97d97224ff ("[SERIAL] Fix
console initialisation ordering"), serial_core calls ->pm() on
initialization even if the port was used for console.
This behaviour breaks serial_txx9 console since The serial_txx9 driver
initialize its port entirely on its ->pm() method if new state was 0.
This patch adds checking for oldstate value to fix this probelm.
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Evgeniy said:
I wonder on what type of UFS do you test this patch? NetBSD and FreeBSD
do not use "fs_state", they use "fs_clean" flag, only Solaris does check
like this: fs_state + fs_time == FSOK.
That's why parentheses was like that.
At now with linux-2.6.24-rc1-git1, I get: fs need fsck, but NetBSD's fsck
says that's all ok.
I suggest revert this patch.
Cc: Evgeniy Dushistov <dushistov@mail.ru>
Cc: Satyam Sharma <satyam.sharma@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
It's possible to provoke unionfs (not yet in mainline, though in mm and
some distros) to hit shmem_writepage's BUG_ON(page_mapped(page)). I expect
it's possible to provoke the 2.6.23 ecryptfs in the same way (but the
2.6.24 ecryptfs no longer calls lower level's ->writepage).
This came to light with the recent find that AOP_WRITEPAGE_ACTIVATE could
leak from tmpfs via write_cache_pages and unionfs to userspace. There's
already a fix (e423003028 - writeback: don't
propagate AOP_WRITEPAGE_ACTIVATE) in the tree for that, and it's okay so
far as it goes; but insufficient because it doesn't address the underlying
issue, that shmem_writepage expects to be called only by vmscan (relying on
backing_dev_info capabilities to prevent the normal writeback path from
ever approaching it).
That's an increasingly fragile assumption, and ramdisk_writepage (the other
source of AOP_WRITEPAGE_ACTIVATEs) is already careful to check
wbc->for_reclaim before returning it. Make the same check in
shmem_writepage, thereby sidestepping the page_mapped BUG also.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: Erez Zadok <ezk@cs.sunysb.edu>
Cc: <stable@kernel.org>
Reviewed-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>