Commit Graph

2609 Commits

Author SHA1 Message Date
Thomas Gleixner
4cbb9b80e1 Merge branch 'master' of /home/tglx/work/kernel/git/mtd-2.6/
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2006-05-23 12:37:31 +02:00
Thomas Gleixner
dcb0932884 [JFFS2] Simplify writebuffer handling
The writev based write buffer implementation was far to complex as
in most use cases the write buffer had to be handled anyway.
Simplify the write buffer handling and use mtd->write instead.

From extensive testing no performance impact has been noted.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2006-05-23 11:49:14 +02:00
David Woodhouse
9fe4854cd1 [JFFS2] Remove flash offset argument from various functions.
We don't need the upper layers to deal with the physical offset. It's
_always_ c->nextblock->offset + c->sector_size - c->nextblock->free_size
so we might as well just let the actual write functions deal with that.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-23 00:38:06 +01:00
Joern Engel
5fa433942b [MTD] Introduce MTD_BIT_WRITEABLE
o Add a flag MTD_BIT_WRITEABLE for devices that allow single bits to be
  cleared.
o Replace MTD_PROGRAM_REGIONS with a cleared MTD_BIT_WRITEABLE flag for
  STMicro and Intel Sibley flashes with internal ECC.  Those flashes
  disallow clearing of single bits, unlike regular NOR flashes, so the
  new flag models their behaviour better.
o Remove MTD_ECC.  After the STMicro/Sibley merge, this flag is only set
  and never checked.

Signed-off-by: Joern Engel <joern@wh.fh-wedel.de>
2006-05-22 23:18:29 +02:00
Joern Engel
c8b229de2b [MTD] Merge STMicro NOR_ECC code with Intel Sibley code
In 2002, STMicro started producing NOR flashes with internal ECC protection
for small blocks (8 or 16 bytes).  Support for those flashes was added by me.
In 2005, Intel Sibley flashes copied this strategy and Nico added support for
those.  Merge the code for both.

Signed-off-by: Joern Engel <joern@wh.fh-wedel.de>
2006-05-22 23:18:12 +02:00
Joern Engel
28318776a8 [MTD] Introduce writesize
At least two flashes exists that have the concept of a minimum write unit,
similar to NAND pages, but no other NAND characteristics.  Therefore, rename
the minimum write unit to "writesize" for all flashes, including NAND.

Signed-off-by: Joern Engel <joern@wh.fh-wedel.de>
2006-05-22 23:18:05 +02:00
David Woodhouse
987d47b71a [JFFS2] Put list of nodes in common part of ic/x_ref/x_datum structure
We'll be using a proper list of nodes in the jffs2_xattr_datum and
jffs2_xattr_ref structures, because the existing code to overwrite
them is just broken. Put it in the common part at the front of the
structure which is shared with the jffs2_inode_cache, so that the
jffs2_link_node_ref() function can do the right thing.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22 16:32:05 +01:00
David Woodhouse
0eac940b8a [JFFS2] Add some preemptive BUG checks for XATTR code
In a couple of places, we assume that what's at the end of the
->next_in_ino list is a struct jffs2_inode_cache. Let's check
for that, since we expect it to change soon.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22 16:29:23 +01:00
David Woodhouse
fcb7578719 [JFFS2] Extend jffs2_link_node_ref() to link into per-inode list too.
Let's avoid the potential for forgetting to set ref->next_in_ino, by doing
it within jffs2_link_node_ref() instead.

This highlights the ugliness of what we're currently doing with
xattr_datum and xattr_ref structures -- we should find a nicer way of
dealing with that.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22 15:23:10 +01:00
David Woodhouse
a1b563d652 [JFFS2] Initialise ref->next_in_ino when marking dirty space in wbuf flush
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22 13:55:46 +01:00
David Woodhouse
3b79673cfa [JFFS2] Fix accounting error in jffs2_link_node_ref()
When filing REF_OBSOLETE nodes, we'd add their size to the global
'dirty_size' count, but then to the eraseblock's 'used_size' count.
That's not clever.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22 12:15:47 +01:00
David Woodhouse
06c6764b58 [JFFS2] Fix dummy jffs2_sum_scan_sumnode() macro for !SUMMARY case.
I added an argument to the real function...

