aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2006-03-17[PATCH] x86: check for online cpus before bringing them upSrivatsa Vaddagiri
Bryce reported a bug wherein offlining CPU0 (on x86 box) and then subsequently onlining it resulted in a lockup. On x86, CPU0 is never offlined. The subsequent attempt to online CPU0 doesn't take that into account. It actually tries to bootup the already booted CPU. Following patch fixes the problem (as acknowledged by Bryce). Please consider for inclusion in 2.6.16. Check if cpu is already online. Signed-off-by: Srivatsa Vaddagiri <vatsa@in.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-17[PATCH] v9fs: fix overzealous dropping of dentry which breaks dcacheEric Van Hensbergen
There is a d_drop in dir_release which caused problems as it invalidates dcache entries too soon. This was likely a part of the wierd cwd behavior folks were seeing. Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-17[PATCH] posix-timers: fix requeue accounting when signal is ignoredRoman Zippel
When the posix-timer signal is ignored then the timer is rearmed by the callback function. The requeue pending accounting has to be fixed up else the state might be wrong. Signed-off-by: Roman Zippel <zippel@linux-m68k.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-17[PATCH] time_interpolator: add __read_mostlyChristoph Lameter
The pointer to the current time interpolator and the current list of time interpolators are typically only changed during bootup. Adding __read_mostly takes them away from possibly hot cachelines. Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-17[PATCH] page migration: Fail with error if swap not setupChristoph Lameter
Currently the migration of anonymous pages will silently fail if no swap is setup. This patch makes page migration functions check for available swap and fail with -ENODEV if no swap space is available. Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-17[PATCH] unshare: Use rcu_assign_pointer when setting sighandEric W. Biederman
The sighand pointer only needs the rcu_read_lock on the read side. So only depending on task_lock protection when setting this pointer is not enough. We also need a memory barrier to ensure the initialization is seen first. Use rcu_assign_pointer as it does this for us, and clearly documents that we are setting an rcu readable pointer. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Acked-by: Paul E. McKenney <paulmck@us.ibm.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-16[netdrvr] fix array overflows in Chelsio driverScott Bardone
Adrian Bunk wrote: > The Coverity checker spotted the following two array overflows in > drivers/net/chelsio/sge.c (in both cases, the arrays contain 3 > elements): [snip] This is a bug. The array should contain 2 elements. Here is the fix. Signed-off-by: Scott Bardone <sbardone@chelsio.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-03-16[PATCH] e1000 endianness bugsDavid S. Miller
return -E_NO_BIG_ENDIAN_TESTING; [E1000]: Fix 4 missed endianness conversions on RX descriptor fields. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2006-03-16Merge branch 'upstream-fixes' of ↵Jeff Garzik
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
2006-03-16Merge branch 'e100-fixes' of git://198.78.49.142/~jbrandeb/linux-2.6Jeff Garzik
2006-03-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-mergeLinus Torvalds
* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge: powerpc: update defconfigs [PATCH] powerpc: properly configure DDR/P5IOC children devs [PATCH] powerpc: remove duplicate EXPORT_SYMBOLS [PATCH] powerpc: RTC memory corruption [PATCH] powerpc: enable NAP only on cpus who support it to avoid memory corruption [PATCH] powerpc: Clarify wording for CRASH_DUMP Kconfig option [PATCH] powerpc/64: enable CONFIG_BLK_DEV_SL82C105 [PATCH] powerpc: correct cacheflush loop in zImage powerpc: Fix problem with time going backwards powerpc: Disallow lparcfg being a module
2006-03-16powerpc: update defconfigsPaul Mackerras
Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16[PATCH] powerpc: properly configure DDR/P5IOC children devsJohn Rose
The dynamic add path for PCI Host Bridges can fail to configure children adapters under P5IOC controllers. It fails to properly fixup bus/device resources, and it fails to properly enable EEH. Both of these steps need to occur before any children devices are enabled in pci_bus_add_devices(). Signed-off-by: John Rose <johnrose@austin.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16[PATCH] powerpc: remove duplicate EXPORT_SYMBOLSOlaf Hering
