Git bisection shows that commit e6bc45d65d causes
BUG_ONs under high I/O load:
kernel BUG at fs/inode.c:1368!
[ 2862.501007] Call Trace:
[ 2862.501007] [<ffffffff811691d8>] d_kill+0xf8/0x140
[ 2862.501007] [<ffffffff81169c19>] dput+0xc9/0x190
[ 2862.501007] [<ffffffff8115577f>] fput+0x15f/0x210
[ 2862.501007] [<ffffffff81152171>] filp_close+0x61/0x90
[ 2862.501007] [<ffffffff81152251>] sys_close+0xb1/0x110
[ 2862.501007] [<ffffffff814c14fb>] system_call_fastpath+0x16/0x1b
A reliable way to reproduce this bug is:
Login to KDE, run 'rsnapshot sync', and apt-get install openjdk-6-jdk,
and apt-get remove openjdk-6-jdk.
The buggy part of the patch is this:
struct inode *inode = NULL;
.....
- if (nd.last.name[nd.last.len])
- goto slashes;
inode = dentry->d_inode;
- if (inode)
- ihold(inode);
+ if (nd.last.name[nd.last.len] || !inode)
+ goto slashes;
+ ihold(inode)
...
if (inode)
iput(inode); /* truncate the inode here */
If nd.last.name[nd.last.len] is nonzero (and thus goto slashes branch is taken),
and dentry->d_inode is non-NULL, then this code now does an additional iput on
the inode, which is wrong.
Fix this by only setting the inode variable if nd.last.name[nd.last.len] is 0.
Reference: https://lkml.org/lkml/2011/6/15/50
Reported-by: Norbert Preining <preining@logic.at>
Reported-by: Török Edwin <edwintorok@gmail.com>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Török Edwin <edwintorok@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* new refcount in struct net, controlling actual freeing of the memory
* new method in kobj_ns_type_operations (->drop_ns())
* ->current_ns() semantics change - it's supposed to be followed by
corresponding ->drop_ns(). For struct net in case of CONFIG_NET_NS it bumps
the new refcount; net_drop_ns() decrements it and calls net_free() if the
last reference has been dropped. Method renamed to ->grab_current_ns().
* old net_free() callers call net_drop_ns() instead.
* sysfs_exit_ns() is gone, along with a large part of callchain
leading to it; now that the references stored in ->ns[...] stay valid we
do not need to hunt them down and replace them with NULL. That fixes
problems in sysfs_lookup() and sysfs_readdir(), along with getting rid
of sb->s_instances abuse.
Note that struct net *shutdown* logics has not changed - net_cleanup()
is called exactly when it used to be called. The only thing postponed by
having a sysfs instance refering to that struct net is actual freeing of
memory occupied by struct net.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* set ->s_fs_info in set() callback passed to sget()
* allocate the thing and set it up enough for afs_test_super() before
making it visible
* have it freed in ->kill_sb() (current tree simply leaks it)
* have ->put_super() leave ->s_fs_info->volume alone; it's too early for
dropping it; do that from ->kill_sb() after having called kill_anon_super().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* allocate ubifs_info in ->mount(), fill it enough for sb_test() and
set ->s_fs_info to it in set() callback passed to sget().
* do *not* free it in ->put_super(); do that in ->kill_sb() after we'd
done kill_anon_super().
* don't free it in ubifs_fill_super() either - deactivate_locked_super()
done by caller when ubifs_fill_super() returns an error will take care
of that sucker.
* get rid of kludge with passing ubi to ubifs_fill_super() in ->s_fs_info;
we only need it in alloc_ubifs_info(), so ubifs_fill_super() will need
only ubifs_info. Which it will find in ->s_fs_info just fine, no need to
reassign anything...
As the result, sb_test() becomes safe to apply to all superblocks that
can be found by sget() (and a kludge with temporary use of ->s_fs_info
to store a pointer to very different structure goes away).
