1. 04 Sep, 2015 40 commits
    • Jesper Dangaard Brouer's avatar
      slub: improve bulk alloc strategy · ebe909e0
      Jesper Dangaard Brouer authored
      Call slowpath __slab_alloc() from within the bulk loop, as the side-effect
      of this call likely repopulates c->freelist.
      
      Choose to reenable local IRQs while calling slowpath.
      
      Saving some optimizations for later.  E.g.  it is possible to extract
      parts of __slab_alloc() and avoid the unnecessary and expensive (37
      cycles) local_irq_{save,restore}.  For now, be happy calling
      __slab_alloc() this lower icache impact of this func and I don't have to
      worry about correctness.
      
      Measurements on CPU CPU i7-4790K @ 4.00GHz
      Baseline normal fastpath (alloc+free cost): 42 cycles(tsc) 10.601 ns
      
      Bulk- fallback                   - this-patch
        1 -  58 cycles(tsc) 14.516 ns  -  49 cycles(tsc) 12.459 ns  improved 15.5%
        2 -  51 cycles(tsc) 12.930 ns  -  38 cycles(tsc)  9.605 ns  improved 25.5%
        3 -  49 cycles(tsc) 12.274 ns  -  34 cycles(tsc)  8.525 ns  improved 30.6%
        4 -  48 cycles(tsc) 12.058 ns  -  32 cycles(tsc)  8.036 ns  improved 33.3%
        8 -  46 cycles(tsc) 11.609 ns  -  31 cycles(tsc)  7.756 ns  improved 32.6%
       16 -  45 cycles(tsc) 11.451 ns  -  32 cycles(tsc)  8.148 ns  improved 28.9%
       30 -  79 cycles(tsc) 19.865 ns  -  68 cycles(tsc) 17.164 ns  improved 13.9%
       32 -  76 cycles(tsc) 19.212 ns  -  66 cycles(tsc) 16.584 ns  improved 13.2%
       34 -  74 cycles(tsc) 18.600 ns  -  63 cycles(tsc) 15.954 ns  improved 14.9%
       48 -  88 cycles(tsc) 22.092 ns  -  77 cycles(tsc) 19.373 ns  improved 12.5%
       64 -  80 cycles(tsc) 20.043 ns  -  68 cycles(tsc) 17.188 ns  improved 15.0%
      128 -  99 cycles(tsc) 24.818 ns  -  89 cycles(tsc) 22.404 ns  improved 10.1%
      158 -  99 cycles(tsc) 24.977 ns  -  92 cycles(tsc) 23.089 ns  improved  7.1%
      250 - 106 cycles(tsc) 26.552 ns  -  99 cycles(tsc) 24.785 ns  improved  6.6%
      Signed-off-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ebe909e0
    • Jesper Dangaard Brouer's avatar
      slub bulk alloc: extract objects from the per cpu slab · 994eb764
      Jesper Dangaard Brouer authored
      First piece: acceleration of retrieval of per cpu objects
      
      If we are allocating lots of objects then it is advantageous to disable
      interrupts and avoid the this_cpu_cmpxchg() operation to get these objects
      faster.
      
      Note that we cannot do the fast operation if debugging is enabled, because
      we would have to add extra code to do all the debugging checks.  And it
      would not be fast anyway.
      
      Note also that the requirement of having interrupts disabled avoids having
      to do processor flag operations.
      
      Allocate as many objects as possible in the fast way and then fall back to
      the generic implementation for the rest of the objects.
      
      Measurements on CPU CPU i7-4790K @ 4.00GHz
      Baseline normal fastpath (alloc+free cost): 42 cycles(tsc) 10.554 ns
      
      Bulk- fallback                   - this-patch
        1 -  57 cycles(tsc) 14.432 ns  -  48 cycles(tsc) 12.155 ns  improved 15.8%
        2 -  50 cycles(tsc) 12.746 ns  -  37 cycles(tsc)  9.390 ns  improved 26.0%
        3 -  48 cycles(tsc) 12.180 ns  -  33 cycles(tsc)  8.417 ns  improved 31.2%
        4 -  48 cycles(tsc) 12.015 ns  -  32 cycles(tsc)  8.045 ns  improved 33.3%
        8 -  46 cycles(tsc) 11.526 ns  -  30 cycles(tsc)  7.699 ns  improved 34.8%
       16 -  45 cycles(tsc) 11.418 ns  -  32 cycles(tsc)  8.205 ns  improved 28.9%
       30 -  80 cycles(tsc) 20.246 ns  -  73 cycles(tsc) 18.328 ns  improved  8.8%
       32 -  79 cycles(tsc) 19.946 ns  -  72 cycles(tsc) 18.208 ns  improved  8.9%
       34 -  78 cycles(tsc) 19.659 ns  -  71 cycles(tsc) 17.987 ns  improved  9.0%
       48 -  86 cycles(tsc) 21.516 ns  -  82 cycles(tsc) 20.566 ns  improved  4.7%
       64 -  93 cycles(tsc) 23.423 ns  -  89 cycles(tsc) 22.480 ns  improved  4.3%
      128 - 100 cycles(tsc) 25.170 ns  -  99 cycles(tsc) 24.871 ns  improved  1.0%
      158 - 102 cycles(tsc) 25.549 ns  - 101 cycles(tsc) 25.375 ns  improved  1.0%
      250 - 101 cycles(tsc) 25.344 ns  - 100 cycles(tsc) 25.182 ns  improved  1.0%
      Signed-off-by: default avatarChristoph Lameter <cl@linux.com>
      Signed-off-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      994eb764
    • Christoph Lameter's avatar
      slab: infrastructure for bulk object allocation and freeing · 484748f0
      Christoph Lameter authored
      Add the basic infrastructure for alloc/free operations on pointer arrays.
      It includes a generic function in the common slab code that is used in
      this infrastructure patch to create the unoptimized functionality for slab
      bulk operations.
      
