summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2007-08-20Linux 2.6.22.4v2.6.22.4Greg Kroah-Hartman
2007-08-20Reset current->pdeath_signal on SUID binary execution (CVE-2007-3848)Marcel Holtmann
This fixes a vulnerability in the "parent process death signal" implementation discoverd by Wojciech Purczynski of COSEINC PTE Ltd. and iSEC Security Research. http://marc.info/?l=bugtraq&m=118711306802632&w=2 Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15Linux 2.6.22.3v2.6.22.3Greg Kroah-Hartman
2007-08-15CPUFREQ: ondemand: add a check to avoid negative load calculationVenki Pallipadi
Due to rounding and inexact jiffy accounting, idle_ticks can sometimes be higher than total_ticks. Make sure those cases are handled as zero load case. Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com> Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15CPUFREQ: ondemand: fix tickless accounting and software coordination bugVenki Pallipadi
With tickless kernel and software coordination os P-states, ondemand can look at wrong idle statistics. This can happen when ondemand sampling is happening on CPU 0 and due to software coordination sampling also looks at utilization of CPU 1. If CPU 1 is in tickless state at that moment, its idle statistics will not be uptodate and CPU 0 thinks CPU 1 is idle for less amount of time than it actually is. This can be resolved by looking at all the busy times of CPUs, which is accurate, even with tickless, and use that to determine idle time in a round about way (total time - busy time). Thanks to Arjan for originally reporting the ondemand bug on Lenovo T61. Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com> Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15pata_atiixp: add SB700 PCI IDJeff Garzik
[libata] pata_atiixp: add SB700 PCI ID From AMD. Signed-off-by: Jeff Garzik <jeff@garzik.org> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15stifb: detect cards in double buffer mode more reliablyHelge Deller
Visualize-EG, Graffiti and A4450A graphics cards on PARISC can be configured in double-buffer and standard mode, but the stifb driver supports standard mode only. This patch detects double-buffered cards more reliable. It is a real bugfix for a very nasty problem for all parisc users which have wrongly configured their graphic card. The problem: The stifb graphics driver will not detect that the card is wrongly configured and then nevertheless just enables the graphics mode, which it shouldn't. In the end, the user will see no further updates / boot messages on the screen. We had documented this problem already on our FAQ (http://parisc-linux.org/faq/index.html#viseg "Why do I get corrupted graphics with my Vis-EG/Graffiti/A4450A card?") but people still run into this problem. So having this fix in as early as possible can help us. Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Antonino Daplas <adaplas@gmail.com> Cc: Kyle McMartin <kyle@mcmartin.ca> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15direct-io: fix error-path crashesBadari Pulavarty
Need to initialize map_bh.b_state to zero. Otherwise, in case of a faulty user-buffer its possible to go into dio_zero_block() and submit a page by mistake - since it checks for buffer_new(). http://marc.info/?l=linux-kernel&m=118551339032528&w=2 akpm: Linus had a (better) patch to just do a kzalloc() in there, but it got lost. Probably this version is better for -stable anwyay. Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com> Acked-by: Joe Jin <joe.jin@oracle.com> Acked-by: Zach Brown <zach.brown@oracle.com> Cc: gurudas pai <gurudas.pai@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15powerpc: Fix size check for hugetlbfsBenjamin Herrenschmidt
My "slices" address space management code that was added in 2.6.22 implementation of get_unmapped_area() doesn't properly check that the size is a multiple of the requested page size. This allows userland to create VMAs that aren't a multiple of the huge page size with hugetlbfs (since hugetlbfs entirely relies on get_unmapped_area() to do that checking) which leads to a kernel BUG() when such areas are torn down. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15PPC: Revert "[POWERPC] Add 'mdio' to bus scan id list for platforms with QE UEC"Kim Phillips
This reverts commit 3baee955953957be5496cd28e9c544d9db214262. this was a mistake from the start; I added mdio type to the bus scan list early on in my ucc_geth migrate to phylib development, which is just pure wrong (the ucc_geth_mii driver creates the mii bus and the PHY layer handles PHY enumeration without translation). this accompanies commit 77926826f301fbd8ed96d3cd9ff17a5b59560dfb: Revert "[POWERPC] Don't complain if size-cells == 0 in prom_parse()" which was basically trying to hide a symptom of the original mistake this revert fixes. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15PPC: Revert "[POWERPC] Don't complain if size-cells == 0 in prom_parse()"Paul Mackerras
