1. 17 Jul, 2012 4 commits
    • Jeff Layton's avatar
      cifs: always update the inode cache with the results from a FIND_* · cd60042c
      Jeff Layton authored
      When we get back a FIND_FIRST/NEXT result, we have some info about the
      dentry that we use to instantiate a new inode. We were ignoring and
      discarding that info when we had an existing dentry in the cache.
      
      Fix this by updating the inode in place when we find an existing dentry
      and the uniqueid is the same.
      
      Cc: <stable@vger.kernel.org> # .31.x
      Reported-and-Tested-by: default avatarAndrew Bartlett <abartlet@samba.org>
      Reported-by: default avatarBill Robertson <bill_robertson@debortoli.com.au>
      Reported-by: default avatarDion Edwards <dion_edwards@debortoli.com.au>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      cd60042c
    • Jeff Layton's avatar
      cifs: when CONFIG_HIGHMEM is set, serialize the read/write kmaps · 3cf003c0
      Jeff Layton authored
      Jian found that when he ran fsx on a 32 bit arch with a large wsize the
      process and one of the bdi writeback kthreads would sometimes deadlock
      with a stack trace like this:
      
      crash> bt
      PID: 2789   TASK: f02edaa0  CPU: 3   COMMAND: "fsx"
       #0 [eed63cbc] schedule at c083c5b3
       #1 [eed63d80] kmap_high at c0500ec8
       #2 [eed63db0] cifs_async_writev at f7fabcd7 [cifs]
       #3 [eed63df0] cifs_writepages at f7fb7f5c [cifs]
       #4 [eed63e50] do_writepages at c04f3e32
       #5 [eed63e54] __filemap_fdatawrite_range at c04e152a
       #6 [eed63ea4] filemap_fdatawrite at c04e1b3e
       #7 [eed63eb4] cifs_file_aio_write at f7fa111a [cifs]
       #8 [eed63ecc] do_sync_write at c052d202
       #9 [eed63f74] vfs_write at c052d4ee
      #10 [eed63f94] sys_write at c052df4c
      #11 [eed63fb0] ia32_sysenter_target at c0409a98
          EAX: 00000004  EBX: 00000003  ECX: abd73b73  EDX: 012a65c6
          DS:  007b      ESI: 012a65c6  ES:  007b      EDI: 00000000
          SS:  007b      ESP: bf8db178  EBP: bf8db1f8  GS:  0033
          CS:  0073      EIP: 40000424  ERR: 00000004  EFLAGS: 00000246
      
      Each task would kmap part of its address array before getting stuck, but
      not enough to actually issue the write.
      
      This patch fixes this by serializing the marshal_iov operations for
      async reads and writes. The idea here is to ensure that cifs
      aggressively tries to populate a request before attempting to fulfill
      another one. As soon as all of the pages are kmapped for a request, then
      we can unlock and allow another one to proceed.
      
      There's no need to do this serialization on non-CONFIG_HIGHMEM arches
      however, so optimize all of this out when CONFIG_HIGHMEM isn't set.
      
      Cc: <stable@vger.kernel.org>
      Reported-by: default avatarJian Li <jiali@redhat.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      3cf003c0
    • Jeff Layton's avatar
      cifs: on CONFIG_HIGHMEM machines, limit the rsize/wsize to the kmap space · 3ae629d9
      Jeff Layton authored
      We currently rely on being able to kmap all of the pages in an async
      read or write request. If you're on a machine that has CONFIG_HIGHMEM
      set then that kmap space is limited, sometimes to as low as 512 slots.
      
      With 512 slots, we can only support up to a 2M r/wsize, and that's
      assuming that we can get our greedy little hands on all of them. There
      are other users however, so it's possible we'll end up stuck with a
      size that large.
      
      Since we can't handle a rsize or wsize larger than that currently, cap
      those options at the number of kmap slots we have. We could consider
      capping it even lower, but we currently default to a max of 1M. Might as
      well allow those luddites on 32 bit arches enough rope to hang
      themselves.
      
      A more robust fix would be to teach the send and receive routines how
      to contend with an array of pages so we don't need to marshal up a kvec
      array at all. That's a fairly significant overhaul though, so we'll need
      this limit in place until that's ready.
      
