aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/block
Commit message (Collapse)AuthorAge
* Merge ../linux-2.6James Bottomley2006-06-10
|\
| * [PATCH] USB: ub oops in block_ueventPete Zaitcev2006-05-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In kernel 2.6.16, if a mounted storage device is removed, an oops happens because ub supplies an interface device (and kobject) to the block layer, but neglects to pin it. And apparently, the block layer expects its users to pin device structures. The code in ub was broken this way for years. But the bug was exposed only by 2.6.16 when it started to call block_uevent on close, which traverses device structures (kobjects actually). Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] powerpc: Use check_legacy_ioport() on ppc32 too.David Woodhouse2006-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | Some people report that we die on some Macs when we are expecting to catch machine checks after poking at some random I/O address. I'd seen it happen on my dual G4 with serial ports until we fixed those to use OF, but now other users are reporting it with i8042. This expands the use of check_legacy_ioport() to avoid that situation even on 32-bit kernels. Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
| * [PATCH] cciss: bug fix for crash when running hpacucliMike Miller2006-04-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a crash when running hpacucli with multiple logical volumes on a cciss controller. We were not properly initializing the disk->queue and causing a fault. Thanks to Hasso Tepper for reporting the problem. Thanks to Steve Cameron for root causing the problem. Most of the patch just moves things around. The fix is a one-liner. Signed-off-by: Mike Miller <mike.miller@hp.com> Signed-off-by: Stephen Cameron <steve.cameron@hp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | [SCSI] fix up request buffer reference in various scsi driversChristoph Hellwig2006-06-06
| | | | | | | | | | | | | | | | | | | | | | | | Various scsi drivers use scsi_cmnd.buffer and scsi_cmnd.bufflen in their queuecommand functions. Those fields are internal storage for the midlayer only and are used to restore the original payload after request_buffer and request_bufflen have been overwritten for EH. Using the buffer and bufflen fields means they do very broken things in error handling. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
* | [SCSI] fix (unlikely) memory leak in DAC960 driverJesper Juhl2006-05-20
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Coverity checker found a memory leak (bug nr. 1245) in drivers/block/DAC960.c::DAC960_V2_ProcessCompletedCommand() The leak is pretty unlikely since it requires that the first of two successive kmalloc() calls fail while the second one succeeds. But it can still happen even if it's unlikely. If the first call that allocates 'PhysicalDeviceInfo' fails but the one that allocates 'InquiryUnitSerialNumber' succeeds, then we will leak the memory allocated to 'InquiryUnitSerialNumber' when the variable goes out of scope. A simple fix for this is to change the existing code that frees 'PhysicalDeviceInfo' if that one was allocated but 'InquiryUnitSerialNumber' was not, into a check for either pointer being NULL and if so just free both. This is safe since kfree() can deal with being passed a NULL pointer and it avoids the leak. While I was there I also removed the casts of the kmalloc() return value since it's pointless. I also updated the driver version since this patch changes the workings of the code (however slightly). This issue could probably be fixed a lot more elegantly, but the code is a big mess IMHO and I just took the least intrusive route to a fix that I could find instead of starting on a cleanup as well (that can come later). Please consider for inclusion. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
* [PATCH] Don't pass boot parameters to argv_init[]OGAWA Hirofumi2006-03-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The boot cmdline is parsed in parse_early_param() and parse_args(,unknown_bootoption). And __setup() is used in obsolete_checksetup(). start_kernel() -> parse_args() -> unknown_bootoption() -> obsolete_checksetup() If __setup()'s callback (->setup_func()) returns 1 in obsolete_checksetup(), obsolete_checksetup() thinks a parameter was handled. If ->setup_func() returns 0, obsolete_checksetup() tries other ->setup_func(). If all ->setup_func() that matched a parameter returns 0, a parameter is seted to argv_init[]. Then, when runing /sbin/init or init=app, argv_init[] is passed to the app. If the app doesn't ignore those arguments, it will warning and exit. This patch fixes a wrong usage of it, however fixes obvious one only. Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Replace 0xff.. with correct DMA_xBIT_MASKMatthias Gehre2006-03-28