This reverts commit fd6e9d3945ee122eb513ada8b17296d243c1ce5e. Having #size-cells == 0 in a node indicates that things under the node aren't directly accessible, and therefore we shouldn't try to translate addresses for devices under the node into CPU physical addresses. Some drivers, such as the nvram driver for powermacs, rely on of_address_to_resource failing if they are called for a node representing a device whose resources aren't directly accessible by the CPU. These drivers were broken by commit fd6e9d39, resulting in the "Lombard" powerbook hanging early in the boot process. stable team, this patch is equivalent to commit 77926826f301fbd8ed96d3cd9ff17a5b59560dfb Signed-off-by: Paul Mackerras <paulus@samba.org> Cc: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15ata_piix: update map 10b for ich8mTejun Heo
Fix map entry 10b for ich8. It's [P0 P2 IDE IDE] like ich6 / ich6m. Signed-off-by: Tejun Heo <htejun@gmail.com> Acked-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15softmac: Fix deadlock of wx_set_essid with assoc workMichael Buesch
The essid wireless extension does deadlock against the assoc mutex, as we don't unlock the assoc mutex when flushing the workqueue, which also holds the lock. Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15random: fix bound check ordering (CVE-2007-3105)Matt Mackall
If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes, causing a DoS or potential privilege escalation. (Bug reported by the PaX Team <pageexec@freemail.hu>) Cc: Theodore Tso <tytso@mit.edu> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-15fix oops in __audit_signal_info()Al Viro
Check for audit_signals is misplaced and check for audit_dummy_context() is missing; as the result, if we send signal to auditd from task with NULL ->audit_context while we have audit_signals != 0 we end up with an oops. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09Linux 2.6.22.2v2.6.22.2Greg Kroah-Hartman
2007-08-09UML: exports for hostfsJeff Dike
Add some exports for hostfs that are required after Alberto Bertogli's fixes for accessing unlinked host files. Also did some style cleanups while I was here. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09sx: switch subven and subid valuesJiri Slaby
sx.c is failing to locate Graham's card. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Graham Murray <gmurray@webwayone.co.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09USB: fix for ftdi_sio quirk handlingOliver Neukum
this one fixes an oops with quirky ftdi_sio devices. As it fixes a regression, I propose that it be included in 2.6.22 Signed-off-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09Netfilter: Fix logging regressionPatrick McHardy
[NETFILTER]: Fix logging regression Loading one of the LOG target fails if a different target has already registered itself as backend for the same family. This can affect the ipt_LOG and ipt_ULOG modules when both are loaded. Reported and tested by: <t.artem@mailcity.com> Upstream-commit: 7e2acc7e Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09sysfs: release mutex when kmalloc() failed in sysfs_open_file().YOSHIFUJI Hideaki
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09IPV6: /proc/net/anycast6 unbalanced inet6_dev refcntDavid Stevens
Reading /proc/net/anycast6 when there is no anycast address on an interface results in an ever-increasing inet6_dev reference count, as well as a reference to the netdevice you can't get rid of. Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Marcus Meissner <meissner@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09nf_conntrack: don't track locally generated special ICMP errorYasuyuki Kozakai
[NETFILTER]: nf_conntrack: don't track locally generated special ICMP error The conntrack assigned to locally generated ICMP error is usually the one assigned to the original packet which has caused the error. But if the original packet is handled as invalid by nf_conntrack, no conntrack is assigned to the original packet. Then nf_ct_attach() cannot assign any conntrack to the ICMP error packet. In that case the current nf_conntrack_icmp assigns appropriate conntrack to it. But the current code mistakes the direction of the packet. As a result, NAT code mistakes the address to be mangled. To fix the bug, this changes nf_conntrack_icmp not to assign conntrack to such ICMP error. Actually no address is necessary to be mangled in this case. Spotted by Jordan Russell. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Upstream commit ID: 130e7a83d7ec8c5c673225e0fa8ea37b1ed507a5 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09Keep rfcomm_dev on the list until it is freedVille Tervo
This patch changes the RFCOMM TTY release process so that the TTY is kept on the list until it is really freed. A new device flag is used to keep track of released TTYs. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09Hangup TTY before releasing rfcomm_devMikko Rapeli
The core problem is that RFCOMM socket layer ioctl can release rfcomm_dev struct while RFCOMM TTY layer is still actively using it. Calling tty_vhangup() is needed for a synchronous hangup before rfcomm_dev is freed. Addresses the oops at http://bugzilla.kernel.org/show_bug.cgi?id=7509 Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09ACPI: dock: fix opps after dock driver fails to initializeChuck Ebbert
