Tejun Heo [Fri, 14 Jun 2013 02:39:16 +0000 (19:39 -0700)]
cgroup: use percpu refcnt for cgroup_subsys_states
A css (cgroup_subsys_state) is how each cgroup is represented to a
controller. As such, it can be used in hot paths across the various
subsystems different controllers are associated with.
One of the common operations is reference counting, which up until now
has been implemented using a global atomic counter and can have
significant adverse impact on scalability. For example, css refcnt
can be gotten and put multiple times by blkcg for each IO request.
For highops configurations which try to do as much per-cpu as
possible, the global frequent refcnting can be very expensive.
In general, given the various and hugely diverse paths css's end up
being used from, we need to make it cheap and highly scalable. In its
usage, css refcnting isn't very different from module refcnting.
This patch converts css refcnting to use the recently added
percpu_ref. css_get/tryget/put() directly maps to the matching
percpu_ref operations and the deactivation logic is no longer
necessary as percpu_ref already has refcnt killing.
The only complication is that as the refcnt is per-cpu,
percpu_ref_kill() in itself doesn't ensure that further tryget
operations will fail, which we need to guarantee before invoking
->css_offline()'s. This is resolved collecting kill confirmation
using percpu_ref_kill_and_confirm() and initiating the offline phase
of destruction after all css refcnt's are confirmed to be seen as
killed on all CPUs. The previous patches already splitted destruction
into two phases, so percpu_ref_kill_and_confirm() can be hooked up
easily.
This patch removes css_refcnt() which is used for rcu dereference
sanity check in css_id(). While we can add a percpu refcnt API to ask
the same question, css_id() itself is scheduled to be removed fairly
soon, so let's not bother with it. Just drop the sanity check and use
rcu_dereference_raw() instead.
v2: - init_cgroup_css() was calling percpu_ref_init() without checking
the return value. This causes two problems - the obvious lack
of error handling and percpu_ref_init() being called from
cgroup_init_subsys() before the allocators are up, which
triggers warnings but doesn't cause actual problems as the
refcnt isn't used for roots anyway. Fix both by moving
percpu_ref_init() to cgroup_create().
- The base references were put too early by
percpu_ref_kill_and_confirm() and cgroup_offline_fn() put the
refs one extra time. This wasn't noticeable because css's go
through another RCU grace period before being freed. Update
cgroup_destroy_locked() to grab an extra reference before
killing the refcnts. This problem was noticed by Kent.
Signed-off-by: Tejun Heo <tj@kernel.org> Reviewed-by: Kent Overstreet <koverstreet@google.com> Acked-by: Li Zefan <lizefan@huawei.com> Cc: Michal Hocko <mhocko@suse.cz> Cc: Mike Snitzer <snitzer@redhat.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: "Alasdair G. Kergon" <agk@redhat.com> Cc: Jens Axboe <axboe@kernel.dk> Cc: Mikulas Patocka <mpatocka@redhat.com> Cc: Glauber Costa <glommer@gmail.com>
Tejun Heo [Fri, 14 Jun 2013 02:27:42 +0000 (19:27 -0700)]
cgroup: split cgroup destruction into two steps
Split cgroup_destroy_locked() into two steps and put the latter half
into cgroup_offline_fn() which is executed from a work item. The
latter half is responsible for offlining the css's, removing the
cgroup from internal lists, and propagating release notification to
the parent. The separation is to allow using percpu refcnt for css.
Note that this allows for other cgroup operations to happen between
the first and second halves of destruction, including creating a new
cgroup with the same name. As the target cgroup is marked DEAD in the
first half and cgroup internals don't care about the names of cgroups,
this should be fine. A comment explaining this will be added by the
next patch which implements the actual percpu refcnting.
As RCU freeing is guaranteed to happen after the second step of
destruction, we can use the same work item for both. This patch
renames cgroup->free_work to ->destroy_work and uses it for both
purposes. INIT_WORK() is now performed right before queueing the work
item.
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Li Zefan <lizefan@huawei.com>
Tejun Heo [Fri, 14 Jun 2013 02:27:41 +0000 (19:27 -0700)]
cgroup: reorder the operations in cgroup_destroy_locked()
This patch reorders the operations in cgroup_destroy_locked() such
that the userland visible parts happen before css offlining and
removal from the ->sibling list. This will be used to make css use
percpu refcnt.
While at it, split out CGRP_DEAD related comment from the refcnt
deactivation one and correct / clarify how different guarantees are
met.
While this patch changes the specific order of operations, it
shouldn't cause any noticeable behavior difference.
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Li Zefan <lizefan@huawei.com>
Tejun Heo [Fri, 14 Jun 2013 02:23:53 +0000 (19:23 -0700)]
percpu-refcount: implement percpu_tryget() along with percpu_ref_kill_and_confirm()
Implement percpu_tryget() which stops giving out references once the
percpu_ref is visible as killed. Because the refcnt is per-cpu,
different CPUs will start to see a refcnt as killed at different
points in time and tryget() may continue to succeed on subset of cpus
for a while after percpu_ref_kill() returns.
For use cases where it's necessary to know when all CPUs start to see
the refcnt as dead, percpu_ref_kill_and_confirm() is added. The new
function takes an extra argument @confirm_kill which is invoked when
the refcnt is guaranteed to be viewed as killed on all CPUs.
While this isn't the prettiest interface, it doesn't force synchronous
wait and is much safer than requiring the caller to do its own
call_rcu().
v2: Patch description rephrased to emphasize that tryget() may
continue to succeed on some CPUs after kill() returns as suggested
by Kent.
v3: Function comment in percpu_ref_kill_and_confirm() updated warning
people to not depend on the implied RCU grace period from the
confirm callback as it's an implementation detail.
Signed-off-by: Tejun Heo <tj@kernel.org> Slightly-Grumpily-Acked-by: Kent Overstreet <koverstreet@google.com>
Normally, percpu_ref_init() initializes and percpu_ref_kill()
initiates destruction which completes asynchronously. The
asynchronous destruction can be problematic in init failure path where
the caller wants to destroy half-constructed object - distinguishing
half-constructed objects from the usual release method can be painful
for complex objects.
This patch implements percpu_ref_cancel_init() which synchronously
destroys the percpu_ref without invoking release. To avoid
unintentional misuses, the function requires the ref to have finished
percpu_ref_init() but never used and triggers WARN otherwise.
v2: Explain the weird name and usage restriction in the function
comment.
