Mark Huang [Mon, 14 Aug 2006 01:57:54 +0000 (18:57 -0700)]
[NETFILTER]: ulog: fix panic on SMP kernels
Fix kernel panic on various SMP machines. The culprit is a null
ub->skb in ulog_send(). If ulog_timer() has already been scheduled on
one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the
queue on another CPU by calling ulog_send() right before it exits,
there will be no skbuff when ulog_timer() acquires the lock and calls
ulog_send(). Cancelling the timer in ulog_send() doesn't help because
it has already been scheduled and is running on the first CPU.
Similar problem exists in ebt_ulog.c and nfnetlink_log.c.
Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Fix from Aji_Srinivas@emc.com, STP packets are incorrectly received on
all LLC datagram sockets, whichever interface they are bound to. The
llc_sap datagram receive logic sends packets with a unicast
destination MAC to one socket bound to that SAP and MAC, and multicast
packets to all sockets bound to that SAP. STP packets are multicast,
and we do need to know on which interface they were received.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 14 Aug 2006 01:55:53 +0000 (18:55 -0700)]
[IPSEC]: Validate properly in xfrm_dst_check()
If dst->obsolete is -1, this is a signal from the
bundle creator that we want the XFRM dst and the
dsts that it references to be validated on every
use.
I misunderstood this intention when I changed
xfrm_dst_check() to always return NULL.
Now, when we purge a dst entry, by running dst_free()
on it. This will set the dst->obsolete to a positive
integer, and we want to return NULL in that case so
that the socket does a relookup for the route.
Thus, if dst->obsolete<0, let stale_bundle() validate
the state, else always return NULL.
In general, we need to do things more intelligently
here because we flush too much state during rule
changes. Herbert Xu has some ideas wherein the key
manager gives us some help in this area. We can also
use smarter state management algorithms inside of
the kernel as well.
Signed-off-by: David S. Miller <davem@davemloft.net>
Orjan Friberg [Wed, 9 Aug 2006 06:31:40 +0000 (23:31 -0700)]
USB: usbtest.c: unsigned retval makes ctrl_out return 0 in case of error
In my quest to try and figure out why test 14 (control write) doesn't
work with my EZ-USB board, I noticed that sometimes testusb reported
no error even though the kernel log complained "byte 0 is 0 not 2" etc.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Johannes Berg [Wed, 19 Jul 2006 13:39:46 +0000 (15:39 +0200)]
USB: appletouch: fix atp_disconnect
appletouch uses urb->transfer_dma after having freed the urb, this shows
up only if the system is compiled with slab debugging. This patch fixes
it by reordering the free calls.
Steven Rostedt [Thu, 3 Aug 2006 16:28:11 +0000 (12:28 -0400)]
Add stable branch to maintainers file
While helping someone to submit a patch to the stable branch, I noticed
that the stable branch is not listed in the MAINTAINERS file. This was
after I went there to look for the email addresses for the stable branch
list (stable@kernel.org).
This patch adds the stable branch to the maintainers file so that people
can find where to send patches when they have a fix for the stable team.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Nathan Scott [Thu, 10 Aug 2006 04:40:41 +0000 (14:40 +1000)]
[XFS] Fix xfs_free_extent related NULL pointer dereference.
We recently fixed an out-of-space deadlock in XFS, and part of that fix
involved the addition of the XFS_ALLOC_FLAG_FREEING flag to some of the
space allocator calls to indicate they're freeing space, not allocating
it. There was a missed xfs_alloc_fix_freelist condition test that did not
correctly test "flags". The same test would also test an uninitialised
structure field (args->userdata) and depending on its value either would
or would not return early with a critical buffer pointer set to NULL.
This fixes that up, adds asserts to several places to catch future botches
of this nature, and skips sections of xfs_alloc_fix_freelist that are
irrelevent for the space-freeing case.
Dmitry Mishin [Wed, 9 Aug 2006 09:25:54 +0000 (02:25 -0700)]
[NET]: add_timer -> mod_timer() in dst_run_gc()
Patch from Dmitry Mishin <dim@openvz.org>:
Replace add_timer() by mod_timer() in dst_run_gc
in order to avoid BUG message.
CPU1 CPU2
dst_run_gc() entered dst_run_gc() entered
spin_lock(&dst_lock) .....
del_timer(&dst_gc_timer) fail to get lock
.... mod_timer() <--- puts
timer back
to the list
add_timer(&dst_gc_timer) <--- BUG because timer is in list already.
Found during OpenVZ internal testing.
