Joern Engel [Mon, 22 May 2006 21:18:12 +0000 (23:18 +0200)]
[MTD] Merge STMicro NOR_ECC code with Intel Sibley code
In 2002, STMicro started producing NOR flashes with internal ECC protection
for small blocks (8 or 16 bytes). Support for those flashes was added by me.
In 2005, Intel Sibley flashes copied this strategy and Nico added support for
those. Merge the code for both.
Joern Engel [Mon, 22 May 2006 21:18:05 +0000 (23:18 +0200)]
[MTD] Introduce writesize
At least two flashes exists that have the concept of a minimum write unit,
similar to NAND pages, but no other NAND characteristics. Therefore, rename
the minimum write unit to "writesize" for all flashes, including NAND.
Joern Engel [Mon, 22 May 2006 21:17:23 +0000 (23:17 +0200)]
[MTD] Use single flag to mark writeable devices.
Two flags exist to decide whether a device is writeable or not. None of
those two flags is checked for independently, so they are clearly redundant,
if not an invitation to bugs. This patch removed both of them, replacing
them with a single new flag.
David Woodhouse [Mon, 22 May 2006 15:32:05 +0000 (16:32 +0100)]
[JFFS2] Put list of nodes in common part of ic/x_ref/x_datum structure
We'll be using a proper list of nodes in the jffs2_xattr_datum and
jffs2_xattr_ref structures, because the existing code to overwrite
them is just broken. Put it in the common part at the front of the
structure which is shared with the jffs2_inode_cache, so that the
jffs2_link_node_ref() function can do the right thing.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Mon, 22 May 2006 15:29:23 +0000 (16:29 +0100)]
[JFFS2] Add some preemptive BUG checks for XATTR code
In a couple of places, we assume that what's at the end of the
->next_in_ino list is a struct jffs2_inode_cache. Let's check
for that, since we expect it to change soon.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Mon, 22 May 2006 14:23:10 +0000 (15:23 +0100)]
[JFFS2] Extend jffs2_link_node_ref() to link into per-inode list too.
Let's avoid the potential for forgetting to set ref->next_in_ino, by doing
it within jffs2_link_node_ref() instead.
This highlights the ugliness of what we're currently doing with
xattr_datum and xattr_ref structures -- we should find a nicer way of
dealing with that.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Mon, 22 May 2006 11:15:47 +0000 (12:15 +0100)]
[JFFS2] Fix accounting error in jffs2_link_node_ref()
When filing REF_OBSOLETE nodes, we'd add their size to the global
'dirty_size' count, but then to the eraseblock's 'used_size' count.
That's not clever.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sun, 21 May 2006 17:38:51 +0000 (18:38 +0100)]
[MTD] Use symbol_request() in old DiskOnChip probe code to find actual driver
The previous code wouldn't work correctly on architectures which have a
non-empty MODULE_SYMBOL_PREFIX, and this version is neater if slightly
less optimal in the built-in case.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
The patch below adds support for the NAND device on the Amstrad Delta.
This is a 32MiB 8bit Toshiba device, with the data bus connected to the
OMAP MPUIO pins and ALE, CLE, NCE, NRE, NWE and NWP all connected to the
Delta's latch2 16bit latch.
Signed-Off-By: Jonathan McDowell <noodles@earth.li> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sun, 21 May 2006 12:29:11 +0000 (13:29 +0100)]
[JFFS2] Finally eliminate __totlen field from struct jffs2_raw_node_ref
Well, almost. We'll actually keep a 'TEST_TOTLEN' macro set for now, and keep
doing some paranoia checks to make sure it's all working correctly. But if
TEST_TOTLEN is unset, the size of struct jffs2_raw_node_ref drops from 16
bytes to 12 on 32-bit machines. That's a saving of about half a megabyte of
memory on the OLPC prototype board, with 125K or so nodes in its 512MiB of
flash.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sun, 21 May 2006 03:36:45 +0000 (04:36 +0100)]
[JFFS2] Add length argument to jffs2_add_physical_node_ref()
If __totlen is going away, we need to pass the length in separately.