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
AppArmor: Fix sleep in invalid context from task_setrlimit
It uses cpu_relax(), and so needs <asm/processor.h>
Without this patch, I see:
CC arch/mn10300/kernel/asm-offsets.s
In file included from include/linux/time.h:8,
from include/linux/timex.h:56,
from include/linux/sched.h:57,
from arch/mn10300/kernel/asm-offsets.c:7:
include/linux/seqlock.h: In function 'read_seqbegin':
include/linux/seqlock.h:91: error: implicit declaration of function 'cpu_relax'
whilst building asb2364_defconfig on MN10300.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc32, leon: bugfix in LEON SMP interrupt init
sparc32, sun4m: bugfix in SMP IPI traphandler
sparc: Remove unnecessary semicolons
Add support for allocating irqs for bootbus devices
Do not skip interrupt sources in sun4d interrupt handler and acknowledge interrupts correctly
Restructure sun4d_build_device_irq so that timer interrupts can be allocated
sparc: PCIC_PCI needs SPARC32 dependency
sparc: Do not select GENERIC_HARDIRQS_NO_DEPRECATED
sparc32,leon: add GRPCI2 PCI Host driver
sparc32,leon: added LEON-common low-level PCI routines
sparc32: added CONFIG_PCIC_PCI Kconfig setting
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6:
perf: Use make kernelversion instead of parsing the Makefile
kbuild: Hack for depmod not handling X.Y versions
kbuild: Move depmod call to a separate script
kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL
kbuild: Fix KERNELVERSION for empty SUBLEVEL or PATCHLEVEL
kbuild: silence Nothing to be done for 'all' message
During converting per-cpu ticker to genirq layer some
IRQ initialization code was removed by commit
2cf9530420 ("sparc32,leon:
per-cpu ticker use genirq per-cpu handler").
This patch reintroduces the code at the same place it was
removed from. IRQ12 - IRQ14 will crash on LEON SMP without
this patch because it will run the SUN4M IRQ trap handler.
Reported-by: Jan Andersson <jan@gaisler.com>
Signed-off-by: Daniel Hellstrom <daniel@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Three new IPIs were introduced by commit
ecbc42b70a ("sparc32, sun4m:
Implemented SMP IPIs support for SUN4M machines"), the
old handler was already prepared for IPIs but handled only
IRQ14 and IRQ13, this patch adds support for the new IPI at
IRQ12.
The IPI trap handler looks at the mask rather than the
pending IRQ/IPI, this bug may have masked the problem
above, introduced by the same commit.
Signed-off-by: Daniel Hellstrom <daniel@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: Michal Marek <mmarek@suse.cz>
depmod from module-init-tools < 3.13 and the busybox depmod check if the
kernel release starts with <num>.<num>.<num>. To support these versions,
we create a symlink with two numbers prepended.
Signed-off-by: Michal Marek <mmarek@suse.cz>
expr treats all numbers as decimals, so prepending a zero is safe. Note
that the KERNEL_VERSION() macro still takes three arguments, 3.0 has to be
written as KERNEL_VERSION(3,0,0).
Signed-off-by: Michal Marek <mmarek@suse.cz>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc: Force page alignment for initrd reserved memory
dtc/powerpc: remove obsolete .gitignore entries
powerpc/85xx: fix race bug of calling request_irq after enable elbc interrupts
powerpc/book3e: Fix CPU feature handling on e5500 in 32-bit mode
powerpc/fsl_rio: Fix compile error when CONFIG_FSL_RIO not set
* 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
staging: iio: max517: Fix iio_info changes
Staging: mei: fix debug code
Staging: cx23885: fix include of altera.h
staging: iio: error case memory leak fix
staging: ath6kl: Fix a kernel panic during suspend/resume
staging: gma500: get control from firmware framebuffer if conflicts
staging: gma500: Skip bogus LVDS VBT mode and check for LVDS before adding backlight
staging: usbip: bugfix prevent driver unbind
staging: iio: industrialio-trigger: set iio_poll_func private_data
staging: rts_pstor: use bitwise operator instead of logical one
staging: fix ath6kl build when CFG80211 is not enabled
staging: brcm80211: fix for 'multiple definition of wl_msg_level' build err
staging: fix olpc_dcon build, needs BACKLIGHT_CLASS_DEVICE
Staging: remove STAGING_EXCLUDE_BUILD option
Staging: altera: move .h file to proper place
* 'stable/xen-swiotlb.bugfix' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb-2.6:
swiotlb: Export swioltb_nr_tbl and utilize it as appropiate.
* 'unicore32' of git://git.kernel.org/pub/scm/linux/kernel/git/epip/linux-2.6-unicore32:
unicore32: using generic-y format for one line asm-generic files
unicore32: change PERCPU to PERCPU_SECTION
unicore32: add KBUILD_DEFCONFIG with unicore32_defconfig (old debug_defconfig)
unicore32: change zImage physical address, though it's PIC codes
unicore32: move rtc-puv3.c to drivers/rtc directory
RFC 5952 (http://tools.ietf.org/html/rfc5952) mandates that 2 or more
consecutive 0's are required before using :: compression.
