1. 09 Jan, 2012 1 commit
  2. 22 Nov, 2011 2 commits
    • Dan Carpenter's avatar
      ext3: NULL dereference in ext3_evict_inode() · bcdd0c16
      Dan Carpenter authored
      This is an fsfuzzer bug.  ->s_journal is set at the end of
      ext3_load_journal() but we try to use it in the error handling from
      ext3_get_journal() while it's still NULL.
      
      [  337.039041] BUG: unable to handle kernel NULL pointer dereference at 0000000000000024
      [  337.040380] IP: [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30
      [  337.041687] PGD 0
      [  337.043118] Oops: 0002 [#1] SMP
      [  337.044483] CPU 3
      [  337.044495] Modules linked in: ecb md4 cifs fuse kvm_intel kvm brcmsmac brcmutil crc8 cordic r8169 [last unloaded: scsi_wait_scan]
      [  337.047633]
      [  337.049259] Pid: 8308, comm: mount Not tainted 3.2.0-rc2-next-20111121+ #24 SAMSUNG ELECTRONICS CO., LTD. RV411/RV511/E3511/S3511    /RV411/RV511/E3511/S3511
      [  337.051064] RIP: 0010:[<ffffffff816e6539>]  [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30
      [  337.052879] RSP: 0018:ffff8800b1d11ae8  EFLAGS: 00010282
      [  337.054668] RAX: 0000000000000100 RBX: 0000000000000000 RCX: ffff8800b77c2000
      [  337.056400] RDX: ffff8800a97b5c00 RSI: 0000000000000000 RDI: 0000000000000024
      [  337.058099] RBP: ffff8800b1d11ae8 R08: 6000000000000000 R09: e018000000000000
      [  337.059841] R10: ff67366cc2607c03 R11: 00000000110688e6 R12: 0000000000000000
      [  337.061607] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8800a78f06e8
      [  337.063385] FS:  00007f9d95652800(0000) GS:ffff8800b7180000(0000) knlGS:0000000000000000
      [  337.065110] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  337.066801] CR2: 0000000000000024 CR3: 00000000aef2c000 CR4: 00000000000006e0
      [  337.068581] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  337.070321] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      [  337.072105] Process mount (pid: 8308, threadinfo ffff8800b1d10000, task ffff8800b1d02be0)
      [  337.073800] Stack:
      [  337.075487]  ffff8800b1d11b08 ffffffff811f48cf ffff88007ac9b158 0000000000000000
      [  337.077255]  ffff8800b1d11b38 ffffffff8119405d ffff88007ac9b158 ffff88007ac9b250
      [  337.078851]  ffffffff8181bda0 ffffffff8181bda0 ffff8800b1d11b68 ffffffff81131e31
      [  337.080284] Call Trace:
      [  337.081706]  [<ffffffff811f48cf>] log_start_commit+0x1f/0x40
      [  337.083107]  [<ffffffff8119405d>] ext3_evict_inode+0x1fd/0x2a0
      [  337.084490]  [<ffffffff81131e31>] evict+0xa1/0x1a0
      [  337.085857]  [<ffffffff81132031>] iput+0x101/0x210
      [  337.087220]  [<ffffffff811339d1>] iget_failed+0x21/0x30
      [  337.088581]  [<ffffffff811905fc>] ext3_iget+0x15c/0x450
      [  337.089936]  [<ffffffff8118b0c1>] ? ext3_rsv_window_add+0x81/0x100
      [  337.091284]  [<ffffffff816df9a4>] ext3_get_journal+0x15/0xde
      [  337.092641]  [<ffffffff811a2e9b>] ext3_fill_super+0xf2b/0x1c30
      [  337.093991]  [<ffffffff810ddf7d>] ? register_shrinker+0x4d/0x60
      [  337.095332]  [<ffffffff8111c112>] mount_bdev+0x1a2/0x1e0
      [  337.096680]  [<ffffffff811a1f70>] ? ext3_setup_super+0x210/0x210
      [  337.098026]  [<ffffffff8119a770>] ext3_mount+0x10/0x20
      [  337.099362]  [<ffffffff8111cbee>] mount_fs+0x3e/0x1b0
      [  337.100759]  [<ffffffff810eda1b>] ? __alloc_percpu+0xb/0x10
      [  337.102330]  [<ffffffff81135385>] vfs_kern_mount+0x65/0xc0
      [  337.103889]  [<ffffffff8113611f>] do_kern_mount+0x4f/0x100
      [  337.105442]  [<ffffffff811378fc>] do_mount+0x19c/0x890
      [  337.106989]  [<ffffffff810e8456>] ? memdup_user+0x46/0x90
      [  337.108572]  [<ffffffff810e84f3>] ? strndup_user+0x53/0x70
      [  337.110114]  [<ffffffff811383fb>] sys_mount+0x8b/0xe0
      [  337.111617]  [<ffffffff816ed93b>] system_call_fastpath+0x16/0x1b
      [  337.113133] Code: 38 c2 74 0f 66 0f 1f 44 00 00 f3 90 0f b6 03 38 c2 75 f7 48 83 c4 08 5b 5d c3 0f 1f 84 00 00 00 00 00 55 b8 00 01 00 00 48 89 e5 <f0> 66 0f c1 07 0f b6 d4 38 c2 74 0c 0f 1f 00 f3 90 0f b6 07 38
      [  337.116588] RIP  [<ffffffff816e6539>] _raw_spin_lock+0x9/0x30
      [  337.118260]  RSP <ffff8800b1d11ae8>
      [  337.119998] CR2: 0000000000000024
      [  337.188701] ---[ end trace c36d790becac1615 ]---
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      bcdd0c16
    • Yongqiang Yang's avatar
      jbd: clear revoked flag on buffers before a new transaction started · 8c111b3f
      Yongqiang Yang authored
      Currently, we clear revoked flag only when a block is reused.  However,
      this can tigger a false journal error.  Consider a situation when a block
      is used as a meta block and is deleted(revoked) in ordered mode, then the
      block is allocated as a data block to a file.  At this moment, user changes
      the file's journal mode from ordered to journaled and truncates the file.
      The block will be considered re-revoked by journal because it has revoked
      flag still pending from the last transaction and an assertion triggers.
      
