Kacper Kornet [Fri, 28 Jan 2011 23:21:04 +0000 (00:21 +0100)]
Fix prlimit64 for suid/sgid processes
Since check_prlimit_permission always fails in the case of SUID/GUID
processes, such processes are not able to read or set their own limits.
This commit changes this by assuming that process can always read/change
its own limits.
NTFS: Fix invalid pointer dereference in ntfs_mft_record_alloc().
In ntfs_mft_record_alloc() when mapping the new extent mft record with
map_extent_mft_record() we overwrite @m with the return value and on
error, we then try to use the old @m but that is no longer there as @m
now contains an error code instead so we crash when dereferencing the
error code as if it were a pointer.
The simple fix is to use a temporary variable to store the return value
thus preserving the original @m for later use. This is a backport from
the commercial Tuxera-NTFS driver and is well tested...
Thanks go to Julia Lawall for pointing this out (whilst I had fixed it
in the commercial driver I had failed to fix it in the Linux kernel).
Signed-off-by: Anton Altaparmakov <anton@tuxera.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 31 Jan 2011 02:55:38 +0000 (12:55 +1000)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-2.6-cm
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-2.6-cm:
kmemleak: Allow kmemleak metadata allocations to fail
kmemleak: remove memset by using kzalloc
Linus Torvalds [Mon, 31 Jan 2011 02:53:12 +0000 (12:53 +1000)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: HDA: Fix automute on Thinkpad L412/L512
ALSA: HDA: Fix dmesg output of HDMI supported bits
ALSA: fix invalid hardware.h include in ac97c for AVR32 architecture
ASoC: correct link specifications for corgi, poodle and spitz
ASoC: Samsung: Fix outdated cpu_dai_name for s3c24xx i2s
ASoC: Fix codec device id format used by some dai_links
ALSA: azt3328 - fix broken AZF_FMT_XLATE macro
ALSA: Xonar, CS43xx: Don't overrun static array
ASoC: Handle low measured DC offsets for wm_hubs devices
ASoC: da8xx/omap-l1xx: match codec_name with i2c ids
ASoC: WM8994: fix wrong value in tristate function
ASoC: WM8995: Fix incorrect use of snd_soc_update_bits()
Linus Torvalds [Mon, 31 Jan 2011 02:51:28 +0000 (12:51 +1000)]
Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata: set queue DMA alignment to sector size for ATAPI too
libata: DVR-212D can't do SETXFER DVD-RW DVR-212D
ahci: add HFLAG_YES_FBS and apply it to 88SE9128
pata_hpt37x: inherit prereset() method for HPT374
ahci: AHCI mode SATA patch for Intel DH89xxCC DeviceIDs
pata_hpt37x: fold 'if' statement into 'switch'
pata_hpt{37x|3x2n}: use pr_*(DRV_NAME ...) instead of printk(KERN_* ...)
pata_hpt{366|37x}: use pr_warning(...) instead of printk(KERN_WARNING ...)
pata_mpc52xx: inherit from ata_bmdma_port_ops
Input: synaptics - retry failed resets when reconnecting
On some machines, like Dell Studio XPS 16 (1640), touchpad fails to
respond to the standard query after first reset but may start
responding later, so let's repeat reset sequence several (3) times.
Input: synaptics - fix reconnect logic on MT devices
synaptics_set_advanced_gesture_mode() affect capabilities bits we should
perform comparison after calling this function, otherwise they will never
match and we will be forced to perform full reconnect.
Tejun Heo [Thu, 20 Jan 2011 12:59:06 +0000 (13:59 +0100)]
libata: set queue DMA alignment to sector size for ATAPI too
ata_pio_sectors() expects buffer for each sector to be contained in a
single page; otherwise, it ends up overrunning the first page. This
is achieved by setting queue DMA alignment. If sector_size is smaller
than PAGE_SIZE and all buffers are sector_size aligned, buffer for
each sector is always contained in a single page.
This wasn't applied to ATAPI devices but IDENTIFY_PACKET is executed
as ATA_PROT_PIO and thus uses ata_pio_sectors(). Newer versions of
udev issue IDENTIFY_PACKET with unaligned buffer triggering the
problem and causing oops.