      Allocators can then provide optimized allocation functions for situations
      in which large numbers of objects are needed.  These optimization may
      avoid taking locks repeatedly and bypass metadata creation if all objects
      in slab pages can be used to provide the objects required.
      
      Allocators can extend the skeletons provided and add their own code to the
      bulk alloc and free functions.  They can keep the generic allocation and
      freeing and just fall back to those if optimizations would not work (like
      for example when debugging is on).
      Signed-off-by: default avatarChristoph Lameter <cl@linux.com>
      Signed-off-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      484748f0
    • Jesper Dangaard Brouer's avatar
      slub: fix spelling succedd to succeed · 2ae44005
      Jesper Dangaard Brouer authored
      With this patchset the SLUB allocator now has both bulk alloc and free
      implemented.
      
      This patchset mostly optimizes the "fastpath" where objects are available
      on the per CPU fastpath page.  This mostly amortize the less-heavy
      none-locked cmpxchg_double used on fastpath.
      
      The "fallback" bulking (e.g __kmem_cache_free_bulk) provides a good basis
      for comparison.  Measurements[1] of the fallback functions
      __kmem_cache_{free,alloc}_bulk have been copied from slab_common.c and
      forced "noinline" to force a function call like slab_common.c.
      
      Measurements on CPU CPU i7-4790K @ 4.00GHz
      Baseline normal fastpath (alloc+free cost): 42 cycles(tsc) 10.601 ns
      
      Measurements last-patch with disabled debugging:
      
      Bulk- fallback                   - this-patch
        1 -  57 cycles(tsc) 14.448 ns  -  44 cycles(tsc) 11.236 ns  improved 22.8%
        2 -  51 cycles(tsc) 12.768 ns  -  28 cycles(tsc)  7.019 ns  improved 45.1%
        3 -  48 cycles(tsc) 12.232 ns  -  22 cycles(tsc)  5.526 ns  improved 54.2%
        4 -  48 cycles(tsc) 12.025 ns  -  19 cycles(tsc)  4.786 ns  improved 60.4%
        8 -  46 cycles(tsc) 11.558 ns  -  18 cycles(tsc)  4.572 ns  improved 60.9%
       16 -  45 cycles(tsc) 11.458 ns  -  18 cycles(tsc)  4.658 ns  improved 60.0%
       30 -  45 cycles(tsc) 11.499 ns  -  18 cycles(tsc)  4.568 ns  improved 60.0%
       32 -  79 cycles(tsc) 19.917 ns  -  65 cycles(tsc) 16.454 ns  improved 17.7%
       34 -  78 cycles(tsc) 19.655 ns  -  63 cycles(tsc) 15.932 ns  improved 19.2%
       48 -  68 cycles(tsc) 17.049 ns  -  50 cycles(tsc) 12.506 ns  improved 26.5%
       64 -  80 cycles(tsc) 20.009 ns  -  63 cycles(tsc) 15.929 ns  improved 21.3%
      128 -  94 cycles(tsc) 23.749 ns  -  86 cycles(tsc) 21.583 ns  improved  8.5%
      158 -  97 cycles(tsc) 24.299 ns  -  90 cycles(tsc) 22.552 ns  improved  7.2%
      250 - 102 cycles(tsc) 25.681 ns  -  98 cycles(tsc) 24.589 ns  improved  3.9%
      
      Benchmarking shows impressive improvements in the "fastpath" with a small
      number of objects in the working set.  Once the working set increases,
      resulting in activating the "slowpath" (that contains the heavier locked
      cmpxchg_double) the improvement decreases.
      
      I'm currently working on also optimizing the "slowpath" (as network stack
      use-case hits this), but this patchset should provide a good foundation
      for further improvements.  Rest of my patch queue in this area needs some
      more work, but preliminary results are good.  I'm attending Netfilter
      Workshop[2] next week, and I'll hopefully return working on further
      improvements in this area.
      
      This patch (of 6):
      
      s/succedd/succeed/
      Signed-off-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2ae44005
    • Ulrich Obergfell's avatar
      watchdog: rename watchdog_suspend() and watchdog_resume() · ec6a9066
      Ulrich Obergfell authored
      Rename watchdog_suspend() to lockup_detector_suspend() and
      watchdog_resume() to lockup_detector_resume() to avoid confusion with the
      watchdog subsystem and to be consistent with the existing name
      lockup_detector_init().
      
      Also provide comment blocks to explain the watchdog_running and
      watchdog_suspended variables and their relationship.
      Signed-off-by: default avatarUlrich Obergfell <uobergfe@redhat.com>
      Reviewed-by: default avatarAaron Tomlin <atomlin@redhat.com>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ec6a9066
    • Ulrich Obergfell's avatar
      watchdog: use suspend/resume interface in fixup_ht_bug() · 999bbe49
      Ulrich Obergfell authored
      Remove watchdog_nmi_disable_all() and watchdog_nmi_enable_all() since
      these functions are no longer needed.  If a subsystem has a need to
      deactivate the watchdog temporarily, it should utilize the
      watchdog_suspend() and watchdog_resume() functions.
      