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-22 11:27:14 +01:00
David Woodhouse
ca89a517fa [JFFS2] Finally eliminate __totlen field from struct jffs2_raw_node_ref
Well, almost. We'll actually keep a 'TEST_TOTLEN' macro set for now, and keep
doing some paranoia checks to make sure it's all working correctly. But if
TEST_TOTLEN is unset, the size of struct jffs2_raw_node_ref drops from 16
bytes to 12 on 32-bit machines. That's a saving of about half a megabyte of
memory on the OLPC prototype board, with 125K or so nodes in its 512MiB of
flash.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 13:29:11 +01:00
David Woodhouse
010b06d6d0 [JFFS2] Locking issues in summary write code.
We can't use jffs2_scan_dirty_space() because it doesn't do any locking; it's
only for use at scan time -- hence the 'scan' in the name.

Also, don't allocate refs while we have c->erase_completion_lock held.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 13:15:59 +01:00
David Woodhouse
9167e0f811 [JFFS2] Remove stray kfree of summary info in XATTR code.
We don't allocate this locally any more -- it's given to us and owner by
our caller. Also improve the debug messages a little.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 13:13:45 +01:00
David Woodhouse
0bcc099d6d [JFFS2] File node reference for wasted space when flushing wbuf
Next step in ongoing campaign to file a struct jffs2_raw_node_ref for every
piece of dirty space in the system, so that __totlen can be killed off....

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 13:00:54 +01:00
David Woodhouse
b64335f2b7 [JFFS2] Add length argument to jffs2_add_physical_node_ref()
If __totlen is going away, we need to pass the length in separately.
Also stop callers from needlessly setting ref->next_phys to NULL,
since that's done for them... and since that'll also be going away soon.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 04:36:45 +01:00
David Woodhouse
49f11d4075 [JFFS2] Mark gaps in summary list as dirty space
Make sure we allocate a ref for any dirty space which exists between nodes
which we find in an eraseblock summary.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 04:00:01 +01:00
David Woodhouse
25090a6b23 [JFFS2] Discard remaining free space when filing a dirty block in scan.
The incoming ref_totlen() calculation is going to rely on the existence
of nodes which cover all dirty space. We can't just tweak the accounting
data any more; we have to call jffs2_scan_dirty_space() to do it.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 03:57:56 +01:00
David Woodhouse
68270995f2 [JFFS2] Introduce jffs2_scan_dirty_space() function.
To eliminate the __totlen field from struct jffs2_raw_node_ref, we need
to allocate nodes for dirty space instead of just tweaking the accounting
data. Introduce jffs2_scan_dirty_space() in preparation for that.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 03:46:05 +01:00
David Woodhouse
7807ef7ba2 [JFFS2] Fix summary handling of unknown but compatible nodes.
For RWCOMPAT and ROCOMPAT nodes, we should still allow the mount to
succeed. Just abandon the summary and fall through to the full scan.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 03:45:27 +01:00
David Woodhouse
3560160aa2 [JFFS2] Fix memory leak in scan code; improve comments.
If we had to allocate extra space for the summary node, we weren't
correctly freeing it when jffs2_sum_scan_sumnode() returned nonzero --
which is both the success and the failure case. Only when it returned
zero, which means fall through to the full scan, were we correctly freeing
the buffer.