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Kent Overstreet <koverstreet@google.com>
Tejun Heo [Thu, 13 Jun 2013 03:52:01 +0000 (20:52 -0700)]
percpu-refcount: add __must_check to percpu_ref_init() and don't use ACCESS_ONCE() in percpu_ref_kill_rcu()
Two small changes.
* Unlike most init functions, percpu_ref_init() allocates memory and
may fail. Let's mark it with __must_check in case the caller
forgets.
* percpu_ref_kill_rcu() is unnecessarily using ACCESS_ONCE() to
dereference @ref->pcpu_count, which can be misleading. The pointer
is guaranteed to be valid and visible and can't change underneath
the function. Drop ACCESS_ONCE().
Tejun Heo [Thu, 13 Jun 2013 04:04:55 +0000 (21:04 -0700)]
cgroup: remove cgroup->count and use
cgroup->count tracks the number of css_sets associated with the cgroup
and used only to verify that no css_set is associated when the cgroup
is being destroyed. It's superflous as the destruction path can
simply check whether cgroup->cset_links is empty instead.
Drop cgroup->count and check ->cset_links directly from
cgroup_destroy_locked().
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Li Zefan <lizefan@huawei.com>
Tejun Heo [Thu, 13 Jun 2013 04:04:54 +0000 (21:04 -0700)]
cgroup: drop unnecessary RCU dancing from __put_css_set()
__put_css_set() does RCU read access on @cgrp across dropping
@cgrp->count so that it can continue accessing @cgrp even if the count
reached zero and destruction of the cgroup commenced. Given that both
sides - __css_put() and cgroup_destroy_locked() - are cold paths, this
is unnecessary. Just making cgroup_destroy_locked() grab css_set_lock
while checking @cgrp->count is enough.
Remove the RCU read locking from __put_css_set() and make
cgroup_destroy_locked() read-lock css_set_lock when checking
@cgrp->count. This will also allow removing @cgrp->count.
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Li Zefan <lizefan@huawei.com>
Tejun Heo [Thu, 13 Jun 2013 04:04:53 +0000 (21:04 -0700)]
cgroup: rename CGRP_REMOVED to CGRP_DEAD
We will add another flag indicating that the cgroup is in the process
of being killed. REMOVING / REMOVED is more difficult to distinguish
and cgroup_is_removing()/cgroup_is_removed() are a bit awkward. Also,
later percpu_ref usage will involve "kill"ing the refcnt.
Tejun Heo [Thu, 13 Jun 2013 04:04:51 +0000 (21:04 -0700)]
cgroup: use kzalloc() instead of kmalloc()
There's no point in using kmalloc() instead of the clearing variant
for trivial stuff. We can live dangerously elsewhere. Use kzalloc()
instead and drop 0 inits.
While at it, do trivial code reorganization in cgroup_file_open().
This patch doesn't introduce any functional changes.
v2: I was caught in the very distant past where list_del() didn't
poison and the initial version converted list_del()s to
list_del_init()s too. Li and Kent took me out of the stasis
chamber.
Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Kent Overstreet <koverstreet@google.com> Acked-by: Li Zefan <lizefan@huawei.com>
Tejun Heo [Thu, 13 Jun 2013 04:04:50 +0000 (21:04 -0700)]
cgroup: bring some sanity to naming around cg_cgroup_link
cgroups and css_sets are mapped M:N and this M:N mapping is
represented by struct cg_cgroup_link which forms linked lists on both
sides. The naming around this mapping is already confusing and struct
cg_cgroup_link exacerbates the situation quite a bit.
>From cgroup side, it starts off ->css_sets and runs through
->cgrp_link_list. From css_set side, it starts off ->cg_links and
runs through ->cg_link_list. This is rather reversed as
cgrp_link_list is used to iterate css_sets and cg_link_list cgroups.
Also, this is the only place which is still using the confusing "cg"
for css_sets. This patch cleans it up a bit.
Tejun Heo [Thu, 13 Jun 2013 04:04:49 +0000 (21:04 -0700)]
cgroup: consistently use @cset for struct css_set variables
cgroup.c uses @cg for most struct css_set variables, which in itself
could be a bit confusing, but made much worse by the fact that there
are places which use @cg for struct cgroup variables.
compare_css_sets() epitomizes this confusion - @[old_]cg are struct
css_set while @cg[12] are struct cgroup.
It's not like the whole deal with cgroup, css_set and cg_cgroup_link
isn't already confusing enough. Let's give it some sanity by
uniformly using @cset for all struct css_set variables.
* s/cg/cset/ for all css_set variables.
* s/oldcg/old_cset/ s/oldcgrp/old_cgrp/. The same for the ones
prefixed with "new".
* s/cg/cgrp/ for cgroup variables in compare_css_sets().
* s/css/cset/ for the cgroup variable in task_cgroup_from_root().
* Whiteline adjustments.
This patch is purely cosmetic.
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Li Zefan <lizefan@huawei.com>
Li Zefan [Thu, 13 Jun 2013 07:11:44 +0000 (15:11 +0800)]
cpuset: fix to migrate mm correctly in a corner case
Before moving tasks out of empty cpusets, update_tasks_nodemask()
is called, which calls do_migrate_pages(xx, from, to). Then those
tasks are moved to an ancestor, and do_migrate_pages() is called
again.
The first time: from = node_to_be_offlined, to = empty.
The second time: from = empty, to = ancestor's nodemask.
so looks like no pages will be migrated.
Fix this by:
- Don't call update_tasks_nodemask() on empty cpusets.
- Pass cs->old_mems_allowed to do_migrate_pages().
v4: added comment in cpuset_hotplug_update_tasks() and rephased comment
in cpuset_attach().
Signed-off-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Tejun Heo <tj@kernel.org>
Li Zefan [Sun, 9 Jun 2013 09:16:46 +0000 (17:16 +0800)]
cpuset: allow to move tasks to empty cpusets
Currently some cpuset behaviors are not friendly when cpuset is co-mounted
with other cgroup controllers.
Now with this patchset if cpuset is mounted with sane_behavior option,
it behaves differently:
- Tasks will be kept in empty cpusets when hotplug happens and take
masks of ancestors with non-empty cpus/mems, instead of being moved to
an ancestor.
- A task can be moved into an empty cpuset, and again it takes masks of
ancestors, so the user can drop a task into a newly created cgroup without
having to do anything for it.
As tasks can reside in empy cpusets, here're some rules:
- They can be moved to another cpuset, regardless it's empty or not.