| | | | | | | | | | Replace all occurences of 0xff.. in calls to function pci_set_dma_mask() and pci_set_consistant_dma_mask() with the corresponding DMA_xBIT_MASK from linux/dma-mapping.h. Signed-off-by: Matthias Gehre <M.Gehre@gmx.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] drivers/block/*: use time_after() and friendsMarcelo Feitoza Parisi2006-03-28
| | | | | | | | | | They deal with wrapping correctly and are nicer to read. Signed-off-by: Marcelo Feitoza Parisi <marcelo@feitoza.com.br> Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] drivers/block/acsi_slm.c: size_t can't be < 0Alexey Dobriyan2006-03-28
| | | | | | | | | | A size_t can't be < 0. (akpm: and rw_verify_area() already did that check) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] drivers/block/paride/pd.c: fix an off-by-one errorAdrian Bunk2006-03-28
| | | | | | | | The Coverity checker found this off-by-one error. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] paride-pt: register_chrdev fixAndrew Morton2006-03-28
| | | | | | | | If the user specified `major=0' (odd thing to do), pt.c will use dynamic allocation. We need to pick up that major for subsequent unregister_chrdev(). Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] paride: register_chrdev fixAndrew Morton2006-03-28
| | | | | | | | If the user specified `major=0' (odd thing to do), pg.c will use dynamic allocation. We need to pick up that major for subsequent unregister_chrdev(). Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] let BLK_DEV_RAM_COUNT depend on BLK_DEV_RAMAdrian Bunk2006-03-28
| | | | | | | | | It's purely cosmetic, but with the patch there's no longer a BLK_DEV_RAM_COUNT setting in the .config if BLK_DEV_RAM=n. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] unused label in drivers/block/cciss.Eric Sesterhenn2006-03-27
| | | | | | | | this patch removes a warning about an unused label, by moving the label into the ifdef. Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] kzalloc() conversion in drivers/blockEric Sesterhenn2006-03-27
| | | | | | | | this patch converts drivers/block to kzalloc usage. Compile tested with allyesconfig. Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] mempool: use mempool_create_slab_pool()Matthew Dobson2006-03-26
| | | | | | | | | | Modify well over a dozen mempool users to call mempool_create_slab_pool() rather than calling mempool_create() with extra arguments, saving about 30 lines of code and increasing readability. Signed-off-by: Matthew Dobson <colpatch@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] mempool: use common mempool kmalloc allocatorMatthew Dobson2006-03-26
| | | | | | | | | | This patch changes several mempool users, all of which are basically just wrappers around kmalloc(), to use the common mempool_kmalloc/kfree, rather than their own wrapper function, removing a bunch of duplicated code. Signed-off-by: Matthew Dobson <colpatch@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Update documentation for BLK_DEV_INITRD to match current usageH. Peter Anvin2006-03-26
| | | | | | | | | Cc: Al Viro <viro@ftp.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Cc: Zdenek Pavlas <pavlas@nextra.cz> Signed-off-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] loop: potential kernel hang waiting for kthreadHerbert Poetzl2006-03-26
| | | | | | | | | Check that kernel_thread() succeeded, so we don't wait for something which cannot happen. Signed-off-by: Herbert Poetzl <herbert@13thfloor.at> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] drivers/block/floppy.c: dont free_irq() from irq contextIngo Molnar2006-03-26
| | | | | | | | | | | | | | free_irq() should not be executed from softirq context. Found by the lock validator. The fix is to push fd_free_irq() into keventd. The code validates fine with this patch applied. (akpm: this is revolting, but so is floppy.c) [akpm@osdl.org: added flush_scheduled_work()] Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/aoe-2.6Linus Torvalds2006-03-25
