1. 25 Aug, 2015 2 commits
  2. 19 Aug, 2015 13 commits
    • Dave Chinner's avatar
      xfs: inode lockdep annotations broke non-lockdep build · 3403ccc0
      Dave Chinner authored
      Fix CONFIG_LOCKDEP=n build, because asserts I put in to ensure we
      aren't overrunning lockdep subclasses in commit 0952c818 ("xfs:
      clean up inode lockdep annotations") use a define that doesn't
      exist when CONFIG_LOCKDEP=n
      
      Only check the subclass limits when lockdep is actually enabled.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      3403ccc0
    • Brian Foster's avatar
      xfs: flush entire file on dio read/write to cached file · 3d751af2
      Brian Foster authored
      Filesystems are responsible to manage file coherency between the page
      cache and direct I/O. The generic dio code flushes dirty pages over the
      range of a dio to ensure that the dio read or a future buffered read
      returns the correct data. XFS has generally followed this pattern,
      though traditionally has flushed and invalidated the range from the
      start of the I/O all the way to the end of the file. This changed after
      the following commit:
      
      	7d4ea3ce xfs: use ranged writeback and invalidation for direct IO
      
      ... as the full file flush was no longer necessary to deal with the
      strange post-eof delalloc issues that were since fixed. Unfortunately,
      we have since received complaints about performance degradation due to
      the increased exclusive iolock cycles (which locks out parallel dio
      submission) that occur when a file has cached pages. This does not occur
      on filesystems that use the generic code as it also does not incorporate
      locking.
      
      The exclusive iolock is acquired any time the inode mapping has cached
      pages, regardless of whether they reside in the range of the I/O or not.
      If not, the flush/inval calls do no work and the lock was cycled for no
      reason.
      
      Under consideration of the cost of the exclusive iolock, update the dio
      read and write handlers to flush and invalidate the entire mapping when
      cached pages exist. In most cases, this increases the cost of the
      initial flush sequence but eliminates the need for further lock cycles
      and flushes so long as the workload does not actively mix direct and
      buffered I/O. This also more closely matches historical behavior and
      performance characteristics that users have come to expect.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      3d751af2
    • Jan Kara's avatar
      xfs: Fix xfs_attr_leafblock definition · ffeecc52
      Jan Kara authored
      struct xfs_attr_leafblock contains 'entries' array which is declared
      with size 1 altough it can in fact contain much more entries. Since this
      array is followed by further struct members, gcc (at least in version
      4.8.3) thinks that the array has the fixed size of 1 element and thus
      may optimize away all accesses beyond the end of array resulting in
      non-working code. This problem was only observed with userspace code in
      xfsprogs, however it's better to be safe in kernel as well and have
      matching kernel and xfsprogs definitions.
      
      cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarJan Kara <jack@suse.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      ffeecc52
    • Darrick J. Wong's avatar
      libxfs: readahead of dir3 data blocks should use the read verifier · 2f123bce
      Darrick J. Wong authored
      In the dir3 data block readahead function, use the regular read
      verifier to check the block's CRC and spot-check the block contents
      instead of directly calling only the spot-checking routine.  This
      prevents corrupted directory data blocks from being read into the
      kernel, which can lead to garbage ls output and directory loops (if
      say one of the entries contains slashes and other junk).
      
      cc: <stable@vger.kernel.org> # 3.12 - 4.2
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      2f123bce
    • Dave Chinner's avatar
      xfs: stop holding ILOCK over filldir callbacks · dbad7c99
      Dave Chinner authored
      The recent change to the readdir locking made in 40194ecc ("xfs:
      reinstate the ilock in xfs_readdir") for CXFS directory sanity was
      probably the wrong thing to do. Deep in the readdir code we
      can take page faults in the filldir callback, and so taking a page
      fault while holding an inode ilock creates a new set of locking
      issues that lockdep warns all over the place about.
      
      The locking order for regular inodes w.r.t. page faults is io_lock
      -> pagefault -> mmap_sem -> ilock. The directory readdir code now
      triggers ilock -> page fault -> mmap_sem. While we cannot deadlock
      at this point, it inverts all the locking patterns that lockdep
      normally sees on XFS inodes, and so triggers lockdep. We worked
      around this with commit 93a8614e ("xfs: fix directory inode iolock
      lockdep false positive"), but that then just moved the lockdep
      warning to deeper in the page fault path and triggered on security
      inode locks. Fixing the shmem issue there just moved the lockdep
      reports somewhere else, and now we are getting false positives from
      filesystem freezing annotations getting confused.
      
      Further, if we enter memory reclaim in a readdir path, we now get
      lockdep warning about potential deadlocks because the ilock is held
      when we enter reclaim. This, again, is different to a regular file
      in that we never allow memory reclaim to run while holding the ilock
      for regular files. Hence lockdep now throws
      ilock->kmalloc->reclaim->ilock warnings.
      