      Cc: <stable@vger.kernel.org>
      Reported-by: default avatarJian Li <jiali@redhat.com>
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      3ae629d9
    • Sachin Prabhu's avatar
      Initialise mid_q_entry before putting it on the pending queue · ffc61ccb
      Sachin Prabhu authored
      A user reported a crash in cifs_demultiplex_thread() caused by an
      incorrectly set mid_q_entry->callback() function. It appears that the
      callback assignment made in cifs_call_async() was not flushed back to
      memory suggesting that a memory barrier was required here. Changing the
      code to make sure that the mid_q_entry structure was completely
      initialised before it was added to the pending queue fixes the problem.
      Signed-off-by: default avatarSachin Prabhu <sprabhu@redhat.com>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Reviewed-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      ffc61ccb
  2. 10 Jul, 2012 7 commits
    • Linus Torvalds's avatar
      Merge tag 'fixes-for-v3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 055c9fa8
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "Yes, this is a *LATE* GPIO pull request with fixes for v3.5.
      
        Grant moved across the planet and accidentally fell off the grid, so
        he asked me to take over the GPIO merges for a while 10 days ago.
      
        Since then I went over the archives and collected this pile of fixes,
        and pulled two of them from the TI maintainer Kevin Hilman.  Then
        waited for them to at least hit linux-next once or twice."
      
      GPIO fixes for v3.5:
       - Invalid context restore on bank 0 for OMAP driver in runtime
         suspend/resume cycle
       - Check for NULL platform data in sta-2x11 driver
       - Constrain selection of the V1 MSM GPIO driver to applicable platforms
         (Kconfig issue)
       - Make sure the correct output value is set in the wm8994 driver
       - Export devm_gpio_request_one() so it can be used in modules.
         Apparently some in-kernel modules can be configured to use this
         leading to breakage.
       - Check that the GPIO is valid in the lantiq driver
       - Fix the flag bits introduced for v3.5, so they don't overlap
       - Fix a device tree intialization bug for imx21-compatible devices
       - Carry over the OF node to the TPS65910 GPIO chip struct
      
      * tag 'fixes-for-v3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: tps65910: initialize of_node of gpio_chip
        gpio/mxc: make irqs work for fsl,imx21-gpio devices
        gpio: fix bits conflict for gpio flags
        mips: pci-lantiq: Fix check for valid gpio
        gpio: export devm_gpio_request_one
        gpiolib: wm8994: Pay attention to the value set when enabling as output
        gpio/msm_v1: CONFIG_GPIO_MSM_V1 is only available on three SoCs
        gpio-sta2x11: don't use pdata if null
        gpio/omap: fix invalid context restore of gpio bank-0
        gpio/omap: fix irq loss while in idle with debounce on
      055c9fa8
    • Linus Torvalds's avatar
      Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc · 310959e8
      Linus Torvalds authored
      Pull powerpc fixes from Benjamin Herrenschmidt:
       "It looks like my rewrite of our lazy irq scheme is still exposing
        "interesting" issues left and right.  The previous fixes are now
        causing an occasional BUG_ON to trigger (which this patch turns into a
        WARN_ON while at it), due to another issue of disconnect of the lazy
        irq state vs the processor state in the idle loop on pseries and
        cell.
      
        This should fix it properly once for all moving the nasty code to a
        common helper function.
      
        There's also couple more fixes for some debug stuff that didn't build
        (and helped resolving those problems so it's worth having), along with
        a compile fix for newer gcc's."
      
      * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
        tty/hvc_opal: Fix debug function name
        powerpc/numa: Avoid stupid uninitialized warning from gcc
        powerpc: Fix build of some debug irq code
        powerpc: More fixes for lazy IRQ vs. idle
      310959e8
    • Linus Torvalds's avatar
      Revert "of: match by compatible property first" · bc51b0c2
      Linus Torvalds authored
      This reverts commit 107a84e6.
      
      Meelis Roos reports a regression since 3.5-rc5 that stops Sun Fire V100
      and Sun Netra X1 sparc64 machines from booting, hanging after enabling
      serial console.  He bisected it to commit 107a84e6.
      