At first we thought that it is OpenVZ specific as we
added dst_run_gc(0) call in dst_dev_event(),
but as Alexey pointed to me it is possible to trigger
this condition in mainstream kernel.
F.e. timer has fired on CPU2, but the handler was preeempted
by an irq before dst_lock is tried.
Meanwhile, someone on CPU1 adds an entry to gc list and
starts the timer.
If CPU2 was preempted long enough, this timer can expire
simultaneously with resuming timer handler on CPU1, arriving
exactly to the situation described.
Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Kirill Korotaev <dev@openvz.org> Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
Tejun Heo [Tue, 8 Aug 2006 05:08:59 +0000 (14:08 +0900)]
[PATCH] libata: clear sdev->locked on door lock failure
SCSI EH locks door if sdev->locked is set. Sometimes door lock
command fails continuously (e.g. when medium is not present) and as
libata uses EH to acquire sense data, this easily creates a loop where
a failed lock door invokes EH and EH issues lock door on completion.
This patch clears sdev->locked on door lock failure to break this
loop. This problem has been spotted and diagnosed by Unicorn Chang
<uchang@tw.ibm.com>.
Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Brice Goglin [Wed, 9 Aug 2006 04:07:53 +0000 (00:07 -0400)]
[PATCH] myri10ge: always re-enable dummy rdmas in myri10ge_resume
Dummy RDMA are always enabled on device startup since commit 9a71db721a2cbb9921b929b2699ab181f5a3c6c0 (to work around buggy
PCIe chipsets which do not implement resending properly). But,
we also need to always re-enable them when resuming the device.
Signed-off-by: Brice Goglin <brice@myri.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Need to check some more cases in IPX receive. If the skb is purely
fragments, the IPX header needs to be extracted. The function
pskb_may_pull() may in theory invalidate all the pointers in the skb,
so references to ipx header must be refreshed.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 8 Aug 2006 23:47:37 +0000 (16:47 -0700)]
[RTNETLINK]: Fix IFLA_ADDRESS handling.
The ->set_mac_address handlers expect a pointer to a
sockaddr which contains the MAC address, whereas
IFLA_ADDRESS provides just the MAC address itself.
So whip up a sockaddr to wrap around the netlink
attribute for the ->set_mac_address call.
Signed-off-by: David S. Miller <davem@davemloft.net>
In bugzilla #6943, Maxim Britov reported:
"I can enable Logitech quickcam support in .config, but it want be compile.
I have to add into drivers/media/video/Makefile:
obj-$(CONFIG_USB_QUICKCAM_MESSENGER) += usbvideo/"
He's right, just enable that driver as module while disabling every other
driver that gets into that directory, nothing will get compiled.
This patch fixes the Makefile.
Signed-off-by: Diego Calleja <diegocg@gmail.com> Acked-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
V4L/DVB (4395): Restore compat_ioctl in pwc driver
The compat_ioctl support of the pwc driver was dropped during the last update of the driver.
I suppose it was by mistake. If yes here is the patch to restore the support.
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@looxix.net> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Michael Chan [Tue, 8 Aug 2006 04:46:02 +0000 (21:46 -0700)]
[TG3]: Fix tx race condition
Fix a subtle race condition between tg3_start_xmit() and tg3_tx()
discovered by Herbert Xu <herbert@gondor.apana.org.au>:
CPU0 CPU1
tg3_start_xmit()
if (tx_ring_full) {
tx_lock
tg3_tx()
if (!netif_queue_stopped)
netif_stop_queue()
if (!tx_ring_full)
update_tx_ring
netif_wake_queue()
tx_unlock
}
Even though tx_ring is updated before the if statement in tg3_tx() in
program order, it can be re-ordered by the CPU as shown above. This
scenario can cause the tx queue to be stopped forever if tg3_tx() has
just freed up the entire tx_ring. The possibility of this happening
should be very rare though.
The following changes are made:
1. Add memory barrier to fix the above race condition.
2. Eliminate the private tx_lock altogether and rely solely on
netif_tx_lock. This eliminates one spinlock in tg3_start_xmit()
when the ring is full.
3. Because of 2, use netif_tx_lock in tg3_tx() before calling
netif_wake_queue().
4. Change TX_BUFFS_AVAIL to an inline function with a memory barrier.
Herbert and David suggested using the memory barrier instead of
volatile.
5. Check for the full wake queue condition before getting
netif_tx_lock in tg3_tx(). This reduces the number of unnecessary
spinlocks when the tx ring is full in a steady-state condition.
