aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-06-16afs: afs_fill_page reads too much, or wrong dataAnton Blanchard
afs_fill_page should read the page that is about to be written but the current implementation has a number of issues. If we aren't extending the file we always read PAGE_CACHE_SIZE at offset 0. If we are extending the file we try to read the entire file. Change afs_fill_page to read PAGE_CACHE_SIZE at the right offset, clamped to i_size. While here, avoid calling afs_fill_page when we are doing a PAGE_CACHE_SIZE write. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-06-16VFS: Fix vfsmount overput on simultaneous automountAl Viro
[Kudos to dhowells for tracking that crap down] If two processes attempt to cause automounting on the same mountpoint at the same time, the vfsmount holding the mountpoint will be left with one too few references on it, causing a BUG when the kernel tries to clean up. The problem is that lock_mount() drops the caller's reference to the mountpoint's vfsmount in the case where it finds something already mounted on the mountpoint as it transits to the mounted filesystem and replaces path->mnt with the new mountpoint vfsmount. During a pathwalk, however, we don't take a reference on the vfsmount if it is the same as the one in the nameidata struct, but do_add_mount() doesn't know this. The fix is to make sure we have a ref on the vfsmount of the mountpoint before calling do_add_mount(). However, if lock_mount() doesn't transit, we're then left with an extra ref on the mountpoint vfsmount which needs releasing. We can handle that in follow_managed() by not making assumptions about what we can and what we cannot get from lookup_mnt() as the current code does. The callers of follow_managed() expect that reference to path->mnt will be grabbed iff path->mnt has been changed. follow_managed() and follow_automount() keep track of whether such reference has been grabbed and assume that it'll happen in those and only those cases that'll have us return with changed path->mnt. That assumption is almost correct - it breaks in case of racing automounts and in even harder to hit race between following a mountpoint and a couple of mount --move. The thing is, we don't need to make that assumption at all - after the end of loop in follow_manage() we can check if path->mnt has ended up unchanged and do mntput() if needed. The BUG can be reproduced with the following test program: #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> #include <sys/wait.h> int main(int argc, char **argv) { int pid, ws; struct stat buf; pid = fork(); stat(argv[1], &buf); if (pid > 0) wait(&ws); return 0; } and the following procedure: (1) Mount an NFS volume that on the server has something else mounted on a subdirectory. For instance, I can mount / from my server: mount warthog:/ /mnt -t nfs4 -r On the server /data has another filesystem mounted on it, so NFS will see a change in FSID as it walks down the path, and will mark /mnt/data as being a mountpoint. This will cause the automount code to be triggered. !!! Do not look inside the mounted fs at this point !!! (2) Run the above program on a file within the submount to generate two simultaneous automount requests: /tmp/forkstat /mnt/data/testfile (3) Unmount the automounted submount: umount /mnt/data (4) Unmount the original mount: umount /mnt At this point the kernel should throw a BUG with something like the following: BUG: Dentry ffff880032e3c5c0{i=2,n=} still in use (1) [unmount of nfs4 0:12] Note that the bug appears on the root dentry of the original mount, not the mountpoint and not the submount because sys_umount() hasn't got to its final mntput_no_expire() yet, but this isn't so obvious from the call trace: [<ffffffff8117cd82>] shrink_dcache_for_umount+0x69/0x82 [<ffffffff8116160e>] generic_shutdown_super+0x37/0x15b [<ffffffffa00fae56>] ? nfs_super_return_all_delegations+0x2e/0x1b1 [nfs] [<ffffffff811617f3>] kill_anon_super+0x1d/0x7e [<ffffffffa00d0be1>] nfs4_kill_super+0x60/0xb6 [nfs] [<ffffffff81161c17>] deactivate_locked_super+0x34/0x83 [<ffffffff811629ff>] deactivate_super+0x6f/0x7b [<ffffffff81186261>] mntput_no_expire+0x18d/0x199 [<ffffffff811862a8>] mntput+0x3b/0x44 [<ffffffff81186d87>] release_mounts+0xa2/0xbf [<ffffffff811876af>] sys_umount+0x47a/0x4ba [<ffffffff8109e1ca>] ? trace_hardirqs_on_caller+0x1fd/0x22f [<ffffffff816ea86b>] system_call_fastpath+0x16/0x1b as do_umount() is inlined. However, you can see release_mounts() in there. Note also that it may be necessary to have multiple CPU cores to be able to trigger this bug. Tested-by: Jeff Layton <jlayton@redhat.com> Tested-by: Ian Kent <raven@themaw.net> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-06-16fix wrong iput on d_inode introduced by e6bc45d65dTörök Edwin
Git bisection shows that commit e6bc45d65df8599fdbae73be9cec4ceed274db53 causes BUG_ONs under high I/O load: kernel BUG at fs/inode.c:1368! [ 2862.501007] Call Trace: [ 2862.501007] [<ffffffff811691d8>] d_kill+0xf8/0x140 [ 2862.501007] [<ffffffff81169c19>] dput+0xc9/0x190 [ 2862.501007] [<ffffffff8115577f>] fput+0x15f/0x210 [ 2862.501007] [<ffffffff81152171>] filp_close+0x61/0x90 [ 2862.501007] [<ffffffff81152251>] sys_close+0xb1/0x110 [ 2862.501007] [<ffffffff814c14fb>] system_call_fastpath+0x16/0x1b A reliable way to reproduce this bug is: Login to KDE, run 'rsnapshot sync', and apt-get install openjdk-6-jdk, and apt-get remove openjdk-6-jdk. The buggy part of the patch is this: struct inode *inode = NULL; ..... - if (nd.last.name[nd.last.len]) - goto slashes; inode = dentry->d_inode; - if (inode) - ihold(inode); + if (nd.last.name[nd.last.len] || !inode) + goto slashes; + ihold(inode) ... if (inode) iput(inode); /* truncate the inode here */ If nd.last.name[nd.last.len] is nonzero (and thus goto slashes branch is taken), and dentry->d_inode is non-NULL, then this code now does an additional iput on the inode, which is wrong. Fix this by only setting the inode variable if nd.last.name[nd.last.len] is 0. Reference: https://lkml.org/lkml/2011/6/15/50 Reported-by: Norbert Preining <preining@logic.at> Reported-by: Török Edwin <edwintorok@gmail.com> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Török Edwin <edwintorok@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-06-12Delay struct net freeing while there's a sysfs instance refering to itAl Viro
* new refcount in struct net, controlling actual freeing of the memory * new method in kobj_ns_type_operations (->drop_ns()) * ->current_ns() semantics change - it's supposed to be followed by corresponding ->drop_ns(). For struct net in case of CONFIG_NET_NS it bumps the new refcount; net_drop_ns() decrements it and calls net_free() if the last reference has been dropped. Method renamed to ->grab_current_ns(). * old net_free() callers call net_drop_ns() instead. * sysfs_exit_ns() is gone, along with a large part of callchain leading to it; now that the references stored in ->ns[...] stay valid we do not need to hunt them down and replace them with NULL. That fixes problems in sysfs_lookup() and sysfs_readdir(), along with getting rid of sb->s_instances abuse. Note that struct net *shutdown* logics has not changed - net_cleanup() is called exactly when it used to be called. The only thing postponed by having a sysfs instance refering to that struct net is actual freeing of memory occupied by struct net. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-06-12afs: fix sget() races, close leak on umountAl Viro