      We fix the problem by keeping the revoked status more uptodate - we clear
      revoked flag when switching revoke tables to reflect there is no revoked
      buffers in current transaction any more.
      Signed-off-by: default avatarYongqiang Yang <xiaoqiangnk@gmail.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      8c111b3f
  3. 09 Nov, 2011 4 commits
  4. 08 Nov, 2011 18 commits
  5. 07 Nov, 2011 15 commits
    • Al Viro's avatar
      VFS: we need to set LOOKUP_JUMPED on mountpoint crossing · a3fbbde7
      Al Viro authored
      Mountpoint crossing is similar to following procfs symlinks - we do
      not get ->d_revalidate() called for dentry we have arrived at, with
      unpleasant consequences for NFS4.
      
      Simple way to reproduce the problem in mainline:
      
          cat >/tmp/a.c <<'EOF'
          #include <unistd.h>
          #include <fcntl.h>
          #include <stdio.h>
          main()
          {
                  struct flock fl = {.l_type = F_RDLCK, .l_whence = SEEK_SET, .l_len = 1};
                  if (fcntl(0, F_SETLK, &fl))
                          perror("setlk");
          }
          EOF
          cc /tmp/a.c -o /tmp/test
      
      then on nfs4:
      
          mount --bind file1 file2
          /tmp/test < file1		# ok
          /tmp/test < file2		# spews "setlk: No locks available"...
      
      What happens is the missing call of ->d_revalidate() after mountpoint
      crossing and that's where NFS4 would issue OPEN request to server.
      
      The fix is simple - treat mountpoint crossing the same way we deal with
      following procfs-style symlinks.  I.e.  set LOOKUP_JUMPED...
      