ACPI: dock: fix opps after dock driver fails to initialize The driver tests the dock_station pointer for nonnull to check whether it has initialized properly. But in some cases dock_station will be non-null after being freed when driver init fails. Fix by zeroing the pointer after freeing. Signed-off-by: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com> Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09cr_backlight_probe() allocates too little storage for struct cr_panelJesper Juhl
The Coverity checker noticed that we allocate too little storage for "struct cr_panel *crp" in cr_backlight_probe(). Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Cc: Thomas Hellstrom <thomas@tungstengraphics.com> Cc: Alan Hourihane <alanh@tungstengraphics.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09dm: disable barriersStefan Bader
This patch causes device-mapper to reject any barrier requests. This is done since most of the targets won't handle this correctly anyway. So until the situation improves it is better to reject these requests at the first place. Since barrier requests won't get to the targets, the checks there can be removed. Signed-off-by: Stefan Bader <shbader@de.ibm.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09dm snapshot: permit invalid activationMilan Broz
Allow invalid snapshots to be activated instead of failing. This allows userspace to reinstate any given snapshot state - for example after an unscheduled reboot - and clean up the invalid snapshot at its leisure. Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09dm io: fix another panic on large requestJun'ichi Nomura
bio_alloc_bioset() will return NULL if 'num_vecs' is too large. Use bio_get_nr_vecs() to get estimation of maximum number. Signed-off-by: Junichi Nomura <j-nomura@ce.jp.nec.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09dm raid1: fix statusMilan Broz
Fix mirror status line broken in dm-log-report-fault-status.patch: - space missing between two words - placeholder ("0") required for compatibility with a subsequent patch - incorrect offset parameter Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Alasdair G Kergon <agk@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09nfsd: fix possible oops on re-insertion of rpcsec_gss modulesJ. Bruce Fields
The handling of the re-registration case is wrong here; the "test" that was returned from auth_domain_lookup will not be used again, so that reference should be put. And auth_domain_lookup never did anything with "new" in this case, so we should just clean it up ourself. Thanks to Akinobu Mita for bug report, analysis, and testing. Cc: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Cc: Neil Brown <neilb@suse.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09ieee1394: revert "sbp2: enforce 32bit DMA mapping"Stefan Richter
Revert commit 0555659d63c285ceb7ead3115532e1b71b0f27a7 from 2.6.22-rc1. The dma_set_mask call somehow failed on a PowerMac G5, PPC64: http://lkml.org/lkml/2007/8/1/344 Should there ever occur a DMA mapping beyond the physical DMA range, a proper SBP-2 firmware will report transport errors. So let's leave it at that. Same as commit a9c2f18800753c82c45fc13b27bdc148849bdbb2. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Tested-by: Olaf Hering <olh@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09libata: add FUJITSU MHV2080BH to NCQ blacklistTejun Heo
Please warmly welcome the first member from FUJITSU to the prestigious NCQ spurious completion club. This is reported by Serge Van Thillo in bugzilla bug 8730. http://bugzilla.kernel.org/show_bug.cgi?id=8730 Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Serge van Thillo <nulleke@hotmail.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09cfq-iosched: fix async queue behaviourJens Axboe
With the cfq_queue hash removal, we inadvertently got rid of the async queue sharing. This was not intentional, in fact CFQ purposely shares the async queue per priority level to get good merging for async writes. So put some logic in cfq_get_queue() to track the shared queues. Signed-off-by: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09drivers/video/macmodes.c:mac_find_mode() mustn't be __devinitAdrian Bunk
If it's EXPORT_SYMBOL'ed it can't be __devinit. Reported by Mikael Pettersson. Signed-off-by: Adrian Bunk <bunk@stusta.de> Cc: "Antonino A. Daplas" <adaplas@pol.net> Cc: Michal Piotrowski <michal.k.k.piotrowski@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09destroy_workqueue() can livelockOleg Nesterov
Pointed out by Michal Schmidt <mschmidt@redhat.com>. The bug was introduced in 2.6.22 by me. cleanup_workqueue_thread() does flush_cpu_workqueue(cwq) in a loop until ->worklist becomes empty. This is live-lockable, a re-niced caller can get CPU after wake_up() and insert a new barrier before the lower-priority cwq->thread has a chance to clear ->current_work. Change cleanup_workqueue_thread() to do flush_cpu_workqueue(cwq) only once. We can rely on the fact that run_workqueue() won't return until it flushes all works. So it is safe to call kthread_stop() after that, the "should stop" request won't be noticed until run_workqueue() returns. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Michal Schmidt <mschmidt@redhat.com> Cc: Srivatsa Vaddagiri <vatsa@in.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09sony-laptop: fix bug in event handlingMattia Dongili