* set ->s_fs_info in set() callback passed to sget() * allocate the thing and set it up enough for afs_test_super() before making it visible * have it freed in ->kill_sb() (current tree simply leaks it) * have ->put_super() leave ->s_fs_info->volume alone; it's too early for dropping it; do that from ->kill_sb() after having called kill_anon_super(). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-06-12ubifs: fix sget racesAl Viro
* allocate ubifs_info in ->mount(), fill it enough for sb_test() and set ->s_fs_info to it in set() callback passed to sget(). * do *not* free it in ->put_super(); do that in ->kill_sb() after we'd done kill_anon_super(). * don't free it in ubifs_fill_super() either - deactivate_locked_super() done by caller when ubifs_fill_super() returns an error will take care of that sucker. * get rid of kludge with passing ubi to ubifs_fill_super() in ->s_fs_info; we only need it in alloc_ubifs_info(), so ubifs_fill_super() will need only ubifs_info. Which it will find in ->s_fs_info just fine, no need to reassign anything... As the result, sb_test() becomes safe to apply to all superblocks that can be found by sget() (and a kludge with temporary use of ->s_fs_info to store a pointer to very different structure goes away). Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-06-12ubifs: split allocation of ubifs_info into a separate functionAl Viro
preparation to ubifs sget() race fixes Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-06-12fix leak in proc_set_super()Al Viro
set_anon_super() can fail... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-06-11Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: AppArmor: Fix sleep in invalid context from task_setrlimit
2011-06-11linux/seqlock.h should #include asm/processor.h for cpu_relax()David Howells
It uses cpu_relax(), and so needs <asm/processor.h> Without this patch, I see: CC arch/mn10300/kernel/asm-offsets.s In file included from include/linux/time.h:8, from include/linux/timex.h:56, from include/linux/sched.h:57, from arch/mn10300/kernel/asm-offsets.c:7: include/linux/seqlock.h: In function 'read_seqbegin': include/linux/seqlock.h:91: error: implicit declaration of function 'cpu_relax' whilst building asb2364_defconfig on MN10300. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-09Merge branch 'upstream-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev * 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev: libata: fix unexpectedly frozen port after ata_eh_reset()
2011-06-09Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6: sparc32, leon: bugfix in LEON SMP interrupt init sparc32, sun4m: bugfix in SMP IPI traphandler sparc: Remove unnecessary semicolons Add support for allocating irqs for bootbus devices Do not skip interrupt sources in sun4d interrupt handler and acknowledge interrupts correctly Restructure sun4d_build_device_irq so that timer interrupts can be allocated sparc: PCIC_PCI needs SPARC32 dependency sparc: Do not select GENERIC_HARDIRQS_NO_DEPRECATED sparc32,leon: add GRPCI2 PCI Host driver sparc32,leon: added LEON-common low-level PCI routines sparc32: added CONFIG_PCIC_PCI Kconfig setting
2011-06-09Merge branch 'rc-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 * 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6: perf: Use make kernelversion instead of parsing the Makefile kbuild: Hack for depmod not handling X.Y versions kbuild: Move depmod call to a separate script kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL kbuild: Fix KERNELVERSION for empty SUBLEVEL or PATCHLEVEL kbuild: silence Nothing to be done for 'all' message
2011-06-09sparc32, leon: bugfix in LEON SMP interrupt initDaniel Hellstrom