      [akpm@linux-foundation.org: fix build with CONFIG_LOCKUP_DETECTOR=m]
      Signed-off-by: default avatarUlrich Obergfell <uobergfe@redhat.com>
      Reviewed-by: default avatarAaron Tomlin <atomlin@redhat.com>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      999bbe49
    • Ulrich Obergfell's avatar
      watchdog: use park/unpark functions in update_watchdog_all_cpus() · d4bdd0b2
      Ulrich Obergfell authored
      Remove update_watchdog() and restart_watchdog_hrtimer() since these
      functions are no longer needed.  Changes of parameters such as the sample
      period are honored at the time when the watchdog threads are being
      unparked.
      Signed-off-by: default avatarUlrich Obergfell <uobergfe@redhat.com>
      Reviewed-by: default avatarAaron Tomlin <atomlin@redhat.com>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d4bdd0b2
    • Ulrich Obergfell's avatar
      watchdog: introduce watchdog_suspend() and watchdog_resume() · 8c073d27
      Ulrich Obergfell authored
      This interface can be utilized to deactivate the hard and soft lockup
      detector temporarily.  Callers are expected to minimize the duration of
      deactivation.  Multiple deactivations are allowed to occur in parallel but
      should be rare in practice.
      
      [akpm@linux-foundation.org: remove unneeded static initialization]
      Signed-off-by: default avatarUlrich Obergfell <uobergfe@redhat.com>
      Reviewed-by: default avatarAaron Tomlin <atomlin@redhat.com>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8c073d27
    • Ulrich Obergfell's avatar
      watchdog: introduce watchdog_park_threads() and watchdog_unpark_threads() · 81a4beef
      Ulrich Obergfell authored
      Originally watchdog_nmi_enable(cpu) and watchdog_nmi_disable(cpu) were
      only called in watchdog thread context.  However, the following commits
      utilize these functions outside of watchdog thread context too.
      
        commit 9809b18f
        Author: Michal Hocko <mhocko@suse.cz>
        Date:   Tue Sep 24 15:27:30 2013 -0700
      
            watchdog: update watchdog_thresh properly
      
        commit b3738d29
        Author: Stephane Eranian <eranian@google.com>
        Date:   Mon Nov 17 20:07:03 2014 +0100
      
            watchdog: Add watchdog enable/disable all functions
      
      Hence, it is now possible that these functions execute concurrently with
      the same 'cpu' argument.  This concurrency is problematic because per-cpu
      'watchdog_ev' can be accessed/modified without adequate synchronization.
      
      The patch series aims to address the above problem.  However, instead of
      introducing locks to protect per-cpu 'watchdog_ev' a different approach is
      taken: Invoke these functions by parking and unparking the watchdog
      threads (to ensure they are always called in watchdog thread context).
      
        static struct smp_hotplug_thread watchdog_threads = {
                 ...
                .park   = watchdog_disable, // calls watchdog_nmi_disable()
                .unpark = watchdog_enable,  // calls watchdog_nmi_enable()
        };
      
      Both previously mentioned commits call these functions in a similar way
      and thus in principle contain some duplicate code.  The patch series also
      avoids this duplication by providing a commonly usable mechanism.
      
      - Patch 1/4 introduces the watchdog_{park|unpark}_threads functions that
        park/unpark all watchdog threads specified in 'watchdog_cpumask'. They
        are intended to be called inside of kernel/watchdog.c only.
      
      - Patch 2/4 introduces the watchdog_{suspend|resume} functions which can
        be utilized by external callers to deactivate the hard and soft lockup
        detector temporarily.
      
      - Patch 3/4 utilizes watchdog_{park|unpark}_threads to replace some code
        that was introduced by commit 9809b18f.
      
      - Patch 4/4 utilizes watchdog_{suspend|resume} to replace some code that
        was introduced by commit b3738d29.
      
      A few corner cases should be mentioned here for completeness.
      
      - kthread_park() of watchdog/N could hang if cpu N is already locked up.
        However, if watchdog is enabled the lockup will be detected anyway.
      
      - kthread_unpark() of watchdog/N could hang if cpu N got locked up after
        kthread_park(). The occurrence of this scenario should be _very_ rare
        in practice, in particular because it is not expected that temporary
        deactivation will happen frequently, and if it happens at all it is
        expected that the duration of deactivation will be short.
      
      This patch (of 4): introduce watchdog_park_threads() and watchdog_unpark_threads()
      
      These functions are intended to be used only from inside kernel/watchdog.c
      to park/unpark all watchdog threads that are specified in
      watchdog_cpumask.
      Signed-off-by: default avatarUlrich Obergfell <uobergfe@redhat.com>
      Reviewed-by: default avatarAaron Tomlin <atomlin@redhat.com>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Michal Hocko <mhocko@suse.cz>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      81a4beef
    • Guenter Roeck's avatar
      kernel/watchdog: move NMI function header declarations from watchdog.h to nmi.h · aacfbe6a
      Guenter Roeck authored
      The kernel's NMI watchdog has nothing to do with the watchdog subsystem.
      Its header declarations should be in linux/nmi.h, not linux/watchdog.h.
      
      The code provided two sets of dummy functions if HARDLOCKUP_DETECTOR is
      not configured, one in the include file and one in kernel/watchdog.c.
      Remove the dummy functions from kernel/watchdog.c and use those from the
      include file.
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Don Zickus <dzickus@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      aacfbe6a
    • Frederic Weisbecker's avatar
      watchdog: simplify housekeeping affinity with the appropriate mask · 314b08ff
      Frederic Weisbecker authored
      housekeeping_mask gathers all the CPUs that aren't part of the nohz_full
      set.  This is exactly what we want the watchdog to be affine to without
      the need to use complicated cpumask operations.
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Reviewed-by: default avatarChris Metcalf <cmetcalf@ezchip.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      314b08ff
    • Frederic Weisbecker's avatar
      smpboot: allow passing the cpumask on per-cpu thread registration · 230ec939
      Frederic Weisbecker authored
      It makes the registration cheaper and simpler for the smpboot per-cpu
      kthread users that don't need to always update the cpumask after threads
      creation.
      