This patch fixes the problem by setting sdev->sector_size to
ATA_SECT_SIZE on ATATPI devices and always setting DMA alignment to
sector_size. While at it, add a warning for the unlikely but still
possible scenario where sector_size is larger than PAGE_SIZE, in which
case the alignment wouldn't be enough.
Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: John Stanley <jpsinthemix@verizon.net> Tested-by: John Stanley <jpsinthemix@verizon.net> Cc: stable@kernel.org Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Anssi Hannula [Wed, 19 Jan 2011 01:03:26 +0000 (20:03 -0500)]
ahci: add HFLAG_YES_FBS and apply it to 88SE9128
Commit 5f173107ecad83a50 added HFLAG_YES_FBS workaround for 88SE9128
(1b4b:9123).
However, that change inadvertently caused the legacy IDE interface of
the controller (with the same pci id) to become associated with the AHCI
driver as well, causing the driver to try to bring the interface up in
vain.
Fix that by matching against class as well.
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Sergei Shtylyov [Tue, 11 Jan 2011 18:01:23 +0000 (21:01 +0300)]
pata_hpt37x: inherit prereset() method for HPT374
Commit ab81a505ae6be069be5b67acd7e1bab3cfb53968 (pata_hpt37x: unify ->pre_reset
methods) neglected to remove the initializer for the prereset() method from
'hpt374_fn1_port_ops' (it's inherited from 'hpt372_port_ops' anyway), as well
as to update the comment in hpt37x_init_one()...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Sergei Shtylyov [Mon, 10 Jan 2011 19:31:13 +0000 (22:31 +0300)]
pata_hpt37x: fold 'if' statement into 'switch'
hpt37x_init_one() has a large *if* statement which should really be folded into
the *switch* statement that currently constitutes its *else* branch, reducing
one level of indentation...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Linus Torvalds [Fri, 28 Jan 2011 02:24:34 +0000 (12:24 +1000)]
Merge branch 'stable/bug-fixes-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
* 'stable/bug-fixes-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen/setup: Route halt operations to safe_halt pvop.
xen/e820: Guard against E820_RAM not having page-aligned size or start.
xen/p2m: Mark INVALID_P2M_ENTRY the mfn_list past max_pfn.
Linus Torvalds [Fri, 28 Jan 2011 02:12:58 +0000 (12:12 +1000)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: avoid picking MDS that is not active
ceph: avoid immediate cap check after import
ceph: fix flushing of caps vs cap import
ceph: fix erroneous cap flush to non-auth mds
ceph: fix cap_wanted_delay_{min,max} mount option initialization
ceph: fix xattr rbtree search
ceph: fix getattr on directory when using norbytes
Linus Torvalds [Fri, 28 Jan 2011 02:10:13 +0000 (12:10 +1000)]
Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/nv50: fix regression on IGPs
drm/radeon/kms: re-emit full context state for evergreen blits
drm/radeon/kms: release CMASK access in preclose_kms
drm/radeon/kms: fix r6xx+ scanout on BE systems
drm/radeon/kms: clean up some magic numbers
drm/radeon/kms: only enable HDMI mode if radeon audio is enabled
radeon/kms: fix dp displayport mode validation
drm/nvc0/grctx: correct an off-by-one
drm/nv50: Fix race with PFIFO during PGRAPH context destruction.
drm/nouveau: Workaround incorrect DCB entry on a GeForce3 Ti 200.
drm/nvc0: implement irq handler for whatever's at 0x14xxxx
drm/nvc0: fix incorrect TPC register setup
drm/nouveau: probe for adt7473 before f75375
drm/nouveau: remove dead function definition
Linus Torvalds [Thu, 27 Jan 2011 20:43:41 +0000 (06:43 +1000)]
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
percpu, x86: Fix percpu_xchg_op()
x86: Remove left over system_64.h
x86-64: Don't use pointer to out-of-scope variable in dump_trace()
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (43 commits)
bnx2: Eliminate AER error messages on systems not supporting it
cnic: Fix big endian bug
xfrm6: Don't forget to propagate peer into ipsec route.
tg3: Use new VLAN code
bonding: update documentation - alternate configuration.
TCP: fix a bug that triggers large number of TCP RST by mistake
MAINTAINERS: remove Reinette Chatre as iwlwifi maintainer
rt2x00: add device id for windy31 usb device
mac80211: fix a crash in ieee80211_beacon_get_tim on change_interface
ipv6: Revert 'administrative down' address handling changes.
textsearch: doc - fix spelling in lib/textsearch.c.