      Rob Herring explains:
       "The problem is match combinations of compatible plus name and/or type
        fail to match correctly.  I have a fix for this, but given how late it
        is for 3.5 I think it is best to revert this for now.  There could be
        other cases that rely on the current although wrong behavior.  I will
        post an updated version for 3.6."
      Bisected-and-reported-by: default avatarMeelis Roos <mroos@linux.ee>
      Requested-by: default avatarRob Herring <rob.herring@calxeda.com>
      Cc: Thierry Reding <thierry.reding@avionic-design.de>
      Cc: Grant Likely <grant.likely@secretlab.ca>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bc51b0c2
    • Benjamin Herrenschmidt's avatar
      tty/hvc_opal: Fix debug function name · 50fb31cf
      Benjamin Herrenschmidt authored
      udbg_init_debug_opal() should be udbg_init_debug_opal_raw() as
      the caller in arch/powerpc/kernel/udbg.c expects
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      50fb31cf
    • Benjamin Herrenschmidt's avatar
      powerpc/numa: Avoid stupid uninitialized warning from gcc · aa709f3b
      Benjamin Herrenschmidt authored
      Newer gcc are being a bit blind here (it's pretty obvious we don't
      reach the code path using the array if we haven't initialized the
      pointer) but none of that is performance critical so let's just
      silence it.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      aa709f3b
    • Benjamin Herrenschmidt's avatar
      powerpc: Fix build of some debug irq code · 21b2de34
      Benjamin Herrenschmidt authored
      There was a typo, checking for CONFIG_TRACE_IRQFLAG instead of
      CONFIG_TRACE_IRQFLAGS causing some useful debug code to not be
      built
      
      This in turns causes a build error on BookE 64-bit due to incorrect
      semicolons at the end of a couple of macros, so let's fix that too
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      CC: stable@vger.kernel.org [v3.4]
      21b2de34
    • Benjamin Herrenschmidt's avatar
      powerpc: More fixes for lazy IRQ vs. idle · be2cf20a
      Benjamin Herrenschmidt authored
      Looks like we still have issues with pSeries and Cell idle code
      vs. the lazy irq state. In fact, the reset fixes that went upstream
      are exposing the problem more by causing BUG_ON() to trigger (which
      this patch turns into a WARN_ON instead).
      
      We need to be careful when using a variant of low power state that
      has the side effect of turning interrupts back on, to properly set
      all the SW & lazy state to look as if everything is enabled before
      we enter the low power state with MSR:EE off as we will return with
      MSR:EE on. If not, we have a discrepancy of state which can cause
      things to go very wrong later on.
      
      This patch moves the logic into a helper and uses it from the
      pseries and cell idle code. The power4/970 idle code already got
      things right (in assembly even !) so I'm not touching it. The power7
      "bare metal" idle code is subtly different and correct. Remains PA6T
      and some hypervisor based Cell platforms which have questionable
      code in there, but they are mostly dead platforms so I'll fix them
      when I manage to get final answers from the respective maintainers
      about how the low power state actually works on them.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      CC: stable@vger.kernel.org [v3.4]
      be2cf20a
  3. 09 Jul, 2012 8 commits
  4. 08 Jul, 2012 5 commits
    • Michael S. Tsirkin's avatar
      virtio-balloon: fix add/get API use · 9c378abc
      Michael S. Tsirkin authored
      Since ee7cd898 'virtio: expose added
      descriptors immediately.', in virtio balloon virtqueue_get_buf might
      now run concurrently with virtqueue_kick.  I audited both and this
      seems safe in practice but this is not guaranteed by the API.
      Additionally, a spurious interrupt might in theory make
      virtqueue_get_buf run in parallel with virtqueue_add_buf, which is
      racy.
      
      While we might try to protect against spurious callbacks it's
      easier to fix the driver: balloon seems to be the only one
      (mis)using the API like this, so let's just fix balloon.
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (removed unused var)
      9c378abc
    • Linus Torvalds's avatar
      Merge branch 'for-3.5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · 8c84bf41
      Linus Torvalds authored
      Pull cgroup fixes from Tejun Heo:
       "The previous cgroup pull request contained a patch to fix a race
        condition during cgroup hierarchy umount.  Unfortunately, while the
        patch reduced the race window such that the test case I and Sasha were
        using didn't trigger it anymore, it wasn't complete - Shyju and Li
        could reliably trigger the race condition using a different test case.
      