Document the meaning of those return codes while we're at it.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 01:28:05 +01:00
David Woodhouse
6171586a7a [JFFS2] Correct handling of JFFS2_FEATURE_RWCOMPAT_COPY nodes.
We should preserve these when we come to garbage collect them, not let
them get erased. Use jffs2_garbage_collect_pristine() for this, and make
sure the summary code copes -- just refrain from writing a summary for any
block which contains a node we don't understand.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-21 00:02:06 +01:00
David Woodhouse
fb9fbbcc93 [JFFS2] Correct accounting of erroneous cleanmarkers and failed summaries.
It should all be counted as dirty space, not wasted and _definitely_ not
unchecked.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20 20:08:42 +01:00
David Woodhouse
f1f9671bd8 [JFFS2] Introduce jffs2_link_node_ref() function to reduce code duplication
The same sequence of code was repeated in many places, to add a new
struct jffs2_raw_node_ref to an eraseblock and adjust the space accounting
accordingly. Move it out-of-line.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20 19:45:26 +01:00
David Woodhouse
0cfc7da3ff Merge git://git.infradead.org/jffs2-xattr-2.6
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20 17:27:32 +01:00
David Woodhouse
1417fc44ee [JFFS2] Reduce calls to ref_totlen() in jffs2_mark_node_obsolete()
We were calling ref_totlen() 18 times. Even before that becomes a real
function rather than just a dereference, apparently some compilers still
suck anyway. It'll _certainly_ suck after ref_totlen() becomes more
complicated, so calculate it once and don't rely on CSE.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20 16:20:19 +01:00
David Woodhouse
9641b784ff [JFFS2] Optimise reading of eraseblock summary nodes
This improves the time to mount 512MiB of NAND flash on my OLPC prototype
by about 4%. We used to read the last page of the eraseblock twice -- once
to find the offset of the summary node, and again to actually _read_ the
summary node. Now we read the last page only once, and read more only if
we need to.

We also don't allocate a new buffer just for the summary code -- we use
the buffer which was already allocated for the scan. Better still, if the
'buffer' for the scan is actually just a pointer directly into NOR flash,
we use that too, avoiding the memcpy() which we used to do.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-20 16:13:34 +01:00
Ferenc Havasi
8e4482fba2 [JFFS2] Remove forgotten summary code
Remove forgotten lines from jffs2_scan_eraseblock() which
were unnecessary and may cause problem in some environments.

Thanks to Alexander Belyakov <alexander.belyakov@intel.com>.

Signed-off-by: Ferenc Havasi <havasi@inf.u-szeged.hu>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-19 21:00:36 +01:00
David Woodhouse
aef9ab4784 [JFFS2] Support new device nodes
Device node major/minor numbers are just stored in the payload of a single
data node. Just extend that to 4 bytes and use new_encode_dev() for it.

We only use the 4-byte format if we _need_ to, if !old_valid_dev(foo).
This preserves backwards compatibility with older code as much as
possible. If we do make devices with major or minor numbers above 255, and
then mount the file system with the old code, it'll just read the first
two bytes and get the numbers wrong. If it comes to garbage-collect it,
it'll then write back those wrong numbers. But that's about the best we
can expect.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-19 00:28:49 +01:00
KaiGai Kohei
20a92fc74c Merge git://git.infradead.org/mtd-2.6 2006-05-19 00:43:53 +09:00
David Woodhouse
c41ff6e5f3 [JFFS2] Fix printk format in jffs2_sum_write_data() error message.
fs/jffs2/summary.c: In function ‘jffs2_sum_write_data’:
fs/jffs2/summary.c:658: warning: format ‘%zd’ expects type ‘signed size_t’, but argument 4 has type ‘uint32_t’

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-16 17:05:33 +01:00
David Brownell
7d2beb1359 [JFFS2] Fix section mismatch warnings in JFFS2.
Mark certain functions with __init and __exit appropriately.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-16 16:08:10 +01:00
David Woodhouse
18594822fc Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-16 01:19:52 +01:00
Florin Malita
5b5ffbc1e6 [PATCH] jffs2: memory leak in jffs2_scan_medium()
If jffs2_scan_eraseblock() fails and the exit path is taken, 's' is not
being deallocated.

Reported by Coverity, CID: 1258.

Signed-off-by: Florin Malita <fmalita@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-15 23:42:31 +01:00
Andrew Morton
194a61b8e0 [PATCH] jffs2 warning fixes
fs/jffs2/nodelist.c: In function `check_node_data':
fs/jffs2/nodelist.c:441: warning: unsigned int format, different type arg (arg 4)
fs/jffs2/nodelist.c:464: warning: int format, different type arg (arg 5)

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:58 -07:00
Andrew Morton
eee391a66d [PATCH] revert "vfs: propagate mnt_flags into do_loopback/vfsmount"
Revert commit f6422f17d3, due to

