1. 05 12月, 2013 1 次提交
  2. 04 12月, 2013 1 次提交
  3. 29 11月, 2013 3 次提交
    • M
      efi-pstore: Make efi-pstore return a unique id · fdeadb43
      Madper Xie 提交于
      Pstore fs expects that backends provide a unique id which could avoid
      pstore making entries as duplication or denominating entries the same
      name. So I combine the timestamp, part and count into id.
      Signed-off-by: NMadper Xie <cxie@redhat.com>
      Cc: Seiji Aguchi <seiji.aguchi@hds.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NMatt Fleming <matt.fleming@intel.com>
      fdeadb43
    • M
      x86/efi: Fix earlyprintk off-by-one bug · 1f3a8bae
      Matt Fleming 提交于
      Dave reported seeing the following incorrect output on his Thinkpad T420
      when using earlyprintk=efi,
      
      [    0.000000] efi: EFI v2.00 by Lenovo
                          ACPI=0xdabfe000  ACPI 2.0=0xdabfe014 SMBIOS=0xdaa9e000
      
      The output should be on one line, not split over two. The cause is an
      off-by-one error when checking that the efi_y coordinate hasn't been
      incremented out of bounds.
      Reported-by: NDave Young <dyoung@redhat.com>
      Signed-off-by: NMatt Fleming <matt.fleming@intel.com>
      1f3a8bae
    • S
      efivars, efi-pstore: Hold off deletion of sysfs entry until the scan is completed · e0d59733
      Seiji Aguchi 提交于
      Currently, when mounting pstore file system, a read callback of
      efi_pstore driver runs mutiple times as below.
      
      - In the first read callback, scan efivar_sysfs_list from head and pass
        a kmsg buffer of a entry to an upper pstore layer.
      - In the second read callback, rescan efivar_sysfs_list from the entry
        and pass another kmsg buffer to it.
      - Repeat the scan and pass until the end of efivar_sysfs_list.
      
      In this process, an entry is read across the multiple read function
      calls. To avoid race between the read and erasion, the whole process
      above is protected by a spinlock, holding in open() and releasing in
      close().
      
      At the same time, kmemdup() is called to pass the buffer to pstore
      filesystem during it. And then, it causes a following lockdep warning.
      
      To make the dynamic memory allocation runnable without taking spinlock,
      holding off a deletion of sysfs entry if it happens while scanning it
      via efi_pstore, and deleting it after the scan is completed.
      
      To implement it, this patch introduces two flags, scanning and deleting,
      to efivar_entry.
      
      On the code basis, it seems that all the scanning and deleting logic is
      not needed because __efivars->lock are not dropped when reading from the
      EFI variable store.
      
      But, the scanning and deleting logic is still needed because an
      efi-pstore and a pstore filesystem works as follows.
      
      In case an entry(A) is found, the pointer is saved to psi->data.  And
      efi_pstore_read() passes the entry(A) to a pstore filesystem by
      releasing  __efivars->lock.
      
      And then, the pstore filesystem calls efi_pstore_read() again and the
      same entry(A), which is saved to psi->data, is used for resuming to scan
      a sysfs-list.
      
      So, to protect the entry(A), the logic is needed.
      