      [sfr@canb.auug.org.au: fix for allow passing the cpumask on per-cpu thread registration]
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Reviewed-by: default avatarChris Metcalf <cmetcalf@ezchip.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Signed-off-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      230ec939
    • Frederic Weisbecker's avatar
      smpboot: make cleanup to mirror setup · 3dd08c0c
      Frederic Weisbecker authored
      The per-cpu kthread cleanup() callback is the mirror of the setup()
      callback.  When the per-cpu kthread is started, it first calls setup()
      to initialize the resources which are then released by cleanup() when
      the kthread exits.
      
      Now since the introduction of a per-cpu kthread cpumask, the kthreads
      excluded by the cpumask on boot may happen to be parked immediately
      after their creation without taking the setup() stage, waiting to be
      asked to unpark to do so.  Then when smpboot_unregister_percpu_thread()
      is later called, the kthread is stopped without having ever called
      setup().
      
      But this triggers a bug as the kthread unconditionally calls cleanup()
      on exit but this doesn't mirror any setup().  Thus the kernel crashes
      because we try to free resources that haven't been initialized, as in
      the watchdog case:
      
          WATCHDOG disable 0
          WATCHDOG disable 1
          WATCHDOG disable 2
          BUG: unable to handle kernel NULL pointer dereference at           (null)
          IP: hrtimer_active+0x26/0x60
          [...]
          Call Trace:
            hrtimer_try_to_cancel+0x1c/0x280
            hrtimer_cancel+0x1d/0x30
            watchdog_disable+0x56/0x70
            watchdog_cleanup+0xe/0x10
            smpboot_thread_fn+0x23c/0x2c0
            kthread+0xf8/0x110
            ret_from_fork+0x3f/0x70
      
      This bug is currently masked with explicit kthread unparking before
      kthread_stop() on smpboot_destroy_threads(). This forces a call to
      setup() and then unpark().
      
      We could fix this by unconditionally calling setup() on kthread entry.
      But setup() isn't always cheap.  In the case of watchdog it launches
      hrtimer, perf events, etc...  So we may as well like to skip it if there
      are chances the kthread will never be used, as in a reduced cpumask value.
      
      So let's simply do a state machine check before calling cleanup() that
      makes sure setup() has been called before mirroring it.
      
      And remove the nasty hack workaround.
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Reviewed-by: default avatarChris Metcalf <cmetcalf@ezchip.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3dd08c0c
    • Frederic Weisbecker's avatar
      smpboot: fix memory leak on error handling · 5869b506
      Frederic Weisbecker authored
      The cpumask is allocated before threads get created. If the latter step
      fails, we need to free the cpumask.
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Reviewed-by: default avatarChris Metcalf <cmetcalf@ezchip.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Don Zickus <dzickus@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5869b506
    • Kees Cook's avatar
      fs: create and use seq_show_option for escaping · a068acf2
      Kees Cook authored
      Many file systems that implement the show_options hook fail to correctly
      escape their output which could lead to unescaped characters (e.g.  new
      lines) leaking into /proc/mounts and /proc/[pid]/mountinfo files.  This
      could lead to confusion, spoofed entries (resulting in things like
      systemd issuing false d-bus "mount" notifications), and who knows what
      else.  This looks like it would only be the root user stepping on
      themselves, but it's possible weird things could happen in containers or
      in other situations with delegated mount privileges.
      
      Here's an example using overlay with setuid fusermount trusting the
      contents of /proc/mounts (via the /etc/mtab symlink).  Imagine the use
      of "sudo" is something more sneaky:
      
        $ BASE="ovl"
        $ MNT="$BASE/mnt"
        $ LOW="$BASE/lower"
        $ UP="$BASE/upper"
        $ WORK="$BASE/work/ 0 0
        none /proc fuse.pwn user_id=1000"
        $ mkdir -p "$LOW" "$UP" "$WORK"
        $ sudo mount -t overlay -o "lowerdir=$LOW,upperdir=$UP,workdir=$WORK" none /mnt
        $ cat /proc/mounts
        none /root/ovl/mnt overlay rw,relatime,lowerdir=ovl/lower,upperdir=ovl/upper,workdir=ovl/work/ 0 0
        none /proc fuse.pwn user_id=1000 0 0
        $ fusermount -u /proc
        $ cat /proc/mounts
        cat: /proc/mounts: No such file or directory
      
      This fixes the problem by adding new seq_show_option and
      seq_show_option_n helpers, and updating the vulnerable show_option
      handlers to use them as needed.  Some, like SELinux, need to be open
      coded due to unusual existing escape mechanisms.
      
      [akpm@linux-foundation.org: add lost chunk, per Kees]
      [keescook@chromium.org: seq_show_option should be using const parameters]
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Acked-by: default avatarJan Kara <jack@suse.com>
      Acked-by: default avatarPaul Moore <paul@paul-moore.com>
      Cc: J. R. Okajima <hooanon05g@gmail.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a068acf2
    • Joseph Qi's avatar
      ocfs2: clean up redundant NULL checks before kfree · 46359295
      Joseph Qi authored
      NULL check before kfree is redundant and so clean them up.
      Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      46359295
    • Joe Perches's avatar
      ocfs2: neaten do_error, ocfs2_error and ocfs2_abort · 7ecef14a
      Joe Perches authored
      These uses sometimes do and sometimes don't have '\n' terminations.  Make
      the uses consistently use '\n' terminations and remove the newline from
      the functions.
      