6. Update version to 3.65.
Signed-off-by: Michael Chan <mchan@broadcom.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Kirill Korotaev [Tue, 8 Aug 2006 03:44:22 +0000 (20:44 -0700)]
[IPV4]: Limit rt cache size properly.
From: Kirill Korotaev <dev@sw.ru>
During OpenVZ stress testing we found that UDP traffic with random src
can generate too much excessive rt hash growing leading finally to OOM
and kernel panics.
It was found that for 4GB i686 system (having 1048576 total pages and
225280 normal zone pages) kernel allocates the following route hash:
syslog: IP route cache hash table entries: 262144 (order: 8, 1048576
bytes) => ip_rt_max_size = 4194304 entries, i.e. max rt size is 4194304 * 256b = 1Gb of RAM > normal_zone
Attached the patch which removes HASH_HIGHMEM flag from
alloc_large_system_hash() call.
Signed-off-by: David S. Miller <davem@davemloft.net>
Sam Ravnborg [Mon, 7 Aug 2006 19:01:36 +0000 (21:01 +0200)]
kbuild: external modules shall not check config consistency
external modules needs include/linux/autoconf.h and include/config/auto.conf
but skip the integrity test of these. Even with a newer Kconfig file we
shall just proceed since external modules simply uses the kernel source and
shall not attempt to modify it.
Error out if a config fiel is missing since they are mandatory.
Sam Ravnborg [Mon, 7 Aug 2006 18:58:28 +0000 (20:58 +0200)]
kbuild: do not try to build content of initramfs
When a file supplied via CONFIG_INITRAMFS pointed to a file
for which kbuild had a rule to compile it (foo.c => foo.o)
then kbuild would compile the file before adding the
file to the initramfs.
Teach make that files included in initramfs shall not be updated by adding
an 'empty command'. (See "Using Empty Commands" in info make).
[S390] lost interrupt after chpid vary off/on cycle.
I/O on a CCW device may stall if a channel path to that device is
logicaly varied off/on. A user I/O interrupt can get misinterpreted
as interrupt for an internal path verification operation due to a
missing check and is therefore never reported to the device driver.
Correct check for pending interruptions before starting path
verification.
Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Mon, 7 Aug 2006 15:00:28 +0000 (17:00 +0200)]
[S390] tape class return value handling.
Without this patch register_tape_dev() will always fail, but might
return a value that is not an error number. This will lead to accesses
to already freed memory areas...
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Pierre Ossman [Sun, 6 Aug 2006 20:22:23 +0000 (22:22 +0200)]
[MMC] Fix base address configuration in wbsd
There were some confusion about base I/O variables in the wbsd driver.
Seems like things have been working on shear luck so far. The global 'io'
variable (used when manually configuring the resources) was used instead of
the local 'base' variable.
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
* master.kernel.org:/pub/scm/linux/kernel/git/perex/alsa:
[ALSA] Don't reject O_RDWR at opening PCM OSS with read/write-only device
[ALSA] snd-emu10k1: Implement support for Audigy 2 ZS [SB0353]
[ALSA] add MAINTAINERS entry for snd-aoa
[ALSA] aoa: platform function gpio: ignore errors from functions that don't exist
[ALSA] make snd-powermac load even when it can't bind the device
[ALSA] aoa: fix toonie codec
[ALSA] aoa: feature gpio layer: fix IRQ access
[ALSA] Conversions from kmalloc+memset to k(z|c)alloc
[ALSA] snd-emu10k1: Fixes ALSA bug#2190
While busy-waiting for completion, check the hardware after scheduling;
don't schedule and then immediately check the _timeout_. If the yield()
took a long time (as it does on my OLPC prototype board when it's busy),
we'd report a timeout even though the hardware was now ready.
This fixes it, and also switches the yield() for a cond_resched() because
we don't actually want to be _that_ nice about it. I see nice
tightly-packed SMBus transactions now, rather than waiting for milliseconds
between successive phases.
Actually, we shouldn't be busy-waiting here at all. We should be using
interrupts. That's an exercise for another day though.
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Cc: Christer Weinigel <wingel@nano-system.com> Cc: <Jordan.Crouse@amd.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
so if we initialize UDF_I_LENEXTENTS(inode) = 0 earlier in udf_new_inode,
we won't try to free the (not) preallocated blocks, since this will match
the i_size = 0 set when the inode was initialized.
Signed-off-by: Eric Sandeen <sandeen@sandeen.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
matthieu castet [Sat, 5 Aug 2006 19:15:12 +0000 (12:15 -0700)]
[PATCH] pnpacpi: reject ACPI_PRODUCER resources
A patch in -mm kernel correct the parsing of "address resources" of pnpacpi.