The rewritten event reading code from sonypi was absolutely wrong, this patche makes things functional for type2 and type1 models. Cc: Andrei Paskevich <andrei@capet.iut-fbleau.fr> Signed-off-by: Mattia Dongili <malattia@linux.it> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09uml: limit request size on COWed devicesJeff Dike
COWed devices can't handle more than 32 (64 on x86_64) sectors in one request due to the size of the bitmap being carried around in the io_thread_req. Enforce that by telling the block layer not to put too many sectors in requests to COWed devices. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09do not limit locked memory when RLIMIT_MEMLOCK is RLIM_INFINITYHerbert van den Bergh
Fix a bug in mm/mlock.c on 32-bit architectures that prevents a user from locking more than 4GB of shared memory, or allocating more than 4GB of shared memory in hugepages, when rlim[RLIMIT_MEMLOCK] is set to RLIM_INFINITY. Signed-off-by: Herbert van den Bergh <herbert.van.den.bergh@oracle.com> Acked-by: Chris Mason <chris.mason@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09hugetlb: fix race in alloc_fresh_huge_page()Joe Jin
That static `nid' index needs locking. Without it we can end up calling alloc_pages_node() with an illegal node ID and the kernel crashes. Acked-by: Gurudas Pai <gurudas.pai@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09jbd2 commit: fix transaction droppingJan Kara
We have to check that also the second checkpoint list is non-empty before dropping the transaction. Signed-off-by: Jan Kara <jack@suse.cz> Cc: Chuck Ebbert <cebbert@redhat.com> Cc: Kirill Korotaev <dev@openvz.org> Cc: <linux-ext4@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09jbd commit: fix transaction droppingJan Kara
We have to check that also the second checkpoint list is non-empty before dropping the transaction. Signed-off-by: Jan Kara <jack@suse.cz> Cc: Chuck Ebbert <cebbert@redhat.com> Cc: Kirill Korotaev <dev@openvz.org> Cc: <linux-ext4@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09acpi-cpufreq: Proper ReadModifyWrite of PERF_CTL MSRVenki Pallipadi
[CPUFREQ] acpi-cpufreq: Proper ReadModifyWrite of PERF_CTL MSR During recent acpi-cpufreq changes, writing to PERF_CTL msr changed from RMW of entire 64 bit to RMW of low 32 bit and clearing of upper 32 bit. Fix it back to do a proper RMW of the MSR. Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com> Signed-off-by: Dave Jones <davej@redhat.com> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09forcedeth bug fix: realtek phyAyaz Abdulla
This patch contains errata fixes for the realtek phy. It only renamed the defines to be phy specific. Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09forcedeth bug fix: vitesse phyAyaz Abdulla
This patch contains errata fixes for the vitesse phy. It only renamed the defines to be phy specific. Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09forcedeth bug fix: cicada phyAyaz Abdulla
This patch contains errata fixes for the cicada phy. It only renamed the defines to be phy specific. Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09fs: 9p/conv.c error path fixMariusz Kozlowski
When buf_check_overflow() returns != 0 we will hit kfree(ERR_PTR(err)) and it will not be happy about it. Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09readahead: MIN_RA_PAGES/MAX_RA_PAGES macrosFengguang Wu
Define two convenient macros for read-ahead: - MAX_RA_PAGES: rounded down counterpart of VM_MAX_READAHEAD - MIN_RA_PAGES: rounded _up_ counterpart of VM_MIN_READAHEAD Note that the rounded up MIN_RA_PAGES will work flawlessly with _large_ page sizes like 64k. Signed-off-by: Fengguang Wu <wfg@mail.ustc.edu.cn> Cc: Steven Pratt <slpratt@austin.ibm.com> Cc: Ram Pai <linuxram@us.ibm.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2007-08-09nfsd: fix possible read-ahead cache and export table corruptionJ. Bruce Fields
The value of nperbucket calculated here is too small--we should be rounding up instead of down--with the result that the index j in the following loop can overflow the raparm_hash array. At least in my case, the next thing in memory turns out to be export_table, so the symptoms I see are crashes caused by the appearance of four zeroed-out export entries in the first bucket of the hash table of exports (which were actually entries in the readahead cache, a pointer to which had been written to the export table in this initialization code). It looks like the bug was probably introduced with commit fce1456a19f5c08b688c29f00ef90fdfa074c79b ("knfsd: make the readahead params cache SMP-friendly"). Cc: Greg Banks <gnb@melbourne.sgi.com> Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu> Acked-by: NeilBrown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>