During converting per-cpu ticker to genirq layer some IRQ initialization code was removed by commit 2cf9530420e446bb61f665d02afeb81070106900 ("sparc32,leon: per-cpu ticker use genirq per-cpu handler"). This patch reintroduces the code at the same place it was removed from. IRQ12 - IRQ14 will crash on LEON SMP without this patch because it will run the SUN4M IRQ trap handler. Reported-by: Jan Andersson <jan@gaisler.com> Signed-off-by: Daniel Hellstrom <daniel@gaisler.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-06-09sparc32, sun4m: bugfix in SMP IPI traphandlerDaniel Hellstrom
Three new IPIs were introduced by commit ecbc42b70acbc6327adefe9635db93fcf62bf59d ("sparc32, sun4m: Implemented SMP IPIs support for SUN4M machines"), the old handler was already prepared for IPIs but handled only IRQ14 and IRQ13, this patch adds support for the new IPI at IRQ12. The IPI trap handler looks at the mask rather than the pending IRQ/IPI, this bug may have masked the problem above, introduced by the same commit. Signed-off-by: Daniel Hellstrom <daniel@gaisler.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2011-06-09perf: Use make kernelversion instead of parsing the MakefileMichal Marek
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Paul Mackerras <paulus@samba.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: Michal Marek <mmarek@suse.cz>
2011-06-09kbuild: Hack for depmod not handling X.Y versionsMichal Marek
depmod from module-init-tools < 3.13 and the busybox depmod check if the kernel release starts with <num>.<num>.<num>. To support these versions, we create a symlink with two numbers prepended. Signed-off-by: Michal Marek <mmarek@suse.cz>
2011-06-09kbuild: Move depmod call to a separate scriptMichal Marek
Do not bloat the Makefile with multiline shell statements. No user-visible change intended. Signed-off-by: Michal Marek <mmarek@suse.cz>
2011-06-09kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVELMichal Marek
expr treats all numbers as decimals, so prepending a zero is safe. Note that the KERNEL_VERSION() macro still takes three arguments, 3.0 has to be written as KERNEL_VERSION(3,0,0). Signed-off-by: Michal Marek <mmarek@suse.cz>
2011-06-09kbuild: Fix KERNELVERSION for empty SUBLEVEL or PATCHLEVELMichal Marek
Omit the second dot for releases without SUBLEVEL. If PATCHLEVEL is also empty, only display VERSION. Signed-off-by: Michal Marek <mmarek@suse.cz>
2011-06-09Merge branch 'merge' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: powerpc: Force page alignment for initrd reserved memory dtc/powerpc: remove obsolete .gitignore entries powerpc/85xx: fix race bug of calling request_irq after enable elbc interrupts powerpc/book3e: Fix CPU feature handling on e5500 in 32-bit mode powerpc/fsl_rio: Fix compile error when CONFIG_FSL_RIO not set
2011-06-09Merge branch 'staging-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 * 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6: staging: iio: max517: Fix iio_info changes Staging: mei: fix debug code Staging: cx23885: fix include of altera.h staging: iio: error case memory leak fix staging: ath6kl: Fix a kernel panic during suspend/resume staging: gma500: get control from firmware framebuffer if conflicts staging: gma500: Skip bogus LVDS VBT mode and check for LVDS before adding backlight staging: usbip: bugfix prevent driver unbind staging: iio: industrialio-trigger: set iio_poll_func private_data staging: rts_pstor: use bitwise operator instead of logical one staging: fix ath6kl build when CFG80211 is not enabled staging: brcm80211: fix for 'multiple definition of wl_msg_level' build err staging: fix olpc_dcon build, needs BACKLIGHT_CLASS_DEVICE Staging: remove STAGING_EXCLUDE_BUILD option Staging: altera: move .h file to proper place
2011-06-09Merge branch 'stable/xen-swiotlb.bugfix' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb-2.6 * 'stable/xen-swiotlb.bugfix' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb-2.6: swiotlb: Export swioltb_nr_tbl and utilize it as appropiate.