- Though it takes masks from ancestors, it takes other configs from the
empty cpuset.
- If the ancestors' masks are changed, those tasks will also be updated
to take new masks.
v2: add documentation in include/linux/cgroup.h
Signed-off-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Tejun Heo <tj@kernel.org>
Li Zefan [Sun, 9 Jun 2013 09:16:29 +0000 (17:16 +0800)]
cpuset: allow to keep tasks in empty cpusets
To achieve this:
- We call update_tasks_cpumask/nodemask() for empty cpusets when
hotplug happens, instead of moving tasks out of them.
- When a cpuset's masks are changed by writing cpuset.cpus/mems,
we also update tasks in child cpusets which are empty.
v3:
- do propagation work in one place for both hotplug and unplug
v2:
- drop rcu_read_lock before calling update_task_nodemask() and
update_task_cpumask(), instead of using workqueue.
- add documentation in include/linux/cgroup.h
Signed-off-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Tejun Heo <tj@kernel.org>
Li Zefan [Sun, 9 Jun 2013 09:15:08 +0000 (17:15 +0800)]
cpuset: record old_mems_allowed in struct cpuset
When we update a cpuset's mems_allowed and thus update tasks'
mems_allowed, it's required to pass the old mems_allowed and new
mems_allowed to cpuset_migrate_mm().
Currently we save old mems_allowed in a temp local variable before
changing cpuset->mems_allowed. This patch changes it by saving
old mems_allowed in cpuset->old_mems_allowed.
This currently won't change any behavior, but it will later allow
us to keep tasks in empty cpusets.
Tejun Heo [Thu, 13 Jun 2013 03:43:06 +0000 (20:43 -0700)]
percpu-refcount: cosmetic updates
* s/percpu_ref_release/percpu_ref_func_t/ as it's customary to have _t
postfix for types and the type is gonna be used for a different type
of callback too.
* Add @ARG to function comments.
* Drop unnecessary and unaligned indentation from percpu_ref_init()
function comment.
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Kent Overstreet <koverstreet@google.com>
Tejun Heo [Thu, 13 Jun 2013 03:43:06 +0000 (20:43 -0700)]
percpu-refcount: consistently use plain (non-sched) RCU
percpu_ref_get/put() are using preempt_disable/enable() while
percpu_ref_kill() is using plain call_rcu() instead of
call_rcu_sched(). This is buggy as grace periods of the two may not
match. Fix it by using plain RCU in percpu_ref_get/put().
(I suggested using sched RCU in the first place but there's no actual
benefit in doing so unless we're gonna introduce different variants
of get/put to be called while preemption is alredy disabled, which we
definitely shouldn't.)
Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Rusty Russell <rusty@rustcorp.com.au> Acked-by: Kent Overstreet <koverstreet@google.com>
Li Zefan [Sun, 9 Jun 2013 09:14:22 +0000 (17:14 +0800)]
cpuset: let hotplug propagation work wait for task attaching
Instead of triggering propagation work in cpuset_attach(), we make
hotplug propagation work wait until there's no task attaching in
progress.
IMO this is more robust. We won't see empty masks in cpuset_attach().
Also it's a preparation for removing propagation work. Without asynchronous
propagation we can't call move_tasks_in_empty_cpuset() in cpuset_attach(),
because otherwise we'll deadlock on cgroup_mutex.
tj: typo fixes.
Signed-off-by: Li Zefan <lizefan@huawei.com> Signed-off-by: Tejun Heo <tj@kernel.org>
Tejun Heo [Tue, 4 Jun 2013 02:13:55 +0000 (19:13 -0700)]
cgroup: mark "notify_on_release" and "release_agent" cgroup files insane
The empty cgroup notification mechanism currently implemented in
cgroup is tragically outdated. Forking and execing userland process
stopped being a viable notification mechanism more than a decade ago.
We're gonna have a saner mechanism. Let's make it clear that this
abomination is going away.
Mark "notify_on_release" and "release_agent" with CFTYPE_INSANE.
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Li Zefan <lizefan@huawei.com>
Tejun Heo [Tue, 4 Jun 2013 02:13:02 +0000 (19:13 -0700)]
cgroup: mark "tasks" cgroup file as insane
Some resources controlled by cgroup aren't per-task and cgroup core
allowing threads of a single thread_group to be in different cgroups
forced memcg do explicitly find the group leader and use it. This is
gonna be nasty when transitioning to unified hierarchy and in general
we don't want and won't support granularity finer than processes.
Mark "tasks" with CFTYPE_INSANE.
Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Li Zefan <lizefan@huawei.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@suse.cz> Cc: Balbir Singh <bsingharora@gmail.com> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: cgroups@vger.kernel.org Cc: Vivek Goyal <vgoyal@redhat.com>
Kent Overstreet [Mon, 3 Jun 2013 23:02:29 +0000 (16:02 -0700)]
percpu-refcount: Don't use silly cmpxchg()
The cmpxchg() was just to ensure the debug check didn't race, which was
a bit excessive. The caller is supposed to do the appropriate
synchronization, which means percpu_ref_kill() can just do a simple
store.
Signed-off-by: Kent Overstreet <koverstreet@google.com> Signed-off-by: Tejun Heo <tj@kernel.org>
Kent Overstreet [Fri, 31 May 2013 22:26:45 +0000 (15:26 -0700)]
percpu: implement generic percpu refcounting
This implements a refcount with similar semantics to
atomic_get()/atomic_dec_and_test() - but percpu.
It also implements two stage shutdown, as we need it to tear down the
percpu counts. Before dropping the initial refcount, you must call
percpu_ref_kill(); this puts the refcount in "shutting down mode" and
switches back to a single atomic refcount with the appropriate
barriers (synchronize_rcu()).
It's also legal to call percpu_ref_kill() multiple times - it only
returns true once, so callers don't have to reimplement shutdown
synchronization.
[akpm@linux-foundation.org: fix build]
[akpm@linux-foundation.org: coding-style tweak] Signed-off-by: Kent Overstreet <koverstreet@google.com> Cc: Zach Brown <zab@redhat.com> Cc: Felipe Balbi <balbi@ti.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Mark Fasheh <mfasheh@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Jens Axboe <axboe@kernel.dk> Cc: Asai Thambi S P <asamymuthupa@micron.com> Cc: Selvan Mani <smani@micron.com> Cc: Sam Bradshaw <sbradshaw@micron.com> Cc: Jeff Moyer <jmoyer@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Benjamin LaHaise <bcrl@kvack.org> Cc: Tejun Heo <tj@kernel.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@redhat.com> Reviewed-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Tejun Heo <tj@kernel.org>
Linus Torvalds [Mon, 3 Jun 2013 21:34:51 +0000 (06:34 +0900)]
Merge tag 'regulator-v3.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A few small fixes for v3.10, documentation things in the core and a
few driver bugs."
