We recently modified the client/MDS protocol to include a timestamp in the
client request.  This allows ctime updates to follow the client's clock
in most cases, which avoids subtle problems when clocks are out of sync
and timestamps are updated sometimes by the MDS clock (for most requests)
and sometimes by the client clock (for cap writeback).
Signed-off-by: Sage Weil <sage@inktank.com>

ida_destroy() needs to be called on module exit to release ida caches.
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Alex Elder <elder@linaro.org>

Each image request contains a reference count, but to date it has
not actually been used.  (I think this was just an oversight.) A
recent report involving rbd failing an assertion shed light on why
and where we need to use these reference counts.

Every OSD request associated with an object request uses
rbd_osd_req_callback() as its callback function.  That function will
call a helper function (dependent on the type of OSD request) that
will set the object request's "done" flag if the object request if
appropriate.  If that "done" flag is set, the object request is
passed to rbd_obj_request_complete().

In rbd_obj_request_complete(), requests are processed in sequential
order.  So if an object request completes before one of its
predecessors in the image request, the completion is deferred.
Otherwise, if it's a completing object's "turn" to be completed, it
is passed to rbd_img_obj_end_request(), which records the result of
the operation, accumulates transferred bytes, and so on.  Next, the
successor to this request is checked and if it is marked "done",
(deferred) completion processing is performed on that request, and
so on.  If the last object request in an image request is completed,
rbd_img_request_complete() is called, which (typically) destroys
the image request.

There is a race here, however.  The instant an object request is
marked "done" it can be provided (by a thread handling completion of
one of its predecessor operations) to rbd_img_obj_end_request(),
which (for the last request) can then lead to the image request
getting torn down.  And this can happen *before* that object has
itself entered rbd_img_obj_end_request().  As a result, once it
*does* enter that function, the image request (and even the object
request itself) may have been freed and become invalid.

All that's necessary to avoid this is to properly count references
to the image requests.  We tear down an image request's object
requests all at once--only when the entire image request has
completed.  So there's no need for an image request to count
references for its object requests.  However, we don't want an
image request to go away until the last of its object requests
has passed through rbd_img_obj_callback().  In other words,
we don't want rbd_img_request_complete() to necessarily
result in the image request being destroyed, because it may
get called before we've finished processing on all of its
object requests.

So the fix is to add a reference to an image request for
each of its object requests.  The reference can be viewed
as representing an object request that has not yet finished
its call to rbd_img_obj_callback().  That is emphasized by
getting the reference right after assigning that as the image
object's callback function.  The corresponding release of that
reference is done at the end of rbd_img_obj_callback(), which
every image object request passes through exactly once.

Cc: stable@vger.kernel.org
Signed-off-by: Alex Elder <elder@linaro.org>
Reviewed-by: Ilya Dryomov <ilya.dryomov@inktank.com>

osd_request, along with r_request and r_reply messages attached to it
are leaked in __rbd_dev_header_watch_sync() if the requested image
doesn't exist.  This is because lingering requests are special and get
an extra ref in the reply path.  Fix it by unregistering linger request
on the error path and split __rbd_dev_header_watch_sync() into two
functions to make it maintainable.
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>

Given an existing idle mapping (img1), mapping an image (img2) in
a newly created pool (pool2) fails:

    $ ceph osd pool create pool1 8 8
    $ rbd create --size 1000 pool1/img1
    $ sudo rbd map pool1/img1
    $ ceph osd pool create pool2 8 8
    $ rbd create --size 1000 pool2/img2
    $ sudo rbd map pool2/img2
    rbd: sysfs write failed
    rbd: map failed: (2) No such file or directory

This is because client instances are shared by default and we don't
request an osdmap update when bumping a ref on an existing client.  The
fix is to use the mon_get_version request to see if the osdmap we have
is the latest, and block until the requested update is received if it's
not.