Also stop callers from needlessly setting ref->next_phys to NULL,
since that's done for them... and since that'll also be going away soon.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sun, 21 May 2006 02:57:56 +0000 (03:57 +0100)]
[JFFS2] Discard remaining free space when filing a dirty block in scan.
The incoming ref_totlen() calculation is going to rely on the existence
of nodes which cover all dirty space. We can't just tweak the accounting
data any more; we have to call jffs2_scan_dirty_space() to do it.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
To eliminate the __totlen field from struct jffs2_raw_node_ref, we need
to allocate nodes for dirty space instead of just tweaking the accounting
data. Introduce jffs2_scan_dirty_space() in preparation for that.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sun, 21 May 2006 00:28:05 +0000 (01:28 +0100)]
[JFFS2] Fix memory leak in scan code; improve comments.
If we had to allocate extra space for the summary node, we weren't
correctly freeing it when jffs2_sum_scan_sumnode() returned nonzero --
which is both the success and the failure case. Only when it returned
zero, which means fall through to the full scan, were we correctly freeing
the buffer.
Document the meaning of those return codes while we're at it.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sat, 20 May 2006 23:02:06 +0000 (00:02 +0100)]
[JFFS2] Correct handling of JFFS2_FEATURE_RWCOMPAT_COPY nodes.
We should preserve these when we come to garbage collect them, not let
them get erased. Use jffs2_garbage_collect_pristine() for this, and make
sure the summary code copes -- just refrain from writing a summary for any
block which contains a node we don't understand.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sat, 20 May 2006 18:45:26 +0000 (19:45 +0100)]
[JFFS2] Introduce jffs2_link_node_ref() function to reduce code duplication
The same sequence of code was repeated in many places, to add a new
struct jffs2_raw_node_ref to an eraseblock and adjust the space accounting
accordingly. Move it out-of-line.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sat, 20 May 2006 15:20:19 +0000 (16:20 +0100)]
[JFFS2] Reduce calls to ref_totlen() in jffs2_mark_node_obsolete()
We were calling ref_totlen() 18 times. Even before that becomes a real
function rather than just a dereference, apparently some compilers still
suck anyway. It'll _certainly_ suck after ref_totlen() becomes more
complicated, so calculate it once and don't rely on CSE.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sat, 20 May 2006 15:13:34 +0000 (16:13 +0100)]
[JFFS2] Optimise reading of eraseblock summary nodes
This improves the time to mount 512MiB of NAND flash on my OLPC prototype
by about 4%. We used to read the last page of the eraseblock twice -- once
to find the offset of the summary node, and again to actually _read_ the
summary node. Now we read the last page only once, and read more only if
we need to.
We also don't allocate a new buffer just for the summary code -- we use
the buffer which was already allocated for the scan. Better still, if the
'buffer' for the scan is actually just a pointer directly into NOR flash,
we use that too, avoiding the memcpy() which we used to do.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Andrew Morton [Sat, 20 May 2006 01:06:34 +0000 (18:06 -0700)]
git-mtd: symbol_get() fix
drivers/mtd/devices/docprobe.c: In function `DoC_Probe':
drivers/mtd/devices/docprobe.c:338: warning: assignment from incompatible pointer type
drivers/mtd/devices/docprobe.c:341: warning: assignment from incompatible pointer type
Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Thu, 18 May 2006 23:28:49 +0000 (00:28 +0100)]
[JFFS2] Support new device nodes
Device node major/minor numbers are just stored in the payload of a single
data node. Just extend that to 4 bytes and use new_encode_dev() for it.
We only use the 4-byte format if we _need_ to, if !old_valid_dev(foo).
This preserves backwards compatibility with older code as much as
possible. If we do make devices with major or minor numbers above 255, and
then mount the file system with the old code, it'll just read the first
two bytes and get the numbers wrong. If it comes to garbage-collect it,
it'll then write back those wrong numbers. But that's about the best we
can expect.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
There is a second revision of "mtdconcat NAND/Sibley" patch. I hope
the patch will not get damaged as I'm posting it from gmail account,
thanks to Jorn.
The patch adds previously missing concat_writev(),
concat_writev_ecc(), concat_block_isbad(), concat_block_markbad()
functions to make concatenation layer compatible with Sibley and NAND
chips.