      Cc: stable@kernel.org
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a3fbbde7
    • Jonathan Corbet's avatar
      PM / devfreq: fix private_data · 1a51cfdc
      Jonathan Corbet authored
      The "private_date" field in struct devfreq_dev_status almost certainly
      wants to be "private_data"; since there are no in-tree users of this
      functionality, now seems like an easy time to make the fix.
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      1a51cfdc
    • Rafael J. Wysocki's avatar
      Documentation: Fix typo in freezer-subsystem.txt · 5f111616
      Rafael J. Wysocki authored
      Fix a typo in Documentation/cgroups/freezer-subsystem.txt.
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      Reviewed-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Acked-by: default avatarRandy Dunlap <rdunlap@xenotime.net>
      5f111616
    • Dominik Brodowski's avatar
      PM / QoS: Set cpu_dma_pm_qos->name · a6f05b97
      Dominik Brodowski authored
      Since commit 4a31a334, the name of this misc device is not initialized,
      which leads to a funny device named /dev/(null) being created and
      /proc/misc containing an entry with just a number but no name. The latter
      leads to complaints by cryptsetup, which caused me to investigate this
      matter.
      Signed-off-by: default avatarDominik Brodowski <linux@dominikbrodowski.net>
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      a6f05b97
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 54a0f913
      Linus Torvalds authored
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf top: Fix live annotation in the --stdio interface
        perf top tui: Don't recalc column widths considering just the first page
        perf report: Add progress bar when processing time ordered events
        perf hists browser: Warn about lost events
        perf tools: Fix a typo of command name as trace-cmd
        perf hists: Fix recalculation of total_period when sorting entries
        perf header: Fix build on old systems
        perf ui browser: Handle K_RESIZE in dialog windows
        perf ui browser: No need to switch char sets that often
        perf hists browser: Use K_TIMER
        perf ui: Rename ui__warning_paranoid to ui__error_paranoid
        perf ui: Reimplement the popup windows using libslang
        perf ui: Reimplement ui__popup_menu using ui__browser
        perf ui: Reimplement ui_helpline using libslang
        perf ui: Improve handling sigwinch a bit
        perf ui progress: Reimplement using slang
        perf evlist: Fix grouping of multiple events
      54a0f913
    • Tony Lindgren's avatar
      d30cc16c
    • Tony Lindgren's avatar
      ARM: OMAP: Fix export.h or module.h includes · a1bcc1dc
      Tony Lindgren authored
      Commit 32aaeffb (Merge branch
      'modsplit-Oct31_2011'...) caused some build errors. Fix these
      and make sure we always have export.h or module.h included
      for MODULE_ and EXPORT_SYMBOL users:
      
      $ grep -rl ^MODULE_ arch/arm/*omap*/*.c | xargs \
        grep -L linux/module.h
        arch/arm/mach-omap2/dsp.c
        arch/arm/mach-omap2/mailbox.c
        arch/arm/mach-omap2/omap-iommu.c
        arch/arm/mach-omap2/smartreflex.c
      
      Also check we either have export.h or module.h included
      for the files exporting symbols:
      
      $ grep -rl EXPORT_SYMBOL arch/arm/*omap*/*.c | xargs \
        grep -L linux/export.h | xargs grep -L linux/module.h
      
      Cc: Russell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarTony Lindgren <tony@atomide.com>
      a1bcc1dc
    • Axel Lin's avatar
      ARM: OMAP: omap_device: Include linux/export.h · 55581415
      Axel Lin authored
      Include linux/export.h to fix below build warning:
      