      [    1.143710] ------------[ cut here ]------------
      [    1.144058] WARNING: CPU: 1 PID: 1 at kernel/lockdep.c:2740 lockdep_trace_alloc+0x104/0x110()
      [    1.144058] DEBUG_LOCKS_WARN_ON(irqs_disabled_flags(flags))
      [    1.144058] Modules linked in:
      [    1.144058] CPU: 1 PID: 1 Comm: systemd Not tainted 3.11.0-rc5 #2
      [    1.144058]  0000000000000009 ffff8800797e9ae0 ffffffff816614a5 ffff8800797e9b28
      [    1.144058]  ffff8800797e9b18 ffffffff8105510d 0000000000000080 0000000000000046
      [    1.144058]  00000000000000d0 00000000000003af ffffffff81ccd0c0 ffff8800797e9b78
      [    1.144058] Call Trace:
      [    1.144058]  [<ffffffff816614a5>] dump_stack+0x54/0x74
      [    1.144058]  [<ffffffff8105510d>] warn_slowpath_common+0x7d/0xa0
      [    1.144058]  [<ffffffff8105517c>] warn_slowpath_fmt+0x4c/0x50
      [    1.144058]  [<ffffffff8131290f>] ? vsscanf+0x57f/0x7b0
      [    1.144058]  [<ffffffff810bbd74>] lockdep_trace_alloc+0x104/0x110
      [    1.144058]  [<ffffffff81192da0>] __kmalloc_track_caller+0x50/0x280
      [    1.144058]  [<ffffffff815147bb>] ? efi_pstore_read_func.part.1+0x12b/0x170
      [    1.144058]  [<ffffffff8115b260>] kmemdup+0x20/0x50
      [    1.144058]  [<ffffffff815147bb>] efi_pstore_read_func.part.1+0x12b/0x170
      [    1.144058]  [<ffffffff81514800>] ? efi_pstore_read_func.part.1+0x170/0x170
      [    1.144058]  [<ffffffff815148b4>] efi_pstore_read_func+0xb4/0xe0
      [    1.144058]  [<ffffffff81512b7b>] __efivar_entry_iter+0xfb/0x120
      [    1.144058]  [<ffffffff8151428f>] efi_pstore_read+0x3f/0x50
      [    1.144058]  [<ffffffff8128d7ba>] pstore_get_records+0x9a/0x150
      [    1.158207]  [<ffffffff812af25c>] ? selinux_d_instantiate+0x1c/0x20
      [    1.158207]  [<ffffffff8128ce30>] ? parse_options+0x80/0x80
      [    1.158207]  [<ffffffff8128ced5>] pstore_fill_super+0xa5/0xc0
      [    1.158207]  [<ffffffff811ae7d2>] mount_single+0xa2/0xd0
      [    1.158207]  [<ffffffff8128ccf8>] pstore_mount+0x18/0x20
      [    1.158207]  [<ffffffff811ae8b9>] mount_fs+0x39/0x1b0
      [    1.158207]  [<ffffffff81160550>] ? __alloc_percpu+0x10/0x20
      [    1.158207]  [<ffffffff811c9493>] vfs_kern_mount+0x63/0xf0
      [    1.158207]  [<ffffffff811cbb0e>] do_mount+0x23e/0xa20
      [    1.158207]  [<ffffffff8115b51b>] ? strndup_user+0x4b/0xf0
      [    1.158207]  [<ffffffff811cc373>] SyS_mount+0x83/0xc0
      [    1.158207]  [<ffffffff81673cc2>] system_call_fastpath+0x16/0x1b
      [    1.158207] ---[ end trace 61981bc62de9f6f4 ]---
      Signed-off-by: NSeiji Aguchi <seiji.aguchi@hds.com>
      Tested-by: NMadper Xie <cxie@redhat.com>
      Cc: stable@kernel.org
      Signed-off-by: NMatt Fleming <matt.fleming@intel.com>
      e0d59733
  4. 23 11月, 2013 17 次提交
    • L
      Linux 3.13-rc1 · 6ce4eac1
      Linus Torvalds 提交于
      6ce4eac1
    • L
      Merge tag 'ecryptfs-3.13-rc1-quiet-checkers' of... · 57498f9c
      Linus Torvalds 提交于
      Merge tag 'ecryptfs-3.13-rc1-quiet-checkers' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
      
      Pull minor eCryptfs fix from Tyler Hicks:
       "Quiet static checkers by removing unneeded conditionals"
      
      * tag 'ecryptfs-3.13-rc1-quiet-checkers' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
        eCryptfs: file->private_data is always valid
      57498f9c
    • L
      Merge tag 'sound-fix2-3.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · e48f88a3
      Linus Torvalds 提交于
      Pull second set of sound fixes from Takashi Iwai:
       "A collection of small fixes in HD-audio quirks and runtime PM, ASoC
        rcar, abs8500 and other codecs.  Most of commits are for stable
        kernels, too"
      