Patch has been cleared from whitespaces, fixed some lines of code as
requested. Also I have added code for alignment check that should
support Jorn's "writesize" patch.
Signed-off-by: Alexander Belyakov <alexander.belyakov@intel.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Martin Michlmayr [Mon, 20 Mar 2006 04:40:26 +0000 (04:40 +0000)]
Re-add module description for ms02-nv to Kconfig
In an unrelated MTD commit, a description about the ms02-nv module
got removed from Kconfig. While I personally agree with this
removal, the module maintainer (Maciej W. Rozycki) would like to
see it added back. In the absense of any consistency regarding
Kconfig descriptions his wish should be followed.
Signed-off-by: Martin Michlmayr <tbm@cyrius.com> Acked-by: Maciej W. Rozycki <macro@linux-mips.org> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Nicolas Pitre [Thu, 30 Mar 2006 14:52:41 +0000 (15:52 +0100)]
cfi_cmdset_0001: factorize code to wait for flash status
This allows for much better abstraction and separation of the XIP and
non-XIP cases with their own specific implementations. This fixes the
case where a timeout was tripped on in the XIP case by the code that
was meant for the non-XIP case only.
This also makes for a nice code reduction.
Signed-off-by: Nicolas Pitre <nico@cam.org> CC: "Alexey, Korolev" <alexey.korolev@intel.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Josh Boyer [Tue, 6 Dec 2005 17:28:19 +0000 (17:28 +0000)]
CHIPS: Fix potential starvation in cfi_cmdset_0001
The patch below fixes a potential starvation issue that can arise when
there is contention on a chip during a period when a process is
currently writing to it. The starvation is avoided by conditionally
rescheduling when the chip is left in a state usable by other processes.
Signed-off-by: Josh Boyer <jdub@us.ibm.com> Signed-off-by: Tom Gall <tom_gall@vnet.ibm.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Tue, 16 May 2006 22:03:08 +0000 (23:03 +0100)]
[JFFS2] Repack some on-medium structures. ARM is weirder than I thought.
We have to pack at least the jint16_t structure, because otherwise it'll
be four bytes in size. Thankfully, we can do that and _not_ pack the
actual node structures, and the compiler still doesn't emit stupid code.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Sergei Shtylyov [Tue, 16 May 2006 16:52:06 +0000 (20:52 +0400)]
NAND: Fix NAND ECC errors on AMD Au1550
On AMD Au1550 the static bus controller fails to keep -CE asserted during
chip ready delay on read commands and the NAND chip being used requires this.
So, the current driver allows nand_base.c to drive -CE manually during the
entire sector read. When the PCMCIA driver is enabled however, occasionally
the ECC errors occur on NAND reads. This happens because the PCMCIA driver
polls sockets periodically and reads one of the board's control/status regs
(BCSRs) which are on the same static bus as the NAND flash, and just use
another chip select (and the NOR flash also resides on that bus), so as the
NAND driver forces NAND chip select asserted and the -RE signal is shared, a
contention occurs on the static bus when BCSR or NOR flash is read while we're
reading from NAND.
So, we either can't keep interrupts enabled during the whole NAND sector
read (which is hardly acceptable), or have to implement some interlocking
scheme between multiple drivers (which is painful, and makes me shudder :-).
There's a third way which has proven to work: to force -CE asserted only
while we're waiting for a NAND chip to become ready after a read command,
disabling interrupts for a maximum of 25 microseconds (according to Toshiba
TC58DVM92A1FT00 datasheet -- this chip is mentioned in the board schematics);
for Samsung NAND chip which seems to be actually used this delay is even less,
12 us.
Signed-off-by: Konstantin Baydarov <kbaidarov@ru.mvista.com> Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Ben Dooks [Tue, 16 May 2006 16:31:15 +0000 (17:31 +0100)]
[MTD] Fix build warnings in RedBoot MTD partition parser.