USB NET KL5KUSB101: Fix mem leak in error path of kaweth_download_firmware()
pch_gbe: don't use flush_scheduled_work()
bnx2: Always set ETH_FLAG_TXVLAN
net: clear heap allocation for ethtool_get_regs()
ipv6: Always clone offlink routes.
dcbnl: make get_app handling symmetric for IEEE and CEE DCBx
tcp: fix bug in listening_get_next()
inetpeer: Use correct AVL tree base pointer in inet_getpeer().
GRO: fix merging a paged skb after non-paged skbs
...
Replaced md4 hashing function local to cifs module with kernel crypto APIs.
As a result, md4 hashing function and its supporting functions in
file md4.c are not needed anymore.
Cleaned up function declarations, removed forward function declarations,
and removed a header file that is being deleted from being included.
Verified that sec=ntlm/i, sec=ntlmv2/i, and sec=ntlmssp/i work correctly.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Catalin Marinas [Thu, 27 Jan 2011 10:30:26 +0000 (10:30 +0000)]
kmemleak: Allow kmemleak metadata allocations to fail
This patch adds __GFP_NORETRY and __GFP_NOMEMALLOC flags to the kmemleak
metadata allocations so that it has a smaller effect on the users of the
kernel slab allocator. Since kmemleak allocations can now fail more
often, this patch also reduces the verbosity by passing __GFP_NOWARN and
not dumping the stack trace when a kmemleak allocation fails.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Reported-by: Toralf Förster <toralf.foerster@gmx.de> Acked-by: Pekka Enberg <penberg@cs.helsinki.fi> Acked-by: David Rientjes <rientjes@google.com> Cc: Ted Ts'o <tytso@mit.edu>
xen/setup: Route halt operations to safe_halt pvop.
With this patch, the cpuidle driver does not load and
does not issue the mwait operations. Instead the hypervisor
is doing them (b/c we call the safe_halt pvops call).
This fixes quite a lot of bootup issues wherein the user had
to force interrupts for the continuation of the bootup.
Reported-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Tested-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
We were not handling that and ended up setting up a pagetable
that included up to df66e000 with the disastrous effect that when
memset(NODE_DATA(nodeid), 0, sizeof(pg_data_t));
tried to clear the page it would crash at the 2K mark.
Initially reported by Michael Young @
http://lists.xensource.com/archives/html/xen-devel/2011-01/msg00108.html
The fix is to page-align the size and also take into consideration
the start of the E820 (in case that is not page-aligned either). This
fixes the bootup failure on those affected machines.
This patch is a rework of the Micheal A Young initial patch and
considers the case if the start is not page-aligned.
Reported-by: Michael A Young <m.a.young@durham.ac.uk> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Michael A Young <m.a.young@durham.ac.uk>
Stefan Bader [Thu, 27 Jan 2011 15:03:14 +0000 (10:03 -0500)]
xen/p2m: Mark INVALID_P2M_ENTRY the mfn_list past max_pfn.
In case the mfn_list does not have enough entries to fill
a p2m page we do not want the entries from max_pfn up to
the boundary to be filled with unknown values. Hence
set them to INVALID_P2M_ENTRY.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Grant Likely [Sun, 16 Jan 2011 05:41:27 +0000 (22:41 -0700)]
arm/tegra: Fix tegra irq_data conversion
Commit 37337a8d5e68d6e19075dbdb3acf4f1011dae972, "ARM: tegra: irq_data
conversion." missed changing one reference to 'irq' in the function
tegra_gpio_irq_set_type(). This patch fixes the build error.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca> Acked-by: Lennert Buytenhek <buytenh@secretlab.ca> Acked-by: Olof Johansson <olof@lixom.net> Signed-off-by: Colin Cross <ccross@android.com>
Alex Deucher [Tue, 25 Jan 2011 16:55:50 +0000 (11:55 -0500)]
drm/radeon/kms: fix r6xx+ scanout on BE systems
R6xx+ have per-block swappers. BE content in the
framebuffer will now be swapped properly during scanout.