        The problem wasn't the gap between dentry deletion and release which
        the previous patch tried to fix.  The window was between the last
        dput() of a root's child and the resulting dput() of the root.  For
        cgroup dentries, the deletion and release always happen synchronously.
        As this releases the s_active ref, the refcnt of the root dentry,
        which doesn't hold s_active, stays above zero without the
        corresponding s_active.  If umount was in progress, the last
        deactivate_super() proceeds to destory the superblock and triggers
        BUG() on the non-zero root dentry refcnt after shrinking.
      
        This issue surfaced because cgroup dentries are now allowed to linger
        after rmdir(2) since 3.5-rc1.  Before, rmdir synchronously drained the
        dentry refcnt and the s_active acquired by rmdir from vfs layer
        protected the whole thing.  After 3.5-rc1, cgroup may internally hold
        and put dentry refs after rmdir finishes and the delayed dput()
        doesn't have surrounding s_active ref exposing this issue.
      
        This pull request contains two patches - one reverting the previous
        incorrect fix and the other adding the surrounding s_active ref around
        the delayed dput().
      
        This is quite late in the release cycle but the change is on the safer
        side and fixes the test cases reliably, so I don't think it's too
        crazy."
      
      * 'for-3.5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        cgroup: fix cgroup hierarchy umount race
        Revert "cgroup: superblock can't be released with active dentries"
      8c84bf41
    • Linus Torvalds's avatar
      Linux 3.5-rc6 · bd0a521e
      Linus Torvalds authored
      bd0a521e
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · a0127afb
      Linus Torvalds authored
      Pull security docs update from James Morris.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        security: Minor improvements to no_new_privs documentation
      a0127afb
    • Linus Torvalds's avatar
      vfs: make O_PATH file descriptors usable for 'fchdir()' · 332a2e12
      Linus Torvalds authored
      We already use them for openat() and friends, but fchdir() also wants to
      be able to use O_PATH file descriptors.  This should make it comparable
      to the O_SEARCH of Solaris.  In particular, O_PATH allows you to access
      (not-quite-open) a directory you don't have read persmission to, only
      execute permission.
      
      Noticed during development of multithread support for ksh93.
      Reported-by: default avatarольга крыжановская <olga.kryzhanovska@gmail.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: stable@kernel.org    # O_PATH introduced in 3.0+
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      332a2e12
  5. 07 Jul, 2012 5 commits
    • Tejun Heo's avatar
      cgroup: fix cgroup hierarchy umount race · 5db9a4d9
      Tejun Heo authored
      48ddbe19 "cgroup: make css->refcnt clearing on cgroup removal
      optional" allowed a css to linger after the associated cgroup is
      removed.  As a css holds a reference on the cgroup's dentry, it means
      that cgroup dentries may linger for a while.
      
      Destroying a superblock which has dentries with positive refcnts is a
      critical bug and triggers BUG() in vfs code.  As each cgroup dentry
      holds an s_active reference, any lingering cgroup has both its dentry
      and the superblock pinned and thus preventing premature release of
      superblock.
      
      Unfortunately, after 48ddbe19, there's a small window while
      releasing a cgroup which is directly under the root of the hierarchy.
      When a cgroup directory is released, vfs layer first deletes the
      corresponding dentry and then invokes dput() on the parent, which may
      recurse further, so when a cgroup directly below root cgroup is
      released, the cgroup is first destroyed - which releases the s_active
      it was holding - and then the dentry for the root cgroup is dput().
      
      This creates a window where the root dentry's refcnt isn't zero but
      superblock's s_active is.  If umount happens before or during this
      window, vfs will see the root dentry with non-zero refcnt and trigger
      BUG().
      
      Before 48ddbe19, this problem didn't exist because the last dentry
      reference was guaranteed to be put synchronously from rmdir(2)
      invocation which holds s_active around the whole process.
      