Fix build warnings from drivers/mtd/redboot.c due to
use of `unsigned long` in `struct fis_image_desc` for
fields being passed to swab32s() which expects __u32 *
Change the entries to uint32_t to make them compatible
with the swab32s() function
Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Sergei Shtylyov [Tue, 16 May 2006 16:16:41 +0000 (20:16 +0400)]
NAND: AMD Au1550 driver reads write-only register
During the last cleanup of the AMD Au1550 NAND driver the old buglet was
reintroduced: as the MEM_STNDCTL register is write-only and seem to always
read as 0x31, read-modify-write to it done in au1xxx_nand_init() will have the
side effect of enabling -RCS0/1 pin override (via bits 4/5 of this reg.), thus
possibly causing a contention on the static bus when the NOR flash (using
-RCS0) or board control status registers (using -RCS2) are read. Luckily, this
goes away with a first NAND access, since au1550_hwcontrol() doesn't try to
read this register before writing anymore.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Tue, 16 May 2006 16:05:33 +0000 (17:05 +0100)]
[JFFS2] Fix printk format in jffs2_sum_write_data() error message.
fs/jffs2/summary.c: In function ‘jffs2_sum_write_data’:
fs/jffs2/summary.c:658: warning: format ‘%zd’ expects type ‘signed size_t’, but argument 4 has type ‘uint32_t’
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Andrew Morton [Mon, 15 May 2006 16:44:43 +0000 (09:44 -0700)]
[PATCH] dl2k needs dma-mapping.h
On alpha:
drivers/net/dl2k.c: In function `rio_free_tx':
drivers/net/dl2k.c:768: error: `DMA_48BIT_MASK' undeclared (first use in this function)
drivers/net/dl2k.c:768: error: (Each undeclared identifier is reported only once
drivers/net/dl2k.c:768: error: for each function it appears in.)
drivers/net/dl2k.c: In function `receive_packet':
drivers/net/dl2k.c:896: error: `DMA_48BIT_MASK' undeclared (first use in this function)
drivers/net/dl2k.c: In function `rio_close':
drivers/net/dl2k.c:1803: error: `DMA_48BIT_MASK' undeclared (first use in this function)
Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Mon, 15 May 2006 16:44:42 +0000 (09:44 -0700)]
[PATCH] jffs2 warning fixes
fs/jffs2/nodelist.c: In function `check_node_data':
fs/jffs2/nodelist.c:441: warning: unsigned int format, different type arg (arg 4)
fs/jffs2/nodelist.c:464: warning: int format, different type arg (arg 5)
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Peter Osterlund [Mon, 15 May 2006 16:44:40 +0000 (09:44 -0700)]
[PATCH] devices.txt: remove pktcdvd entry
Changing the driver to use dynamic device numbers was one of the many
changes that were made in order to have the driver accepted into the
mainline kernel. Therefore I would say that the entry in devices.txt is
obsolete. This patch removes it.
Signed-off-by: Peter Osterlund <petero2@telia.com> Cc: Torben Mathiasen <device@lanana.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Do not enable the SMBus device on Asus boards if suspend is used. We do
not reenable the device on resume, leading to all sorts of undesirable
effects, the worst being a total fan failure after resume on Samsung P35
laptop.
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net> Signed-off-by: Pavel Machek <pavel@suse.cz> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Valdis.Kletnieks@vt.edu wrote:
>
> There seems to have been a bug introduced in this changeset:
>
> Am running 2.6.17-rc3-mm1. When this changeset is applied, 'mount --bind'
> misbehaves:
>
> > # mkdir /foo
> > # mount -t tmpfs -o rw,nosuid,nodev,noexec,noatime,nodiratime none /foo
> > # mkdir /foo/bar
> > # mount --bind /foo/bar /foo
> > # tail -2 /proc/mounts
> > none /foo tmpfs rw,nosuid,nodev,noexec,noatime,nodiratime 0 0
> > none /foo tmpfs rw 0 0
>
> Reverting this changeset causes both mounts to have the same options.
>
> (Thanks to Stephen Smalley for tracking down the changeset...)