Fixes: http://tracker.ceph.com/issues/8184Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>

Add ceph_monc_wait_osdmap(), which will block until the osdmap with the
specified epoch is received or timeout occurs.

Export both of these as they are going to be needed by rbd.
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>

Add support for mon_get_version requests to libceph.  This reuses much
of the ceph_mon_generic_request infrastructure, with one exception.
Older OSDs don't set mon_get_version reply hdr->tid even if the
original request had a non-zero tid, which makes it impossible to
lookup ceph_mon_generic_request contexts by tid in get_generic_reply()
for such replies.  As a workaround, we allocate a reply message on the
reply path.  This can probably interfere with revoke, but I don't see
a better way.
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>

Recognize poolop requests in debugfs monc dump, fix prink format
specifiers - tid is unsigned.
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>

If the return value of ceph_osdc_readpages() is not negative,
it is certainly greater than or equal to zero.

Remove the useless condition judgment and redundant braces.
Signed-off-by: Zhang Zhen <zhenzhang.zhang@huawei.com>
Reviewed-by: Yan, Zheng <zheng.z.yan@intel.com>

handle following sequence of events:
- mds0 exports an inode to mds1. client receives the cap import
  message from mds1. caps from mds0 are removed while handling
  the cap import message.
- mds1 exports an inode to mds0. client receives the cap export
  message from mds1. handle_cap_export() adds placeholder caps
  for mds0
- client receives the first cap export message (for exporting
  inode from mds0 to mds1)
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>

remember dirfrag's auth MDS when it's different from its parent inode's
auth MDS.
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>

Move the code that update the i_fragtree into a separate function.
Also add simple probabilistic test to decide whether the i_fragtree
should be updated
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>

cap import messages are processed by both handle_cap_import() and
handle_cap_grant(). These two functions are not executed in the same
atomic context, so they can races with cap release.

The fix is make handle_cap_import() not release the i_ceph_lock when
it returns. Let handle_cap_grant() release the lock after it finishes
its job.
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>

So that ceph_add_cap() can be used while i_ceph_lock is locked.
This simplifies the code that handle cap import/export.
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>

Cap message and request reply from non-auth MDS may carry stale
information (corresponding locks are in LOCK states) even they
have the newest inode version. So client should update inode fields
according to issued caps.
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>

This patch fixes coccinelle error regarding usage of IS_ERR and
PTR_ERR instead of PTR_ERR_OR_ZERO.
Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Reviewed-by: Yan, Zheng <zheng.z.yan@intel.com>

cap grant/revoke message from non-auth MDS can update inode's size
and truncate_seq/truncate_size. (the message arrives before auth
MDS's cap trunc message)
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>

posix_acl_xattr_set() already does the check, and it's the only
way to feed in an ACL from userspace.
So the check here is useless, remove it.
Signed-off-by: zhang zhen <zhenzhang.zhang@huawei.com>
Reviewed-by: Yan, Zheng <zheng.z.yan@intel.com>

Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Reviewed-by: Yan, Zheng <zheng.z.yan@intel.com>

Pull two powerpc fixes from Ben Herrenschmidt:
 "Here are a couple of fixes for 3.15.  One from Anton fixes a nasty
  regression I introduced when trying to fix a loss of irq_work whose
  consequences is that we can completely lose timer interrupts on a
  CPU... not pretty.

  The other one is a change to our PCIe reset hook to use a firmware
  call instead of direct config space accesses to trigger a fundamental
  reset on the root port.  This is necessary so that the FW gets a
  chance to disable the link down error monitoring, which would
  otherwise trip and cause subsequent fatal EEH error"

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc: irq work racing with timer interrupt can result in timer interrupt hang
  powerpc/powernv: Reset root port in firmware

Pull two btrfs fixes from Chris Mason:
 "This has two fixes that we've been testing for 3.16, but since both
  are safe and fix real bugs, it makes sense to send for 3.15 instead"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  Btrfs: send, fix incorrect ref access when using extrefs
  Btrfs: fix EIO on reading file after ioctl clone works on it