2011-06-09Merge branch 'stable/broadcom.ibft-bugfixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibft-2.6 * 'stable/broadcom.ibft-bugfixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibft-2.6: iscsi_ibft: iscsi_ibft_find unused variable i
2011-06-09Merge branch 'unicore32' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/epip/linux-2.6-unicore32 * 'unicore32' of git://git.kernel.org/pub/scm/linux/kernel/git/epip/linux-2.6-unicore32: unicore32: using generic-y format for one line asm-generic files unicore32: change PERCPU to PERCPU_SECTION unicore32: add KBUILD_DEFCONFIG with unicore32_defconfig (old debug_defconfig) unicore32: change zImage physical address, though it's PIC codes unicore32: move rtc-puv3.c to drivers/rtc directory
2011-06-09vsprintf: Update %pI6c to not compress a single 0Joe Perches
RFC 5952 (http://tools.ietf.org/html/rfc5952) mandates that 2 or more consecutive 0's are required before using :: compression. Update ip6_compressed_string to match the RFC and update the http reference as well. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-09exec: delay address limit change until point of no returnMathias Krause
Unconditionally changing the address limit to USER_DS and not restoring it to its old value in the error path is wrong because it prevents us using kernel memory on repeated calls to this function. This, in fact, breaks the fallback of hard coded paths to the init program from being ever successful if the first candidate fails to load. With this patch applied switching to USER_DS is delayed until the point of no return is reached which makes it possible to have a multi-arch rootfs with one arch specific init binary for each of the (hard coded) probed paths. Since the address limit is already set to USER_DS when start_thread() will be invoked, this redundancy can be safely removed. Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-09staging: iio: max517: Fix iio_info changesRoland Stigge
struct iio_info introduced a bug where the second channel of a MAX518 can't be used. This commit fixes the typo (using max518 instead of the max517 struct). Signed-off-by: Roland Stigge <stigge@antcom.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-06-09Staging: mei: fix debug codeDan Carpenter
! has higher precedence than !=. H_RDY is 8 and since neither 0 nor 1 are equal to 8 the original condition was always true. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-06-09iscsi_ibft: iscsi_ibft_find unused variable iConnor Hansen
int i is only needed if CONFIG_ACPI is set so move it within a new ifdef so kernels without ACPI don't allocate space for nothing. Fixes warning too. Signed-off-by: Connor Hansen <cmdkhh@gmail.com> Signed-off-by: Peter Jones <pjones@redhat.com> [v2: Fixed warning when CONFIG_ACPI was defined] Signed-off-by: Konrad Rzeszutek Wilk <konrad@kernel.org>
2011-06-09kbuild: silence Nothing to be done for 'all' messagePeter Foley
This patch silences a Makefile.asm-generic message by defining a dummy rule for all. make -f /usr/src/git/scripts/Makefile.asm-generic \ obj=arch/x86/include/generated/asm make[1]: Nothing to be done for `all'. Signed-off-by: Peter Foley <pefoley2@verizon.net> Signed-off-by: Michal Marek <mmarek@suse.cz>
2011-06-09unicore32: using generic-y format for one line asm-generic filesGuan Xuetao
The patch adds one-line asm-generic files in arch/unicore32/include/asm/Kbuild Also, remove the old implementation in arch/unicore32/Makefile see commit from Sam Ravnborg <d8ecc5cd8e227bc318513b5306ae88a474b8886d> kbuild: asm-generic support Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Acked-by: Arnd Bergmann <arnd@arndb.de>
2011-06-09unicore32: change PERCPU to PERCPU_SECTIONGuan Xuetao
The patch changes PERCPU to PERCPU_SECTION see commit from Tejun Heo <0415b00d175e0d8945e6785aad21b5f157976ce0> percpu: Always align percpu output section to PAGE_SIZE Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Acked-by: Tejun Heo <tj@kernel.org>
2011-06-09unicore32: add KBUILD_DEFCONFIG with unicore32_defconfig (old debug_defconfig)Guan Xuetao
Rename debug_defconfig to unicore32_defconfig, which is a minimal config for PKUnity-v3 (130nm) SoC board. Also, add KBUILD_DEFCONFIG to use 'make defconfig'. Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Acked-by: Arnd Bergmann <arnd@arndb.de>