* tag 'regulator-v3.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: palmas: Fix "enable_reg" to point to the correct reg for SMPS10
regulator: palmas: Fix incorrect condition
regulator: core: Correct spelling mistake in comment
regulator: dbx500: Make local symbol static
regulator: Fix kernel-doc generation warnings.
Linus Torvalds [Mon, 3 Jun 2013 21:33:44 +0000 (06:33 +0900)]
Merge tag 'jfs-3.10-rc5' of git://github.com/kleikamp/linux-shaggy
Pull jfs bugfixes from David Kleikamp:
"A couple jfs bug fixes for 3.10-rc5"
* tag 'jfs-3.10-rc5' of git://github.com/kleikamp/linux-shaggy:
fs/jfs: Add check if journaling to disk has been disabled in lbmRead()
jfs: Several bugs in jfs_freeze() and jfs_unfreeze()
Linus Torvalds [Mon, 3 Jun 2013 09:04:07 +0000 (18:04 +0900)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:
"Recent bug fixes, one of them touches a common code file.
It adds two #ifndef/#endif pairs to asm-generic/io.h to be able to
override xlate_dev_kmem_ptr and xlate_dev_mem_ptr."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/pgtable: Fix gmap notifier address
s390/dasd: fix handling of gone paths
s390/pgtable: Fix check for pgste/storage key handling
arch: s390: appldata: using strncpy() and strnlen() instead of sprintf()
s390/smp: lost IPIs on cpu hotplug
kernel: Fix s390 absolute memory access for /dev/mem
s390/dma: do not call debug_dma after free
Linus Torvalds [Mon, 3 Jun 2013 08:57:16 +0000 (17:57 +0900)]
Merge branch 'for-3.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo:
- Fix for yet another xattr bug which may lead to NULL deref.
- A subtle bug in for_each_descendant_pre(). This bug requires quite
specific conditions to trigger and isn't too likely to actually
happen in the wild, but maybe that just makes it that much more
nastier.
- A warning message added for silly cgroup re-mount (not -o remount,
but unmount followed by mount) behavior.
* 'for-3.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: warn about mismatching options of a new mount of an existing hierarchy
cgroup: fix a subtle bug in descendant pre-order walk
cgroup: initialize xattr before calling d_instantiate()
Linus Torvalds [Mon, 3 Jun 2013 08:55:09 +0000 (17:55 +0900)]
Merge branch 'for-3.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
Pull libata changes from Tejun Heo:
"Nothing too interesting. PCI ID additions, some sata_rcar fixes and a
fringe bug fix for DMADIR handling which shouldn't affect any device
remotely modern."
* 'for-3.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
sata_rcar: fix interrupt handling
ahci: add an observed PCI ID for Marvell 88se9172 SATA controller
sata_rcar: clear STOP bit in bmdma_start() method
libata: make ata_exec_internal_sg honor DMADIR
ata_piix: add PCI IDs for Intel BayTail
libata: update "Maintained by:" tags
Sergei Shtylyov [Fri, 31 May 2013 22:38:35 +0000 (02:38 +0400)]
sata_rcar: fix interrupt handling
The driver's interrupt handling code is too picky in deciding whether it should
handle an interrupt or not which causes completely unneeded spurious interrupts.
Thus make sata_rcar_{ata|serr}_interrupt() *void*; add ATA status register read
to sata_rcar_ata_interrupt() to clear an unexpected ATA interrupt -- it doesn't
get cleared by writing to the SATAINTSTAT register in the interrupt mode we use.
Also, in sata_rcar_ata_interrupt() we should check SATAINTSTAT register only for
enabled interrupts and we should clear only those interrupts that we have read
as active first time around, because else we have a race and risk clearing an
interrupt that can occur between read and write of the SATAINTSTAT register
and never registering it...
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Signed-off-by: Tejun Heo <tj@kernel.org> Cc: stable@vger.kernel.org
Linus Torvalds [Sat, 1 Jun 2013 21:24:54 +0000 (06:24 +0900)]
Merge branch 'for-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:
"This patcheset includes fixes for:
- the PCI/LBA which brings back the stifb graphics framebuffer
console
- possible memory overflows in parisc kernel init code
- parport support on older GSC machines
- avoids that users by mistake enable PARPORT_PC_SUPERIO on parisc
- MAINTAINERS file list updates for parisc."
* 'for-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: parport0: fix this legacy no-device port driver!
parport_pc: disable PARPORT_PC_SUPERIO on parisc architecture
parisc/PCI: lba: fix: convert to pci_create_root_bus() for correct root bus resources (v2)
parisc/PCI: Set type for LBA bus_num resource
MAINTAINERS: update parisc architecture file list
parisc: kernel: using strlcpy() instead of strcpy()
parisc: rename "CONFIG_PA7100" to "CONFIG_PA7000"
parisc: fix kernel BUG at arch/parisc/include/asm/mmzone.h:50
parisc: memory overflow, 'name' length is too short for using
Helge Deller [Thu, 30 May 2013 21:06:39 +0000 (21:06 +0000)]
parisc: parport0: fix this legacy no-device port driver!
Fix the above kernel error from parport_announce_port() on 32bit GSC
machines (e.g. B160L). The parport driver requires now a pointer to the
device struct.
Helge Deller [Thu, 30 May 2013 16:24:46 +0000 (16:24 +0000)]
parport_pc: disable PARPORT_PC_SUPERIO on parisc architecture
If enabled, CONFIG_PARPORT_PC_SUPERIO scans on PC-like hardware for
various super-io chips by accessing i/o ports in a range which will
crash any parisc hardware at once.
In addition, parisc has it's own incompatible superio chip
(CONFIG_SUPERIO), so if we disable PARPORT_PC_SUPERIO completely for
parisc we can avoid that people by accident enable the parport_pc
superio option too.