      Basically, the problem is that the ilock is being used to protect
      the directory data and the inode metadata, whereas for a regular
      file the iolock protects the data and the ilock protects the
      metadata. From the VFS perspective, the i_mutex serialises all
      accesses to the directory data, and so not holding the ilock for
      readdir doesn't matter. The issue is that CXFS doesn't access
      directory data via the VFS, so it has no "data serialisaton"
      mechanism. Hence we need to hold the IOLOCK in the correct places to
      provide this low level directory data access serialisation.
      
      The ilock can then be used just when the extent list needs to be
      read, just like we do for regular files. The directory modification
      code can take the iolock exclusive when the ilock is also taken,
      and this then ensures that readdir is correct excluded while
      modifications are in progress.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      dbad7c99
    • Dave Chinner's avatar
      xfs: clean up inode lockdep annotations · 0952c818
      Dave Chinner authored
      Lockdep annotations are a maintenance nightmare. Locking has to be
      modified to suit the limitations of the annotations, and we're
      always having to fix the annotations because they are unable to
      express the complexity of locking heirarchies correctly.
      
      So, next up, we've got more issues with lockdep annotations for
      inode locking w.r.t. XFS_LOCK_PARENT:
      
      	- lockdep classes are exclusive and can't be ORed together
      	  to form new classes.
      	- IOLOCK needs multiple PARENT subclasses to express the
      	  changes needed for the readdir locking rework needed to
      	  stop the endless flow of lockdep false positives involving
      	  readdir calling filldir under the ILOCK.
      	- there are only 8 unique lockdep subclasses available,
      	  so we can't create a generic solution.
      
      IOWs we need to treat the 3-bit space available to each lock type
      differently:
      
      	- IOLOCK uses xfs_lock_two_inodes(), so needs:
      		- at least 2 IOLOCK subclasses
      		- at least 2 IOLOCK_PARENT subclasses
      	- MMAPLOCK uses xfs_lock_two_inodes(), so needs:
      		- at least 2 MMAPLOCK subclasses
      	- ILOCK uses xfs_lock_inodes with up to 5 inodes, so needs:
      		- at least 5 ILOCK subclasses
      		- one ILOCK_PARENT subclass
      		- one RTBITMAP subclass
      		- one RTSUM subclass
      
      For the IOLOCK, split the space into two sets of subclasses.
      For the MMAPLOCK, just use half the space for the one subclass to
      match the non-parent lock classes of the IOLOCK.
      For the ILOCK, use 0-4 as the ILOCK subclasses, 5-7 for the
      remaining individual subclasses.
      
      Because they are now all different, modify xfs_lock_inumorder() to
      handle the nested subclasses, and to assert fail if passed an
      invalid subclass. Further, annotate xfs_lock_inodes() to assert fail
      if an invalid combination of lock primitives and inode counts are
      passed that would result in a lockdep subclass annotation overflow.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      0952c818
    • Brian Foster's avatar
      xfs: swap leaf buffer into path struct atomically during path shift · 7df1c170
      Brian Foster authored
      The node directory lookup code uses a state structure that tracks the
      path of buffers used to search for the hash of a filename through the
      leaf blocks. When the lookup encounters a block that ends with the
      requested hash, but the entry has not yet been found, it must shift over
      to the next block and continue looking for the entry (i.e., duplicate
      hashes could continue over into the next block). This shift mechanism
      involves walking back up and down the state structure, replacing buffers
      at the appropriate btree levels as necessary.
      
      When a buffer is replaced, the old buffer is released and the new buffer
      read into the active slot in the path structure. Because the buffer is
      read directly into the path slot, a buffer read failure can result in
      setting a NULL buffer pointer in an active slot. This throws off the
      state cleanup code in xfs_dir2_node_lookup(), which expects to release a
      buffer from each active slot. Instead, a BUG occurs due to a NULL
      pointer dereference:
      
        BUG: unable to handle kernel NULL pointer dereference at 00000000000001e8
        IP: [<ffffffffa0585063>] xfs_trans_brelse+0x2a3/0x3c0 [xfs]
        ...
        RIP: 0010:[<ffffffffa0585063>]  [<ffffffffa0585063>] xfs_trans_brelse+0x2a3/0x3c0 [xfs]
        ...
        Call Trace:
         [<ffffffffa05250c6>] xfs_dir2_node_lookup+0xa6/0x2c0 [xfs]
         [<ffffffffa0519f7c>] xfs_dir_lookup+0x1ac/0x1c0 [xfs]
         [<ffffffffa055d0e1>] xfs_lookup+0x91/0x290 [xfs]
         [<ffffffffa05580b3>] xfs_vn_lookup+0x73/0xb0 [xfs]
         [<ffffffff8122de8d>] lookup_real+0x1d/0x50
         [<ffffffff8123330e>] path_openat+0x91e/0x1490
         [<ffffffff81235079>] do_filp_open+0x89/0x100
         ...
      
      This has been reproduced via a parallel fsstress and filesystem shutdown
      workload in a loop. The shutdown triggers the read error in the
      aforementioned codepath and causes the BUG in xfs_dir2_node_lookup().
      