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master.kernel.org:/pub/scm/linux/kernel/git/gregkh/aoe-2.6: [PATCH] aoe [3/3]: update version to 22 [PATCH] aoe [2/3]: don't request ATA device ID on ATA error [PATCH] aoe [1/3]: support multiple AoE listeners [PATCH] aoe: do not stop retransmit timer when device goes down [PATCH] aoe [8/8]: update driver version number [PATCH] aoe [7/8]: update driver compatibility string [PATCH] aoe [6/8]: update device information on last close [PATCH] aoe [5/8]: allow network interface migration on packet retransmit [PATCH] aoe [4/8]: use less confusing driver name [PATCH] aoe [3/8]: increase allowed outstanding packets [PATCH] aoe [2/8]: support dynamic resizing of AoE devices [PATCH] aoe [1/8]: zero packet data after skb allocation
| * [PATCH] aoe [3/3]: update version to 22Ed L. Cashin2006-03-24
| | | | | | | | | | | | Increase version number to 22. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com>
| * [PATCH] aoe [2/3]: don't request ATA device ID on ATA errorEd L. Cashin2006-03-24
| | | | | | | | | | | | | | On an ATA error response, take the device down instead of sending another ATA device identify command. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com>
| * [PATCH] aoe [1/3]: support multiple AoE listenersEd L. Cashin2006-03-24
| | | | | | | | | | | | | | | | Always clone incoming skbs, allowing other AoE listeners to exist in the kernel. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] aoe: do not stop retransmit timer when device goes downEd L. Cashin2006-03-24
| | | | | | | | | | | | | | | | This patch is a bugfix that follows and depends on the eight aoe driver patches sent January 19th. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] aoe [8/8]: update driver version numberEd L. Cashin2006-03-24
| | | | | | | | | | | | | | Update aoe driver version number. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] aoe [7/8]: update driver compatibility stringEd L. Cashin2006-03-24
| | | | | | | | | | | | | | | | The aoe driver is not compatible with 2.6 kernels older than 2.6.2. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] aoe [6/8]: update device information on last closeEd L. Cashin2006-03-24
| | | | | | | | | | | | | | | | | | Instead of making the user wait or do it manually, refresh device information on its last close by issuing a config query to the device. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] aoe [5/8]: allow network interface migration on packet retransmitEd L. Cashin2006-03-24
| | | | | | | | | | | | Retransmit to the current network interface for an AoE device. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com>
| * [PATCH] aoe [4/8]: use less confusing driver nameEd L. Cashin2006-03-24
| | | | | | | | | | | | | | | | Users were confused by the driver being called "aoe-2.6-$version". This form looks less like a Linux kernel version number. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] aoe [3/8]: increase allowed outstanding packetsEd L. Cashin2006-03-24
| | | | | | | | | | | | | | | | Increase the number of AoE packets per device that can be outstanding at one time, increasing performance. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] aoe [2/8]: support dynamic resizing of AoE devicesEd L. Cashin2006-03-24
| | | | | | | | | | | | | | | | | | Allow the driver to recognize AoE devices that have changed size. Devices not in use are updated automatically, and devices that are in use are updated at user request. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| * [PATCH] aoe [1/8]: zero packet data after skb allocationEd L. Cashin2006-03-24
| | | | | | | | | | | | | | Zero the data in new socket buffers to prevent leaking information. Signed-off-by: "Ed L. Cashin" <ecashin@coraid.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivialLinus Torvalds2006-03-25
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial: (21 commits) BUG_ON() Conversion in drivers/video/ BUG_ON() Conversion in drivers/parisc/ BUG_ON() Conversion in drivers/block/ BUG_ON() Conversion in sound/sparc/cs4231.c BUG_ON() Conversion in drivers/s390/block/dasd.c BUG_ON() Conversion in lib/swiotlb.c BUG_ON() Conversion in kernel/cpu.c BUG_ON() Conversion in ipc/msg.c BUG_ON() Conversion in block/elevator.c BUG_ON() Conversion in fs/coda/ BUG_ON() Conversion in fs/binfmt_elf_fdpic.c BUG_ON() Conversion in input/serio/hil_mlc.c BUG_ON() Conversion in md/dm-hw-handler.c BUG_ON() Conversion in md/bitmap.c The comment describing how MS_ASYNC works in msync.c is confusing rcu: undeclared variable used in documentation fix typos "wich" -> "which" typo patch for fs/ufs/super.c Fix simple typos tabify drivers/char/Makefile ...