      Miscellanea:
      
      o Coalesce formats
      o Realign arguments
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7ecef14a
    • Xue jiufei's avatar
      ocfs2: do not set fs read-only if rec[0] is empty while committing truncate · d0c97d52
      Xue jiufei authored
      While appending an extent to a file, it will call these functions:
      ocfs2_insert_extent
      
        -> call ocfs2_grow_tree() if there's no free rec
           -> ocfs2_add_branch add a new branch to extent tree,
              now rec[0] in the leaf of rightmost path is empty
        -> ocfs2_do_insert_extent
           -> ocfs2_rotate_tree_right
             -> ocfs2_extend_rotate_transaction
                -> jbd2_journal_restart if jbd2_journal_extend fail
           -> ocfs2_insert_path
              -> ocfs2_extend_trans
                -> jbd2_journal_restart if jbd2_journal_extend fail
              -> ocfs2_insert_at_leaf
           -> ocfs2_et_update_clusters
      Function jbd2_journal_restart() may be called and it may happened that
      buffers dirtied in ocfs2_add_branch() are committed
      while buffers dirtied in ocfs2_insert_at_leaf() and
      ocfs2_et_update_clusters() are not.
      So an empty rec[0] is left in rightmost path which will cause
      read-only filesystem when call ocfs2_commit_truncate()
      with the error message: "Inode %lu has an empty extent record".
      
      This is not a serious problem, so remove the rightmost path when call
      ocfs2_commit_truncate().
      Signed-off-by: default avatarjoyce.xue <xuejiufei@huawei.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d0c97d52
    • yangwenfang's avatar
      ocfs2: call ocfs2_journal_access_di() before ocfs2_journal_dirty() in ocfs2_write_end_nolock() · 7f27ec97
      yangwenfang authored
      1: After we call ocfs2_journal_access_di() in ocfs2_write_begin(),
         jbd2_journal_restart() may also be called, in this function transaction
         A's t_updates-- and obtains a new transaction B.  If
         jbd2_journal_commit_transaction() is happened to commit transaction A,
         when t_updates==0, it will continue to complete commit and unfile
         buffer.
      
         So when jbd2_journal_dirty_metadata(), the handle is pointed a new
         transaction B, and the buffer head's journal head is already freed,
         jh->b_transaction == NULL, jh->b_next_transaction == NULL, it returns
         EINVAL, So it triggers the BUG_ON(status).
      
      thread 1                                          jbd2
      ocfs2_write_begin                     jbd2_journal_commit_transaction
      ocfs2_write_begin_nolock
        ocfs2_start_trans
          jbd2__journal_start(t_updates+1,
                             transaction A)
          ocfs2_journal_access_di
          ocfs2_write_cluster_by_desc
            ocfs2_mark_extent_written
              ocfs2_change_extent_flag
                ocfs2_split_extent
                  ocfs2_extend_rotate_transaction
                    jbd2_journal_restart
                    (t_updates-1,transaction B) t_updates==0
                                              __jbd2_journal_refile_buffer
                                              (jh->b_transaction = NULL)
      ocfs2_write_end
      ocfs2_write_end_nolock
          ocfs2_journal_dirty
              jbd2_journal_dirty_metadata(bug)
         ocfs2_commit_trans
      
      2.  In ext4, I found that: jbd2_journal_get_write_access() called by
         ext4_write_end.
      
      ext4_write_begin
          ext4_journal_start
              __ext4_journal_start_sb
                  ext4_journal_check_start
                  jbd2__journal_start
      
      ext4_write_end
          ext4_mark_inode_dirty
              ext4_reserve_inode_write
                  ext4_journal_get_write_access
                      jbd2_journal_get_write_access
              ext4_mark_iloc_dirty
                  ext4_do_update_inode
                      ext4_handle_dirty_metadata
                          jbd2_journal_dirty_metadata
      
      3. So I think we should put ocfs2_journal_access_di before
         ocfs2_journal_dirty in the ocfs2_write_end.  and it works well after my
         modification.
      Signed-off-by: default avatarvicky <vicky.yangwenfang@huawei.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Zhangguanghui <zhang.guanghui@h3c.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7f27ec97
    • Tina Ruchandani's avatar
      ocfs2: use 64bit variables to track heartbeat time · 40476b82
      Tina Ruchandani authored
      o2hb_elapsed_msecs computes the time taken for a disk heartbeat.
      'struct timeval' variables are used to store start and end times.  On
      32-bit systems, the 'tv_sec' component of 'struct timeval' will overflow
      in year 2038 and beyond.
      
      This patch solves the overflow with the following:
      
      1. Replace o2hb_elapsed_msecs using 'ktime_t' values to measure start
         and end time, and built-in function 'ktime_ms_delta' to compute the
         elapsed time.  ktime_get_real() is used since the code prints out the
         wallclock time.
      
      2. Changes format string to print time as a single 64-bit nanoseconds
         value ("%lld") instead of seconds and microseconds.  This simplifies
         the code since converting ktime_t to that format would need expensive
         computation.  However, the debug log string is less readable than the
         previous format.
      Signed-off-by: default avatarTina Ruchandani <ruchandani.tina@gmail.com>
      Suggested by: Arnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      40476b82
    • Joseph Qi's avatar
      ocfs2: fix race between crashed dio and rm · ad694821
      Joseph Qi authored
      There is a race case between crashed dio and rm, which will lead to
      OCFS2_VALID_FL not set read-only.
      