      Update xfs_da3_path_shift() to update the active path slot atomically
      with respect to the caller when a buffer is replaced. This ensures that
      the caller always sees the old or new buffer in the slot and prevents
      the NULL pointer dereference.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      7df1c170
    • Brian Foster's avatar
      xfs: relocate sparse inode mount warning · 1b867d3a
      Brian Foster authored
      The sparse inodes feature is currently considered experimental. We warn
      at mount time from xfs_mount_validate_sb(). This function is part of the
      superblock verifier codepath, however, which means it could be invoked
      repeatedly on superblock reads or writes. This is currently only
      noticeable from userspace, where mkfs produces multiple warnings at
      format time.
      
      As mkfs warnings were not the intent of this change, relocate the mount
      time warning to xfs_fs_fill_super(), which is only invoked once and only
      in kernel space.
      Signed-off-by: default avatarBrian Foster <bfoster@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      1b867d3a
    • Dave Chinner's avatar
      xfs: dquots should be stamped with sb_meta_uuid · 92863451
      Dave Chinner authored
      Once the sb_uuid is changed, the wrong uuid is stamped into new
      dquots on disk. Found by inspection, verified by generic/219.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      92863451
    • Dave Chinner's avatar
      xfs: log recovery needs to validate against sb_meta_uuid · fcfbe2c4
      Dave Chinner authored
      Now that sb_uuid can be changed by the user, we cannot use this to
      validate the metadata blocks being recovered belong to this
      filesystem. We must check against the sb_meta_uuid as that will
      remain unchanged.
      
      There is a complication in this code - the superblock itself. We can
      not check the sb_meta_uuid unconditionally, as that may not be set
      on disk. Hence we must verify the superblock sb_uuid matches between
      the log record and the in-core superblock.
      
      Found by inspection after the previous two problems were found.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      fcfbe2c4
    • Dave Chinner's avatar
      xfs: growfs not aware of sb_meta_uuid · ac383de2
      Dave Chinner authored
      Adding this simple change to xfstests:common/rc::_scratch_mkfs_xfs:
      
      +       if [ $mkfs_status -eq 0 ]; then
      +               xfs_admin -U generate $SCRATCH_DEV > /dev/null
      +       fi
      
      triggers all sorts of errors in xfstests. xfs/104 is an example,
      where growfs fails with a UUID mismatch corruption detected by
      xfs_agf_write_verify() when trying to write the first new AG
      headers.
      
      Fix this problem by making sure we copy the sb_meta_uuid into new
      metadata written by growfs.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      ac383de2
    • Dave Chinner's avatar
      xfs: fix sb_meta_uuid usage · bbf155ad
      Dave Chinner authored
      After changing the UUID on a v5 filesystem, xfstests fails
      immediately on a debug kernel with:
      
      XFS: Assertion failed: uuid_equal(&ip->i_d.di_uuid, &mp->m_sb.sb_uuid), file: fs/xfs/xfs_inode.c, line: 799
      
      This needs to check against the sb_meta_uuid, not the user visible
      UUID that was changed.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      bbf155ad
    • Eric Sandeen's avatar
      xfs: set XFS_DA_OP_OKNOENT in xfs_attr_get · c400ee3e
      Eric Sandeen authored
      It's entirely possible for userspace to ask for an xattr which
      does not exist.
      
      Normally, there is no problem whatsoever when we ask for such
      a thing, but when we look at an obfuscated metadump image
      on a debug kernel with selinux, we trip over this ASSERT in
      xfs_da3_path_shift():
      
              *result = -ENOENT;      /* we're out of our tree */
              ASSERT(args->op_flags & XFS_DA_OP_OKNOENT);
      
      It (more or less) only shows up in the above scenario, because
      xfs_metadump obfuscates attr names, but chooses names which
      keep the same hash value - and xfs_da3_node_lookup_int does:
      
              if (((retval == -ENOENT) || (retval == -ENOATTR)) &&
                  (blk->hashval == args->hashval)) {
                      error = xfs_da3_path_shift(state, &state->path, 1, 1,
                                                       &retval);
      
      IOWS, we only get down to the xfs_da3_path_shift() ASSERT
      if we are looking for an xattr which doesn't exist, but we
      find xattrs on disk which have the same hash, and so might be
      a hash collision, so we try the path shift.  When *that*
      fails to find what we're looking for, we hit the assert about
      XFS_DA_OP_OKNOENT.
      
      Simply setting XFS_DA_OP_OKNOENT in xfs_attr_get solves this
      rather corner-case problem with no ill side effects.  It's
      fine for an attr name lookup to fail.
      Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
      Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      c400ee3e
  3. 29 Jul, 2015 1 commit
    • Eric Sandeen's avatar
      xfs: create new metadata UUID field and incompat flag · ce748eaa
      Eric Sandeen authored
      This adds a new superblock field, sb_meta_uuid.  If set, along with
      a new incompat flag, the code will use that field on a V5 filesystem
      to compare to metadata UUIDs, which allows us to change the user-
      visible UUID at will.  Userspace handles the setting and clearing
      of the incompat flag as appropriate, as the UUID gets changed; i.e.
      setting the user-visible UUID back to the original UUID (as stored in
      the new field) will remove the incompatible feature flag.
      