2011-06-09unicore32: change zImage physical address, though it's PIC codesGuan Xuetao
U-boot will load the kernel image to 48M physical memory address. The patch changes it to the correct address, though it's PIC codes. Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Acked-by: Arnd Bergmann <arnd@arndb.de>
2011-06-09unicore32: move rtc-puv3.c to drivers/rtc directoryGuan Xuetao
The patch moves rtc driver for PKUnity-v3 SoC from arch/unicore32/kernel/ to drivers/rtc/, with renaming it to rtc-puv3.c. Also, Kconfig, Makefile, and MAINTAINERS are modified correspondingly. Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Acked-by: Arnd Bergmann <arnd@arndb.de>
2011-06-09powerpc: Force page alignment for initrd reserved memoryBenjamin Herrenschmidt
When using 64K pages with a separate cpio rootfs, U-Boot will align the rootfs on a 4K page boundary. When the memory is reserved, and subsequent early memblock_alloc is called, it will allocate memory between the 64K page alignment and reserved memory. When the reserved memory is subsequently freed, it is done so by pages, causing the early memblock_alloc requests to be re-used, which in my case, caused the device-tree to be clobbered. This patch forces the reserved memory for initrd to be kernel page aligned, and will move the device tree if it overlaps with the range extension of initrd. This patch will also consolidate the identical function free_initrd_mem() from mm/init_32.c, init_64.c to mm/mem.c, and adds the same range extension when freeing initrd. free_initrd_mem() is also moved to the __init section. Many thanks to Milton Miller for his input on this patch. [BenH: Fixed build without CONFIG_BLK_DEV_INITRD] Signed-off-by: Dave Carroll <dcarroll@astekcorp.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2011-06-09Merge remote branch 'kumar/merge' into mergeBenjamin Herrenschmidt
2011-06-09Merge remote branch 'gcl/powerpc/merge' into mergeBenjamin Herrenschmidt
2011-06-09AppArmor: Fix sleep in invalid context from task_setrlimitJohn Johansen
Affected kernels 2.6.36 - 3.0 AppArmor may do a GFP_KERNEL memory allocation with task_lock(tsk->group_leader); held when called from security_task_setrlimit. This will only occur when the task's current policy has been replaced, and the task's creds have not been updated before entering the LSM security_task_setrlimit() hook. BUG: sleeping function called from invalid context at mm/slub.c:847 in_atomic(): 1, irqs_disabled(): 0, pid: 1583, name: cupsd 2 locks held by cupsd/1583: #0: (tasklist_lock){.+.+.+}, at: [<ffffffff8104dafa>] do_prlimit+0x61/0x189 #1: (&(&p->alloc_lock)->rlock){+.+.+.}, at: [<ffffffff8104db2d>] do_prlimit+0x94/0x189 Pid: 1583, comm: cupsd Not tainted 3.0.0-rc2-git1 #7 Call Trace: [<ffffffff8102ebf2>] __might_sleep+0x10d/0x112 [<ffffffff810e6f46>] slab_pre_alloc_hook.isra.49+0x2d/0x33 [<ffffffff810e7bc4>] kmem_cache_alloc+0x22/0x132 [<ffffffff8105b6e6>] prepare_creds+0x35/0xe4 [<ffffffff811c0675>] aa_replace_current_profile+0x35/0xb2 [<ffffffff811c4d2d>] aa_current_profile+0x45/0x4c [<ffffffff811c4d4d>] apparmor_task_setrlimit+0x19/0x3a [<ffffffff811beaa5>] security_task_setrlimit+0x11/0x13 [<ffffffff8104db6b>] do_prlimit+0xd2/0x189 [<ffffffff8104dea9>] sys_setrlimit+0x3b/0x48 [<ffffffff814062bb>] system_call_fastpath+0x16/0x1b Signed-off-by: John Johansen <john.johansen@canonical.com> Reported-by: Miles Lane <miles.lane@gmail.com> Cc: stable@kernel.org Signed-off-by: James Morris <jmorris@namei.org>
2011-06-08dtc/powerpc: remove obsolete .gitignore entriesWolfram Sang
dtc was moved and .gitignores have been added to the new location. So, we can delete the old, forgotten ones. Signed-off-by: Wolfram Sang <w.sang@pengutronix.de> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
2011-06-08Merge branch 'pm-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6 * 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6: PM / Runtime: Fix loops in pm_runtime_clk_notify() PM / Intel IOMMU: Fix init_iommu_pm_ops() for CONFIG_PM unset
2011-06-08vfs: reorganize 'struct inode' layout a bitLinus Torvalds