>
Cc: Herbert Poetzl <herbert@13thfloor.at> Cc: Christoph Hellwig <hch@infradead.org> Cc: <Valdis.Kletnieks@vt.edu> Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andy Whitcroft [Mon, 15 May 2006 16:44:29 +0000 (09:44 -0700)]
[PATCH] root mount failure: emit filesystems attempted
When we fail to mount from a valid root device list out the filesystems we
have tried to mount it with. This gives the user vital diagnostics as to
what is missing from their kernel.
For example in the fragment below the kernel does not have CRAMFS compiled
into the kernel and yet appears to recognise it at the RAMDISK detect
stage. Later the mount fails as we don't have the filesystem.
RAMDISK: cramfs filesystem found at block 0
RAMDISK: Loading 1604KiB [1 disk] into ram disk... done.
XFS: bad magic number
XFS: SB validate failed
No filesystem could mount root, tried: reiserfs ext3 ext2 msdos vfat
iso9660 jfs xfs
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(8,1)
Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Benjamin LaHaise [Mon, 15 May 2006 16:44:24 +0000 (09:44 -0700)]
[PATCH] Add Core Solo and Core Duo support to oprofile
Add support to oprofile for the Intel Core Solo and Core Duo processors.
See also the patch to add support to oprofile-0.9.1-8.1.1 at
http://www.kvack.org/~bcrl/patches/oprofile/oprofile-core-0.9.1.diff .
Signed-off-by: Benjamin LaHaise <benjamin.c.lahaise@intel.com> Cc: Philippe Elie <phil.el@wanadoo.fr> Cc: John Levon <levon@movementarian.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Hua Zhong [Mon, 15 May 2006 16:44:22 +0000 (09:44 -0700)]
[PATCH] fix can_share_swap_page() when !CONFIG_SWAP
can_share_swap_page() is used to check if the page has the last reference.
This avoids allocating a new page for COW if it's the last page.
However, if CONFIG_SWAP is not set, can_share_swap_page() is defined as 0,
thus always causes a copy for the last COW page. The below simple patch
fixes it.
Signed-off-by: Hua Zhong <hzhong@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Latchesar Ionkov [Mon, 15 May 2006 16:44:21 +0000 (09:44 -0700)]
[PATCH] v9fs: signal handling fixes
Multiple races can happen when v9fs is interrupted by a signal and Tflush
message is sent to the server. After v9fs sends Tflush it doesn't wait
until it receives Rflush, and possibly the response of the original
message. This behavior may confuse v9fs what fids are allocated by the
file server.
This patch fixes the races and the fid allocation.
Signed-off-by: Latchesar Ionkov <lucho@ionkov.net> Cc: Eric Van Hensbergen <ericvh@hera.kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Richard Purdie [Mon, 15 May 2006 16:44:17 +0000 (09:44 -0700)]
[PATCH] LED: Fix sysfs store function error handling
Fix the error handling of some LED _store functions. This corrects them to
return -EINVAL if the value is not numeric with an optional byte of trailing
whitespace.
Signed-off-by: Richard Purdie <rpurdie@rpsys.net> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The backlight and LCD class _store functions currently accept values like "34
some random strings" without error. This corrects them to return -EINVAL if
the value is not numeric with an optional byte of trailing whitespace.
Signed-off-by: Richard Purdie <rpurdie@rpsys.net> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Mike Kravetz [Mon, 15 May 2006 16:44:13 +0000 (09:44 -0700)]
[PATCH] add slab_is_available() routine for boot code
slab_is_available() indicates slab based allocators are available for use.
SPARSEMEM code needs to know this as it can be called at various times
during the boot process.
Signed-off-by: Mike Kravetz <kravetz@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jan Niehusmann [Mon, 15 May 2006 16:44:12 +0000 (09:44 -0700)]
[PATCH] smbfs: Fix slab corruption in samba error path
Yesterday, I got the following error with 2.6.16.13 during a file copy from
a smb filesystem over a wireless link. I guess there was some error on the
wireless link, which in turn caused an error condition for the smb
filesystem.
In the log, smb_file_read reports error=4294966784 (0xfffffe00), which also
shows up in the slab dumps, and also is -ERESTARTSYS. Error code 27499
corresponds to 0x6b6b, so the rq_errno field seems to be the only one being
set after freeing the slab.