      If the incompat flag is not set, this copies the user-visible UUID into
      into the meta_uuid slot in memory when the superblock is read from disk;
      the meta_uuid field is not written back to disk in this case.
      
      The remainder of this patch simply switches verifiers, initializers,
      etc to use the new sb_meta_uuid field.
      Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
      Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
      Signed-off-by: default avatarDave Chinner <david@fromorbit.com>
      
      ce748eaa
  4. 12 Jul, 2015 11 commits
    • Linus Torvalds's avatar
      Linux 4.2-rc2 · bc0195aa
      Linus Torvalds authored
      bc0195aa
    • Linus Torvalds's avatar
      Revert "drm/i915: Use crtc_state->active in primary check_plane func" · 01e2d062
      Linus Torvalds authored
      This reverts commit dec4f799.
      
      Jörg Otte reports a NULL pointder dereference due to this commit, as
      'crtc_state' very much can be NULL:
      
              crtc_state = state->base.state ?
                      intel_atomic_get_crtc_state(state->base.state, intel_crtc) : NULL;
      
      So the change to test 'crtc_state->base.active' cannot possibly be
      correct as-is.
      
      There may be some other minimal fix (like just checking crtc_state for
      NULL), but I'm just reverting it now for the rc2 release, and people
      like Daniel Vetter who actually know this code will figure out what the
      right solution is in the longer term.
      Reported-and-bisected-by: default avatarJörg Otte <jrg.otte@gmail.com>
      Cc: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com>
      Cc: Jani Nikula <jani.nikula@linux.intel.com>
      Cc: Daniel Vetter <daniel.vetter@intel.com>
      CC: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      01e2d062
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · c83727a6
      Linus Torvalds authored
      Pull VFS fixes from Al Viro:
       "Fixes for this cycle regression in overlayfs and a couple of
        long-standing (== all the way back to 2.6.12, at least) bugs"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        freeing unlinked file indefinitely delayed
        fix a braino in ovl_d_select_inode()
        9p: don't leave a half-initialized inode sitting around
      c83727a6
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 7fbb58a0
      Linus Torvalds authored
      Pull MIPS fixes from Ralf Baechle:
       "A fair number of 4.2 fixes also because Markos opened the flood gates.
      
         - Patch up the math used calculate the location for the page bitmap.
      
         - The FDC (Not what you think, FDC stands for Fast Debug Channel) IRQ
           around was causing issues on non-Malta platforms, so move the code
           to a Malta specific location.
      
         - A spelling fix replicated through several files.
      
         - Fix to the emulation of an R2 instruction for R6 cores.
      
         - Fix the JR emulation for R6.
      
         - Further patching of mindless 64 bit issues.
      
         - Ensure the kernel won't crash on CPUs with L2 caches with >= 8
           ways.
      
         - Use compat_sys_getsockopt for O32 ABI on 64 bit kernels.
      
         - Fix cache flushing for multithreaded cores.
      
         - A build fix"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: O32: Use compat_sys_getsockopt.
        MIPS: c-r4k: Extend way_string array
        MIPS: Pistachio: Support CDMM & Fast Debug Channel
        MIPS: Malta: Make GIC FDC IRQ workaround Malta specific
        MIPS: c-r4k: Fix cache flushing for MT cores
        Revert "MIPS: Kconfig: Disable SMP/CPS for 64-bit"
        MIPS: cps-vec: Use macros for various arithmetics and memory operations
        MIPS: kernel: cps-vec: Replace KSEG0 with CKSEG0
        MIPS: kernel: cps-vec: Use ta0-ta3 pseudo-registers for 64-bit
        MIPS: kernel: cps-vec: Replace mips32r2 ISA level with mips64r2
        MIPS: kernel: cps-vec: Replace 'la' macro with PTR_LA
        MIPS: kernel: smp-cps: Fix 64-bit compatibility errors due to pointer casting
        MIPS: Fix erroneous JR emulation for MIPS R6
        MIPS: Fix branch emulation for BLTC and BGEC instructions
        MIPS: kernel: traps: Fix broken indentation
        MIPS: bootmem: Don't use memory holes for page bitmap
        MIPS: O32: Do not handle require 32 bytes from the stack to be readable.
        MIPS, CPUFREQ: Fix spelling of Institute.
        MIPS: Lemote 2F: Fix build caused by recent mass rename.
      7fbb58a0
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1daa1cfb
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
      
       - the high latency PIT detection fix, which slipped through the cracks
         for rc1
      
       - a regression fix for the early printk mechanism
      
       - the x86 part to plug irq/vector related hotplug races
      
       - move the allocation of the espfix pages on cpu hotplug to non atomic
         context.  The current code triggers a might_sleep() warning.
      