Valdis.Kletnieks@vt.edu wrote:
>
> There seems to have been a bug introduced in this changeset:
>
> Am running 2.6.17-rc3-mm1.  When this changeset is applied, 'mount --bind'
> misbehaves:
>
> > # mkdir /foo
> > # mount -t tmpfs -o rw,nosuid,nodev,noexec,noatime,nodiratime none /foo
> > # mkdir /foo/bar
> > # mount --bind /foo/bar /foo
> > # tail -2 /proc/mounts
> > none /foo tmpfs rw,nosuid,nodev,noexec,noatime,nodiratime 0 0
> > none /foo tmpfs rw 0 0
>
> Reverting this changeset causes both mounts to have the same options.
>
> (Thanks to Stephen Smalley for tracking down the changeset...)
>

Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: <Valdis.Kletnieks@vt.edu>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:57 -07:00
Alexey Dobriyan
3835a9bd07 [PATCH] fs/compat.c: fix 'if (a |= b )' typo
Mentioned by Mark Armbrust somewhere on Usenet.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Ulrich Drepper <drepper@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:57 -07:00
Latchesar Ionkov
41e5a6ac80 [PATCH] v9fs: signal handling fixes
Multiple races can happen when v9fs is interrupted by a signal and Tflush
message is sent to the server.  After v9fs sends Tflush it doesn't wait
until it receives Rflush, and possibly the response of the original
message.  This behavior may confuse v9fs what fids are allocated by the
file server.

This patch fixes the races and the fid allocation.

Signed-off-by: Latchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@hera.kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:56 -07:00
Latchesar Ionkov
343f1fe6f2 [PATCH] v9fs: Twalk memory leak
v9fs leaks memory if the file server responds with Rerror to a Twalk
message.  The patch fixes the leak.

Signed-off-by: Latchesar Ionkov <lucho@ionkov.net>
Cc: Eric Van Hensbergen <ericvh@hera.kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:56 -07:00
Jan Niehusmann
48564e628b [PATCH] smbfs: Fix slab corruption in samba error path
Yesterday, I got the following error with 2.6.16.13 during a file copy from
a smb filesystem over a wireless link.  I guess there was some error on the
wireless link, which in turn caused an error condition for the smb
filesystem.

In the log, smb_file_read reports error=4294966784 (0xfffffe00), which also
shows up in the slab dumps, and also is -ERESTARTSYS.  Error code 27499
corresponds to 0x6b6b, so the rq_errno field seems to be the only one being
set after freeing the slab.

In smb_add_request (which is the only place in smbfs where I found
ERESTARTSYS), I found the following:

        if (!timeleft || signal_pending(current)) {
                /*
                 * On timeout or on interrupt we want to try and remove the
                 * request from the recvq/xmitq.
                 */
                smb_lock_server(server);
                if (!(req->rq_flags & SMB_REQ_RECEIVED)) {
                        list_del_init(&req->rq_queue);
                        smb_rput(req);
                }
                smb_unlock_server(server);
        }
	[...]
        if (signal_pending(current))
                req->rq_errno = -ERESTARTSYS;

I guess that some codepath like smbiod_flush() caused the request to be
removed from the queue, and smb_rput(req) be called, without
SMB_REQ_RECEIVED being set.  This violates an asumption made by the quoted
code.

Then, the above code calls smb_rput(req) again, the req gets freed, and
req->rq_errno = -ERESTARTSYS writes into the already freed slab.  As
list_del_init doesn't cause an error if called multiple times, that does
cause the observed behaviour (freed slab with rq_errno=-ERESTARTSYS).

If this observation is correct, the following patch should fix it.

I wonder why the smb code uses list_del_init everywhere - using list_del
instead would catch such situations by poisoning the next and prev
pointers.