This tries to make the 'struct inode' accesses denser in the data cache by moving a commonly accessed field (i_security) closer to other fields that are accessed often. It also makes 'i_state' just an 'unsigned int' rather than 'unsigned long', since we only use a few bits of that field, and moves it next to the existing 'i_flags' so that we potentially get better structure layout (although depending on config options, i_flags may already have packed in the same word as i_lock, so this improves packing only for the case of spinlock debugging) Out 'struct inode' is still way too big, and we should probably move some other fields around too (the acl fields in particular) for better data cache access density. Other fields (like the inode hash) are likely to be entirely irrelevant under most loads. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-08selinux: simplify and clean up inode_has_perm()Linus Torvalds
This is a rather hot function that is called with a potentially NULL "struct common_audit_data" pointer argument. And in that case it has to provide and initialize its own dummy common_audit_data structure. However, all the _common_ cases already pass it a real audit-data structure, so that uncommon NULL case not only creates a silly run-time test, more importantly it causes that function to have a big stack frame for the dummy variable that isn't even used in the common case! So get rid of that stupid run-time behavior, and make the (few) functions that currently call with a NULL pointer just call a new helper function instead (naturally called inode_has_perm_noapd(), since it has no adp argument). This makes the run-time test be a static code generation issue instead, and allows for a much denser stack since none of the common callers need the dummy structure. And a denser stack not only means less stack space usage, it means better cache behavior. So we have a win-win-win from this simplification: less code executed, smaller stack footprint, and better cache behavior. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-08Merge branch 'usb-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 * 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (28 commits) MAINTAINERS: add a maintainer to Gadget Framework USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver Revert "USB: option: add ID for ZTE MF 330" drivers/usb/host/ohci-pxa27x.c: add missing clk_put USB: CONFIG_USB_GADGET_DUALSPEED is not user-configurable USB: dummy-hcd needs the has_tt flag usb-storage: redo incorrect reads usb/renesas_usbhs: free uep on removal usb/s3c-hsudc: fix error path usb/pxa25x_udc: cleanup the LUBBOCK err path usb/mv_udc_core: fix compile usb: gadget: include <linux/prefetch.h> to fix compiling error USB: s3c-hsotg: Tone down debugging usb: remove bad dput after dentry_unhash USB: core: Tolerate protocol stall during hub and port status read musb: fix prefetch build failure USB: cdc-acm: Adding second ACM channel support for Nokia E7 and C7 usb-gadget: unlock data->lock mutex on error path in ep_write() USB: option Add blacklist for ZTE K3765-Z (19d2:2002) option: add Prolink PH300 modem IDs ...
2011-06-08MAINTAINERS: add a maintainer to Gadget FrameworkFelipe Balbi
I'll be continuing the amazing work Dave has done with the Gadget Framework. Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-06-08Merge branch 'spi/merge' of git://git.secretlab.ca/git/linux-2.6Linus Torvalds
* 'spi/merge' of git://git.secretlab.ca/git/linux-2.6: spi/rtc-m41t93: Use spi_get_drvdata() for SPI devices spi/omap2: fix uninitialized variable
2011-06-08Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: trivial: add space in fsc error message cifs: silence printk when establishing first session on socket CIFS ACL support needs CONFIG_KEYS, so depend on it possible memory corruption in cifs_parse_mount_options() cifs: make CIFS depend on CRYPTO_ECB cifs: fix the kernel release version in the default security warning message
2011-06-08Merge 3.0-rc2 + Linus's latest into usb-linusGreg Kroah-Hartman
This is needed to get the following MAINTAINERS patch to apply properly. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-06-08USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driverSteffen Sledz
E.g. newer CAN 2.0 A/B <=> USB 2.0 converters report idProduct=f3c2. Signed-off-by: Steffen Sledz <sledz@dresearch-fe.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>