      * tag 'sound-fix2-3.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda - Set current_headset_type to ALC_HEADSET_TYPE_ENUM (janitorial)
        ALSA: hda - Provide missing pin configs for VAIO with ALC260
        ALSA: hda - Add headset quirk for Dell Inspiron 3135
        ALSA: hda - Fix the headphone jack detection on Sony VAIO TX
        ALSA: hda - Fix missing bass speaker on ASUS N550
        ALSA: hda - Fix unbalanced runtime PM notification at resume
        ASoC: arizona: Set FLL to free-run before disabling
        ALSA: hda - A casual Dell Headset quirk
        ASoC: rcar: fixup dma_async_issue_pending() timing
        ASoC: rcar: off by one in rsnd_scu_set_route()
        ASoC: wm5110: Add post SYSCLK register patch for rev D chip
        ASoC: ab8500: Revert to using custom I/O functions
        ALSA: hda - Also enable mute/micmute LED control for "Lenovo dock" fixup
        ALSA: firewire-lib: include sound/asound.h to refer to snd_pcm_format_t
        ALSA: hda - Select FW_LOADER from CONFIG_SND_HDA_CODEC_CA0132_DSP
        ALSA: hda - Enable mute/mic-mute LEDs for more Thinkpads with Realtek codec
        ASoC: rcar: fixup mod access before checking
      e48f88a3
    • L
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · aecde27c
      Linus Torvalds 提交于
      Pull DRM fixes from Dave Airlie:
       "I was going to leave this until post -rc1 but sysfs fixes broke
        hotplug in userspace, so I had to fix it harder, otherwise a set of
        pulls from intel, radeon and vmware,
      
        The vmware/ttm changes are bit larger but since its early and they are
        unlikely to break anything else I put them in, it lets vmware work
        with dri3"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (36 commits)
        drm/sysfs: fix hotplug regression since lifetime changes
        drm/exynos: g2d: fix memory leak to userptr
        drm/i915: Fix gen3 self-refresh watermarks
        drm/ttm: Remove set_need_resched from the ttm fault handler
        drm/ttm: Don't move non-existing data
        drm/radeon: hook up backlight functions for CI and KV family.
        drm/i915: Replicate BIOS eDP bpp clamping hack for hsw
        drm/i915: Do not enable package C8 on unsupported hardware
        drm/i915: Hold pc8 lock around toggling pc8.gpu_idle
        drm/i915: encoder->get_config is no longer optional
        drm/i915/tv: add ->get_config callback
        drm/radeon/cik: Add macrotile mode array query
        drm/radeon/cik: Return backend map information to userspace
        drm/vmwgfx: Make vmwgfx dma buffers prime aware
        drm/vmwgfx: Make surfaces prime-aware
        drm/vmwgfx: Hook up the prime ioctls
        drm/ttm: Add a minimal prime implementation for ttm base objects
        drm/vmwgfx: Fix false lockdep warning
        drm/ttm: Allow execbuf util reserves without ticket
        drm/i915: restore the early forcewake cleanup
        ...
      aecde27c
    • L
      Merge tag 'pci-v3.13-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · e3414786
      Linus Torvalds 提交于
      Pull PCI updates from Bjorn Helgaas:
       "Miscellaneous
         - Remove duplicate disable from pcie_portdrv_remove() (Yinghai Lu)
         - Fix whitespace, capitalization, and spelling errors (Bjorn Helgaas)"
      
      * tag 'pci-v3.13-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: Remove duplicate pci_disable_device() from pcie_portdrv_remove()
        PCI: Fix whitespace, capitalization, and spelling errors
      e3414786
    • L
      Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · b0e3636f
      Linus Torvalds 提交于
      Pull SCSI target updates from Nicholas Bellinger:
       "Things have been quiet this round with mostly bugfixes, percpu
        conversions, and other minor iscsi-target conformance testing changes.
      