remove warnings when building a 64bit kernel. smp_call_function triggers also with 32bit kernel. WARNING: vmlinux: duplicate symbol 'smp_call_function' previous definition was in vmlinux arch/powerpc/kernel/ppc_ksyms.c:164:EXPORT_SYMBOL(smp_call_function); arch/powerpc/kernel/smp.c:300:EXPORT_SYMBOL(smp_call_function); WARNING: vmlinux: duplicate symbol 'ioremap' previous definition was in vmlinux arch/powerpc/kernel/ppc_ksyms.c:113:EXPORT_SYMBOL(ioremap); arch/powerpc/mm/pgtable_64.c:321:EXPORT_SYMBOL(ioremap); WARNING: vmlinux: duplicate symbol '__ioremap' previous definition was in vmlinux arch/powerpc/kernel/ppc_ksyms.c:117:EXPORT_SYMBOL(__ioremap); arch/powerpc/mm/pgtable_64.c:322:EXPORT_SYMBOL(__ioremap); WARNING: vmlinux: duplicate symbol 'iounmap' previous definition was in vmlinux arch/powerpc/kernel/ppc_ksyms.c:118:EXPORT_SYMBOL(iounmap); arch/powerpc/mm/pgtable_64.c:323:EXPORT_SYMBOL(iounmap); Signed-off-by: Olaf Hering <olh@suse.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16[PATCH] powerpc: RTC memory corruptionMichael Neuling
We should be memset'ing the data we are pointing to, not the pointer itself. This is in an error path so we probably don't hit it much. Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16[PATCH] powerpc: enable NAP only on cpus who support it to avoid memory ↵Benjamin Herrenschmidt
corruption This patch fixes incorrect setting of powersave_nap to 1 on all PowerMacs, potentially causing memory corruption on some models. This bug was introuced by me during the 32/64 bits merge. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16[PATCH] powerpc: Clarify wording for CRASH_DUMP Kconfig optionMichael Ellerman
The wording of the CRASH_DUMP Kconfig option is not very clear. It gives you a kernel that can be used _as_ the kdump kernel, not a kernel that can boot into a kdump kernel. Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16[PATCH] powerpc/64: enable CONFIG_BLK_DEV_SL82C105Olaf Hering
Enable the onboard IDE driver for p610, p615 and p630. They have the CD connected to this card. All other RS/6000 systems with this controller have no connectors and dont need this option. Signed-off-by: Olaf Hering <olh@suse.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16[PATCH] powerpc: correct cacheflush loop in zImageOlaf Hering
Correct the loop for cacheflush. No idea where I copied the code from, but the original does not work correct. Maybe the flush is not needed. Signed-off-by: Olaf Hering <olh@suse.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-16powerpc: Fix problem with time going backwardsPaul Mackerras
The recent changes to keep gettimeofday in sync with xtime had the side effect that it was occasionally possible for the time reported by gettimeofday to go back by a microsecond. There were two reasons: (1) when we recalculated the offsets used by gettimeofday every 2^31 timebase ticks, we lost an accumulated fractional microsecond, and (2) because the update is done some time after the notional start of jiffy, if ntp is slowing the clock, it is possible to see time go backwards when the timebase factor gets reduced. This fixes it by (a) slowing the gettimeofday clock by about 1us in 2^31 timebase ticks (a factor of less than 1 in 3.7 million), and (b) adjusting the timebase offsets in the rare case that the gettimeofday result could possibly go backwards (i.e. when ntp is slowing the clock and the timer interrupt is late). In this case the adjustment will reduce to zero eventually because of (a). Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-03-15Merge master.kernel.org:/home/rmk/linux-2.6-armLinus Torvalds
* master.kernel.org:/home/rmk/linux-2.6-arm: [ARM] 3362/1: [cleanup] - duplicate decleration of mem_fclk_21285 [ARM] 3365/1: [cleanup] header for compat.c exported functions [ARM] 3364/1: [cleanup] warning fix - definitions for enable_hlt and disable_hlt [ARM] 3363/1: [cleanup] process.c - fix warnings [ARM] 3358/1: [S3C2410] add missing SPI DMA resources [ARM] 3357/1: enable frontlight on collie [ARM] Fix "thead" typo
2006-03-15[PATCH] Fix ext2 readdir f_pos re-validation logicAl Viro
This fixes not one, but _two_, silly (but admittedly hard to hit) bugs in the ext2 filesystem "readdir()" function. It also cleans up the code to avoid the unnecessary goto mess. The bugs were related to re-valiating the f_pos value after somebody had either done an "lseek()" on the directory to an invalid offset, or when the offset had become invalid due to a file being unlinked in the directory. The code would not only set the f_version too eagerly, it would also not update f_pos appropriately for when the offset fixup took place. When that happened, we'd occasionally subsequently fail the readdir() even when we shouldn't (no real harm done, but an ugly printk, and obviously you would end up not necessarily seeing all entries). Thanks to Masoud Sharbiani <masouds@google.com> who noticed the problem and had a test-case for it, and also fixed up a thinko in the first version of this patch. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Masoud Sharbiani <masouds@google.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-15[ARM] 3362/1: [cleanup] - duplicate decleration of mem_fclk_21285Ben Dooks
Patch from Ben Dooks arch/arm/kernel/setup.c declares mem_fclk_21285 when this is already declared in include/asm-arm/system.h Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15[ARM] 3365/1: [cleanup] header for compat.c exported functionsBen Dooks