      Fix it by holding an extra superblock->s_active reference across
      dput() from css release, which is the dput() path added by 48ddbe19
      and the only one which doesn't hold an extra s_active ref across the
      final cgroup dput().
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      LKML-Reference: <4FEEA5CB.8070809@huawei.com>
      Reported-by: default avatarshyju pv <shyju.pv@huawei.com>
      Tested-by: default avatarshyju pv <shyju.pv@huawei.com>
      Cc: Sasha Levin <levinsasha928@gmail.com>
      Acked-by: default avatarLi Zefan <lizefan@huawei.com>
      5db9a4d9
    • Tejun Heo's avatar
      Revert "cgroup: superblock can't be released with active dentries" · 7db5b3ca
      Tejun Heo authored
      This reverts commit fa980ca8.  The
      commit was an attempt to fix a race condition where a cgroup hierarchy
      may be unmounted with positive dentry reference on root cgroup.  While
      the commit made the race condition slightly more difficult to trigger,
      the race was still there and could be reliably triggered using a
      different test case.
      
      Revert the incorrect fix.  The next commit will describe the race and
      fix it correctly.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      LKML-Reference: <4FEEA5CB.8070809@huawei.com>
      Reported-by: default avatarshyju pv <shyju.pv@huawei.com>
      Cc: Sasha Levin <levinsasha928@gmail.com>
      Acked-by: default avatarLi Zefan <lizefan@huawei.com>
      7db5b3ca
    • Shinya Kuribayashi's avatar
      hwspinlock/core: use global ID to register hwspinlocks on multiple devices · 476a7eeb
      Shinya Kuribayashi authored
      Commit 300bab97 (hwspinlock/core: register a bank of hwspinlocks in a
      single API call, 2011-09-06) introduced 'hwspin_lock_register_single()'
      to register numerous (a bank of) hwspinlock instances in a single API,
      'hwspin_lock_register()'.
      
      At which time, 'hwspin_lock_register()' accidentally passes 'local IDs'
      to 'hwspin_lock_register_single()', despite that ..._single() requires
      'global IDs' to register hwspinlocks.
      
      We have to convert into global IDs by supplying the missing 'base_id'.
      
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarShinya Kuribayashi <shinya.kuribayashi.px@renesas.com>
      [ohad: fix error path of hwspin_lock_register, too]
      Signed-off-by: default avatarOhad Ben-Cohen <ohad@wizery.com>
      476a7eeb
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · cd6407fe
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "Last merge window, we had some updates from Al cleaning up the signal
        restart handling.  These have caused some problems on ARM, and while
        Al has some fixes, we have some concerns with Al's patches but we've
        been unsuccesful with discussing this.
      
        We have got to the point where we need to do something, and we've
        decided that the best solution is to revert the appropriate commits
        until Al is able to reply to us.
      
        Also included here are four patches to fix warnings that I've noticed
        in my build system, and one fix for kprobes test code."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: fix warning caused by wrongly typed arm_dma_limit
        ARM: fix warnings about atomic64_read
        ARM: 7440/1: kprobes: only test 'sub pc, pc, #1b-2b+8-2' on ARMv6
        ARM: 7441/1: perf: return -EOPNOTSUPP if requested mode exclusion is unavailable
        ARM: 7443/1: Revert "new way of handling ERESTART_RESTARTBLOCK"
        ARM: 7442/1: Revert "remove unused restart trampoline"
        ARM: fix set_domain() macro
        ARM: fix mach-versatile/pci.c warning
      cd6407fe
    • Andy Lutomirski's avatar
      security: Minor improvements to no_new_privs documentation · c540521b
      Andy Lutomirski authored
      The documentation didn't actually mention how to enable no_new_privs.
      This also adds a note about possible interactions between
      no_new_privs and LSMs (i.e. why teaching systemd to set no_new_privs
      is not necessarily a good idea), and it references the new docs
      from include/linux/prctl.h.
      Suggested-by: default avatarRob Landley <rob@landley.net>
      Signed-off-by: default avatarAndy Lutomirski <luto@amacapital.net>
      Acked-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      c540521b
  6. 06 Jul, 2012 11 commits