Update ip6_compressed_string to match the RFC and update the http
reference as well.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Unconditionally changing the address limit to USER_DS and not restoring
it to its old value in the error path is wrong because it prevents us
using kernel memory on repeated calls to this function. This, in fact,
breaks the fallback of hard coded paths to the init program from being
ever successful if the first candidate fails to load.
With this patch applied switching to USER_DS is delayed until the point
of no return is reached which makes it possible to have a multi-arch
rootfs with one arch specific init binary for each of the (hard coded)
probed paths.
Since the address limit is already set to USER_DS when start_thread()
will be invoked, this redundancy can be safely removed.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
struct iio_info introduced a bug where the second channel of a MAX518 can't be
used. This commit fixes the typo (using max518 instead of the max517 struct).
Signed-off-by: Roland Stigge <stigge@antcom.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
! has higher precedence than !=. H_RDY is 8 and since neither 0 nor
1 are equal to 8 the original condition was always true.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
int i is only needed if CONFIG_ACPI is set
so move it within a new ifdef so kernels without ACPI
don't allocate space for nothing. Fixes warning too.
Signed-off-by: Connor Hansen <cmdkhh@gmail.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
[v2: Fixed warning when CONFIG_ACPI was defined]
Signed-off-by: Konrad Rzeszutek Wilk <konrad@kernel.org>
This patch silences a Makefile.asm-generic message
by defining a dummy rule for all.
make -f /usr/src/git/scripts/Makefile.asm-generic \
obj=arch/x86/include/generated/asm
make[1]: Nothing to be done for `all'.
Signed-off-by: Peter Foley <pefoley2@verizon.net>
Signed-off-by: Michal Marek <mmarek@suse.cz>
The patch adds one-line asm-generic files in arch/unicore32/include/asm/Kbuild
Also, remove the old implementation in arch/unicore32/Makefile
see commit from Sam Ravnborg <d8ecc5cd8e227bc318513b5306ae88a474b8886d>
kbuild: asm-generic support
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Rename debug_defconfig to unicore32_defconfig, which is a minimal config for
PKUnity-v3 (130nm) SoC board.
Also, add KBUILD_DEFCONFIG to use 'make defconfig'.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Acked-by: Arnd Bergmann <arnd@arndb.de>
U-boot will load the kernel image to 48M physical memory address.
The patch changes it to the correct address, though it's PIC codes.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Acked-by: Arnd Bergmann <arnd@arndb.de>
The patch moves rtc driver for PKUnity-v3 SoC from arch/unicore32/kernel/
to drivers/rtc/, with renaming it to rtc-puv3.c.
Also, Kconfig, Makefile, and MAINTAINERS are modified correspondingly.
Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn>
Acked-by: Arnd Bergmann <arnd@arndb.de>
When using 64K pages with a separate cpio rootfs, U-Boot will align
the rootfs on a 4K page boundary. When the memory is reserved, and
subsequent early memblock_alloc is called, it will allocate memory
between the 64K page alignment and reserved memory. When the reserved
memory is subsequently freed, it is done so by pages, causing the
early memblock_alloc requests to be re-used, which in my case, caused
the device-tree to be clobbered.
This patch forces the reserved memory for initrd to be kernel page
aligned, and will move the device tree if it overlaps with the range
extension of initrd. This patch will also consolidate the identical
function free_initrd_mem() from mm/init_32.c, init_64.c to mm/mem.c,
and adds the same range extension when freeing initrd. free_initrd_mem()
is also moved to the __init section.
Many thanks to Milton Miller for his input on this patch.
[BenH: Fixed build without CONFIG_BLK_DEV_INITRD]
Signed-off-by: Dave Carroll <dcarroll@astekcorp.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Affected kernels 2.6.36 - 3.0
AppArmor may do a GFP_KERNEL memory allocation with task_lock(tsk->group_leader);
held when called from security_task_setrlimit. This will only occur when the
task's current policy has been replaced, and the task's creds have not been
updated before entering the LSM security_task_setrlimit() hook.