        The highlights include:
      
         - Add demo_mode_discovery attribute for iscsi-target (Thomas)
         - Convert tcm_fc(FCoE) to use percpu-ida pre-allocation
         - Add send completion interrupt coalescing for ib_isert
         - Convert target-core to use percpu-refcounting for se_lun
         - Fix mutex_trylock usage bug in iscsit_increment_maxcmdsn
         - tcm_loop updates (Hannes)
         - target-core ALUA cleanups + prep for v3.14 SCSI Referrals support (Hannes)
      
        v3.14 is currently shaping to be a busy development cycle in target
        land, with initial support for T10 Referrals and T10 DIF currently on
        the roadmap"
      
      * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (40 commits)
        iscsi-target: chap auth shouldn't match username with trailing garbage
        iscsi-target: fix extract_param to handle buffer length corner case
        iscsi-target: Expose default_erl as TPG attribute
        target_core_configfs: split up ALUA supported states
        target_core_alua: Make supported states configurable
        target_core_alua: Store supported ALUA states
        target_core_alua: Rename ALUA_ACCESS_STATE_OPTIMIZED
        target_core_alua: spellcheck
        target core: rename (ex,im)plict -> (ex,im)plicit
        percpu-refcount: Add percpu-refcount.o to obj-y
        iscsi-target: Do not reject non-immediate CmdSNs exceeding MaxCmdSN
        iscsi-target: Convert iscsi_session statistics to atomic_long_t
        target: Convert se_device statistics to atomic_long_t
        target: Fix delayed Task Aborted Status (TAS) handling bug
        iscsi-target: Reject unsupported multi PDU text command sequence
        ib_isert: Avoid duplicate iscsit_increment_maxcmdsn call
        iscsi-target: Fix mutex_trylock usage in iscsit_increment_maxcmdsn
        target: Core does not need blkdev.h
        target: Pass through I/O topology for block backstores
        iser-target: Avoid using FRMR for single dma entry requests
        ...
      b0e3636f
    • L
      Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging · 0032cdef
      Linus Torvalds 提交于
      Pull hwmon fixes from Guenter Roeck:
       - acpi_power_meter: Fix return value check from call to
         acpi_bus_get_device
       - nct6775: Fix/improve NCT6791 support
       - lm75: Add support for GMT G751
      
      * tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (acpi_power_meter) Fix acpi_bus_get_device() return value check
        hwmon: (nct6775) NCT6791 supports weight control only for CPUFAN
        hwmon: (nct6775) Monitor additional temperature registers
        hwmon: (lm75) Add support for GMT G751 chip
      0032cdef
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · d2c2ad54
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix memory leaks and other issues in mwifiex driver, from Amitkumar
          Karwar.
      
       2) skb_segment() can choke on packets using frag lists, fix from
          Herbert Xu with help from Eric Dumazet and others.
      
       3) IPv4 output cached route instantiation properly handles races
          involving two threads trying to install the same route, but we
          forgot to propagate this logic to input routes as well.  Fix from
          Alexei Starovoitov.
      
       4) Put protections in place to make sure that recvmsg() paths never
          accidently copy uninitialized memory back into userspace and also
          make sure that we never try to use more that sockaddr_storage for
          building the on-kernel-stack copy of a sockaddr.  Fixes from Hannes
          Frederic Sowa.
      
       5) R8152 driver transmit flow bug fixes from Hayes Wang.
      
       6) Fix some minor fallouts from genetlink changes, from Johannes Berg
          and Michael Opdenacker.
      