        N1                              N2
        ------------------------------------------------------------------------
        dd with direct flag
                                        rm file
        crashed with an dio entry left
        in orphan dir
                                        clear OCFS2_VALID_FL in
                                        ocfs2_remove_inode
                                        recover N1 and read the corrupted inode,
                                        and set filesystem read-only
      
      So we skip the inode deletion this time and wait for dio entry recovered
      first.
      Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ad694821
    • Yiwen Jiang's avatar
      ocfs2: avoid access invalid address when read o2dlm debug messages · f57a22dd
      Yiwen Jiang authored
      The following case will lead to a lockres is freed but is still in use.
      
      cat /sys/kernel/debug/o2dlm/locking_state	dlm_thread
      lockres_seq_start
          -> lock dlm->track_lock
          -> get resA
                                                      resA->refs decrease to 0,
                                                      call dlm_lockres_release,
                                                      and wait for "cat" unlock.
      Although resA->refs is already set to 0,
      increase resA->refs, and then unlock
                                                      lock dlm->track_lock
                                                          -> list_del_init()
                                                          -> unlock
                                                          -> free resA
      
      In such a race case, invalid address access may occurs.  So we should
      delete list res->tracking before resA->refs decrease to 0.
      Signed-off-by: default avatarYiwen Jiang <jiangyiwen@huawei.com>
      Reviewed-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarMark Fasheh <mfasheh@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f57a22dd
    • Tariq Saeed's avatar
      ocfs2: take inode lock in ocfs2_iop_set/get_acl() · 743b5f14
      Tariq Saeed authored
      This bug in mainline code is pointed out by Mark Fasheh.  When
      ocfs2_iop_set_acl() and ocfs2_iop_get_acl() are entered from VFS layer,
      inode lock is not held.  This seems to be regression from older kernels.
      The patch is to fix that.
      
      Orabug: 20189959
      Signed-off-by: default avatarTariq Saeed <tariq.x.saeed@oracle.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      743b5f14
    • Tariq Saeed's avatar
      ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() · 3d46a44a
      Tariq Saeed authored
      PID: 614    TASK: ffff882a739da580  CPU: 3   COMMAND: "ocfs2dc"
        #0 [ffff882ecc3759b0] machine_kexec at ffffffff8103b35d
        #1 [ffff882ecc375a20] crash_kexec at ffffffff810b95b5
        #2 [ffff882ecc375af0] oops_end at ffffffff815091d8
        #3 [ffff882ecc375b20] die at ffffffff8101868b
        #4 [ffff882ecc375b50] do_trap at ffffffff81508bb0
        #5 [ffff882ecc375ba0] do_invalid_op at ffffffff810165e5
        #6 [ffff882ecc375c40] invalid_op at ffffffff815116fb
           [exception RIP: ocfs2_ci_checkpointed+208]
           RIP: ffffffffa0a7e940  RSP: ffff882ecc375cf0  RFLAGS: 00010002
           RAX: 0000000000000001  RBX: 000000000000654b  RCX: ffff8812dc83f1f8
           RDX: 00000000000017d9  RSI: ffff8812dc83f1f8  RDI: ffffffffa0b2c318
           RBP: ffff882ecc375d20   R8: ffff882ef6ecfa60   R9: ffff88301f272200
           R10: 0000000000000000  R11: 0000000000000000  R12: ffffffffffffffff
           R13: ffff8812dc83f4f0  R14: 0000000000000000  R15: ffff8812dc83f1f8
           ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
        #7 [ffff882ecc375d28] ocfs2_check_meta_downconvert at ffffffffa0a7edbd [ocfs2]
        #8 [ffff882ecc375d38] ocfs2_unblock_lock at ffffffffa0a84af8 [ocfs2]
        #9 [ffff882ecc375dc8] ocfs2_process_blocked_lock at ffffffffa0a85285 [ocfs2]
      #10 [ffff882ecc375e18] ocfs2_downconvert_thread_do_work at ffffffffa0a85445 [ocfs2]
      #11 [ffff882ecc375e68] ocfs2_downconvert_thread at ffffffffa0a854de [ocfs2]
      #12 [ffff882ecc375ee8] kthread at ffffffff81090da7
      #13 [ffff882ecc375f48] kernel_thread_helper at ffffffff81511884
      assert is tripped because the tran is not checkpointed and the lock level is PR.
      
      Some time ago, chmod command had been executed. As result, the following call
      chain left the inode cluster lock in PR state, latter on causing the assert.
      system_call_fastpath
        -> my_chmod
         -> sys_chmod
          -> sys_fchmodat
           -> notify_change
            -> ocfs2_setattr
             -> posix_acl_chmod
              -> ocfs2_iop_set_acl
               -> ocfs2_set_acl
                -> ocfs2_acl_set_mode
      Here is how.
      1119 int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
      1120 {
      1247         ocfs2_inode_unlock(inode, 1); <<< WRONG thing to do.
      ..
      1258         if (!status && attr->ia_valid & ATTR_MODE) {
      1259                 status =  posix_acl_chmod(inode, inode->i_mode);
      
      519 posix_acl_chmod(struct inode *inode, umode_t mode)
      520 {
      ..
      539         ret = inode->i_op->set_acl(inode, acl, ACL_TYPE_ACCESS);
      
      287 int ocfs2_iop_set_acl(struct inode *inode, struct posix_acl *acl, ...
      288 {
      289         return ocfs2_set_acl(NULL, inode, NULL, type, acl, NULL, NULL);
      
      224 int ocfs2_set_acl(handle_t *handle,
      225                          struct inode *inode, ...
      231 {
      ..
      252                                 ret = ocfs2_acl_set_mode(inode, di_bh,
      253                                                          handle, mode);
      
      168 static int ocfs2_acl_set_mode(struct inode *inode, struct buffer_head ...
      170 {
      183         if (handle == NULL) {
                          >>> BUG: inode lock not held in ex at this point <<<
      184                 handle = ocfs2_start_trans(OCFS2_SB(inode->i_sb),
      185                                            OCFS2_INODE_UPDATE_CREDITS);
      
      ocfs2_setattr.#1247 we unlock and at #1259 call posix_acl_chmod. When we reach
      ocfs2_acl_set_mode.#181 and do trans, the inode cluster lock is not held in EX
      mode (it should be). How this could have happended?
      