       - a series of KASAN fixes addressing boot crashes and usability
      
       - a trivial typo fix for Kconfig help text
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/kconfig: Fix typo in the CONFIG_CMDLINE_BOOL help text
        x86/irq: Retrieve irq data after locking irq_desc
        x86/irq: Use proper locking in check_irq_vectors_for_cpu_disable()
        x86/irq: Plug irq vector hotplug race
        x86/earlyprintk: Allow early_printk() to use console style parameters like '115200n8'
        x86/espfix: Init espfix on the boot CPU side
        x86/espfix: Add 'cpu' parameter to init_espfix_ap()
        x86/kasan: Move KASAN_SHADOW_OFFSET to the arch Kconfig
        x86/kasan: Add message about KASAN being initialized
        x86/kasan: Fix boot crash on AMD processors
        x86/kasan: Flush TLBs after switching CR3
        x86/kasan: Fix KASAN shadow region page tables
        x86/init: Clear 'init_level4_pgt' earlier
        x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate()
      1daa1cfb
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7b732169
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "This update from the timer departement contains:
      
         - A series of patches which address a shortcoming in the tick
           broadcast code.
      
           If the broadcast device is not available or an hrtimer emulated
           broadcast device, some of the original assumptions lead to boot
           failures.  I rather plugged all of the corner cases instead of only
           addressing the issue reported, so the change got a little larger.
      
           Has been extensivly tested on x86 and arm.
      
         - Get rid of the last holdouts using do_posix_clock_monotonic_gettime()
      
         - A regression fix for the imx clocksource driver
      
         - An update to the new state callbacks mechanism for clockevents.
           This is required to simplify the conversion, which will take place
           in 4.3"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        tick/broadcast: Prevent NULL pointer dereference
        time: Get rid of do_posix_clock_monotonic_gettime
        cris: Replace do_posix_clock_monotonic_gettime()
        tick/broadcast: Unbreak CONFIG_GENERIC_CLOCKEVENTS=n build
        tick/broadcast: Handle spurious interrupts gracefully
        tick/broadcast: Check for hrtimer broadcast active early
        tick/broadcast: Return busy when IPI is pending
        tick/broadcast: Return busy if periodic mode and hrtimer broadcast
        tick/broadcast: Move the check for periodic mode inside state handling
        tick/broadcast: Prevent deep idle if no broadcast device available
        tick/broadcast: Make idle check independent from mode and config
        tick/broadcast: Sanity check the shutdown of the local clock_event
        tick/broadcast: Prevent hrtimer recursion
        clockevents: Allow set-state callbacks to be optional
        clocksource/imx: Define clocksource for mx27
      7b732169
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c4bc680c
      Linus Torvalds authored
      Pull irq fix from Thomas Gleixner:
       "A single fix for a cpu hotplug race vs. interrupt descriptors:
      
        Prevent irq setup/teardown across the cpu starting/dying parts of cpu
        hotplug so that the starting/dying cpu has a stable view of the
        descriptor space.  This has been an issue for all architectures in the
        cpu dying phase, where interrupts are migrated away from the dying
        cpu.  In the starting phase its mostly a x86 issue vs the vector space
        update"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        hotplug: Prevent alloc/free of irq descriptors during cpu up/down
      c4bc680c
    • Al Viro's avatar
      freeing unlinked file indefinitely delayed · 75a6f82a
      Al Viro authored
      	Normally opening a file, unlinking it and then closing will have
      the inode freed upon close() (provided that it's not otherwise busy and
      has no remaining links, of course).  However, there's one case where that
      does *not* happen.  Namely, if you open it by fhandle with cold dcache,
      then unlink() and close().
      
      	In normal case you get d_delete() in unlink(2) notice that dentry
      is busy and unhash it; on the final dput() it will be forcibly evicted from
      dcache, triggering iput() and inode removal.  In this case, though, we end
      up with *two* dentries - disconnected (created by open-by-fhandle) and
      regular one (used by unlink()).  The latter will have its reference to inode
      dropped just fine, but the former will not - it's considered hashed (it
      is on the ->s_anon list), so it will stay around until the memory pressure
      will finally do it in.  As the result, we have the final iput() delayed
      indefinitely.  It's trivial to reproduce -
      
      void flush_dcache(void)
      {
              system("mount -o remount,rw /");
      }
      
      static char buf[20 * 1024 * 1024];
      
      main()
      {
              int fd;
              union {
                      struct file_handle f;
                      char buf[MAX_HANDLE_SZ];
              } x;
              int m;
      
              x.f.handle_bytes = sizeof(x);
              chdir("/root");
              mkdir("foo", 0700);
              fd = open("foo/bar", O_CREAT | O_RDWR, 0600);
              close(fd);
              name_to_handle_at(AT_FDCWD, "foo/bar", &x.f, &m, 0);
              flush_dcache();
              fd = open_by_handle_at(AT_FDCWD, &x.f, O_RDWR);
              unlink("foo/bar");
              write(fd, buf, sizeof(buf));
              system("df .");			/* 20Mb eaten */
              close(fd);
              system("df .");			/* should've freed those 20Mb */
              flush_dcache();
              system("df .");			/* should be the same as #2 */
      }
      
      will spit out something like
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 303843      1131 100% /
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 303843      1131 100% /
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 283282     21692  93% /
      - inode gets freed only when dentry is finally evicted (here we trigger
      than by remount; normally it would've happened in response to memory
      pressure hell knows when).
      