Untested, however, the same code is reported working in
the UMS ddx.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com> Signed-off-by: Dave Airlie <airlied@gmail.com>
Reported-by: Breno Leitao <leitao@linux.vnet.ibm.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Michael Chan [Tue, 25 Jan 2011 22:14:50 +0000 (22:14 +0000)]
cnic: Fix big endian bug
The chip's page tables did not set up properly on big endian machines,
causing EEH errors on PPC machines.
Reported-by: Breno Leitao <leitao@linux.vnet.ibm.com> Signed-off-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Matt Carlson [Wed, 26 Jan 2011 21:13:10 +0000 (13:13 -0800)]
tg3: Use new VLAN code
This patch pivots the tg3 driver to the new VLAN infrastructure.
All references to vlgrp have been removed. The driver still attempts to
disable VLAN tag stripping if CONFIG_VLAN_8021Q or
CONFIG_VLAN_8021Q_MODULE is not defined.
Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
BugLink: http://bugs.launchpad.net/bugs/707902
More Thinkpad machines with invalid SKU found, that disables
automute between speakers and headphones on these machines.
Signed-off-by: David Henningsson <david.henningsson@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
avr32: add missing include causing undefined pgtable_page_* references
This patch adds the linux/mm.h header file to the AVR32 arch pgalloc.c
implementation to fix the undefined reference to pgtable_page_ctor() and
pgtable_page_dtor().
Paul Turner [Sat, 22 Jan 2011 04:45:02 +0000 (20:45 -0800)]
sched: Use rq->clock_task instead of rq->clock for correctly maintaining load averages
The delta in clock_task is a more fair attribution of how much time a tg has
been contributing load to the current cpu.
While not really important it also means we're more in sync (by magnitude)
with respect to periodic updates (since __update_curr deltas are clock_task
based).
Signed-off-by: Paul Turner <pjt@google.com> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <20110122044852.007092349@google.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Paul Turner [Sat, 22 Jan 2011 04:45:00 +0000 (20:45 -0800)]
sched: Fix/remove redundant cfs_rq checks
Since updates are against an entity's queuing cfs_rq it's not possible to
enter update_cfs_{shares,load} with a NULL cfs_rq. (Indeed, update_cfs_load
would crash prior to the check if we did anyway since we load is examined
during the initializers).
Also, in the update_cfs_load case there's no point
in maintaining averages for rq->cfs_rq since we don't perform shares
distribution at that level -- NULL check is replaced accordingly.
Thanks to Dan Carpenter for pointing out the deference before NULL check.
Signed-off-by: Paul Turner <pjt@google.com> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <20110122044851.825284940@google.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Paul Turner [Sat, 22 Jan 2011 04:44:59 +0000 (20:44 -0800)]
sched: Fix sign under-flows in wake_affine
While care is taken around the zero-point in effective_load to not exceed
the instantaneous rq->weight, it's still possible (e.g. using wake_idx != 0)
for (load + effective_load) to underflow.
In this case the comparing the unsigned values can result in incorrect balanced
decisions.
Signed-off-by: Paul Turner <pjt@google.com> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <20110122044851.734245014@google.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Dave Airlie [Wed, 26 Jan 2011 07:12:42 +0000 (17:12 +1000)]
Merge branch 'drm-nouveau-next' of git://git.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes
* 'drm-nouveau-next' of git://git.freedesktop.org/git/nouveau/linux-2.6:
drm/nvc0/grctx: correct an off-by-one
drm/nv50: Fix race with PFIFO during PGRAPH context destruction.
drm/nouveau: Workaround incorrect DCB entry on a GeForce3 Ti 200.
drm/nvc0: implement irq handler for whatever's at 0x14xxxx
drm/nvc0: fix incorrect TPC register setup
drm/nouveau: probe for adt7473 before f75375
drm/nouveau: remove dead function definition
Sonic Zhang [Wed, 12 Jan 2011 03:39:35 +0000 (22:39 -0500)]
mmc: bfin_sdh: fix alloc size for private data
The bfin_sdh driver allocates the wrong size for the private data
in the mmc_host. The first parameter of mmc_alloc_host should be
the size of the local driver struct rather than the common mmc_host.
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Cc: <stable@kernel.org> Signed-off-by: Chris Ball <cjb@laptop.org>
Jaehoon Chung [Wed, 12 Jan 2011 02:59:12 +0000 (11:59 +0900)]
mmc: sdhci-s3c: add platform_8bit_width() hook
We have 8-bit width support but is not a v3 controller.