Patch from Ben Dooks arch/arm/kernel/compat.c exports two functions, convert_to_tag_list and squash_mem_tags which are not defined in any header files, and not used outside arch/arm/kernel. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15[ARM] 3364/1: [cleanup] warning fix - definitions for enable_hlt and disable_hltBen Dooks
Patch from Ben Dooks The enable_hlt and disable_hlt should be declared in include/asm/setup.h. This fixes sparse errors from arch/arm/kernel/process.c Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15[ARM] 3363/1: [cleanup] process.c - fix warningsBen Dooks
Patch from Ben Dooks Fix the following warnings from sparse: arch/arm/kernel/process.c:86:6: warning: symbol 'default_idle' was not declared. Should it be static? arch/arm/kernel/process.c:378:5: warning: symbol 'dump_fpu' was not declared. Should it be static? Include <linux/elfcore.h> for dump_fpu() decleration, and make default_idle() static as it is not used outside the file. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15[PATCH] ieee80211: Fix QoS is not active problemHong Liu
Fix QoS is not active even the network and the card is QOS enabled. The problem is we pass the wrong ieee80211_network address to ipw_handle_beacon/ipw_handle_probe_response, thus the ieee80211_network->qos_data.active will not be set, causing the driver not sending QoS frames at all. Signed-off-by: Hong Liu <hong.liu@intel.com> Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-15[PATCH] ieee80211: Fix CCMP decryption problem when QoS is enabledZhu Yi
Use the correct STYPE for Qos data. Signed-off-by: Zhu Yi <yi.zhu@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-03-15e100: fix eeh on pseries during ethtool -tJesse Brandeburg
Olaf Hering reported a problem on pseries with e100 where ethtool -t would cause a bus error, and the e100 driver would stop working. Due to the new load ucode command the cb list must be allocated before calling e100_init_hw, so remove the call and just let e100_up take care of it. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
2006-03-15[PATCH] fs/namespace.c:dup_namespace(): fix a use after freeAdrian Bunk
The Coverity checker spotted the following bug in dup_namespace(): <-- snip --> if (!new_ns->root) { up_write(&namespace_sem); kfree(new_ns); goto out; } ... out: return new_ns; <-- snip --> Callers expect a non-NULL result to not be freed. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-15[ARM] 3358/1: [S3C2410] add missing SPI DMA resourcesAlbrecht Dreß
Patch from Albrecht Dreß Add DMA resources to s3c2410 spi platform devices - dma_(alloc|free)_coherent should now work as expected. Signed-off-by: Albrecht Dreß <albrecht.dress@lios-tech.com> Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15[ARM] 3357/1: enable frontlight on colliePavel Machek
Patch from Pavel Machek Enable frontlight during collie bootup, so that display is actually readable in anything other than bright sunlight. Signed-off-by: Pavel Machek <pavel@suse.cz> Signed-off-by: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-15[ARM] Fix "thead" typoRussell King
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-03-14[PATCH] Consistent capabilites associated with MPOL_MOVE_ALLChristoph Lameter
It seems that setting scheduling policy and priorities is also the kind of thing that might be performed in apps that also use the NUMA API, so it would seem consistent to use CAP_SYS_NICE for NUMA also. So use CAP_SYS_NICE for controlling migration permissions. Signed-off-by: Christoph Lameter <clameter@sgi.com> Cc: Michael Kerrisk <mtk-manpages@gmx.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] Page migration documentation updateChristoph Lameter
Update the documentation for page migration. - Fix up bits and pieces in cpusets.txt - Rework text in vm/page-migration to be clearer and reflect the final version of page migration in 2.6.16. Mention Andi Kleen's numactl package that contains user space tools for page migration via libnuma. Add reference to numa_maps and to the manpage in numactl. - Add todo list for outstanding issues Signed-off-by: Christoph Lameter <clameter@sgi.com> Acked-by: Paul Jackson <pj@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] page migration: fail if page is in a vma flagged VM_LOCKEDChristoph Lameter
page migration currently simply retries a couple of times if try_to_unmap() fails without inspecting the return code. However, SWAP_FAIL indicates that the page is in a vma that has the VM_LOCKED flag set (if ignore_refs ==1). We can check for that return code and avoid retrying the migration. migrate_page_remove_references() now needs to return a reason why the failure occured. So switch migrate_page_remove_references to use -Exx style error messages. Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] "s390: multiple subchannel sets support" fixGreg Smith
It seems this patch got dropped (it was in addition to the `s390: improve response code handling in chsc_enable_facility()' patch). Acked-by: Cornelia Huck <cornelia.huck@de.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14Merge git://oss.sgi.com:8090/oss/git/rc-fixesLinus Torvalds
* git://oss.sgi.com:8090/oss/git/rc-fixes: Fix a direct I/O locking issue revealed by the new mutex code.