Pull two ceph fixes from Sage Weil:
 "The first patch fixes a problem when we have a page count of 0 for
  sendpage which is triggered by zfs.  The second fixes a bug in CRUSH
  that was resolved in the userland code a while back but fell through
  the cracks on the kernel side"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  crush: decode and initialize chooseleaf_vary_r
  libceph: fix corruption when using page_count 0 page in rbd

Pull xfs fixes from Dave Chinner:
 "Code inspection of the XFS error number sign translations found a
  bunch of issues, including returning incorrectly signed errors for
  some data integrity operations.

  These leak to userspace and result in applications not getting the
  errors correctly reported.  Hence they need fixing sooner rather than
  later.

  A couple of the bugs are in data integrity operations, a couple more
  are in the new COLLAPSE_RANGE code.  One of these came in through a
  recent ext4 merge and so I had to update the base tree to 3.15-rc5
  before fixing the issues"

* tag 'xfs-for-linus-3.15-rc6' of git://oss.sgi.com/xfs/xfs:
  xfs: list_lru_init returns a negative error
  xfs: negate xfs_icsb_init_counters error value
  xfs: negate mount workqueue init error value
  xfs: fix wrong err sign on xfs_set_acl()
  xfs: fix wrong errno from xfs_initxattrs
  xfs: correct error sign on COLLAPSE_RANGE errors
  xfs: xfs_commit_metadata returns wrong errno
  xfs: fix incorrect error sign in xfs_file_aio_read
  xfs: xfs_dir_fsync() returns positive errno

Pull renameat2 arch support from Miklos Szeredi:
 "I've collected architecture patches for the renameat2 syscall that
  maintainers acked and/or asked me to queue.

  This adds architecture support for the renameat2 syscall to m68k,
  parisc, ia64 and through asm-generic to arc, arm64, c6x, hexagon,
  metag, openrisc, score, tile, unicore32"

* 'renameat2' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
  scripts/checksyscalls.sh: Make renameat optional
  asm-generic: Add renameat2 syscall
  ia64: add renameat2 syscall
  parisc: add renameat2 syscall
  m68k: add renameat2 syscall

Pull iommu fixes from Joerg Roedel:
 "Three fixes for the AMD IOMMU driver:
   - fix a locking issue around get_user_pages()
   - fix two issues with device aliasing and exclusion range handling"

* tag 'iommu-fixes-v3.15-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/amd: fix enabling exclusion range for an exact device
  iommu/amd: Take mmap_sem when calling get_user_pages
  iommu/amd: Fix interrupt remapping for aliased devices

Merge tag 'stable/for-linus-3.15-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibft

Pull iscsi_ibft fix from Konrad Rzeszutek Wilk:
 "Fix iBFT regression on Broadcom NICs introduced in 3.2"

* tag 'stable/for-linus-3.15-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibft:
  iscsi_ibft: Fix finding Broadcom specific ibft sign

Merge tag 'renesas-sh-drivers-for-v3.15' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas

Pull SH driver fix from Simon Horman:
 "Compile drivers/sh/pm_runtime.c if ARCH_SHMOBILE_MULTI

  This resolves a regression introduced in v3.14 by commit bf98c1ea
  ("ARM: Rename ARCH_SHMOBILE to ARCH_SHMOBILE_LEGACY")"

* tag 'renesas-sh-drivers-for-v3.15' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
  drivers: sh: compile drivers/sh/pm_runtime.c if ARCH_SHMOBILE_MULTI

Pull media fixes from Mauro Carvalho Chehab:
 "Most of the changes are drivers fixes (rtl28xuu, fc2580, ov7670,
  davinci, gspca, s5p-fimc and s5c73m3).