       7) AF_PACKET sendmsg path can race with netdevice unregister notifier,
          fix by using RCU to make sure the network device doesn't go away
          from under us.  Fix from Daniel Borkmann.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (43 commits)
        gso: handle new frag_list of frags GRO packets
        genetlink: fix genl_set_err() group ID
        genetlink: fix genlmsg_multicast() bug
        packet: fix use after free race in send path when dev is released
        xen-netback: stop the VIF thread before unbinding IRQs
        wimax: remove dead code
        net/phy: Add the autocross feature for forced links on VSC82x4
        net/phy: Add VSC8662 support
        net/phy: Add VSC8574 support
        net/phy: Add VSC8234 support
        net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)
        net: rework recvmsg handler msg_name and msg_namelen logic
        bridge: flush br's address entry in fdb when remove the
        net: core: Always propagate flag changes to interfaces
        ipv4: fix race in concurrent ip_route_input_slow()
        r8152: fix incorrect type in assignment
        r8152: support stopping/waking tx queue
        r8152: modify the tx flow
        r8152: fix tx/rx memory overflow
        netfilter: ebt_ip6: fix source and destination matching
        ...
      d2c2ad54
    • L
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 7fa850ab
      Linus Torvalds 提交于
      Pull ARM fixes from Russell King:
       "Some small fixes for this merge window, most of them quite self
        explanatory - the biggest thing here is a fix for the ARMv7 LPAE
        suspend/resume support"
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: 7894/1: kconfig: select GENERIC_CLOCKEVENTS if HAVE_ARM_ARCH_TIMER
        ARM: 7893/1: bitops: only emit .arch_extension mp if CONFIG_SMP
        ARM: 7892/1: Fix warning for V7M builds
        ARM: 7888/1: seccomp: not compatible with ARM OABI
        ARM: 7886/1: make OABI default to off
        ARM: 7885/1: Save/Restore 64-bit TTBR registers on LPAE suspend/resume
        ARM: 7884/1: mm: Fix ECC mem policy printk
        ARM: 7883/1: fix mov to mvn conversion in case of 64 bit phys_addr_t and BE
        ARM: 7882/1: mm: fix __phys_to_virt to work with 64 bit phys_addr_t in BE case
        ARM: 7881/1: __fixup_smp read of SCU config should do byteswap in BE case
        ARM: Fix nommu.c build warning
      7fa850ab
    • L
      Merge branch 'next' of git://git.kernel.org/pub/scm/virt/kvm/kvm · c874e6fc
      Linus Torvalds 提交于
      Pull KVM fixes from Gleb Natapov.
      
      * 'next' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: kvm_clear_guest_page(): fix empty_zero_page usage
        kvm: mmu: delay mmu audit activation
        arm/arm64: KVM: Fix hyp mappings of vmalloc regions
      c874e6fc
    • L
      Merge git://git.kvack.org/~bcrl/aio-next · d0f278c1
      Linus Torvalds 提交于
      Pull aio fixes from Benjamin LaHaise.
      
      * git://git.kvack.org/~bcrl/aio-next:
        aio: nullify aio->ring_pages after freeing it
        aio: prevent double free in ioctx_alloc
        aio: Fix a trinity splat
      d0f278c1
    • L
      Merge branch 'for-3.13' of git://linux-nfs.org/~bfields/linux · 533db9b3
      Linus Torvalds 提交于
      Pull nfsd bugfixes from Bruce Fields:
       "A couple nfsd bugfixes"
      
      * 'for-3.13' of git://linux-nfs.org/~bfields/linux:
        nfsd4: fix xdr decoding of large non-write compounds
        nfsd: make sure to balance get/put_write_access
        nfsd: split up nfsd_setattr
      533db9b3
    • L
      Merge tag 'gfs2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes · c85e0727
      Linus Torvalds 提交于
      Pull GFS2 fixes from Steven Whitehouse:
       "A couple of small, but important bug fixes for GFS2.  The first one
        fixes a possible NULL pointer dereference, and the second one resolves
        a reference counting issue in one of the lesser used paths through
        atomic_open"
      
      * tag 'gfs2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes:
        GFS2: Fix ref count bug relating to atomic_open
        GFS2: fix potential NULL pointer dereference
      c85e0727
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · fb0d1eb8
      Linus Torvalds 提交于
      Pull btrfs fixes from Chris Mason:
       "Almost all of these are bug fixes.  Dave Sterba's documentation update
        is the big exception because he removed our promises to set any
        machine running Btrfs on fire"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Documentation: filesystems: update btrfs tools section
        Documentation: filesystems: add new btrfs mount options
        btrfs: update kconfig help text
        btrfs: fix bio_size_ok() for max_sectors > 0xffff
        btrfs: Use trace condition for get_extent tracepoint
        btrfs: fix typo in the log message
        Btrfs: fix list delete warning when removing ordered root from the list
        Btrfs: print bytenr instead of page pointer in check-int
        Btrfs: remove dead codes from ctree.h
        Btrfs: don't wait for ordered data outside desired range
        Btrfs: fix lockdep error in async commit
        Btrfs: avoid heavy operations in btrfs_commit_super
        Btrfs: fix __btrfs_start_workers retval
        Btrfs: disable online raid-repair on ro mounts
        Btrfs: do not inc uncorrectable_errors counter on ro scrubs
        Btrfs: only drop modified extents if we logged the whole inode
        Btrfs: make sure to copy everything if we rename
        Btrfs: don't BUG_ON() if we get an error walking backrefs
      fb0d1eb8
    • L
      Merge tag 'xfs-for-linus-v3.13-rc1-2' of git://oss.sgi.com/xfs/xfs · 6ea9786e
      Linus Torvalds 提交于
      Pull second xfs update from Ben Myers:
       "There are a couple of patches that I wasn't quite sure about in time
        for our initial 3.13 pull request, a bugfix, and an update to add Dave
        to MAINTAINERS:
      