| * | BUG_ON() Conversion in drivers/block/Eric Sesterhenn2006-03-24
| | | | | | | | | | | | | | | | | | | | | | | | this changes if() BUG(); constructs to BUG_ON() which is cleaner, contains unlikely() and can better optimized away. Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* | | [PATCH] BLK_DEV_INITRD: do not require BLK_DEV_RAM=yZdenek Pavlas2006-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Initramfs initrd images do not need a ramdisk device, so remove this restriction in Kconfig. BLK_DEV_RAM=n saves about 13k on i386. Also without ramdisk device there's no need for "dry run", so initramfs unpacks much faster. People using cramfs, squashfs, or gzipped ext2/minix initrd images are probably smart enough not to turn off ramdisk support by accident. Cc: Al Viro <viro@ftp.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | | [PATCH] block/floppy: fix section mismatch warningsSam Ravnborg2006-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In latest -mm a number of section mismatch warnings are generated for floppy.o like the following: WARNING: drivers/block/floppy.o - Section mismatch: reference to \ .init.data: from .text between 'init_module' (at offset 0x6976) and \ 'cleanup_module' The warning are caused by a reference to floppy_init() which is __init from init_module() which is not declared __init. Declaring init_module() _init fixes this. Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | | [PATCH] Remove MODULE_PARMRusty Russell2006-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MODULE_PARM was actually breaking: recent gcc version optimize them out as unused. It's time to replace the last users, which are generally in the most unloved drivers anyway. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | | [PATCH] drivers/block/nbd.c: don't defer compile error to runtimeAdrian Bunk2006-03-25
|/ / | | | | | | | | | | | | | | If we can detect a problem at compile time, the compilation should fail. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | [PATCH] Fix "value computed not used" warningsTakashi Iwai2006-03-24
| | | | | | | | | | | | | | | | | | | | | | Fixes for annoying gcc-4.1 compile warnings "value computed not used". Simply cast to void. (akpm: Linus will go ballistic...) Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | [PATCH] set_page_dirty() return value fixesAndrew Morton2006-03-24
| | | | | | | | | | | | | | | | | | | | | | | | We need set_page_dirty() to return true if it actually transitioned the page from a clean to dirty state. This wasn't right in a couple of places. Do a kernel-wide audit, fix things up. This leaves open the possibility of returning a negative errno from set_page_dirty() sometime in the future. But we don't do that at present. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | [PATCH] block: floppy98 removal, really.Arthur Othieno2006-03-24
|/ | | | | | | | | floppy98 went out together with the rest of PC98 subarch. Remove stale Makefile entry that remained. Signed-off-by: Arthur Othieno <apgo@patchbomb.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] Block queue IO tracing support (blktrace) as of 2006-03-23Jens Axboe2006-03-23
| | | | Signed-off-by: Jens Axboe <axboe@suse.de>
* [PATCH] sem2mutex: drivers/block/nbd.cIngo Molnar2006-03-23
| | | | | | | | | | | | Semaphore to mutex conversion. The conversion was generated via scripts, and the result was validated automatically via a script as well. Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: Paul Clements <Paul.Clements@steeleye.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] sem2mutex: drivers/block/loop.cIngo Molnar2006-03-23