In smb_add_request (which is the only place in smbfs where I found
ERESTARTSYS), I found the following:
if (!timeleft || signal_pending(current)) {
/*
* On timeout or on interrupt we want to try and remove the
* request from the recvq/xmitq.
*/
smb_lock_server(server);
if (!(req->rq_flags & SMB_REQ_RECEIVED)) {
list_del_init(&req->rq_queue);
smb_rput(req);
}
smb_unlock_server(server);
}
[...]
if (signal_pending(current))
req->rq_errno = -ERESTARTSYS;
I guess that some codepath like smbiod_flush() caused the request to be
removed from the queue, and smb_rput(req) be called, without
SMB_REQ_RECEIVED being set. This violates an asumption made by the quoted
code.
Then, the above code calls smb_rput(req) again, the req gets freed, and
req->rq_errno = -ERESTARTSYS writes into the already freed slab. As
list_del_init doesn't cause an error if called multiple times, that does
cause the observed behaviour (freed slab with rq_errno=-ERESTARTSYS).
If this observation is correct, the following patch should fix it.
I wonder why the smb code uses list_del_init everywhere - using list_del
instead would catch such situations by poisoning the next and prev
pointers.
May 4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Firmware error detected. Restarting.
May 4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Sysfs 'error' log captured.
May 4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Firmware error detected. Restarting.
May 4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Sysfs 'error' log already exists.
May 4 23:33:02 knautsch kernel: [17180306.968000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:34:18 knautsch kernel: [17180383.256000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:34:18 knautsch kernel: [17180383.284000] SMB connection re-established (-5)
May 4 23:37:19 knautsch kernel: [17180563.956000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:40:09 knautsch kernel: [17180733.636000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:40:26 knautsch kernel: [17180750.700000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:43:02 knautsch kernel: [17180907.304000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:43:08 knautsch kernel: [17180912.324000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:43:34 knautsch kernel: [17180938.416000] smb_errno: class Unknown, code 27499 from command 0x6b
May 4 23:43:34 knautsch kernel: [17180938.416000] Slab corruption: start=c4ebe09c, len=244
May 4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.
May 4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May 4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May 4 23:43:34 knautsch kernel: [17180938.416000] 0f0: 00 fe ff ff
May 4 23:43:34 knautsch kernel: [17180938.416000] Next obj: start=c4ebe19c, len=244
May 4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.
May 4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May 4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May 4 23:43:34 knautsch kernel: [17180938.416000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May 4 23:43:34 knautsch kernel: [17180938.460000] SMB connection re-established (-5)
May 4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Firmware error detected. Restarting.
May 4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Sysfs 'error' log already exists.
May 4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Firmware error detected. Restarting.
May 4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Sysfs 'error' log already exists.
May 4 23:45:05 knautsch kernel: [17181029.868000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:45:36 knautsch kernel: [17181060.984000] smb_errno: class Unknown, code 27499 from command 0x6b
May 4 23:45:36 knautsch kernel: [17181060.984000] Slab corruption: start=c4ebe09c, len=244
May 4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.
May 4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May 4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May 4 23:45:36 knautsch kernel: [17181060.984000] 0f0: 00 fe ff ff
May 4 23:45:36 knautsch kernel: [17181060.984000] Next obj: start=c4ebe19c, len=244
May 4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.
May 4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May 4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May 4 23:45:36 knautsch kernel: [17181060.984000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May 4 23:45:36 knautsch kernel: [17181061.024000] SMB connection re-established (-5)
May 4 23:46:17 knautsch kernel: [17181102.132000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:47:46 knautsch kernel: [17181190.468000] smb_errno: class Unknown, code 27499 from command 0x6b
May 4 23:47:46 knautsch kernel: [17181190.468000] Slab corruption: start=c4ebe09c, len=244
May 4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.
May 4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May 4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May 4 23:47:46 knautsch kernel: [17181190.468000] 0f0: 00 fe ff ff
May 4 23:47:46 knautsch kernel: [17181190.468000] Next obj: start=c4ebe19c, len=244
May 4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.