      Cc: stable@vger.kernel.org # v2.6.38+; earlier ones need s/kill_it/unhash_it/
      Acked-by: default avatarJ. Bruce Fields <bfields@fieldses.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      75a6f82a
    • Al Viro's avatar
      fix a braino in ovl_d_select_inode() · 9391dd00
      Al Viro authored
      when opening a directory we want the overlayfs inode, not one from
      the topmost layer.
      Reported-By: default avatarAndrey Jr. Melnikov <temnota.am@gmail.com>
      Tested-By: default avatarAndrey Jr. Melnikov <temnota.am@gmail.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      9391dd00
    • Al Viro's avatar
      9p: don't leave a half-initialized inode sitting around · 0a73d0a2
      Al Viro authored
      Cc: stable@vger.kernel.org # all branches
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      0a73d0a2
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/nvdimm · 59c3cb55
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "1) Fixes for a handful of smatch reports (Thanks Dan C.!) and minor
           bug fixes (patches 1-6)
      
        2) Correctness fixes to the BLK-mode nvdimm driver (patches 7-10).
      
           Granted these are slightly large for a -rc update.  They have been
           out for review in one form or another since the end of May and were
           deferred from the merge window while we settled on the "PMEM API"
           for the PMEM-mode nvdimm driver (ie memremap_pmem, memcpy_to_pmem,
           and wmb_pmem).
      
           Now that those apis are merged we implement them in the BLK driver
           to guarantee that mmio aperture moves stay ordered with respect to
           incoming read/write requests, and that writes are flushed through
           those mmio-windows and platform-buffers to be persistent on media.
      
        These pass the sub-system unit tests with the updates to
        tools/testing/nvdimm, and have received a successful build-report from
        the kbuild robot (468 configs).
      
        With acks from Rafael for the touches to drivers/acpi/"
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/nvdimm:
        nfit: add support for NVDIMM "latch" flag
        nfit: update block I/O path to use PMEM API
        tools/testing/nvdimm: add mock acpi_nfit_flush_address entries to nfit_test
        tools/testing/nvdimm: fix return code for unimplemented commands
        tools/testing/nvdimm: mock ioremap_wt
        pmem: add maintainer for include/linux/pmem.h
        nfit: fix smatch "use after null check" report
        nvdimm: Fix return value of nvdimm_bus_init() if class_create() fails
        libnvdimm: smatch cleanups in __nd_ioctl
        sparse: fix misplaced __pmem definition
      59c3cb55
  5. 11 Jul, 2015 8 commits
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · e4925198
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Mostly slight adjusments for new drivers, but also one core fix for
        which finally the dependencies are now available as well"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: Mark instantiated device nodes with OF_POPULATE
        i2c: jz4780: Fix return value if probe fails
        i2c: xgene-slimpro: Fix missing mbox_free_channel call in probe error path
        i2c: I2C_MT65XX should depend on HAS_DMA
      e4925198
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 8a7b8ff4
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
       "A fix (revert) for a recent regression in Synaptics driver and a fix
        for Elan i2c touchpad driver"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Revert "Input: synaptics - allocate 3 slots to keep stability in image sensors"
        Input: elan_i2c - change the hover event from MT to ST
      8a7b8ff4
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · 4322f028
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "A small set of fixes for problems found by smatch in new drivers that
        we added this rc and a handful of driver fixes that came in during the
        merge window"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        drivers: clk: st: Incorrect register offset used for lock_status
        clk: mediatek: mt8173: Fix enabling of critical clocks
        drivers: clk: st: Fix mux bit-setting for Cortex A9 clocks
        drivers: clk: st: Add CLK_GET_RATE_NOCACHE flag to clocks
        drivers: clk: st: Fix flexgen lock init
        drivers: clk: st: Fix FSYN channel values
        drivers: clk: st: Remove unused code
        clk: qcom: Use parent rate when set rate to pixel RCG clock
        clk: at91: do not leak resources
        clk: stm32: Fix out-by-one error path in the index lookup
        clk: iproc: fix bit manipulation arithmetic
        clk: iproc: fix memory leak from clock name
      4322f028
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 9cb1680c
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "A bunch of fixes for radeon, intel, omap and one amdkfd fix.
      
        Radeon fixes are all over, but it does fix some cursor corruption
        across suspend/resume.  i915 should fix the second warn you were
        seeing, so let us know if not.  omap is a bunch of small fixes"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (28 commits)
        drm/radeon: disable vce init on cayman (v2)
        drm/amdgpu: fix timeout calculation
        drm/radeon: check if BO_VA is set before adding it to the invalidation list
        drm/radeon: allways add the VM clear duplicate
        Revert "Revert "drm/radeon: dont switch vt on suspend""
        drm/radeon: Fold radeon_set_cursor() into radeon_show_cursor()
        drm/radeon: unpin cursor BOs on suspend and pin them again on resume (v2)
        drm/radeon: Clean up reference counting and pinning of the cursor BOs
        drm/amdkfd: validate pdd where it acquired first
        Revert "drm/i915: Allocate context objects from stolen"
        drm/i915: Declare the swizzling unknown for L-shaped configurations
        drm/radeon: fix underflow in r600_cp_dispatch_texture()
        drm/radeon: default to 2048 MB GART size on SI+
        drm/radeon: fix HDP flushing
        drm/radeon: use RCU query for GEM_BUSY syscall
        drm/amdgpu: Handle irqs only based on irq ring, not irq status regs.
        drm/radeon: Handle irqs only based on irq ring, not irq status regs.
        drm/i915: Use crtc_state->active in primary check_plane func
        drm/i915: Check crtc->active in intel_crtc_disable_planes
        drm/i915: Restore all GGTT VMAs on resume
        ...
      9cb1680c
    • Linus Torvalds's avatar
      Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 2278cb0b
      Linus Torvalds authored
      Pull selinux fixes from James Morris.
      
      * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        selinux: fix mprotect PROT_EXEC regression caused by mm change
        selinux: don't waste ebitmap space when importing NetLabel categories
      2278cb0b
    • Linus Torvalds's avatar
      Merge branch 'for-linus-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 31b7a57c
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason:
       "This is an assortment of fixes.  Most of the commits are from Filipe
        (fsync, the inode allocation cache and a few others).  Mark kicked in
        a series fixing corners in the extent sharing ioctls, and everyone
        else fixed up on assorted other problems"
      
      * 'for-linus-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Btrfs: fix wrong check for btrfs_force_chunk_alloc()
        Btrfs: fix warning of bytes_may_use
        Btrfs: fix hang when failing to submit bio of directIO
        Btrfs: fix a comment in inode.c:evict_inode_truncate_pages()
        Btrfs: fix memory corruption on failure to submit bio for direct IO
        btrfs: don't update mtime/ctime on deduped inodes
        btrfs: allow dedupe of same inode
        btrfs: fix deadlock with extent-same and readpage
        btrfs: pass unaligned length to btrfs_cmp_data()
        Btrfs: fix fsync after truncate when no_holes feature is enabled
        Btrfs: fix fsync xattr loss in the fast fsync path
        Btrfs: fix fsync data loss after append write
        Btrfs: fix crash on close_ctree() if cleaner starts new transaction
        Btrfs: fix race between caching kthread and returning inode to inode cache
        Btrfs: use kmem_cache_free when freeing entry in inode cache
        Btrfs: fix race between balance and unused block group deletion
        btrfs: add error handling for scrub_workers_get()
        btrfs: cleanup noused initialization of dev in btrfs_end_bio()
        btrfs: qgroup: allow user to clear the limitation on qgroup
      31b7a57c
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 84e3e9d0
      Linus Torvalds authored
      Pull ARM SoC fixes from Kevin Hilman:
       "A fairly random colletion of fixes based on -rc1 for OMAP, sunxi and
        prima2 as well as a few arm64-specific DT fixes.
      
        This series also includes a late to support a new Allwinner (sunxi)
        SoC, but since it's rather simple and isolated to the
        platform-specific code, it's included it for this -rc"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        arm64: dts: add device tree for ARM SMM-A53x2 on LogicTile Express 20MG
        arm: dts: vexpress: add missing CCI PMU device node to TC2
        arm: dts: vexpress: describe all PMUs in TC2 dts
        GICv3: Add ITS entry to THUNDER dts
        arm64: dts: Add poweroff button device node for APM X-Gene platform
        ARM: dts: am4372.dtsi: disable rfbi
        ARM: dts: am57xx-beagle-x15: Provide supply for usb2_phy2
        ARM: dts: am4372: Add emif node
        Revert "ARM: dts: am335x-boneblack: disable RTC-only sleep"
        ARM: sunxi: Enable simplefb in the defconfig
        ARM: Remove deprecated symbol from defconfig files
        ARM: sunxi: Add Machine support for A33
        ARM: sunxi: Introduce Allwinner H3 support
        Documentation: sunxi: Update Allwinner SoC documentation
        ARM: prima2: move to use REGMAP APIs for rtciobrg
        ARM: dts: atlas7: add pinctrl and gpio descriptions
        ARM: OMAP2+: Remove unnessary return statement from the void function, omap2_show_dma_caps
        memory: omap-gpmc: Fix parsing of devices
      84e3e9d0
    • Thomas Gleixner's avatar
      tick/broadcast: Prevent NULL pointer dereference · c4d029f2
      Thomas Gleixner authored
      Dan reported that the recent changes to the broadcast code introduced
      a potential NULL dereference.
      
      Add the proper check.
      