Before we assumed it was memory only, but it could be also IO.
But this change show an hidden bug : some resources could be producer type
that are not handled by pnp layer. So we should ignore the producer
resources.
This patch fixes bug 6292 (http://bugzilla.kernel.org/show_bug.cgi?id=6292).
Some devices like PNP0A03 have 0xd00-0xffff and 0x0-0xcf7 as IO producer
resources.
Before correcting "address resources" parsing, it was seen as memory and was
harmless, because nobody tried to reserve this memory range as it should be
IO.
With the correction it become IO resources, and make failed all others device
that want to register IO in this range and use pnp layer (like a ISA sound
card).
Chris Mason [Sat, 5 Aug 2006 19:15:10 +0000 (12:15 -0700)]
[PATCH] reiserfs_write_full_page() should not get_block past eof
reiserfs_write_full_page does zero bytes in the file past eof, but it may
call get_block on those buffers as well. On machines where the page size
is larger than the blocksize, this can result in mmaped files incorrectly
growing up to a block boundary during writepage.
The fix is to avoid calling get_block for any blocks that are entirely past
eof
Signed-off-by: Chris Mason <mason@suse.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch is for collision check enhancement for memory hot add.
It's better to do resouce collision check before doing memory hot add,
which will touch memory management structures.
And add_section() should check section exists or not before calling
sparse_add_one_section(). (sparse_add_one_section() will do another
check anyway. but checking in memory_hotplug.c will be easy to understand.)
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: keith mannthey <kmannth@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
add_memory() does all necessary check to avoid collision. then, acpi layer
doesn't have to check region by itself.
(*) pfn_valid() just returns page struct is valid or not. It returns 0
if a section has been already added even is ioresource is not added.
ioresource collision check in mm/memory_hotplug.c can do more precise
collistion check.
added enabled bit check just for sanity check..
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Keith Mannthey <kmannth@gmail.com> Cc: Yasunori Goto <y-goto@jp.fujitsu.com> Cc: Dave Hansen <haveblue@us.ibm.com> Cc: "Brown, Len" <len.brown@intel.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] memory hotadd fixes: change find_next_system_ram's return value manner
find_next_system_ram() returns valid memory range which meets requested area,
only used by memory-hot-add.
This function always rewrite requested resource even if returned area is not
fully fit in requested one. And sometimes the returnd resource is larger than
requested area. This annoyes the caller. This patch changes the returned
value to fit in requested area.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Keith Mannthey <kmannth@gmail.com> Cc: Yasunori Goto <y-goto@jp.fujitsu.com> Cc: Dave Hansen <haveblue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
ioresouce handling code in memory hotplug allows not-aligned memory hot add.
But when memmap and other memory structures are initialized, parameters should
be aligned. (if not aligned, initialization of mem_map will do wrong, it
assumes parameters are aligned.) This patch fix it.
And this patch allows ioresource collision check to handle -EEXIST.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Keith Mannthey <kmannth@gmail.com> Cc: Yasunori Goto <y-goto@jp.fujitsu.com> Cc: Dave Hansen <haveblue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diego Calleja [Sat, 5 Aug 2006 19:14:55 +0000 (12:14 -0700)]
[PATCH] Fix BeFS slab corruption
In bugzilla #6941, Jens Kilian reported:
"The function befs_utf2nls (in fs/befs/linuxvfs.c) writes a 0 byte past the
end of a block of memory allocated via kmalloc(), leading to memory
corruption. This happens only for filenames which are pure ASCII and a
multiple of 4 bytes in length. [...]
Without DEBUG_SLAB, this leads to further corruption and hard lockups; I
believe this is the bug which has made kernels later than 2.6.8 unusable
for me. (This must be due to changes in memory management, the bug has
been in the BeFS driver since the time it was introduced (AFAICT).)
Steps to reproduce:
Create a directory (in BeOS, naturally :-) with files named, e.g.,
"1", "22", "333", "4444", ... Mount it in Linux and do an "ls" or "find""
This patch implements the suggested fix. Credits to Jens Kilian for
debugging the problem and finding the right fix.