| | | | | | | | | | | | Semaphore to mutex conversion. The conversion was generated via scripts, and the result was validated automatically via a script as well. Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] sem2mutex: blockdev #2Arjan van de Ven2006-03-23
| | | | | | | | | | | | | Semaphore to mutex conversion. The conversion was generated via scripts, and the result was validated automatically via a script as well. Signed-off-by: Arjan van de Ven <arjan@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Acked-by: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] sem2mutex: drivers/block/floppy.cJes Sorensen2006-03-23
| | | | | | | | | | | Convert from semaphore to mutex. Untested as I have no access to a floppy drive at the moment. Signed-off-by: Jes Sorensen <jes@sgi.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: Jens Axboe <axboe@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] sem2mutex: drivers/block/pktcdvd.cJes Sorensen2006-03-23
| | | | | | | | | | Convert to use mutex from a semaphore Signed-off-by: Jes Sorensen <jes@sgi.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: Peter Osterlund <petero2@telia.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] cciss: fix use-after-free in cciss_init_onePatrick McHardy2006-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | free_hba() sets hba[i] to NULL, the dereference afterwards results in this crash. Setting busy_initializing to 0 actually looks unnecessary, but I'm not entirely sure, which is why I left it in. cciss: controller appears to be disabled Unable to handle kernel NULL pointer dereference at virtual address 00000370 printing eip: c1114d53 *pde = 00000000 Oops: 0002 [#1] Modules linked in: CPU: 0 EIP: 0060:[<c1114d53>] Not tainted VLI EFLAGS: 00010286 (2.6.16 #1) EIP is at cciss_init_one+0x4e9/0x4fe eax: 00000000 ebx: c132cd60 ecx: c13154e4 edx: c27d3c00 esi: 00000000 edi: c2748800 ebp: c2536ee4 esp: c2536eb8 ds: 007b es: 007b ss: 0068 Process swapper (pid: 1, threadinfo=c2536000 task=c2535a30) Stack: <0>00000000 00000000 00000000 c13fdba0 c2536ee8 c13159c0 c2536f38 f7c74740 c132cd60 c132cd60 ffffffed c2536ef0 c10c1d51 c2748800 c2536f04 c10c1d85 c132cd60 c2748800 c132cd8c c2536f14 c10c1db8 c2748848 00000000 c2536f28 Call Trace: [<c10031d5>] show_stack_log_lvl+0xa8/0xb0 [<c1003305>] show_registers+0x102/0x16a [<c10034a2>] die+0xc1/0x13c [<c1288160>] do_page_fault+0x38a/0x525 [<c1002e9b>] error_code+0x4f/0x54 [<c10c1d51>] pci_call_probe+0xd/0x10 [<c10c1d85>] __pci_device_probe+0x31/0x43 [<c10c1db8>] pci_device_probe+0x21/0x34 [<c110a654>] driver_probe_device+0x44/0x99 [<c110a73f>] __driver_attach+0x39/0x5d [<c1109e1c>] bus_for_each_dev+0x35/0x5a [<c110a777>] driver_attach+0x14/0x16 [<c110a220>] bus_add_driver+0x5c/0x8f [<c110ab22>] driver_register+0x73/0x78 [<c10c1f6d>] __pci_register_driver+0x5f/0x71 [<c13bf935>] cciss_init+0x1a/0x1c [<c13aa718>] do_initcalls+0x4c/0x96 [<c13aa77e>] do_basic_setup+0x1c/0x1e [<c10002b1>] init+0x35/0x118 [<c1000cf5>] kernel_thread_helper+0x5/0xb Code: 04 b5 e0 de 40 c1 8d 50 04 8b 40 34 e8 3f b7 f9 ff 8b 04 b5 e0 de 40 c1 e8 aa f3 ff ff 89 f0 e8 e8 fa ff ff 8b 04 b5 e0 de 40 c1 <c7> 80 70 03 00 00 00 00 00 00 83 c8 ff 8d 65 f4 5b 5e 5f 5d c3 <0>Kernel panic - not syncing: Attempted to kill init! Signed-off-by: Patrick McHardy <kaber@trash.net> Cc: <mike.miller@hp.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>