Helge Deller [Fri, 31 May 2013 22:24:58 +0000 (22:24 +0000)]
parisc/PCI: lba: fix: convert to pci_create_root_bus() for correct root bus resources (v2)
commit dc7dce280a
Author: Bjorn Helgaas <bhelgaas@google.com>
Date: Fri Oct 28 16:27:27 2011 -0600
parisc/PCI: lba: convert to pci_create_root_bus() for correct root bus
resources
Supply root bus resources to pci_create_root_bus() so they're correct
immediately. This fixes the problem of "early" and "header" quirks seeing
incorrect root bus resources.
added tests for elmmio_space.start while it should use
elmmio_space.flags. This for example led to incorrect resource
assignments and a non-working stifb framebuffer on most parisc machines.
LBA 10:1: PCI host bridge to bus 0000:01
pci_bus 0000:01: root bus resource [io 0x12000-0x13fff] (bus address [0x2000-0x3fff])
pci_bus 0000:01: root bus resource [mem 0xfffffffffa000000-0xfffffffffbffffff] (bus address [0xfa000000-0xfbffffff])
pci_bus 0000:01: root bus resource [mem 0xfffffffff4800000-0xfffffffff4ffffff] (bus address [0xf4800000-0xf4ffffff])
pci_bus 0000:01: root bus resource [??? 0x00000001 flags 0x0]
Bjorn Helgaas [Thu, 30 May 2013 17:45:39 +0000 (11:45 -0600)]
parisc/PCI: Set type for LBA bus_num resource
The non-PAT resource probing code failed to set the type of the LBA bus_num
resource (30aa80da43 "parisc/PCI: register busn_res for root buses" did
the corresponding thing for the PAT case).
This causes incorrect resource assignments and a non-working stifb
framebuffer on most parisc machines.
Paul Bolle [Wed, 29 May 2013 09:56:58 +0000 (09:56 +0000)]
parisc: rename "CONFIG_PA7100" to "CONFIG_PA7000"
There's a Makefile line setting cflags for CONFIG_PA7100. But that
Kconfig macro doesn't exist. There is a Kconfig symbol PA7000, which
covers both PA7000 and PA7100 processors. So let's use the corresponding
Kconfig macro.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: Helge Deller <deller@gmx.de>
Helge Deller [Tue, 28 May 2013 20:35:54 +0000 (20:35 +0000)]
parisc: fix kernel BUG at arch/parisc/include/asm/mmzone.h:50
With CONFIG_DISCONTIGMEM=y and multiple physical memory areas,
cat /proc/kpageflags triggers this kernel bug:
kernel BUG at arch/parisc/include/asm/mmzone.h:50!
CPU: 2 PID: 7848 Comm: cat Tainted: G D W 3.10.0-rc3-64bit #44
IAOQ[0]: kpageflags_read0x128/0x238
IAOQ[1]: kpageflags_read0x12c/0x238
RP(r2): proc_reg_read0xbc/0x130
Backtrace:
[<00000000402ca2d4>] proc_reg_read0xbc/0x130
[<0000000040235bcc>] vfs_read0xc4/0x1d0
[<0000000040235f0c>] SyS_read0x94/0xf0
[<0000000040105fc0>] syscall_exit0x0/0x14
kpageflags_read() walks through the whole memory, even if some memory
areas are physically not available. So, we should better not BUG on an
unavailable pfn in pfn_to_nid() but just return the expected value -1 or
0.
Linus Torvalds [Sat, 1 Jun 2013 11:13:16 +0000 (20:13 +0900)]
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
Pull powerpc fixes from Ben Herrenschmidt:
"Here are a few more fixes for powerpc 3.10. It's a bit more than I
would have liked this late in the game but I suppose that's what
happens with a brand new chip generation coming out.
A few regression fixes, some last minute fixes for new P8 features
such as transactional memory,...
There's also one powerpc KVM patch that I requested that adds two
missing functions to our in-kernel interrupt controller support which
is itself a new 3.10 feature. These are defined by the base
hypervisor specification. We didn't implement them originally because
Linux doesn't use them but they are simple and I'm not comfortable
having a half-implemented interface in 3.10 and having to deal with
versionning etc... later when something starts needing those calls.
They cannot be emulated in qemu when using in-kernel interrupt
controller (not enough shared state).
Just added a last minute patch to fix a typo introducing a breakage in
our cputable for Power7+ processors, sorry about that, but the
regression it fixes just hurt me :-)"
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/cputable: Fix typo on P7+ cputable entry
powerpc/perf: Add missing SIER support
powerpc/perf: Revert to original NO_SIPR logic
powerpc/pci: Remove the unused variables in pci_process_bridge_OF_ranges
powerpc/pci: Remove the stale comments of pci_process_bridge_OF_ranges
powerpc/pseries: Always enable CONFIG_HOTPLUG_CPU on PSERIES SMP
powerpc/kvm/book3s: Add support for H_IPOLL and H_XIRR_X in XICS emulation
powerpc/32bit:Store temporary result in r0 instead of r8
powerpc/mm: Always invalidate tlb on hpte invalidate and update
powerpc/pseries: Improve stream generation comments in copypage/user
powerpc/pseries: Kill all prefetch streams on context switch
powerpc/cputable: Fix oprofile_cpu_type on power8
powerpc/mpic: Fix irq distribution problem when MPIC_SINGLE_DEST_CPU
powerpc/tm: Fix userspace stack corruption on signal delivery for active transactions
powerpc/tm: Move TM abort cause codes to uapi
powerpc/tm: Abort on emulation and alignment faults
powerpc/tm: Update cause codes documentation
powerpc/tm: Make room for hypervisor in abort cause codes
Pull scsi target fixes from Nicholas Bellinger:
"The highlights include:
- Re-instate sess->wait_list in target_wait_for_sess_cmds() for
active I/O shutdown handling in fabrics using se_cmd->cmd_kref
- Make ib_srpt call target_sess_cmd_list_set_waiting() during session
shutdown
- Fix FILEIO off-by-one READ_CAPACITY bug for !S_ISBLK export
- Fix iscsi-target login error heap buffer overflow (Kees)
- Fix iscsi-target active I/O shutdown handling regression in
v3.10-rc1
A big thanks to Kees Cook for fixing a long standing login error
buffer overflow bug.
All patches are CC'ed to stable with the exception of the v3.10-rc1
specific regression + other minor target cleanup."