So we need platform_8bit_width() to support 8-bit buswidth.
Also we need MMC_CAP_8_BIT_DATA, so we add it in platdata.
This gets 8-bit support working again on s3c, after we previously
disabled 8-bit by default on non-v3 controllers.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Signed-off-by: Chris Ball <cjb@laptop.org>
Jamie Iles [Tue, 11 Jan 2011 12:43:50 +0000 (12:43 +0000)]
mmc: jz4740: don't treat NULL clk as an error
clk_get() returns a struct clk cookie to the driver and some platforms
may return NULL if they only support a single clock. clk_get() has only
failed if it returns a ERR_PTR() encoded pointer.
Signed-off-by: Jamie Iles <jamie@jamieiles.com> Signed-off-by: Chris Ball <cjb@laptop.org>
mmc: mmci: don't read command response when invalid
Don't read the command response from the registers when either the
command timed out (because there was no response from the card) or
the checksum on the response was invalid.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Chris Ball <cjb@laptop.org>
Torben Hohn [Tue, 25 Jan 2011 23:07:35 +0000 (15:07 -0800)]
console: rename acquire/release_console_sem() to console_lock/unlock()
The -rt patches change the console_semaphore to console_mutex. As a
result, a quite large chunk of the patches changes all
acquire/release_console_sem() to acquire/release_console_mutex()
This commit makes things use more neutral function names which dont make
implications about the underlying lock.
The only real change is the return value of console_trylock which is
inverted from try_acquire_console_sem()
This patch also paves the way to switching console_sem from a semaphore to
a mutex.
[akpm@linux-foundation.org: coding-style fixes]
[akpm@linux-foundation.org: make console_trylock return 1 on success, per Geert] Signed-off-by: Torben Hohn <torbenh@gmx.de> Cc: Thomas Gleixner <tglx@tglx.de> Cc: Greg KH <gregkh@suse.de> Cc: Ingo Molnar <mingo@elte.hu> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Phillip Lougher [Tue, 25 Jan 2011 23:07:34 +0000 (15:07 -0800)]
squashfs: fix use of uninitialised variable in zlib & xz decompressors
Fix potential use of uninitialised variable caused by recent
decompressor code optimisations.
In zlib_uncompress (zlib_wrapper.c) we have
int zlib_err, zlib_init = 0;
...
do {
...
if (avail == 0) {
offset = 0;
put_bh(bh[k++]);
continue;
}
...
zlib_err = zlib_inflate(stream, Z_SYNC_FLUSH);
...
} while (zlib_err == Z_OK);
If continue is executed (avail == 0) then the while condition will be
evaluated testing zlib_err, which is uninitialised first time around the
loop.
Fix this by getting rid of the 'if (avail == 0)' condition test, this
edge condition should not be being handled in the decompressor code, and
instead handle it generically in the caller code.
Similarly for xz_wrapper.c.
Incidentally, on most architectures (bar Mips and Parisc), no
uninitialised variable warning is generated by gcc, this is because the
while condition test on continue is optimised out and not performed
(when executing continue zlib_err has not been changed since entering
the loop, and logically if the while condition was true previously, then
it's still true).
radix_tree_range_tag_if_tagged() always tags the root tag with settag
if the root tag is set with iftag even if there are no iftag tags
in the specified range (Of course, there are some iftag tags
outside the specified range).
__lookup_tag():
- Return with 0.
- Return with the index which is not bigger than the old one as the
input parameter.
Therefore the following "while" repeats forever because the above
conditions cause "ret" not to be updated and the cur_index cannot be
changed into the bigger one.
radix_tree_gang_lookup_tag_slot():
1178 while (ret < max_items) {
1179 unsigned int slots_found;
1180 unsigned long next_index; /* Index of next search */
1181
1182 if (cur_index > max_index)
1183 break;
1184 slots_found = __lookup_tag(node, results + ret,
1185 cur_index, max_items - ret, &next_index,
tag);
1186 ret += slots_found;
// cannot update ret because slots_found == 0.
// so, this while loops forever.
1187 if (next_index == 0)
1188 break;
1189 cur_index = next_index;
1190 }
(2) Why does __lookup_tag() return with 0 and doesn't update the index?
