Fix two issuses related to ipc_ids->entries freeing.
1. When freeing ipc namespace we need to free entries allocated
with ipc_init_ids().
2. When removing old entries in grow_ary() ipc_rcu_putref()
may be called on entries set to &ids->nullentry earlier in
ipc_init_ids().
This is almost impossible without namespaces, but with
them this situation becomes possible.
Found during OpenVZ testing after obvious leaks in beancounters.
Signed-off-by: Pavel Emelianov <xemul@openvz.org>
Cc: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Move journal-api into filesystems.tmpl as a Chapter. Applies on top of the
previous docbook: make a filesystems book patch.
Remove trailing whitespace from journal-api chapter. Align some of the
tags.
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Correct a few comments in kernel-doc Doc and source files.
(akpm: note: the patch removes a non-ascii character and might have to be
applied by hand..)
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
758333458a fixes the not checked copy_to_user
return value of compat_sys_pselect7. I ran into this too because of an old
source tree, but my fix would look quite a bit different to Andi's fix.
The reason is that the compat function IMHO should behave the very same as
the non-compat function if possible. Since sys_pselect7 does not return
-EFAULT in this specific case, change the compat code so it behaves like
sys_pselect7.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This allows udev to do something intelligent when an array becomes
available.
Acked-by: Greg KH <greg@kroah.com>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Neil's xterms are too wide.
Cc: Neil Brown <neilb@cse.unsw.edu.au>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
I missed a pointer dereference in this kmalloc result check.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
[CIFS] report rename failure when target file is locked by Windows
[CIFS] Allow null user connections
[CIFS] Fix readdir breakage when blocksize set too small
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/roland/infiniband:
RDMA/addr: Use client registration to fix module unload race
IB/mthca: Fix MAD extended header format for MAD_IFC firmware command
IB/uverbs: Return sq_draining value in query_qp response
IB/amso1100: Fix incorrect pr_debug()
IB/amso1100: Use dma_alloc_coherent() instead of kmalloc/dma_map_single
IB/ehca: Fix eHCA driver compilation for uniprocessor
RDMA/cma: rdma_bind_addr() leaks a cma_dev reference count
IB/iser: Start connection after enabling iSER
Require registration with ib_addr module to prevent caller from
unloading while a callback is in progress.
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Do not use -msym32 option for modules.
[MIPS] Don't use R10000 llsc workaround version for all llsc-full processors.
[MIPS] Ocelot G: Fix : "CURRENTLY_UNUSED" is not defined warning.
[MIPS] Fix warning about init_initrd() call if !CONFIG_BLK_DEV_INITRD.
[MIPS] IP27: Allow SMP ;-) Another changeset messed up by patch.
[MIPS] Fix merge screwup by patch(1)
Revert "[MIPS] Make SPARSEMEM selectable on QEMU."
On 64-bit kernel, modules are loaded into XKSEG for now. While XKSEG
address is not a sign-extended 32-bit address, we can not use -msym32
option.
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
CC arch/mips/momentum/ocelot_g/gt-irq.o
arch/mips/momentum/ocelot_g/gt-irq.c:30:5: warning: "CURRENTLY_UNUSED" is not defined
arch/mips/momentum/ocelot_g/gt-irq.c:199:5: warning: "CURRENTLY_UNUSED" is not defined
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
When lmo commit 4ef893e0515e8bf336dfbd200884f244869fbb43 was merged to
kernel.org as e73ea273ef patch happily
applied the IP27 segment to IP22. f63f36c18b11e166d0f362ac04dbcd7e6ea23f9e
did fix the effects partially - and with a wrong log message. Now fixed
for real (tm).
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Patch happily applied an Ocelot G patch to Ocelot C when merging
linux-mips.org changeset 91ee9a801e65d2981dfe327d2519c7fc6ab02e6b into
kernel.org as 6ceb6d3ab2.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This reverts commit 31473747bd.
Another amazing example of patch(1) messing up - lmo changeset
66e8560d11d02bcadc261498471831a6375ad046 was merged twice to kernel.org
and ended up doing this rubbish job.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NETFILTER]: silence a warning in ebtables
[IPV6]: File the fingerprints off ah6->spi/esp6->spi
[TCP]: Set default congestion control when no sysctl.
[TIPC] net/tipc/port.c: fix NULL dereference
Fixes Samba bugzilla bug # 4182
Rename by handle failures (retry after rename by path) were not
being returned back.
Signed-off-by: Steve French <sfrench@us.ibm.com>
This reverts commit f833229c96:
According to reviewers and the lspci data provided in commit message
itself, PCI ID 0x7110 should not have been added to ata_piix.
Signed-off-by: Jeff Garzik <jeff@garzik.org>
net/bridge/netfilter/ebtables.c: In function 'ebt_dev_check':
net/bridge/netfilter/ebtables.c:89: warning: initialization discards qualifiers from pointer target type
So make the char* a const char * and the warning is gone.
Signed-off-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
I copied the logic from ll/sc arch implementations, but that
was wrong and makes no sense at all. Just do a straight
compare-exchange instruction, just like x86.
Based upon bug reports from Dennis Gilmore and Fabio Massimo.