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
iscsi-target: Fix iscsit_free_cmd() se_cmd->cmd_kref shutdown handling
target: Propigate up ->cmd_kref put return via transport_generic_free_cmd
iscsi-target: fix heap buffer overflow on error
target/file: Fix off-by-one READ_CAPACITY bug for !S_ISBLK export
ib_srpt: Call target_sess_cmd_list_set_waiting during shutdown_session
target: Re-instate sess_wait_list for target_wait_for_sess_cmds
target: Remove unused wait_for_tasks bit in target_wait_for_sess_cmds
Linus Torvalds [Sat, 1 Jun 2013 10:55:26 +0000 (19:55 +0900)]
Merge tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linux
Pull clock subsystem fixes from Mike Turquette:
"A mix of small fixes affecting mostly ARM platforms as well as a
discrete clock expander chip. Most fixes are corrections to lousy
clock data of one form or another."
* tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mturquette/linux:
clk: mxs: Include clk mxs header file
clk: vt8500: Fix unbalanced spinlock in vt8500_dclk_set_rate()
clk: si5351: Set initial clkout rate when defined in platform data.
clk: si5351: Fix clkout rate computation.
clk: samsung: Add CLK_IGNORE_UNUSED flag for the sysreg clocks
clk: ux500: clk-sysctrl: handle clocks with no parents
clk: ux500: Provide device enumeration number suffix for SMSC911x
Linus Torvalds [Sat, 1 Jun 2013 10:51:52 +0000 (19:51 +0900)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull assorted fixes from Al Viro:
"There'll be more - I'm trying to dig out from under the pile of mail
(a couple of weeks of something flu-like ;-/) and there's several more
things waiting for review; this is just the obvious stuff."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
zoran: racy refcount handling in vm_ops ->open()/->close()
befs_readdir(): do not increment ->f_pos if filldir tells us to stop
hpfs: deadlock and race in directory lseek()
qnx6: qnx6_readdir() has a braino in pos calculation
fix buffer leak after "scsi: saner replacements for ->proc_info()"
vfs: Fix invalid ida_remove() call
Linus Torvalds [Sat, 1 Jun 2013 10:48:59 +0000 (19:48 +0900)]
Merge tag 'nfs-for-3.10-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull two NFS client fixes from Trond Myklebust:
- Fix a regression that broke NFS mounting using klibc and busybox
- Stable fix to check access modes correctly on NFSv4 delegated open()
* tag 'nfs-for-3.10-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
NFS: Fix security flavor negotiation with legacy binary mounts
NFSv4: Fix a thinko in nfs4_try_open_cached
Will Schmidt [Mon, 20 May 2013 05:04:18 +0000 (05:04 +0000)]
powerpc/cputable: Fix typo on P7+ cputable entry
Fix a typo in setting COMMON_USER2_POWER7 bits to .cpu_user_features2
cpu specs table.
Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com> Acked-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Srivatsa S. Bhat [Tue, 21 May 2013 09:32:48 +0000 (09:32 +0000)]
powerpc/pseries: Always enable CONFIG_HOTPLUG_CPU on PSERIES SMP
Adam Lackorzynski reported the following build failure on
!CONFIG_HOTPLUG_CPU configuration:
CC arch/powerpc/kernel/rtas.o
arch/powerpc/kernel/rtas.c: In function ‘rtas_cpu_state_change_mask’:
arch/powerpc/kernel/rtas.c:843:4: error: implicit declaration of function ‘cpu_down’ [-Werror=implicit-function-declaration]
cc1: all warnings being treated as errors
make[1]: *** [arch/powerpc/kernel/rtas.o] Error 1
make: *** [arch/powerpc/kernel] Error 2
The build fails because cpu_down() is defined only under CONFIG_HOTPLUG_CPU.
Looking further, the mobility code in pseries is one of the call-sites which
uses rtas_ibm_suspend_me(), which in turn calls rtas_cpu_state_change_mask().
And the mobility code is unconditionally compiled-in (it does not fall under
any Kconfig option). And commit 120496ac (powerpc: Bring all threads online
prior to migration/hibernation) which introduced this build regression is
critical for the proper functioning of the migration code. So it appears
that the only solution to this problem is to enable CONFIG_HOTPLUG_CPU if
SMP is enabled on PPC_PSERIES platforms. So make that change in the Kconfig.
Reported-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de> Cc: stable@vger.kernel.org Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Paul Mackerras [Thu, 23 May 2013 15:42:21 +0000 (15:42 +0000)]
powerpc/kvm/book3s: Add support for H_IPOLL and H_XIRR_X in XICS emulation
This adds the remaining two hypercalls defined by PAPR for manipulating
the XICS interrupt controller, H_IPOLL and H_XIRR_X. H_IPOLL returns
information about the priority and pending interrupts for a virtual
cpu, without changing any state. H_XIRR_X is like H_XIRR in that it
reads and acknowledges the highest-priority pending interrupt, but it
also returns the timestamp (timebase register value) from when the
interrupt was first received by the hypervisor. Currently we just
return the current time, since we don't do any software queueing of
virtual interrupts inside the XICS emulation code.
These hcalls are not currently used by Linux guests, but may be in
future.
Signed-off-by: Paul Mackerras <paulus@samba.org> Acked-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
While returning from exception handling in case of PREEMPT enabled,
_TIF_NEED_RESCHED bit is checked in TI_FLAGS (thread_info flag) of current
task. Only if this bit is set, it should continue with the process of
calling preempt_schedule_irq() to schedule highest priority task if
available.
Current code assumes that r8 contains TI_FLAGS and check this for
_TIF_NEED_RESCHED, but as r8 is modified in the code which executes before
this check, r8 no longer contains the expected TI_FLAGS information.
As a result check for comparison with _TIF_NEED_RESCHED was failing even if
NEED_RESCHED bit is set in the current thread_info flag. Due to this,
preempt_schedule_irq() and in turn scheduler was not getting called even if
highest priority task is ready for execution.
So, store temporary results in r0 instead of r8 to prevent r8 from getting
modified as subsequent code is dependent on its value.
powerpc/mm: Always invalidate tlb on hpte invalidate and update
If a hash bucket gets full, we "evict" a more/less random entry from it.
When we do that we don't invalidate the TLB (hpte_remove) because we assume
the old translation is still technically "valid". This implies that when
we are invalidating or updating pte, even if HPTE entry is not valid
we should do a tlb invalidate.
Michael Neuling [Wed, 29 May 2013 19:34:27 +0000 (19:34 +0000)]
powerpc/pseries: Kill all prefetch streams on context switch
On context switch, we should have no prefetch streams leak from one
userspace process to another. This frees up prefetch resources for the
next process.
Based on patch from Milton Miller.
Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Maynard informed me that neither the oprofile kernel module nor oprofile
userspace has been updated to support that "legacy" oprofile module
interface for power8, which is indicated by "ppc64/power8." This results
in no samples. The solution is to default to the "timer" type, instead.
The raw entry also should be updated, as "ppc64/ibm-compat-v1" indicates
to oprofile userspace to use "compatibility events" which are obsolete
in ISA 2.07.
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Sun, 26 May 2013 18:09:41 +0000 (18:09 +0000)]
powerpc/tm: Fix userspace stack corruption on signal delivery for active transactions
When in an active transaction that takes a signal, we need to be careful with
the stack. It's possible that the stack has moved back up after the tbegin.
The obvious case here is when the tbegin is called inside a function that
returns before a tend. In this case, the stack is part of the checkpointed
transactional memory state. If we write over this non transactionally or in
suspend, we are in trouble because if we get a tm abort, the program counter
and stack pointer will be back at the tbegin but our in memory stack won't be
valid anymore.
To avoid this, when taking a signal in an active transaction, we need to use
the stack pointer from the checkpointed state, rather than the speculated
state. This ensures that the signal context (written tm suspended) will be
written below the stack required for the rollback. The transaction is aborted
becuase of the treclaim, so any memory written between the tbegin and the
signal will be rolled back anyway.
For signals taken in non-TM or suspended mode, we use the
normal/non-checkpointed stack pointer.
Tested with 64 and 32 bit signals
Signed-off-by: Michael Neuling <mikey@neuling.org> Cc: <stable@vger.kernel.org> # v3.9 Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Sun, 26 May 2013 18:09:39 +0000 (18:09 +0000)]
powerpc/tm: Abort on emulation and alignment faults
If we are emulating an instruction inside an active user transaction that
touches memory, the kernel can't emulate it as it operates in transactional
suspend context. We need to abort these transactions and send them back to
userspace for the hardware to rollback.
We can service these if the user transaction is in suspend mode, since the
kernel will operate in the same suspend context.
This adds a check to all alignment faults and to specific instruction
emulations (only string instructions for now). If the user process is in an
active (non-suspended) transaction, we abort the transaction go back to
userspace allowing the HW to roll back the transaction and tell the user of the
failure. This also adds new tm abort cause codes to report the reason of the
persistent error to the user.
Crappy test case here http://neuling.org/devel/junkcode/aligntm.c
Signed-off-by: Michael Neuling <mikey@neuling.org> Cc: <stable@vger.kernel.org> # v3.9 Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Sun, 26 May 2013 18:09:38 +0000 (18:09 +0000)]
powerpc/tm: Update cause codes documentation
Signed-off-by: Michael Neuling <mikey@neuling.org> Cc: <stable@vger.kernel.org> # 3.9 only Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Michael Neuling [Sun, 26 May 2013 18:09:37 +0000 (18:09 +0000)]
powerpc/tm: Make room for hypervisor in abort cause codes
PAPR carves out 0xff-0xe0 for hypervisor use of transactional memory software
abort cause codes. Unfortunately we don't respect this currently.
Below fixes this to move our cause codes to below this region.
Signed-off-by: Michael Neuling <mikey@neuling.org> Cc: <stable@vger.kernel.org> # 3.9 only Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Linus Torvalds [Fri, 31 May 2013 21:59:14 +0000 (06:59 +0900)]
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull reiserfs fixes from Jan Kara:
"Three reiserfs fixes. They fix real problems spotted by users so I
hope they are ok even at this stage."
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
reiserfs: fix deadlock with nfs racing on create/lookup
reiserfs: fix problems with chowning setuid file w/ xattrs
reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry
Linus Torvalds [Fri, 31 May 2013 21:56:21 +0000 (06:56 +0900)]
Merge tag 'for-linus-v3.10-rc4-crc-xattr-fixes' of git://oss.sgi.com/xfs/xfs
Pull xfs extended attribute fixes for CRCs from Ben Myers:
"Here are several fixes that are relevant on CRC enabled XFS
filesystems. They are followed by a rework of the remote attribute
code so that each block of the attribute contains a header with a CRC.
Previously there was a CRC header per extent in the remote attribute
code, but this was untenable because it was not possible to know how
many extents would be allocated for the attribute until after the
allocation has completed, due to the fragmentation of free space.
This became complicated because the size of the headers needs to be
added to the length of the payload to get the overall length required
for the allocation. With a header per block, things are less
complicated at the cost of a little space.
I would have preferred to defer this and the rest of the CRC queue to
3.11 to mitigate risk for existing non-crc users in 3.10. Doing so
would require setting a feature bit for the on-disk changes, and so I
have been pressured into sending this pull request by Eric Sandeen and
David Chinner from Red Hat. I'll send another pull request or two
with the rest of the CRC queue next week.
- Remove assert on count of remote attribute CRC headers
- Fix the number of blocks read in for remote attributes
- Zero remote attribute tails properly
- Fix mapping of remote attribute buffers to have correct length
- initialize temp leaf properly in xfs_attr3_leaf_unbalance, and
xfs_attr3_leaf_compact
- Rework remote atttributes to have a header per block"
* tag 'for-linus-v3.10-rc4-crc-xattr-fixes' of git://oss.sgi.com/xfs/xfs:
xfs: rework remote attr CRCs
xfs: fully initialise temp leaf in xfs_attr3_leaf_compact
xfs: fully initialise temp leaf in xfs_attr3_leaf_unbalance
xfs: correctly map remote attr buffers during removal
xfs: remote attribute tail zeroing does too much
xfs: remote attribute read too short
xfs: remote attribute allocation may be contiguous
Linus Torvalds [Fri, 31 May 2013 21:50:16 +0000 (06:50 +0900)]
Merge tag 'for-linus-v3.10-rc4' of git://oss.sgi.com/xfs/xfs
Pull xfs fixes from Ben Myers:
- Fix nested transactions in xfs_qm_scall_setqlim
- Clear suid/sgid bits when we truncate with size update
- Fix recovery for split buffers
- Fix block count on remote symlinks
- Add fsgeom flag for v5 superblock support
- Disable XFS_IOC_SWAPEXT for CRC enabled filesystems
- Fix dirv3 freespace block corruption
* tag 'for-linus-v3.10-rc4' of git://oss.sgi.com/xfs/xfs:
xfs: fix dir3 freespace block corruption
xfs: disable swap extents ioctl on CRC enabled filesystems
xfs: add fsgeom flag for v5 superblock support.
xfs: fix incorrect remote symlink block count
xfs: fix split buffer vector log recovery support
xfs: kill suid/sgid through the truncate path.
xfs: avoid nesting transactions in xfs_qm_scall_setqlim()
Linus Torvalds [Fri, 31 May 2013 21:45:10 +0000 (06:45 +0900)]
Merge tag 'arm64-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64
Pull arm64 fixes from Catalin Marinas:
- Module compilation issues (symbol not exported).