  There is also a compat32 fix and one infoleak fixup at the media
  controller"

* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  [media] V4L2: fix VIDIOC_CREATE_BUFS in 64- / 32-bit compatibility mode
  [media] V4L2: ov7670: fix a wrong index, potentially Oopsing the kernel from user-space
  [media] media-device: fix infoleak in ioctl media_enum_entities()
  [media] fc2580: fix tuning failure on 32-bit arch
  [media] Prefer gspca_sonixb over sn9c102 for all devices
  [media] media: davinci: vpfe: make sure all the buffers unmapped and released
  [media] staging: media: davinci: vpfe: make sure all the buffers are released
  [media] media: davinci: vpbe_display: fix releasing of active buffers
  [media] media: davinci: vpif_display: fix releasing of active buffers
  [media] media: davinci: vpif_capture: fix releasing of active buffers
  [media] s5p-fimc: Fix YUV422P depth
  [media] s5c73m3: Add missing rename of v4l2_of_get_next_endpoint() function
  [media] rtl28xxu: silence error log about disabled rtl2832_sdr module
  [media] rtl28xxu: do not hard depend on staging SDR module

Pull staging driver fixes from Greg KH:
 "Here are five staging driver fixes for 3.15-rc6 that resolve some
  reported issues.  They are for the imx and rtl8723au drivers"

* tag 'staging-3.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: rtl8723au: Do not reset wdev->iftype in netdev_close()
  staging: rtl8723au: Use correct pipe type for USB interrupts
  imx-drm: imx-tve: correct DDC property name to 'ddc-i2c-bus'
  imx-drm: imx-drm-core: skip components whose parent device is disabled
  imx-drm: imx-drm-core: fix imx_drm_encoder_get_mux_id

Merge tag 'driver-core-3.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core fixes from Greg KH:
 "Here are two driver core (well, sysfs) fixes for 3.15-rc6 that resolve
  some reported issues and a regression from 3.13"

* tag 'driver-core-3.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  sysfs: make sure read buffer is zeroed
  kernfs, sysfs, cgroup: restrict extra perm check on open to sysfs

Pull PCI fixes from Bjorn Helgaas:
 "These are fixes for an SHPCHP hotplug regression, a "wait for pending
  transaction" problem (used in device reset paths), and an email
  address update.

  PCI device hotplug:
    - Fix SHPCHP bus speed mismatch issue (Marcel Apfelbaum)

  Miscellaneous:
    - Fix pci_wait_for_pending_transaction() (Gavin Shan)
    - Update email address (Ben Hutchings)"

* tag 'pci-v3.15-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: Wrong register used to check pending traffic
  PCI: shpchp: Check bridge's secondary (not primary) bus speed
  PCI: Update my email address

Pull /dev/random fix from Ted Ts'o:
 "This fixes a BUG_ON-causing regression that was introduced during the
  last merge window"

* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: fix BUG_ON caused by accounting simplification

Pull clock framework fixes from Mike Turquette:
 "Clock framework and driver fixes, all of which fix user-visible
  regressions.

  As usual most fixes are for platform-specific clock drivers, but there
  are also two fixes to the clk core after recent changes to the way
  that clock unregistration is handled"

* tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux:
  clk: tegra: Fix wrong value written to PLLE_AUX
  clk: shmobile: clk-mstp: change to using clock-indices
  clk: Fix slab corruption in clk_unregister()
  clk: Fix double free due to devm_clk_register()
  clk: socfpga: fix clock driver for 3.15
  clk: divider: Fix best div calculation for power-of-two and table dividers
  clk: bcm281xx: don't use unnamed structs or unions

Pull spi fixes from Mark Brown:
 "A few core fixes around outlying cases here, nothing that should
  affect most users but useful fixes.  The diffstat is rather larger
  than one might hope due some simple code motion in the fix for
  !CONFIG_DMA, the actual meaningful change is much smaller.

