1. 20 Jul, 2012 5 commits
    • Julia Lawall's avatar
      UBIFS: remove invalid reference to list iterator variable · 7074e5eb
      Julia Lawall authored
      If list_for_each_entry, etc complete a traversal of the list, the iterator
      variable ends up pointing to an address at an offset from the list head,
      and not a meaningful structure.  Thus this value should not be used after
      the end of the iterator.  Replace a field access from orphan by NULL in two
      places.
      
      A simplified version of the semantic match that finds this problem is as
      follows: (http://coccinelle.lip6.fr/)
      
      // <smpl>
      @@
      identifier c;
      expression E;
      iterator name list_for_each_entry;
      statement S;
      @@
      
      list_for_each_entry(c,...) { ... when != break;
                                       when forall
                                       when strict
      }
      ...
      (
      c = E
      |
      *c
      )
      // </smpl>
      
      Artem: fortunately, this did not cause any issues because we iterate the orphan
      list using the elements count, so we never dereferenced the corrupted pointer.
      This is why I do not send this patch to -stable. But otherwise - well spotted!
      Signed-off-by: default avatarJulia Lawall <Julia.Lawall@lip6.fr>
      Signed-off-by: default avatarArtem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
      7074e5eb
    • Artem Bityutskiy's avatar
      UBIFS: simplify reply code a bit · d51f17ea
      Artem Bityutskiy authored
      In the log reply code we assume that 'c->lhead_offs' is known and may be
      non-zero, which is not the case because we do not store it in the master
      node and have to find out by scanning on every mount. Knowing this fact
      allows us to simplify the log scanning loop a bit and remove a couple
      of unneeded local variables.
      Signed-off-by: default avatarArtem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
      d51f17ea
    • Artem Bityutskiy's avatar
      UBIFS: add debugfs knob to switch to R/O mode · 06bef945
      Artem Bityutskiy authored
      This patch adds another debugfs knob which switches UBIFS to R/O mode.
      I needed it while trying to reproduce the 'first log node is not CS node'
      bug. Without this debugfs knob you have to perform a power cut to repruduce
      the bug. The knob is named 'ro_error' and all it does is it sets the
      'ro_error' UBIFS flag which makes UBIFS disallow any further writes - even
      write-back will fail with -EROFS. Useful for debugging.
      Signed-off-by: default avatarArtem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
      06bef945
    • Alexandre Pereira da Silva's avatar
      UBIFS: fix compilation warning · 782759b9
      Alexandre Pereira da Silva authored
      Fix the following compilation warning:
      
      fs/ubifs/dir.c: In function 'ubifs_rename':
      fs/ubifs/dir.c:972:15: warning: 'saved_nlink' may be used uninitialized
      in this function
      
      Use the 'uninitialized_var()' macro to get rid of this false-positive.
      
      Artem: massaged the patch a bit.
      Signed-off-by: default avatarAlexandre Pereira da Silva <aletes.xgr@gmail.com>
      Signed-off-by: default avatarArtem Bityutskiy <artem.bityutskiy@linux.intel.com>
      782759b9
    • Artem Bityutskiy's avatar
      UBIFS: fix a bug in empty space fix-up · c6727932
      Artem Bityutskiy authored
      UBIFS has a feature called "empty space fix-up" which is a quirk to work-around
      limitations of dumb flasher programs. Namely, of those flashers that are unable
      to skip NAND pages full of 0xFFs while flashing, resulting in empty space at
      the end of half-filled eraseblocks to be unusable for UBIFS. This feature is
      relatively new (introduced in v3.0).
      
      The fix-up routine (fixup_free_space()) is executed only once at the very first
      mount if the superblock has the 'space_fixup' flag set (can be done with -F
      option of mkfs.ubifs). It basically reads all the UBIFS data and metadata and
      writes it back to the same LEB. The routine assumes the image is pristine and
      does not have anything in the journal.
      
      There was a bug in 'fixup_free_space()' where it fixed up the log incorrectly.
      All but one LEB of the log of a pristine file-system are empty. And one
      contains just a commit start node. And 'fixup_free_space()' just unmapped this
      LEB, which resulted in wiping the commit start node. As a result, some users
      were unable to mount the file-system next time with the following symptom:
      
      UBIFS error (pid 1): replay_log_leb: first log node at LEB 3:0 is not CS node
      UBIFS error (pid 1): replay_log_leb: log error detected while replaying the log at LEB 3:0
      
      The root-cause of this bug was that 'fixup_free_space()' wrongly assumed
      that the beginning of empty space in the log head (c->lhead_offs) was known
      on mount. However, it is not the case - it was always 0. UBIFS does not store
      in it the master node and finds out by scanning the log on every mount.
      
      The fix is simple - just pass commit start node size instead of 0 to
      'fixup_leb()'.
      Signed-off-by: default avatarArtem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
      Cc: stable@vger.kernel.org [v3.0+]
      Reported-by: default avatarIwo Mergler <Iwo.Mergler@netcommwireless.com>
      Tested-by: default avatarIwo Mergler <Iwo.Mergler@netcommwireless.com>
      Reported-by: default avatarJames Nute <newten82@gmail.com>
      c6727932
  2. 08 Jul, 2012 3 commits
  3. 07 Jul, 2012 2 commits
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · cd6407fe
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "Last merge window, we had some updates from Al cleaning up the signal
        restart handling.  These have caused some problems on ARM, and while
        Al has some fixes, we have some concerns with Al's patches but we've
        been unsuccesful with discussing this.
      
        We have got to the point where we need to do something, and we've
        decided that the best solution is to revert the appropriate commits
        until Al is able to reply to us.
      
        Also included here are four patches to fix warnings that I've noticed
        in my build system, and one fix for kprobes test code."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: fix warning caused by wrongly typed arm_dma_limit
        ARM: fix warnings about atomic64_read
        ARM: 7440/1: kprobes: only test 'sub pc, pc, #1b-2b+8-2' on ARMv6
        ARM: 7441/1: perf: return -EOPNOTSUPP if requested mode exclusion is unavailable
        ARM: 7443/1: Revert "new way of handling ERESTART_RESTARTBLOCK"
        ARM: 7442/1: Revert "remove unused restart trampoline"
        ARM: fix set_domain() macro
        ARM: fix mach-versatile/pci.c warning
      cd6407fe
    • Andy Lutomirski's avatar
      security: Minor improvements to no_new_privs documentation · c540521b
      Andy Lutomirski authored
      The documentation didn't actually mention how to enable no_new_privs.
      This also adds a note about possible interactions between
      no_new_privs and LSMs (i.e. why teaching systemd to set no_new_privs
      is not necessarily a good idea), and it references the new docs
      from include/linux/prctl.h.
      Suggested-by: default avatarRob Landley <rob@landley.net>
      Signed-off-by: default avatarAndy Lutomirski <luto@amacapital.net>
      Acked-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      c540521b
  4. 06 Jul, 2012 11 commits
  5. 05 Jul, 2012 17 commits
  6. 04 Jul, 2012 2 commits