      We are the lock master, were holding lock EX and have released it in
      ocfs2_setattr.#1247.  Note that there are no holders of this lock at
      this point.  Another node needs the lock in PR, and we downconvert from
      EX to PR.  So the inode lock is PR when do the trans in
      ocfs2_acl_set_mode.#184.  The trans stays in core (not flushed to disc).
      Now another node want the lock in EX, downconvert thread gets kicked
      (the one that tripped assert abovt), finds an unflushed trans but the
      lock is not EX (it is PR).  If the lock was at EX, it would have flushed
      the trans ocfs2_ci_checkpointed -> ocfs2_start_checkpoint before
      downconverting (to NULL) for the request.
      
      ocfs2_setattr must not drop inode lock ex in this code path.  If it
      does, takes it again before the trans, say in ocfs2_set_acl, another
      cluster node can get in between, execute another setattr, overwriting
      the one in progress on this node, resulting in a mode acl size combo
      that is a mix of the two.
      
      Orabug: 20189959
      Signed-off-by: default avatarTariq Saeed <tariq.x.saeed@oracle.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Joseph Qi <joseph.qi@huawei.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3d46a44a
    • Norton.Zhu's avatar
      ocfs2: optimize error handling in dlm_request_join · 72f6fe1f
      Norton.Zhu authored
      Currently error handling in dlm_request_join is a little obscure, so
      optimize it to promote readability.
      
      If packet.code is invalid, reset it to JOIN_DISALLOW to keep it
      meaningful.  It only influences the log printing.
      Signed-off-by: default avatarNorton.Zhu <norton.zhu@huawei.com>
      Cc: Srinivas Eeda <srinivas.eeda@oracle.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      72f6fe1f
    • Yiwen Jiang's avatar
      ocfs2: fix a tiny case that inode can not removed · 928dda1f
      Yiwen Jiang authored
      When running dirop_fileop_racer we found a case that inode
      can not removed.
      
      Two nodes, say Node A and Node B, mount the same ocfs2 volume.  Create
      two dirs /race/1/ and /race/2/ in the filesystem.
      
        Node A                            Node B
        rm -r /race/2/
                                          mv /race/1/ /race/2/
        call ocfs2_unlink(), get
        the EX mode of /race/2/
                                          wait for B unlock /race/2/
        decrease i_nlink of /race/2/ to 0,
        and add inode of /race/2/ into
        orphan dir, unlock /race/2/
                                          got EX mode of /race/2/. because
                                          /race/1/ is dir, so inc i_nlink
                                          of /race/2/ and update into disk,
                                          unlock /race/2/
        because i_nlink of /race/2/
        is not zero, this inode will
        always remain in orphan dir
      
      This patch fixes this case by test whether i_nlink of new dir is zero.
      Signed-off-by: default avatarYiwen Jiang <jiangyiwen@huawei.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Joseph Qi <joseph.qi@huawei.com>
      Cc: Xue jiufei <xuejiufei@huawei.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      928dda1f
    • WeiWei Wang's avatar
      ocfs2: add ip_alloc_sem in direct IO to protect allocation changes · 6ab855a9
      WeiWei Wang authored
      In ocfs2, ip_alloc_sem is used to protect allocation changes on the
      node.  In direct IO, we add ip_alloc_sem to protect date consistent
      between direct-io and ocfs2_truncate_file race (buffer io use
      ip_alloc_sem already).  Although inode->i_mutex lock is used to avoid
      concurrency of above situation, i think ip_alloc_sem is still needed
      because protect allocation changes is significant.
      
      Other filesystem like ext4 also uses rw_semaphore to protect data
      consistent between get_block-vs-truncate race by other means, So
      ip_alloc_sem in ocfs2 direct io is needed.
      Signed-off-by: default avatarWeiwei Wang <wangww631@huawei.com>
      Signed-off-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6ab855a9
    • Goldwyn Rodrigues's avatar
      ocfs2: clear the rest of the buffers on error · 34237681
      Goldwyn Rodrigues authored
      In case a validation fails, clear the rest of the buffers and return the
      error to the calling function.
      
      This also facilitates bubbling up the error originating from ocfs2_error
      to calling functions.
      Signed-off-by: default avatarGoldwyn Rodrigues <rgoldwyn@suse.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      34237681
    • Goldwyn Rodrigues's avatar
      ocfs2: acknowledge return value of ocfs2_error() · 17a5b9ab
      Goldwyn Rodrigues authored
      Caveat: This may return -EROFS for a read case, which seems wrong.  This
      is happening even without this patch series though.  Should we convert
      EROFS to EIO?
      Signed-off-by: default avatarGoldwyn Rodrigues <rgoldwyn@suse.com>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      17a5b9ab
    • Goldwyn Rodrigues's avatar
      ocfs2: add errors=continue · 7d0fb914
      Goldwyn Rodrigues authored
      OCFS2 is often used in high-availaibility systems.  However, ocfs2
      converts the filesystem to read-only at the drop of the hat.  This may
      not be necessary, since turning the filesystem read-only would affect
      other running processes as well, decreasing availability.
      