2006-03-15Fix a direct I/O locking issue revealed by the new mutex code.Nathan Scott
Affects only XFS (i.e. DIO_OWN_LOCKING case) - currently it is not possible to get i_mutex locking correct when using DIO_OWN direct I/O locking in a filesystem due to indeterminism in the possible return code/lock/unlock combinations. This can cause a direct read to attempt a double i_mutex unlock inside XFS. We're now ensuring __blockdev_direct_IO always exits with the inode i_mutex (still) held for a direct reader. Tested with the three different locking modes (via direct block device access, ext3 and XFS) - both reading and writing; cannot find any regressions resulting from this change, and it clearly fixes the mutex_unlock warning originally reported here: http://marc.theaimsgroup.com/?l=linux-kernel&m=114189068126253&w=2 Signed-off-by: Nathan Scott <nathans@sgi.com> Acked-by: Christoph Hellwig <hch@lst.de>
2006-03-14[PATCH] JFS: Take logsync lock before testing mp->lsnDave Kleikamp
This fixes a race where lsn could be cleared before taking the lock Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6Linus Torvalds
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: [SCSI] zfcp: fix device registration issues [SCSI] scsi_transport_fc: fix FC_HOST_NUM_ATTRS [SCSI] scsi: aha152x pcmcia driver needs spi transport [SCSI] zfcp: correctly set this_id for hosts [SCSI] Add Brownie to blacklist
2006-03-14[PATCH] Plug kdump shutdown race windowManeesh Soni
lapic_shutdown() re-enables interrupts which is un-desirable for panic case, so use local_irq_save() and local_irq_restore() to keep the irqs disabled for kexec on panic case, and close a possible race window while kdump shutdown as shown in this stack trace -- BUG: spinlock lockup on CPU#1, bash/4396, c52781a0 [<c01c1870>] _raw_spin_lock+0xb7/0xd2 [<c029e148>] _spin_lock+0x6/0x8 [<c011b33f>] scheduler_tick+0xe7/0x328 [<c0128a7c>] update_process_times+0x51/0x5d [<c0114592>] smp_apic_timer_interrupt+0x4f/0x58 [<c01141ff>] lapic_shutdown+0x76/0x7e [<c0104d7c>] apic_timer_interrupt+0x1c/0x30 [<c01141ff>] lapic_shutdown+0x76/0x7e [<c0116659>] machine_crash_shutdown+0x83/0xaa [<c013cc36>] crash_kexec+0xc1/0xe3 [<c029e148>] _spin_lock+0x6/0x8 [<c013cc22>] crash_kexec+0xad/0xe3 [<c0215280>] __handle_sysrq+0x84/0xfd [<c018d937>] write_sysrq_trigger+0x2c/0x35 [<c015e47b>] vfs_write+0xa2/0x13b [<c015ea73>] sys_write+0x3b/0x64 [<c0103c69>] syscall_call+0x7/0xb Signed-off-by: Maneesh Soni <maneesh@in.ibm.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14Revert "[PATCH] x86-64: Fix up handling of non canonical user RIPs"Linus Torvalds
This reverts commit c33d4568aca9028a22857f94f5e0850012b6444b. Andrew Clayton and Hugh Dickins report that it's broken for them and causes strange page table and slab corruption, and spontaneous reboots. Let's get it right next time. Cc: Andrew Clayton <andrew@rootshell.co.uk> Cc: Hugh Dickins <hugh@veritas.com> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] EDAC: disable sysfs interfaceDave Peterson
- Disable the EDAC sysfs code. The sysfs interface that EDAC presents to user space needs more thought, and is likely to change substantially. Therefore disable it for now so users don't start depending on it in its current form. - Disable the default behavior of calling panic() when an uncorrectible error is detected (since for now, there is no sysfs interface that allows the user to configure this behavior). Signed-off-by: David S. Peterson <dsp@llnl.gov> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] NLM: Ensure we do not Oops in the case of an unlockTrond Myklebust
In theory, NLM specs assure us that the server will only reply LCK_GRANTED or LCK_DENIED_GRACE_PERIOD to our NLM_UNLOCK request. In practice, we should not assume this to be the case, and the code will currently Oops if we do. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] SUNRPC: Fix potential deadlock in RPC codeTrond Myklebust