        Here we have a performance fix for inode iversion, increased inode
        cluster size for v5 superblock filesystems, a fix for error handling
        in xfs_bmap_add_attrfork, and a MAINTAINERS update to add Dave"
      
      * tag 'xfs-for-linus-v3.13-rc1-2' of git://oss.sgi.com/xfs/xfs:
        xfs: open code inc_inode_iversion when logging an inode
        xfs: increase inode cluster size for v5 filesystems
        xfs: fix unlock in xfs_bmap_add_attrfork
        xfs: update maintainers
      6ea9786e
    • L
      Merge branch 'slab/next' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/linux · 24f971ab
      Linus Torvalds 提交于
      Pull SLAB changes from Pekka Enberg:
       "The patches from Joonsoo Kim switch mm/slab.c to use 'struct page' for
        slab internals similar to mm/slub.c.  This reduces memory usage and
        improves performance:
      
          https://lkml.org/lkml/2013/10/16/155
      
        Rest of the changes are bug fixes from various people"
      
      * 'slab/next' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/linux: (21 commits)
        mm, slub: fix the typo in mm/slub.c
        mm, slub: fix the typo in include/linux/slub_def.h
        slub: Handle NULL parameter in kmem_cache_flags
        slab: replace non-existing 'struct freelist *' with 'void *'
        slab: fix to calm down kmemleak warning
        slub: proper kmemleak tracking if CONFIG_SLUB_DEBUG disabled
        slab: rename slab_bufctl to slab_freelist
        slab: remove useless statement for checking pfmemalloc
        slab: use struct page for slab management
        slab: replace free and inuse in struct slab with newly introduced active
        slab: remove SLAB_LIMIT
        slab: remove kmem_bufctl_t
        slab: change the management method of free objects of the slab
        slab: use __GFP_COMP flag for allocating slab pages
        slab: use well-defined macro, virt_to_slab()
        slab: overloading the RCU head over the LRU for RCU free
        slab: remove cachep in struct slab_rcu
        slab: remove nodeid in struct slab
        slab: remove colouroff in struct slab
        slab: change return type of kmem_getpages() to struct page
        ...
      24f971ab
    • L
      Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc · 3bab0bf0
      Linus Torvalds 提交于
      Pull third set of powerpc updates from Benjamin Herrenschmidt:
       "This is a small collection of random bug fixes and a few improvements
        of Oops output which I deemed valuable enough to include as well.
      
        The fixes are essentially recent build breakage and regressions, and a
        couple of older bugs such as the DTL log duplication, the EEH issue
        with PCI_COMMAND_MASTER and the problem with small contexts passed to
        get/set_context with VSX enabled"
      