      This attempt is to add errors=continue, which would return the EIO to
      the calling process and terminate furhter processing so that the
      filesystem is not corrupted further.  However, the filesystem is not
      converted to read-only.
      
      As a future plan, I intend to create a small utility or extend
      fsck.ocfs2 to fix small errors such as in the inode.  The input to the
      utility such as the inode can come from the kernel logs so we don't have
      to schedule a downtime for fixing small-enough errors.
      
      The patch changes the ocfs2_error to return an error.  The error
      returned depends on the mount option set.  If none is set, the default
      is to turn the filesystem read-only.
      
      Perhaps errors=continue is not the best option name.  Historically it is
      used for making an attempt to progress in the current process itself.
      Should we call it errors=eio? or errors=killproc? Suggestions/Comments
      welcome.
      
      Sources are available at:
        https://github.com/goldwynr/linux/tree/error-contSigned-off-by: default avatarGoldwyn Rodrigues <rgoldwyn@suse.com>
      Signed-off-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7d0fb914
    • Xue jiufei's avatar
      ocfs2: flush inode data to disk and free inode when i_count becomes zero · 513e2dae
      Xue jiufei authored
      Disk inode deletion may be heavily delayed when one node unlink a file
      after the same dentry is freed on another node(say N1) because of memory
      shrink but inode is left in memory.  This inode can only be freed while
      N1 doing the orphan scan work.
      
      However, N1 may skip orphan scan for several times because other nodes
      may do the work earlier.  In our tests, it may take 1 hour on 4 nodes
      cluster and it hurts the user experience.  So we think the inode should
      be freed after the data flushed to disk when i_count becomes zero to
      avoid such circumstances.
      Signed-off-by: default avatarJoyce.xue <xuejiufei@huawei.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      513e2dae
    • Sanidhya Kashyap's avatar
      ocfs2: trusted xattr missing CAP_SYS_ADMIN check · 0f5e7b41
      Sanidhya Kashyap authored
      The trusted extended attributes are only visible to the process which
      hvae CAP_SYS_ADMIN capability but the check is missing in ocfs2
      xattr_handler trusted list.  The check is important because this will be
      used for implementing mechanisms in the userspace for which other
      ordinary processes should not have access to.
      Signed-off-by: default avatarSanidhya Kashyap <sanidhya.gatech@gmail.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Taesoo kim <taesoo@gatech.edu>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0f5e7b41
    • jiangyiwen's avatar
      ocfs2: set filesytem read-only when ocfs2_delete_entry failed. · 807a7907
      jiangyiwen authored
      In ocfs2_rename, it will lead to an inode with two entried(old and new) if
      ocfs2_delete_entry(old) failed.  Thus, filesystem will be inconsistent.
      
      The case is described below:
      
      ocfs2_rename
          -> ocfs2_start_trans
          -> ocfs2_add_entry(new)
          -> ocfs2_delete_entry(old)
              -> __ocfs2_journal_access *failed* because of -ENOMEM
          -> ocfs2_commit_trans
      
      So filesystem should be set to read-only at the moment.
      Signed-off-by: default avatarYiwen Jiang <jiangyiwen@huawei.com>
      Cc: Joseph Qi <joseph.qi@huawei.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      807a7907
    • Joseph Qi's avatar
      ocfs2/dlm: use list_for_each_entry instead of list_for_each · f83c7b5e
      Joseph Qi authored
      Use list_for_each_entry instead of list_for_each to simplify code.
      Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f83c7b5e
    • Joseph Qi's avatar
      ocfs2: remove unneeded code in dlm_register_domain_handlers · 0e3d9eaf
      Joseph Qi authored
      The last goto statement is unneeded, so remove it.
      Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0e3d9eaf
    • Joseph Qi's avatar
      ocfs2: fix BUG when o2hb_register_callback fails · cdd09f49
      Joseph Qi authored
      In dlm_register_domain_handlers, if o2hb_register_callback fails, it
      will call dlm_unregister_domain_handlers to unregister.  This will
      trigger the BUG_ON in o2hb_unregister_callback because hc_magic is 0.
      So we should call o2hb_setup_callback to initialize hc first.
      Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cdd09f49
    • Joseph Qi's avatar
      ocfs2: remove unneeded code in ocfs2_dlm_init · 914a9b74
      Joseph Qi authored
      status is already initialized and it will only be 0 or negatives in the
      code flow.  So remove the unneeded assignment after the lable 'local'.
      Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      914a9b74
    • Joseph Qi's avatar
      ocfs2: adjust code to match locking/unlocking order · 3cb2ec43
      Joseph Qi authored
      Unlocking order in ocfs2_unlink and ocfs2_rename mismatches the
      corresponding locking order, although it won't cause issues, adjust the
      code so that it looks more reasonable.
      Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3cb2ec43
    • Joseph Qi's avatar
      ocfs2: clean up unused local variables in ocfs2_file_write_iter · bf59e662
      Joseph Qi authored
      Since commit 86b9c6f3 ("ocfs2: remove filesize checks for sync I/O
      journal commit") removes filesize checks for sync I/O journal commit,
      variables old_size and old_clusters are not actually used any more.  So
      clean them up.
      Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bf59e662
    • Christophe JAILLET's avatar
      ocfs2: do not log twice error messages · 372a447c
      Christophe JAILLET authored
      'o2hb_map_slot_data' and 'o2hb_populate_slot_data' are called from only
      one place, in 'o2hb_region_dev_write'.  Return value is checked and
      'mlog_errno' is called to log a message if it is not 0.
      
      So there is no need to call 'mlog_errno' directly within these functions.
      This would result on logging the message twice.
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Cc: Mark Fasheh <mfasheh@suse.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      372a447c