May  4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Firmware error detected.  Restarting.
May  4 23:29:21 knautsch kernel: [17180085.456000] ipw2200: Sysfs 'error' log captured.
May  4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Firmware error detected.  Restarting.
May  4 23:33:02 knautsch kernel: [17180306.316000] ipw2200: Sysfs 'error' log already exists.
May  4 23:33:02 knautsch kernel: [17180306.968000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:34:18 knautsch kernel: [17180383.256000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:34:18 knautsch kernel: [17180383.284000] SMB connection re-established (-5)
May  4 23:37:19 knautsch kernel: [17180563.956000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:40:09 knautsch kernel: [17180733.636000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:40:26 knautsch kernel: [17180750.700000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:43:02 knautsch kernel: [17180907.304000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:43:08 knautsch kernel: [17180912.324000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:43:34 knautsch kernel: [17180938.416000] smb_errno: class Unknown, code 27499 from command 0x6b
May  4 23:43:34 knautsch kernel: [17180938.416000] Slab corruption: start=c4ebe09c, len=244
May  4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May  4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May  4 23:43:34 knautsch kernel: [17180938.416000] 0f0: 00 fe ff ff
May  4 23:43:34 knautsch kernel: [17180938.416000] Next obj: start=c4ebe19c, len=244
May  4 23:43:34 knautsch kernel: [17180938.416000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:43:34 knautsch kernel: [17180938.416000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May  4 23:43:34 knautsch kernel: [17180938.416000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:43:34 knautsch kernel: [17180938.416000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:43:34 knautsch kernel: [17180938.460000] SMB connection re-established (-5)
May  4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Firmware error detected.  Restarting.
May  4 23:43:42 knautsch kernel: [17180946.292000] ipw2200: Sysfs 'error' log already exists.
May  4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Firmware error detected.  Restarting.
May  4 23:45:04 knautsch kernel: [17181028.752000] ipw2200: Sysfs 'error' log already exists.
May  4 23:45:05 knautsch kernel: [17181029.868000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:45:36 knautsch kernel: [17181060.984000] smb_errno: class Unknown, code 27499 from command 0x6b
May  4 23:45:36 knautsch kernel: [17181060.984000] Slab corruption: start=c4ebe09c, len=244
May  4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May  4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May  4 23:45:36 knautsch kernel: [17181060.984000] 0f0: 00 fe ff ff
May  4 23:45:36 knautsch kernel: [17181060.984000] Next obj: start=c4ebe19c, len=244
May  4 23:45:36 knautsch kernel: [17181060.984000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:45:36 knautsch kernel: [17181060.984000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May  4 23:45:36 knautsch kernel: [17181060.984000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:45:36 knautsch kernel: [17181060.984000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:45:36 knautsch kernel: [17181061.024000] SMB connection re-established (-5)
May  4 23:46:17 knautsch kernel: [17181102.132000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:47:46 knautsch kernel: [17181190.468000] smb_errno: class Unknown, code 27499 from command 0x6b
May  4 23:47:46 knautsch kernel: [17181190.468000] Slab corruption: start=c4ebe09c, len=244
May  4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<e087b903>](smb_rput+0x53/0x90 [smbfs])
May  4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6a 6b 6b 6b 6b 6b 6b 6b
May  4 23:47:46 knautsch kernel: [17181190.468000] 0f0: 00 fe ff ff
May  4 23:47:46 knautsch kernel: [17181190.468000] Next obj: start=c4ebe19c, len=244
May  4 23:47:46 knautsch kernel: [17181190.468000] Redzone: 0x5a2cf071/0x5a2cf071.
May  4 23:47:46 knautsch kernel: [17181190.468000] Last user: [<00000000>](_stext+0x3feffde0/0x30)
May  4 23:47:46 knautsch kernel: [17181190.468000] 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:47:46 knautsch kernel: [17181190.468000] 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
May  4 23:47:46 knautsch kernel: [17181190.492000] SMB connection re-established (-5)
May  4 23:49:20 knautsch kernel: [17181284.828000] smb_file_read: //some_file validation failed, error=4294966784
May  4 23:49:39 knautsch kernel: [17181303.896000] smb_file_read: //some_file validation failed, error=4294966784

Signed-off-by: Jan Niehusmann <jan@gondor.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:56 -07:00
Olaf Kirch
3b7c810827 [PATCH] smbfs chroot issue (CVE-2006-1864)
Mark Moseley reported that a chroot environment on a SMB share can be left
via "cd ..\\".  Similar to CVE-2006-1863 issue with cifs, this fix is for
smbfs.

Steven French <sfrench@us.ibm.com> wrote:

Looks fine to me.  This should catch the slash on lookup or equivalent,
which will be all obvious paths of interest.

Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:55 -07:00
Ian Kent
a537055395 [PATCH] autofs4: NFY_NONE wait race fix
This patch fixes two problems.

First, the comparison of entries in the waitq.c was incorrect.

Second, the NFY_NONE check was incorrect. The test of whether the dentry
is mounted if ineffective, for example, if an expire fails then we could
wait forever on a non existant expire. The bug was identified by Jeff
Moyer.