   - Fix handling of unsupported dual and quad mode support on slave
     registration so that drivers that can degrade gracefully do so,
     preventing regressions for drivers this is added.
   - Fix build in !CONFIG_DMA cases following addition of generic DMA
     mapping support.
   - Fix error handling for queue creation which due to wider kernel
     changes can be triggered more easily.
   - A couple of driver specific fixes"

* tag 'spi-v3.15-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi/pxa2xx: Prevent DMA from transferring too many bytes
  spi: core: Don't destroy master queue if we fail to create it
  spi: qup: Fix return value checking for pm_runtime_get_sync()
  spi: core: Protect DMA code by #ifdef CONFIG_HAS_DMA
  spi: core: Ignore unsupported Dual/Quad Transfer Mode bits

Pull GPIO fixes from Linus Walleij:
 - fix a null pointer bug in the ICH6 chipset driver
 - fix device tree registration for the mcp23s08 driver

* tag 'gpio-v3.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: mcp23s08: Bug fix of SPI device tree registration.
  gpio: ich: set regs and reglen for i3100 and ich6 chipset

Pull more cgroup fixes from Tejun Heo:
 "Three more patches to fix cgroup_freezer breakage due to the recent
  cgroup internal locking changes - an operation cgroup_freezer was
  using now requires sleepable context and cgroup_freezer was invoking
  that while holding a spin lock.  cgroup_freezer was using an overly
  elaborate hierarchical locking scheme.

  While it's possible to convert the hierarchical spinlocks directly to
  mutexes, this patch simplifies the overall locking so that it uses a
  global mutex.  This has the added benefit of avoiding iterating
  potentially huge number of tasks under a spinlock.  While the patch is
  on the larger side in the devel cycle, the changes made are mostly
  straight-forward and the locking logic is a lot simpler afterwards"

* 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroup: fix rcu_read_lock() leak in update_if_frozen()
  cgroup_freezer: replace freezer->lock with freezer_mutex
  cgroup: introduce task_css_is_root()

Pull libata fixes from Tejun Heo:
 "Mostly device-specific fixes.  The only thing which isn't is the fix
  for zpodd oops-on-detach bug"

* 'for-3.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
  ahci: imx: PLL clock needs 100us to settle down
  ata: pata_at91 only works on sam9
  libata: clean up ZPODD when a port is detached
  ahci: imx: software workaround for phy reset issue in resume
  ahci: imx: add namespace for register enums
  ahci: disable DEVSLP for Intel Valleyview

Pull crypto fixes from Herbert Xu:
 "This fixes a NULL pointer dereference on allocation failure in caam,
  as well as a regression in the ctr mode on s390 that was added with
  the recent concurrency fixes"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: s390 - fix aes,des ctr mode concurrency finding.
  crypto: caam - add allocation failure handling in SPRINTFCAT macro

Pull scsi target fixes from Nicholas Bellinger:
 "This series include:

   - Close race between iser-target network portal shutdown + accepting
     new connection logins (sagi)
   - Fix free-after-use regression in tcm_fc post conversion to
     percpu-ida pre-allocation (nab)
   - Explicitly disable Immediate + Unsolicited Data for iser-target
     connections when T10-PI is enabled (sagi + nab)
   - Allow pi_prot_type + emulate_write_cache attributes to be set to
     zero regardless of backend support (andy)
   - memory leak fix (mikulas)"

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  target: fix memory leak on XCOPY
  target: Don't allow setting WC emulation if device doesn't support
  iscsi-target: Disable Immediate + Unsolicited Data with ISER Protection
  tcm_fc: Fix free-after-use regression in ft_free_cmd
  iscsi-target: Change BUG_ON to REJECT in iscsit_process_nop_out
  Target/iscsi,iser: Avoid accepting transport connections during stop stage
  Target/iser: Fix iscsit_accept_np and rdma_cm racy flow
  Target/iser: Fix wrong connection requests list addition
  target: Allow non-supporting backends to set pi_prot_type to 0