Assuming the following:
- the one of the slot in radix_tree_node is NULL.
- the one of the tag which corresponds to the slot sets with
PAGECACHE_TAG_TOWRITE or other.
- In a certain height(!=0), the corresponding index is 0.
a) __lookup_tag() notices that the tag is set.
1005 static unsigned int
1006 __lookup_tag(struct radix_tree_node *slot, void ***results, unsigned long index,
1007 unsigned int max_items, unsigned long *next_index, unsigned int tag)
1008 {
1009 unsigned int nr_found = 0;
1010 unsigned int shift, height;
1011
1012 height = slot->height;
1013 if (height == 0)
1014 goto out;
1015 shift = (height-1) * RADIX_TREE_MAP_SHIFT;
1016
1017 while (height > 0) {
1018 unsigned long i = (index >> shift) & RADIX_TREE_MAP_MASK ;
1019
1020 for (;;) {
1021 if (tag_get(slot, tag, i))
1022 break;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* the index is not updated yet.
b) __lookup_tag() notices that the slot is NULL.
1023 index &= ~((1UL << shift) - 1);
1024 index += 1UL << shift;
1025 if (index == 0)
1026 goto out; /* 32-bit wraparound */
1027 i++;
1028 if (i == RADIX_TREE_MAP_SIZE)
1029 goto out;
1030 }
1031 height--;
1032 if (height == 0) { /* Bottom level: grab some items */
...
1055 }
1056 shift -= RADIX_TREE_MAP_SHIFT;
1057 slot = rcu_dereference_raw(slot->slots[i]);
1058 if (slot == NULL)
1059 break;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
c) __lookup_tag() doesn't update the index and return with 0.
Because radix_tree_range_tag_if_tagged() always sets the root tag with
PAGECACHE_TAG_TOWRITE if the root tag is set with PAGECACHE_TAG_DIRTY,
even if there is no tag which can be set with PAGECACHE_TAG_TOWRITE
in the specified range (from *first_indexp to last_index). Of course,
some PAGECACHE_TAG_DIRTY nodes must exist outside the specified range.
(radix_tree_range_tag_if_tagged() is called only from tag_pages_for_writeback())
640 unsigned long radix_tree_range_tag_if_tagged(struct radix_tree_root
*root,
641 unsigned long *first_indexp, unsigned long last_index,
642 unsigned long nr_to_tag,
643 unsigned int iftag, unsigned int settag)
644 {
645 unsigned int height = root->height;
646 struct radix_tree_path path[height];
647 struct radix_tree_path *pathp = path;
648 struct radix_tree_node *slot;
649 unsigned int shift;
650 unsigned long tagged = 0;
651 unsigned long index = *first_indexp;
652
653 last_index = min(last_index, radix_tree_maxindex(height));
654 if (index > last_index)
655 return 0;
656 if (!nr_to_tag)
657 return 0;
658 if (!root_tag_get(root, iftag)) {
659 *first_indexp = last_index + 1;
660 return 0;
661 }
662 if (height == 0) {
663 *first_indexp = last_index + 1;
664 root_tag_set(root, settag);
665 return 1;
666 }
...
733 root_tag_set(root, settag);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
734 *first_indexp = index;
735
736 return tagged;
737 }
As the result, there is no radix_tree_node which is set with
PAGECACHE_TAG_TOWRITE but the root tag(radix_tree_root) is set with
PAGECACHE_TAG_TOWRITE.
[figure: inside radix_tree]
(Please see the figure with typewriter font)
===========================================
[roottag = DIRTY]
| tag=0:NOTHING
tag[0 0 0 1] 1:DIRTY
[x x x +] 2:WRITEBACK
| 3:DIRTY,WRITEBACK
p 4:TOWRITE
<---> 5:DIRTY,TOWRITE ...
specified range (index: 0 to 2)
* There is no DIRTY tag within the specified range.
(But there is a DIRTY tag outside that range.)
| | | | | | | | |
after calling tag_pages_for_writeback()
| | | | | | | | |
v v v v v v v v v
[roottag = DIRTY,TOWRITE]
| p is "page".
tag[0 0 0 1] x is NULL.
[x x x +] +- is a pointer to "page".
|
p
* But TOWRITE tag is set on the root tag.