The patch changes autofs4 to wait on expires only as this is all that's
needed.  If there is no existing wait when autofs4_wait is call with a type
of NFY_NONE it delays until either a wait appears or the the expire flag is
cleared.

Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:54 -07:00
Adrian Bunk
6aff5cb8ec [PATCH] fs/open.c: unexport sys_openat
Remove the unused EXPORT_SYMBOL_GPL(sys_openat).

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-15 11:20:54 -07:00
Andrew Morton
184f565210 [JFFS2] Fix printk format in some error messages.
fs/jffs2/nodelist.c: In function `check_node_data':
fs/jffs2/nodelist.c:441: warning: unsigned int format, different type arg (arg 4)
fs/jffs2/nodelist.c:464: warning: int format, different type arg (arg 5)

Modified from Andrew's original fix because while his terminal may indeed
only have eighty columns, mine only has _TWENTYFOUR_ lines. So the
cosmetic fluff is perfectly OK out past column 80 where it was -- the
casual reader doesn't _care_ about anything more than the fact that it
goes 'if (foo) JFFS2_WARNING...', and there's no point wasting a whole
line to display the tail end of the printk which nobody actually cares
about.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-15 13:45:58 +01:00
David Woodhouse
3e68fbb59b [JFFS2] Don't pack on-medium structures, because GCC emits crappy code
If we use __attribute__((packed)), GCC will _also_ assume that the
structures aren't sensibly aligned, and it'll emit code to cope with
that instead of straight word load/save. This can be _very_ suboptimal
on architectures like ARM.

Ideally, we want an attribute which just tells GCC not to do any
padding, without the alignment side-effects. In the absense of that,
we'll just drop the 'packed' attribute and hope that everything stays as
it was (which to be fair is fairly much what we expect). And add some
paranoia checks in the initialisation code, which should be optimised
away completely in the normal case.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-15 00:49:43 +01:00
David Woodhouse
cf5eba5334 [JFFS2] Reduce excessive node count for syslog files.
We currently get fairly poor behaviour with files which get many short
writes, such as system logs. This is because we end up with many tiny
data nodes, and the rbtree gets massive. None of these nodes are
actually obsolete, so they are counted as 'clean' space. Eraseblocks can
be entirely full of these nodes (which are REF_NORMAL instead of
REF_PRISTINE), and still they count entirely towards 'used_size' and the
eraseblocks can sit on the clean_list for a long time without being
picked for GC.

One way to alleviate this in the long term is to account REF_NORMAL
space separately from REF_PRISTINE space, rather than counting them both
towards used_size. Then these eraseblocks can be picked for GC and the
offending nodes will be garbage collected.

The short-term fix, though -- which probably makes sense even if we do
eventually implement the above -- is to merge these nodes as they're
written. When we write the last byte in a page, write the _whole_ page.
This obsoletes the earlier nodes in the page _immediately_ and we don't
even need to wait for the garbage collection to do it.

Original implementation from Ferenc Havasi <havasi@inf.u-szeged.hu>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2006-05-14 04:06:24 +01:00
KaiGai Kohei
21b9879bf2 [JFFS2][XATTR] Fix obvious typo
[2/2] jffs2-xattr-v5.2-02-fix_obvious_typo.patch

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2006-05-13 15:22:29 +09:00
KaiGai Kohei
c8708a9275 [JFFS2][XATTR] Handling the duplicate JFFS2_NODETYPE_XATTR node cases.
When jffs2_sum_process_sum_data() found a JFFS2_NODETYPE_XATTR
which has duplicate xid and older version, an error was returned
without appropriate process.
In the result, mounting filesystem is failed.

This patch fix this problem. If jffs2_setup_xattr_datum() returned
-EEXIST, the caller marks this node as DIRTY_SPACE().

[1/2] jffs2-xattr-v5.2-01-fix-duplicate-xdatum.patch

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2006-05-13 15:21:38 +09:00
KaiGai Kohei
dea80134dc [JFFS2][XATTR] remove redundant pointer cast in acl.c
remove redundant pointer cast in acl.c.

[10/10] jffs2-xattr-v5.1-10-remove_pointer_cast.patch

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
2006-05-13 15:20:24 +09:00