May 4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May 4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May 4 23:47:46 knautsch kernel: [17181190.468000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May 4 23:47:46 knautsch kernel: [17181190.492000] SMB connection re-established (-5)
May 4 23:49:20 knautsch kernel: [17181284.828000] smb_file_read: //some_file validation failed, error=4294966784
May 4 23:49:39 knautsch kernel: [17181303.896000] smb_file_read: //some_file validation failed, error=4294966784
Signed-off-by: Jan Niehusmann <jan@gondor.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Trent Piepho [Mon, 15 May 2006 16:44:06 +0000 (09:44 -0700)]
[PATCH] symbol_put_addr() locks kernel
Even since a previous patch:
Fix race between CONFIG_DEBUG_SLABALLOC and modules
Sun, 27 Jun 2004 17:55:19 +0000 (17:55 +0000)
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/old-2.6-bkcvs.git;a=commit;h=92b3db26d31cf21b70e3c1eadc56c179506d8fbe
The function symbol_put_addr() will deadlock the kernel.
symbol_put_addr() would acquire modlist_lock, then while holding the lock call
two functions kernel_text_address() and module_text_address() which also try
to acquire the same lock. This deadlocks the kernel of course.
This patch changes symbol_put_addr() to not acquire the modlist_lock, it
doesn't need it since it never looks at the module list directly. Also, it
now uses core_kernel_text() instead of kernel_text_address(). The latter has
an additional check for addr inside a module, but we don't need to do that
since we call module_text_address() (the same function kernel_text_address
uses) ourselves.
Signed-off-by: Trent Piepho <xyzzy@speakeasy.org> Cc: Zwane Mwaikambo <zwane@fsmlabs.com> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Cc: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add new vmsplice system call and add missing __NR_xxx defines for
sys_set_robust_list, sys_get_robust_list, sys_splice, sys_sync_file_range
and sys_tee.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Mark Huang [Mon, 15 May 2006 16:44:03 +0000 (09:44 -0700)]
[PATCH] initramfs: fix CPIO hardlink check
Copy the filenames of hardlinks when inserting them into the hash, since
the "name" pointer may point to scratch space (name_buf). Not doing so
results in corruption if the scratch space is later overwritten: the wrong
file may be hardlinked, or, if the scratch space contains garbage, the link
will fail and a 0-byte file will be created instead.
Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Cc: "H. Peter Anvin" <hpa@zytor.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Greg Smith [Mon, 15 May 2006 16:44:02 +0000 (09:44 -0700)]
[PATCH] s390: lcs incorrect test
While debugging why our LCS emulator is having some problems I noticed the
following weirdness in drivers/s390/net/lcs.c routine lcs_irq. The `if'
statement is always true since SCHN_STAT_PCI is defined as 0x80.
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Mon, 15 May 2006 16:43:59 +0000 (09:43 -0700)]
[PATCH] setup_per_zone_pages_min() overflow fix
As pointed out in http://bugzilla.kernel.org/show_bug.cgi?id=6490, this
function can experience overflows on 32-bit machines, causing our response to
changed values of min_free_kbytes to go whacky.
Fixing it efficiently is all too hard, so fix it with 64-bit math instead.
Cc: Ake Sandgren <ake.sandgren@hpc2n.umu.se> Cc: Martin Bligh <mbligh@google.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Heiko Carstens [Mon, 15 May 2006 16:43:58 +0000 (09:43 -0700)]
[PATCH] RCU: introduce rcu_needs_cpu() interface
With "Paul E. McKenney" <paulmck@us.ibm.com>
Introduce rcu_needs_cpu() interface. This can be used to tell if there
will be a new rcu batch on a cpu soon by looking at the curlist pointer.
This can be used to avoid to enter a tickless idle state where the cpu
would miss that a new batch is ready when rcu_start_batch would be called
on a different cpu.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: "Paul E. McKenney" <paulmck@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Olaf Kirch [Mon, 15 May 2006 16:43:57 +0000 (09:43 -0700)]
[PATCH] smbfs chroot issue (CVE-2006-1864)
Mark Moseley reported that a chroot environment on a SMB share can be left
via "cd ..\\". Similar to CVE-2006-1863 issue with cifs, this fix is for
smbfs.