In rpc_wake_up() and rpc_wake_up_status(), it is possible for the call to __rpc_wake_up_task() to fail if another thread happens to be calling rpc_wake_up_task() on the same rpc_task. Problem noticed by Bruno Faccini. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] NFSv4: fix mount segfault on errors returned that are < -1000Trond Myklebust
It turns out that nfs4_proc_get_root() may return raw NFSv4 errors instead of mapping them to kernel errors. Problem spotted by Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] SUNRPC: fix a NULL pointer dereference in net/sunrpc/clnt.cAdrian Bunk
The Coverity checker spotted this possible NULL pointer dereference in rpc_new_client(). Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] NFS: Fix a potential panic in O_DIRECTTrond Myklebust
Based on an original patch by Mike O'Connor and Greg Banks of SGI. Mike states: A normal user can panic an NFS client and cause a local DoS with 'judicious'(?) use of O_DIRECT. Any O_DIRECT write to an NFS file where the user buffer starts with a valid mapped page and contains an unmapped page, will crash in this way. I haven't followed the code, but O_DIRECT reads with similar user buffers will probably also crash albeit in different ways. Details: when nfs_get_user_pages() calls get_user_pages(), it detects and correctly handles get_user_pages() returning an error, which happens if the first page covered by the user buffer's address range is unmapped. However, if the first page is mapped but some subsequent page isn't, get_user_pages() will return a positive number which is less than the number of pages requested (this behaviour is sort of analagous to a short write() call and appears to be intentional). nfs_get_user_pages() doesn't detect this and hands off the array of pages (whose last few elements are random rubbish from the newly allocated array memory) to it's caller, whence they go to nfs_direct_write_seg(), which then totally ignores the nr_pages it's given, and calculates its own idea of how many pages are in the array from the user buffer length. Needless to say, when it comes to transmit those uninitialised page* pointers, we see a crash in the network stack. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-14[PATCH] Fix sigaltstack corruption among cloned threadsGOTO Masanori
This patch fixes alternate signal stack corruption among cloned threads with CLONE_SIGHAND (and CLONE_VM) for linux-2.6.16-rc6. The value of alternate signal stack is currently inherited after a call of clone(... CLONE_SIGHAND | CLONE_VM). But if sigaltstack is set by a parent thread, and then if multiple cloned child threads (+ parent threads) call signal handler at the same time, some threads may be conflicted - because they share to use the same alternative signal stack region. Finally they get sigsegv. It's an undesirable race condition. Note that child threads created from NPTL pthread_create() also hit this conflict when the parent thread uses sigaltstack, without my patch. To fix this problem, this patch clears the child threads' sigaltstack information like exec(). This behavior follows the SUSv3 specification. In SUSv3, pthread_create() says "The alternate stack shall not be inherited (when new threads are initialized)". It means that sigaltstack should be cleared when sigaltstack memory space is shared by cloned threads with CLONE_SIGHAND. Note that I chose "if (clone_flags & CLONE_SIGHAND)" line because: - If clone_flags line is not existed, fork() does not inherit sigaltstack. - CLONE_VM is another choice, but vfork() does not inherit sigaltstack. - CLONE_SIGHAND implies CLONE_VM, and it looks suitable. - CLONE_THREAD is another candidate, and includes CLONE_SIGHAND + CLONE_VM, but this flag has a bit different semantics. I decided to use CLONE_SIGHAND. [ Changed to test for CLONE_VM && !CLONE_VFORK after discussion --Linus ] Signed-off-by: GOTO Masanori <gotom@sanori.org> Cc: Roland McGrath <roland@redhat.com> Cc: Ingo Molnar <mingo@elte.hu> Acked-by: Linus Torvalds <torvalds@osdl.org> Cc: Ulrich Drepper <drepper@redhat.com> Cc: Jakub Jelinek <jakub@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>