- Plug a hole where user space can bring the kernel down.
* tag 'arm64-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
arm64: don't kill the kernel on a bad esr from el0
arm64: treat unhandled compat el0 traps as undef
arm64: Do not report user faults for handled signals
arm64: kernel: compiling issue, need 'EXPORT_SYMBOL(clear_page)'
Jeff Mahoney [Fri, 31 May 2013 19:51:17 +0000 (15:51 -0400)]
reiserfs: fix deadlock with nfs racing on create/lookup
Reiserfs is currently able to be deadlocked by having two NFS clients
where one has removed and recreated a file and another is accessing the
file with an open file handle.
If one client deletes and recreates a file with timing such that the
recreated file obtains the same [dirid, objectid] pair as the original
file while another client accesses the file via file handle, the create
and lookup can race and deadlock if the lookup manages to create the
in-memory inode first.
The create thread, in insert_inode_locked4, will hold the write lock
while waiting on the other inode to be unlocked. The lookup thread,
anywhere in the iget path, will release and reacquire the write lock while
it schedules. If it needs to reacquire the lock while the create thread
has it, it will never be able to make forward progress because it needs
to reacquire the lock before ultimately unlocking the inode.
This patch drops the write lock across the insert_inode_locked4 call so
that the ordering of inode_wait -> write lock is retained. Since this
would have been the case before the BKL push-down, this is safe.
Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz>
Jeff Mahoney [Fri, 31 May 2013 19:54:17 +0000 (15:54 -0400)]
reiserfs: fix problems with chowning setuid file w/ xattrs
reiserfs_chown_xattrs() takes the iattr struct passed into ->setattr
and uses it to iterate over all the attrs associated with a file to change
ownership of xattrs (and transfer quota associated with the xattr files).
When the setuid bit is cleared during chown, ATTR_MODE and iattr->ia_mode
are passed to all the xattrs as well. This means that the xattr directory
will have S_IFREG added to its mode bits.
This has been prevented in practice by a missing IS_PRIVATE check
in reiserfs_acl_chmod, which caused a double-lock to occur while holding
the write lock. Since the file system was completely locked up, the
writeout of the corrupted mode never happened.
This patch temporarily clears everything but ATTR_UID|ATTR_GID for the
calls to reiserfs_setattr and adds the missing IS_PRIVATE check.
Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz>
Jeff Mahoney [Fri, 31 May 2013 19:07:52 +0000 (15:07 -0400)]
reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry
After sleeping for filldir(), we check to see if the file system has
changed and research. The next_pos pointer is updated but its value
isn't pushed into the key used for the search itself. As a result,
the search returns the same item that the last cycle of the loop did
and filldir() is called multiple times with the same data.
The end result is that the buffer can contain the same name multiple
times. This can be returned to userspace or used internally in the
xattr code where it can manifest with the following warning:
jdm-20004 reiserfs_delete_xattrs: Couldn't delete all xattrs (-2)
reiserfs_for_each_xattr uses reiserfs_readdir_dentry to iterate over
the xattr names and ends up trying to unlink the same name twice. The
second attempt fails with -ENOENT and the error is returned. At some
point I'll need to add support into reiserfsck to remove the orphaned
directories left behind when this occurs.
The fix is to push the value into the key before researching.
Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz>
Al Viro [Thu, 23 May 2013 08:38:22 +0000 (04:38 -0400)]
zoran: racy refcount handling in vm_ops ->open()/->close()
worse, we lock ->resource_lock too late when we are destroying the
final clonal VMA; the check for lack of other mappings of the same
opened file can race with mmap().
Richard Genoud [Fri, 31 May 2013 15:49:35 +0000 (15:49 +0000)]
atmel_lcdfb: blank the backlight on remove
When removing atmel_lcdfb module, the backlight is unregistered but not
blanked. (only for CONFIG_BACKLIGHT_ATMEL_LCDC case).
This can result in the screen going full white depending on how the PWM
is wired.
Signed-off-by: Richard Genoud <richard.genoud@gmail.com> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Al Viro [Sat, 18 May 2013 06:38:52 +0000 (02:38 -0400)]
hpfs: deadlock and race in directory lseek()
For one thing, there's an ABBA deadlock on hpfs fs-wide lock and i_mutex
in hpfs_dir_lseek() - there's a lot of methods that grab the former with
the caller already holding the latter, so it must take i_mutex first.
For another, locking the damn thing, carefully validating the offset,
then dropping locks and assigning the offset is obviously racy.
Moreover, we _must_ do hpfs_add_pos(), or the machinery in dnode.c
won't modify the sucker on B-tree surgeries.
Al Viro [Fri, 17 May 2013 19:21:56 +0000 (15:21 -0400)]
qnx6: qnx6_readdir() has a braino in pos calculation
We want to mask lower 5 bits out, not leave only those and clear the
rest... As it is, we end up always starting to read from the beginning
of directory, no matter what the current position had been.
Takashi Iwai [Fri, 10 May 2013 12:04:11 +0000 (14:04 +0200)]
vfs: Fix invalid ida_remove() call
When the group id of a shared mount is not allocated, the umount still
tries to call mnt_release_group_id(), which eventually hits a kernel
warning at ida_remove() spewing a message like:
ida_remove called for id=0 which is not allocated.
This patch fixes the bug simply checking the group id in the caller.
Stefan Weinhuber [Tue, 28 May 2013 13:26:06 +0000 (15:26 +0200)]
s390/dasd: fix handling of gone paths
When a path is gone and dasd_generic_path_event is called with a
PE_PATH_GONE event, we must assume that any I/O request on that
subchannel is still running. This is unlike the dasd_generic_notify
handler and the CIO_NO_PATH event, which implies that the subchannel
has been cleared.
If dasd_generic_path_event finds that the path has been the last
usable path, it must not call dasd_generic_last_path_gone (which would
reset the state of running requests), but just set the
DASD_STOPPED_DC_WAIT bit.
Signed-off-by: Stefan Weinhuber <wein@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>