Steven French <sfrench@us.ibm.com> wrote:
Looks fine to me. This should catch the slash on lookup or equivalent,
which will be all obvious paths of interest.
Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Chris Wedgwood [Mon, 15 May 2006 16:43:55 +0000 (09:43 -0700)]
[PATCH] VIA quirk fixup, additional PCI IDs
An earlier commit (75cf7456dd87335f574dcd53c4ae616a2ad71a11) changed an
overly-zealous PCI quirk to only poke those VIA devices that need it.
However, some PCI devices were not included in what I hope is now the full
list. Consequently we're failing to run the quirk on all machines which need
it, causing IRQ routing failures.
This should I hope correct this.
Thanks to Masoud Sharbiani <masouds@masoud.ir> for pointing this out
and testing the fix.
Signed-off-by: Chris Wedgwood <cw@f00f.org> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Kylene Jo Hall [Mon, 15 May 2006 16:43:53 +0000 (09:43 -0700)]
[PATCH] tpm: update module dependencies
The TIS driver is dependent upon information from the ACPI table for device
discovery thus it compiles but does no actual work without this dependency.
Signed-off-by: Kylene Hall <kjhall@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Stefan Schweizer [Mon, 15 May 2006 16:43:52 +0000 (09:43 -0700)]
[PATCH] Fix capi reload by unregistering the correct major
I am having the bug FATAL: Error inserting capi ([..]/capi.ko): Device or
resource busy when I try to reload capi after loading it. in dmesg:
capi20: unable to get major 68
Fix the issue which is caused by setting the major to zero when registering
the chrdev succeeded.
(akpm: this means that we can again not use `major=0' (dynamic major
allocation) for this driver).
Ian Kent [Mon, 15 May 2006 16:43:51 +0000 (09:43 -0700)]
[PATCH] autofs4: NFY_NONE wait race fix
This patch fixes two problems.
First, the comparison of entries in the waitq.c was incorrect.
Second, the NFY_NONE check was incorrect. The test of whether the dentry
is mounted if ineffective, for example, if an expire fails then we could
wait forever on a non existant expire. The bug was identified by Jeff
Moyer.
The patch changes autofs4 to wait on expires only as this is all that's
needed. If there is no existing wait when autofs4_wait is call with a type
of NFY_NONE it delays until either a wait appears or the the expire flag is
cleared.
Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Andrew Morton [Mon, 15 May 2006 12:45:58 +0000 (13:45 +0100)]
[JFFS2] Fix printk format in some error messages.
fs/jffs2/nodelist.c: In function `check_node_data':
fs/jffs2/nodelist.c:441: warning: unsigned int format, different type arg (arg 4)
fs/jffs2/nodelist.c:464: warning: int format, different type arg (arg 5)
Modified from Andrew's original fix because while his terminal may indeed
only have eighty columns, mine only has _TWENTYFOUR_ lines. So the
cosmetic fluff is perfectly OK out past column 80 where it was -- the
casual reader doesn't _care_ about anything more than the fact that it
goes 'if (foo) JFFS2_WARNING...', and there's no point wasting a whole
line to display the tail end of the printk which nobody actually cares
about.
Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sun, 14 May 2006 23:49:43 +0000 (00:49 +0100)]
[JFFS2] Don't pack on-medium structures, because GCC emits crappy code
If we use __attribute__((packed)), GCC will _also_ assume that the
structures aren't sensibly aligned, and it'll emit code to cope with
that instead of straight word load/save. This can be _very_ suboptimal
on architectures like ARM.
Ideally, we want an attribute which just tells GCC not to do any
padding, without the alignment side-effects. In the absense of that,
we'll just drop the 'packed' attribute and hope that everything stays as
it was (which to be fair is fairly much what we expect). And add some
paranoia checks in the initialisation code, which should be optimised
away completely in the normal case.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
David Woodhouse [Sun, 14 May 2006 15:54:39 +0000 (16:54 +0100)]
[MTD NAND] Modify check for modules registering NAND devices without ->owner
Make it work even with compilers which lack the wit to notice that
THIS_MODULE is always non-NULL. Use #ifdef MODULE instead. It's only
a temporary debugging check anyway.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>