        CC      arch/arm/plat-omap/omap_device.o
      arch/arm/plat-omap/omap_device.c:1055: warning: data definition has no type or storage class
      arch/arm/plat-omap/omap_device.c:1055: warning: type defaults to 'int' in declaration of 'EXPORT_SYMBOL'
      arch/arm/plat-omap/omap_device.c:1055: warning: parameter names (without types) in function declaration
      Signed-off-by: default avatarAxel Lin <axel.lin@gmail.com>
      Signed-off-by: default avatarTony Lindgren <tony@atomide.com>
      55581415
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 94956eed
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
        forcedeth: fix a few sparse warnings (variable shadowing)
        forcedeth: Improve stats counters
        forcedeth: remove unneeded stats updates
        forcedeth: Acknowledge only interrupts that are being processed
        forcedeth: fix race when unloading module
        MAINTAINERS/rds: update maintainer
        wanrouter: Remove kernel_lock annotations
        usbnet: fix oops in usbnet_start_xmit
        ixgbe: Fix compile for kernel without CONFIG_PCI_IOV defined
        etherh: Add MAINTAINERS entry for etherh
        bonding: comparing a u8 with -1 is always false
        sky2: fix regression on Yukon Optima
        netlink: clarify attribute length check documentation
        netlink: validate NLA_MSECS length
        i825xx:xscale:8390:freescale: Fix Kconfig dependancies
        macvlan: receive multicast with local address
        tg3: Update version to 3.121
        tg3: Eliminate timer race with reset_task
        tg3: Schedule at most one tg3_reset_task run
        tg3: Obtain PCI function number from device
        ...
      94956eed
    • Al Viro's avatar
    • david decotigny's avatar
      forcedeth: fix a few sparse warnings (variable shadowing) · e45a6187
      david decotigny authored
      This fixes the following sparse warnings:
      drivers/net/ethernet/nvidia/forcedeth.c:2113:7: warning: symbol 'size' shadows an earlier one
      drivers/net/ethernet/nvidia/forcedeth.c:2102:6: originally declared here
      drivers/net/ethernet/nvidia/forcedeth.c:2155:7: warning: symbol 'size' shadows an earlier one
      drivers/net/ethernet/nvidia/forcedeth.c:2102:6: originally declared here
      drivers/net/ethernet/nvidia/forcedeth.c:2227:7: warning: symbol 'size' shadows an earlier one
      drivers/net/ethernet/nvidia/forcedeth.c:2215:6: originally declared here
      drivers/net/ethernet/nvidia/forcedeth.c:2271:7: warning: symbol 'size' shadows an earlier one
      drivers/net/ethernet/nvidia/forcedeth.c:2215:6: originally declared here
      drivers/net/ethernet/nvidia/forcedeth.c:2986:20: warning: symbol 'addr' shadows an earlier one
      drivers/net/ethernet/nvidia/forcedeth.c:2963:6: originally declared here
      Signed-off-by: default avatarDavid Decotigny <david.decotigny@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e45a6187
    • Mandeep Baines's avatar
      forcedeth: Improve stats counters · 0bdfea8b
      Mandeep Baines authored
      Rx byte count was off; instead use the hardware's count.  Tx packet
      count was counting pre-TSO packets; instead count on-the-wire packets.
      Report hardware dropped frame count as rx_fifo_errors.
      
      - The count of transmitted packets reported by the forcedeth driver
        reports pre-TSO (TCP Segmentation Offload) packet counts and not the
        count of the number of packets sent on the wire. This change fixes
        the forcedeth driver to report the correct count. Fixed the code by
        copying the count stored in the NIC H/W to the value reported by the
        driver.
      
      - Count rx_drop_frame errors as rx_fifo_errors:
        We see a lot of rx_drop_frame errors if we disable the rx bottom-halves
        for too long.  Normally, rx_fifo_errors would be counted in this case.
        The rx_drop_frame error count is private to forcedeth and is not
        reported by ifconfig or sysfs.  The rx_fifo_errors count is currently
        unused in the forcedeth driver.  It is reported by ifconfig as overruns.
        This change reports rx_drop_frame errors as rx_fifo_errors.
      Signed-off-by: default avatarDavid Decotigny <david.decotigny@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0bdfea8b
    • david decotigny's avatar
      forcedeth: remove unneeded stats updates · 4687f3f3
      david decotigny authored
      Function ndo_get_stats() updates most of the stats from hardware
      registers, making the manual updates un-needed. This change removes
      these manual updates. Main exception is rx_missed_errors which needs
      manual update.
      
      Another exception is rx_packets, still updated manually in this commit
      to make sure this patch doesn't change behavior of driver. This will
      be addressed by a future patch.
      Signed-off-by: default avatarDavid Decotigny <david.decotigny@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4687f3f3
    • Mike Ditto's avatar
      forcedeth: Acknowledge only interrupts that are being processed · 2a4e7a08
      Mike Ditto authored
      This is to avoid a race, accidentally acknowledging an interrupt that
      we didn't notice and won't immediately process.  This is based solely
      on code inspection; it is not known if there was an actual bug here.
      Signed-off-by: default avatarDavid Decotigny <david.decotigny@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2a4e7a08
    • david decotigny's avatar
      forcedeth: fix race when unloading module · f9c4082d
      david decotigny authored
      When forcedeth module is unloaded, there exists a path that can lead
      to mod_timer() after del_timer_sync(), causing an oops. This patch
      short-circuits this unneeded path, which originates in
      nv_get_ethtool_stats().
      
      Tested:
        x86_64 16-way + 3 ethtool -S infinite loops + 100Mbps incoming traffic
        + rmmod/modprobe/ifconfig in a loop
      
      Initial-Author: Salman Qazi <sqazi@google.com>
      Discussion: http://patchwork.ozlabs.org/patch/123548/Signed-off-by: default avatarDavid Decotigny <david.decotigny@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f9c4082d