Signed-off-by: David S. Miller <davem@davemloft.net>
In theory these are opaque 32bit values. However, we end up
allocating them sequentially in host-endian and stick unchanged
on the wire.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
The setting of the default congestion control was buried in
the sysctl code so it would not be done properly if SYSCTL was
not enabled.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The correct order is: NULL check before dereference
Spotted by the Coverity checker.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
It turns out that the linker warnings on 64-bit powerpc about "section
blah exceeds stub group size" were being triggered by conditional
branches in head_64.S branching to global symbols, whether in
head_64.S or in other files. This eliminates the warnings by making
some global symbols in head_64.S no longer global, and by rearranging
some branches.
Signed-off-by: Paul Mackerras <paulus@samba.org>
[ Yee-haa. Maybe I'll notice newly introduced real warnings now - Linus ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Since the "mask" bit is in the low word, when we write a new entry, we
need to write the high word first, before we potentially unmask it.
The exception is when we actually want to mask the interrupt, in which
case we want to write the low word first to make sure that the high word
doesn't change while the interrupt routing is still active.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This is preparation for fixing the ordering of the accesses that
got broken by the commit cf4c6a2f27 when
factoring out the "common" io apic routing entry accesses.
Move the accessor function (that were only used by io_apic.c) out
of a header file, and use proper memory-mapped accesses rather than
making up our own "volatile" pointers.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Make alignment exception always check exception table
[POWERPC] Disallow kprobes on emulate_step and branch_taken
[POWERPC] Make mmiowb's io_sync preempt safe
[POWERPC] Make high hugepage areas preempt safe
[POWERPC] Make current preempt-safe
[POWERPC] qe_lib: qe_issue_cmd writes wrong value to CECDR
[POWERPC] Use 4kB iommu pages even on 64kB-page systems
[POWERPC] Fix oprofile support for e500 in arch/powerpc
[POWERPC] Fix rmb() for e500-based machines it
[POWERPC] Fix various offb issues
ahci_softreset() used to use ahci_tf_read() which reads D2H_REG area
to check for the Status register. However, this area is zeroed on
initialization and not set by initial signature FIS. Replace it with
ahci_check_status().
This bug prevented CLO code from being activated whenever BSY and/or
DRQ is set prior to softreset. This fix makes
AHCI_FLAG_RESET_NEEDS_CLO flag redundant.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[PATCH] ata_piix: allow 01b MAP for both ICH6M and ICH7M
[PATCH] libata: unexport ata_dev_revalidate()
[PATCH] Add 0x7110 piix to ata_piix.c
[PATCH] sata_sis: fix flags handling for the secondary port
The alignment exception used to only check the exception table for
-EFAULT, not for other errors. That opens an oops window if we can
coerce the kernel into getting an alignment exception for other reasons
in what would normally be a user-protected accessor, which can be done
via some of the futex ops. This fixes it by always checking the
exception tables.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
On powerpc, probing on emulate_step function will crash 2.6.18.1 when
it is triggered.
When kprobe is triggered, emulate_step() is on its kernel path and
will cause recursive kprobe fault. And branch_taken() is called
in emulate_step(). This disallows kprobes on both of them.
Signed-off-by: Paul Mackerras <paulus@samba.org>
If mmiowb() is always used prior to releasing spinlock as Doc suggests,
then it's safe against preemption; but I'm not convinced that's always
the case. If preemption occurs between sync and get_paca()->io_sync = 0,
I believe there's no problem. But in the unlikely event that gcc does
the store relative to another register than r13 (as it did with current),
then there's a small danger of setting another cpu's io_sync to 0, after
it had just set it to 1. Rewrite ppc64 mmiowb to prevent that.
The remaining io_sync assignments in io.h all get_paca()->io_sync = 1,
which is harmless even if preempted to the wrong cpu (the context switch
itself syncs); and those in spinlock.h are while preemption is disabled.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Checking source for other get_paca()->field preemption dangers found that
open_high_hpage_areas does a structure copy into its paca while preemption
is enabled: unsafe however gcc accomplishes it. Just remove that copy:
it's done safely afterwards by on_each_cpu, as in open_low_hpage_areas.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Acked-by: David Gibson <dwg@au1.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Repeated -j20 kernel builds on a G5 Quad running an SMP PREEMPT kernel
would often collapse within a day, some exec failing with "Bad address".
In each case examined, load_elf_binary was doing a kernel_read, but
generic_file_aio_read's access_ok saw current->thread.fs.seg as USER_DS
instead of KERNEL_DS.
objdump of filemap.o shows gcc 4.1.0 emitting "mr r5,r13 ... ld r9,416(r5)"
here for get_paca()->__current, instead of the expected and much more usual
"ld r9,416(r13)"; I've seen other gcc4s do the same, but perhaps not gcc3s.
So, if the task is preempted and rescheduled on a different cpu in between
the mr and the ld, r5 will be looking at a different paca_struct from the
one it's now on, pick up the wrong __current, and perhaps the wrong seg.
Presumably much worse could happen elsewhere, though that split is rare.
Other architectures appear to be safe (x86_64's read_pda is more limiting
than get_paca), but ppc64 needs to force "current" into one instruction.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>