Signed-off-by: Diego Calleja <diegocg@gmail.com> Cc: Jens Kilian <jjk@acm.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Stefan Richter [Sat, 5 Aug 2006 19:14:53 +0000 (12:14 -0700)]
[PATCH] ieee1394: sbp2: enable auto spin-up for Maxtor disks
At least Maxtor OneTouch III require a "start stop unit" command after auto
spin-down before the next access can proceed. This patch activates the
responsible code in scsi_mod for all Maxtor SBP-2 disks.
https://bugzilla.novell.com/show_bug.cgi?id=183011
Maybe that should be done for all SBP-2 disks, but better be cautious.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: Jody McIntyre <scjody@modernduck.com> Cc: Ben Collins <bcollins@ubuntu.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Steven Rostedt [Sat, 5 Aug 2006 19:14:50 +0000 (12:14 -0700)]
[PATCH] Add stable branch to maintainers file
While helping someone to submit a patch to the stable branch, I noticed
that the stable branch is not listed in the MAINTAINERS file. This was
after I went there to look for the email addresses for the stable branch
list (stable@kernel.org).
This patch adds the stable branch to the maintainers file so that people
can find where to send patches when they have a fix for the stable team.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Neil Horman [Sat, 5 Aug 2006 19:14:45 +0000 (12:14 -0700)]
[PATCH] sh: fix proc file removal for superh store queue module
Clean up proc file removal in sq module for superh arch. currently on a
failed module load or on module unload a proc file is left registered which
can cause a random memory execution or oopses if read after unload. This
patch cleans up that deregistration.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Paul Mundt <lethal@linux-sh.org> Cc: Kazumoto Kojima <kkojima@rr.iij4u.or.jp> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alexey Dobriyan [Sat, 5 Aug 2006 19:14:43 +0000 (12:14 -0700)]
[PATCH] eicon: fix define conflict with ptrace
* MODE_MASK is unused in eicon driver.
* Conflicts with a ptrace stuff on arm.
drivers/isdn/hardware/eicon/divasync.h:259:1: warning: "MODE_MASK" redefined
include2/asm/ptrace.h:48:1: warning: this is the location of the previous definition
A set of tty line discipline cleanup patches were introduced before the
dawn of time, in kernel version 2.4.21. This patch performs that cleanup
for the hvsi driver.
The hvsi driver is used only on IBM pSeries PowerPC boxes. The driver was
originally written by Hollis Blanchard, who has delegated maintainership to
me. So this my first and maybe only patch in this official new role,
because this driver is otherwise bug-free :-)
Alan: "Actually its also a bug fix, tty->ldisc should be locked by refcounting
and the helpers do this for you."
Signed-off-by: Linas Vepstas <linas@austin.ibm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Acked-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Under certain rare circumstances, it appears that there can be be a
NULL-pointer deref when a user fiddles with terminal emeulation programs while
outpu is being sent to the console. This patch checks for and avoids a
NULL-pointer deref.
Signed-off-by: Hollis Blanchard <hollisbl@austin.ibm.com> Signed-off-by: Linas Vepstas <linas@austin.ibm.com> Cc: Paul Fulghum <paulkf@microgate.com> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Neil Brown [Sat, 5 Aug 2006 19:14:29 +0000 (12:14 -0700)]
[PATCH] knfsd: fix race related problem when adding items to and svcrpc auth cache
If we don't find the item we are lookng for, we allocate a new one, and
then grab the lock again and search to see if it has been added while we
did the alloc. If it had been added we need to 'cache_put' the newly
created item that we are never going to use. But as it hasn't been
initialised properly, putting it can cause an oops.
So move the ->init call earlier to that it will always be fully initilised
if we have to put it.
Thanks to Philipp Matthias Hahn <pmhahn@svs.Informatik.Uni-Oldenburg.de>
for reporting the problem.
Signed-off-by: Neil Brown <neilb@suse.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Sat, 5 Aug 2006 19:14:25 +0000 (12:14 -0700)]
[PATCH] fadvise() make POSIX_FADV_NOREUSE a no-op
The POSIX_FADV_NOREUSE hint means "the application will use this range of the
file a single time". It seems to be intended that the implementation will use
this hint to perform drop-behind of that part of the file when the application
gets around to reading or writing it.
However for reasons which aren't obvious (or sane?) I mapped
POSIX_FADV_NOREUSE onto POSIX_FADV_WILLNEED. ie: it does readahead.
That's daft. So for now, make POSIX_FADV_NOREUSE a no-op.
This is a non-back-compatible change. If someone was using POSIX_FADV_NOREUSE
to perform readahead, they lose. The likelihood is low.
If/when we later implement POSIX_FADV_NOREUSE things will get interesting - to
do it fully we'll need to maintain file offset/length ranges and peform all
sorts of complex tricks, and managing the lifetime of those ranges' data
structures will be interesting..
A sensible implementation would probably ignore the file range and would
simply mark the entire file as needing some form of drop-behind treatment.
Cc: Michael Kerrisk <mtk-manpages@gmx.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>