      Fixes: e0454311 "tick/broadcast: Sanity check the shutdown of the local clock_event"
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      c4d029f2
  6. 10 Jul, 2015 5 commits
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · b9243b5a
      Linus Torvalds authored
      Pull parisc fixes from Helge Deller:
       "We have one important patch from Dave Anglin and myself which fixes
        PTE/TLB race conditions which caused random segmentation faults on our
        debian buildd servers, and one patch from Alex Ivanov which speeds up
        the graphical text console on the STI framebuffer driver"
      
      * 'parisc-4.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Fix some PTE/TLB race conditions and optimize __flush_tlb_range based on timing results
        stifb: Implement hardware accelerated copyarea
      b9243b5a
    • James Morris's avatar
    • Stephen Smalley's avatar
      selinux: fix mprotect PROT_EXEC regression caused by mm change · 892e8cac
      Stephen Smalley authored
      commit 66fc1303 ("mm: shmem_zero_setup
      skip security check and lockdep conflict with XFS") caused a regression
      for SELinux by disabling any SELinux checking of mprotect PROT_EXEC on
      shared anonymous mappings.  However, even before that regression, the
      checking on such mprotect PROT_EXEC calls was inconsistent with the
      checking on a mmap PROT_EXEC call for a shared anonymous mapping.  On a
      mmap, the security hook is passed a NULL file and knows it is dealing
      with an anonymous mapping and therefore applies an execmem check and no
      file checks.  On a mprotect, the security hook is passed a vma with a
      non-NULL vm_file (as this was set from the internally-created shmem
      file during mmap) and therefore applies the file-based execute check
      and no execmem check.  Since the aforementioned commit now marks the
      shmem zero inode with the S_PRIVATE flag, the file checks are disabled
      and we have no checking at all on mprotect PROT_EXEC.  Add a test to
      the mprotect hook logic for such private inodes, and apply an execmem
      check in that case.  This makes the mmap and mprotect checking
      consistent for shared anonymous mappings, as well as for /dev/zero and
      ashmem.
      
      Cc: <stable@vger.kernel.org> # 4.1.x
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      892e8cac
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 1604f871
      Linus Torvalds authored
      Pull arm64 fixes and clean-up from Catalin Marinas:
       - ACPI fix when checking the validity of the GICC MADT subtable
       - handle debug exceptions in the el*_inv exception entries
       - remove pointless register assignment in two compat syscall wrappers
       - unnecessary include path
       - defconfig update
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: entry32: remove pointless register assignment
        arm64: entry: handle debug exceptions in el*_inv
        arm64: Keep the ARM64 Kconfig selects sorted
        ACPI / ARM64 : use the new BAD_MADT_GICC_ENTRY macro
        ACPI / ARM64: add BAD_MADT_GICC_ENTRY() macro
        arm64: defconfig: Add Ceva ahci to the defconfig
        arm64: remove another unnecessary libfdt include path
      1604f871
    • John David Anglin's avatar
      parisc: Fix some PTE/TLB race conditions and optimize __flush_tlb_range based on timing results · 01ab6057
      John David Anglin authored
      The increased use of pdtlb/pitlb instructions seemed to increase the
      frequency of random segmentation faults building packages. Further, we
      had a number of cases where TLB inserts would repeatedly fail and all
      forward progress would stop. The Haskell ghc package caused a lot of
      trouble in this area. The final indication of a race in pte handling was
      this syslog entry on sibaris (C8000):
      
       swap_free: Unused swap offset entry 00000004
       BUG: Bad page map in process mysqld  pte:00000100 pmd:019bbec5
       addr:00000000ec464000 vm_flags:00100073 anon_vma:0000000221023828 mapping: (null) index:ec464
       CPU: 1 PID: 9176 Comm: mysqld Not tainted 4.0.0-2-parisc64-smp #1 Debian 4.0.5-1
       Backtrace:
        [<0000000040173eb0>] show_stack+0x20/0x38
        [<0000000040444424>] dump_stack+0x9c/0x110
        [<00000000402a0d38>] print_bad_pte+0x1a8/0x278
        [<00000000402a28b8>] unmap_single_vma+0x3d8/0x770
        [<00000000402a4090>] zap_page_range+0xf0/0x198
        [<00000000402ba2a4>] SyS_madvise+0x404/0x8c0
      
      Note that the pte value is 0 except for the accessed bit 0x100. This bit
      shouldn't be set without the present bit.
      
      It should be noted that the madvise system call is probably a trigger for many
      of the random segmentation faults.
      
      In looking at the kernel code, I found the following problems:
      
      1) The pte_clear define didn't take TLB lock when clearing a pte.
      2) We didn't test pte present bit inside lock in exception support.
      3) The pte and tlb locks needed to merged in order to ensure consistency
      between page table and TLB. This also has the effect of serializing TLB
      broadcasts on SMP systems.
      
      The attached change implements the above and a few other tweaks to try
      to improve performance. Based on the timing code, TLB purges are very
      slow (e.g., ~ 209 cycles per page on rp3440). Thus, I think it
      beneficial to test the split_tlb variable to avoid duplicate purges.
      Probably, all PA 2.0 machines have combined TLBs.
      
      I dropped using __flush_tlb_range in flush_tlb_mm as I realized all
      applications and most threads have a stack size that is too large to
      make this useful. I added some comments to this effect.
      
      Since implementing 1 through 3, I haven't had any random segmentation
      faults on mx3210 (rp3440) in about one week of building code and running
      as a Debian buildd.
      Signed-off-by: default avatarJohn David Anglin <dave.anglin@bell.net>
      Cc: stable@vger.kernel.org # v3.18+
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      01ab6057