============================================
After that, radix_tree_extend() via radix_tree_insert() is called
when the page is added.
This function sets the new radix_tree_node with PAGECACHE_TAG_TOWRITE
to succeed the status of the root tag.
246 static int radix_tree_extend(struct radix_tree_root *root, unsigned long
index)
247 {
248 struct radix_tree_node *node;
249 unsigned int height;
250 int tag;
251
252 /* Figure out what the height should be. */
253 height = root->height + 1;
254 while (index > radix_tree_maxindex(height))
255 height++;
256
257 if (root->rnode == NULL) {
258 root->height = height;
259 goto out;
260 }
261
262 do {
263 unsigned int newheight;
264 if (!(node = radix_tree_node_alloc(root)))
265 return -ENOMEM;
266
267 /* Increase the height. */
268 node->slots[0] = radix_tree_indirect_to_ptr(root->rnode);
269
270 /* Propagate the aggregated tag info into the new root */
271 for (tag = 0; tag < RADIX_TREE_MAX_TAGS; tag++) {
272 if (root_tag_get(root, tag))
273 tag_set(node, tag, 0);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
274 }
===========================================
[roottag = DIRTY,TOWRITE]
| :
tag[0 0 0 1] [0 0 0 0]
[x x x +] [+ x x x]
| |
p p (new page)
| | | | | | | | |
after calling radix_tree_insert
| | | | | | | | |
v v v v v v v v v
[roottag = DIRTY,TOWRITE]
|
tag [5 0 0 0] * DIRTY and TOWRITE tags are
[+ + x x] succeeded to the new node.
| |
tag [0 0 0 1] [0 0 0 0]
[x x x +] [+ x x x]
| |
p p
============================================
After that, the index 3 page is released by remove_from_page_cache().
Then we can make the situation that the tag is set with PAGECACHE_TAG_TOWRITE
and that the slot which corresponds to the tag is NULL.
===========================================
[roottag = DIRTY,TOWRITE]
|
tag [5 0 0 0]
[+ + x x]
| |
tag [0 0 0 1] [0 0 0 0]
[x x x +] [+ x x x]
| |
p p
(remove)
| | | | | | | | |
after calling remove_page_cache
| | | | | | | | |
v v v v v v v v v
[roottag = DIRTY,TOWRITE]
|
tag [4 0 0 0] * Only DIRTY tag is cleared
[x + x x] because no TOWRITE tag is existed
| in the bottom node.
[0 0 0 0]
[+ x x x]
|
p
============================================
To solve this problem
Change to that radix_tree_tag_if_tagged() doesn't tag the root tag
if it doesn't set any tags within the specified range.
Like this.
============================================
640 unsigned long radix_tree_range_tag_if_tagged(struct radix_tree_root
*root,
641 unsigned long *first_indexp, unsigned long last_index,
642 unsigned long nr_to_tag,
643 unsigned int iftag, unsigned int settag)
644 {
650 unsigned long tagged = 0;
...
733 if (tagged)
^^^^^^^^^^^^^^^^^^^^^^^^
734 root_tag_set(root, settag);
735 *first_indexp = index;
736
737 return tagged;
738 }
============================================
Signed-off-by: Toshiyuki Okajima <toshi.okajima@jp.fujitsu.com> Acked-by: Jan Kara <jack@suse.cz> Cc: Dave Chinner <david@fromorbit.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
setup_irq() was called before clockevents_register_device() which is
needed by the irq handler. Bug was reproducible by restarting the
kernel using kexec (reliable crash).
Signed-off-by: Nikolaus Voss <n.voss@weinmann.de> Cc: David Brownell <dbrownell@users.sourceforge.net> Cc: Haavard Skinnemoen <hskinnemoen@atmel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
memcg: fix race at move_parent around compound_order()
A fix up mem_cgroup_move_parent() which use compound_order() in
asynchronous manner. This compound_order() may return unknown value
because we don't take lock. Use PageTransHuge() and HPAGE_SIZE instead
of it.
Also clean up for mem_cgroup_move_parent().
- remove unnecessary initialization of local variable.
- rename charge_size -> page_size
- remove unnecessary (wrong) comment.
- added a comment about THP.
Note:
Current design take compound_page_lock() in caller of move_account().
This should be revisited when we implement direct move_task of hugepage
without splitting.