BUG: sleeping function called from invalid context at mm/slub.c:847
in_atomic(): 1, irqs_disabled(): 0, pid: 1583, name: cupsd
2 locks held by cupsd/1583:
#0: (tasklist_lock){.+.+.+}, at: [<ffffffff8104dafa>] do_prlimit+0x61/0x189
#1: (&(&p->alloc_lock)->rlock){+.+.+.}, at: [<ffffffff8104db2d>]
do_prlimit+0x94/0x189
Pid: 1583, comm: cupsd Not tainted 3.0.0-rc2-git1 #7
Call Trace:
[<ffffffff8102ebf2>] __might_sleep+0x10d/0x112
[<ffffffff810e6f46>] slab_pre_alloc_hook.isra.49+0x2d/0x33
[<ffffffff810e7bc4>] kmem_cache_alloc+0x22/0x132
[<ffffffff8105b6e6>] prepare_creds+0x35/0xe4
[<ffffffff811c0675>] aa_replace_current_profile+0x35/0xb2
[<ffffffff811c4d2d>] aa_current_profile+0x45/0x4c
[<ffffffff811c4d4d>] apparmor_task_setrlimit+0x19/0x3a
[<ffffffff811beaa5>] security_task_setrlimit+0x11/0x13
[<ffffffff8104db6b>] do_prlimit+0xd2/0x189
[<ffffffff8104dea9>] sys_setrlimit+0x3b/0x48
[<ffffffff814062bb>] system_call_fastpath+0x16/0x1b
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reported-by: Miles Lane <miles.lane@gmail.com>
Cc: stable@kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
dtc was moved and .gitignores have been added to the new location. So, we can
delete the old, forgotten ones.
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
This tries to make the 'struct inode' accesses denser in the data cache
by moving a commonly accessed field (i_security) closer to other fields
that are accessed often.
It also makes 'i_state' just an 'unsigned int' rather than 'unsigned
long', since we only use a few bits of that field, and moves it next to
the existing 'i_flags' so that we potentially get better structure
layout (although depending on config options, i_flags may already have
packed in the same word as i_lock, so this improves packing only for the
case of spinlock debugging)
Out 'struct inode' is still way too big, and we should probably move
some other fields around too (the acl fields in particular) for better
data cache access density. Other fields (like the inode hash) are
likely to be entirely irrelevant under most loads.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This is a rather hot function that is called with a potentially NULL
"struct common_audit_data" pointer argument. And in that case it has to
provide and initialize its own dummy common_audit_data structure.
However, all the _common_ cases already pass it a real audit-data
structure, so that uncommon NULL case not only creates a silly run-time
test, more importantly it causes that function to have a big stack frame
for the dummy variable that isn't even used in the common case!
So get rid of that stupid run-time behavior, and make the (few)
functions that currently call with a NULL pointer just call a new helper
function instead (naturally called inode_has_perm_noapd(), since it has
no adp argument).
This makes the run-time test be a static code generation issue instead,
and allows for a much denser stack since none of the common callers need
the dummy structure. And a denser stack not only means less stack space
usage, it means better cache behavior. So we have a win-win-win from
this simplification: less code executed, smaller stack footprint, and
better cache behavior.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (28 commits)
MAINTAINERS: add a maintainer to Gadget Framework
USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver
Revert "USB: option: add ID for ZTE MF 330"
drivers/usb/host/ohci-pxa27x.c: add missing clk_put
USB: CONFIG_USB_GADGET_DUALSPEED is not user-configurable
USB: dummy-hcd needs the has_tt flag
usb-storage: redo incorrect reads
usb/renesas_usbhs: free uep on removal
usb/s3c-hsudc: fix error path
usb/pxa25x_udc: cleanup the LUBBOCK err path
usb/mv_udc_core: fix compile
usb: gadget: include <linux/prefetch.h> to fix compiling error
USB: s3c-hsotg: Tone down debugging
usb: remove bad dput after dentry_unhash
USB: core: Tolerate protocol stall during hub and port status read
musb: fix prefetch build failure
USB: cdc-acm: Adding second ACM channel support for Nokia E7 and C7
usb-gadget: unlock data->lock mutex on error path in ep_write()
USB: option Add blacklist for ZTE K3765-Z (19d2:2002)
option: add Prolink PH300 modem IDs
...
I'll be continuing the amazing work Dave has
done with the Gadget Framework.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: trivial: add space in fsc error message
cifs: silence printk when establishing first session on socket
CIFS ACL support needs CONFIG_KEYS, so depend on it
possible memory corruption in cifs_parse_mount_options()
cifs: make CIFS depend on CRYPTO_ECB
cifs: fix the kernel release version in the default security warning message
One new offender detected by the recently increased type checking in
platform_get_drvdata():
drivers/rtc/rtc-m41t93.c: In function ‘m41t93_remove’:
drivers/rtc/rtc-m41t93.c:192: warning: passing argument 1 of ‘platform_get_drvdata’ from incompatible pointer type
Use spi_get_drvdata() instead of platform_get_drvdata(), cfr. commit
42fea15d6d ("spi/rtc-{ds1390,ds3234,m41t94}:
Use spi_get_drvdata() for SPI devices")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
* 'stable/bug.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen: off by one errors in multicalls.c
xen: use the trigger info we already have to choose the irq handler