      * 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
        powerpc/signals: Mark VSX not saved with small contexts
        powerpc/pseries: Fix SMP=n build of rng.c
        powerpc: Make cpu_to_chip_id() available when SMP=n
        powerpc/vio: Fix a dma_mask issue of vio
        powerpc: booke: Fix build failures
        powerpc: ppc64 address space capped at 32TB, mmap randomisation disabled
        powerpc: Only print PACATMSCRATCH in oops when TM is active
        powerpc/pseries: Duplicate dtl entries sometimes sent to userspace
        powerpc: Remove a few lines of oops output
        powerpc: Print DAR and DSISR on machine check oopses
        powerpc: Fix __get_user_pages_fast() irq handling
        powerpc/eeh: More accurate log
        powerpc/eeh: Enable PCI_COMMAND_MASTER for PCI bridges
      3bab0bf0
  5. 22 11月, 2013 18 次提交
    • D
      ALSA: hda - Set current_headset_type to ALC_HEADSET_TYPE_ENUM (janitorial) · 5db4d34b
      David Henningsson 提交于
      current_headset_type should be of the HEADSET_TYPE enum, not the
      HEADSET_MODE enum. Since ALC_HEADSET_TYPE_UNKNOWN and ALC_HEADSET_MODE_UNKNOWN
      are both 0, this patch is just janitorial.
      Signed-off-by: NDavid Henningsson <david.henningsson@canonical.com>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      5db4d34b
    • T
      ALSA: hda - Provide missing pin configs for VAIO with ALC260 · d08c5ef2
      Takashi Iwai 提交于
      Some models (or maybe depending on BIOS version) of Sony VAIO with
      ALC260 give no proper pin configurations as default, resulting in the
      non-working speaker, etc.  Just provide the whole pin configurations
      via a fixup.
      Reported-by: NMatthew Markus <mmarkus@hearit.co>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      d08c5ef2
    • L
      Merge branch 'akpm' (fixes from Andrew) · a5d6e633
      Linus Torvalds 提交于
      Merge patches from Andrew Morton:
       "13 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        mm: place page->pmd_huge_pte to right union
        MAINTAINERS: add keyboard driver to Hyper-V file list
        x86, mm: do not leak page->ptl for pmd page tables
        ipc,shm: correct error return value in shmctl (SHM_UNLOCK)
        mm, mempolicy: silence gcc warning
        block/partitions/efi.c: fix bound check
        ARM: drivers/rtc/rtc-at91rm9200.c: disable interrupts at shutdown
        mm: hugetlbfs: fix hugetlbfs optimization
        kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS cleanly
        ipc,shm: fix shm_file deletion races
        mm: thp: give transparent hugepage code a separate copy_page
        checkpatch: fix "Use of uninitialized value" warnings
        configfs: fix race between dentry put and lookup
      a5d6e633
    • L
      Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 78dc53c4
      Linus Torvalds 提交于
      Pull security subsystem updates from James Morris:
       "In this patchset, we finally get an SELinux update, with Paul Moore
        taking over as maintainer of that code.
      
        Also a significant update for the Keys subsystem, as well as
        maintenance updates to Smack, IMA, TPM, and Apparmor"
      
      and since I wanted to know more about the updates to key handling,
      here's the explanation from David Howells on that:
      
       "Okay.  There are a number of separate bits.  I'll go over the big bits
        and the odd important other bit, most of the smaller bits are just
        fixes and cleanups.  If you want the small bits accounting for, I can
        do that too.
      
         (1) Keyring capacity expansion.
      
              KEYS: Consolidate the concept of an 'index key' for key access
              KEYS: Introduce a search context structure
              KEYS: Search for auth-key by name rather than target key ID
              Add a generic associative array implementation.
              KEYS: Expand the capacity of a keyring
      
           Several of the patches are providing an expansion of the capacity of a
           keyring.  Currently, the maximum size of a keyring payload is one page.
           Subtract a small header and then divide up into pointers, that only gives
           you ~500 pointers on an x86_64 box.  However, since the NFS idmapper uses
           a keyring to store ID mapping data, that has proven to be insufficient to
           the cause.
      
           Whatever data structure I use to handle the keyring payload, it can only
           store pointers to keys, not the keys themselves because several keyrings
           may point to a single key.  This precludes inserting, say, and rb_node
           struct into the key struct for this purpose.
      
           I could make an rbtree of records such that each record has an rb_node
           and a key pointer, but that would use four words of space per key stored
           in the keyring.  It would, however, be able to use much existing code.
      
           I selected instead a non-rebalancing radix-tree type approach as that
           could have a better space-used/key-pointer ratio.  I could have used the
           radix tree implementation that we already have and insert keys into it by
           their serial numbers, but that means any sort of search must iterate over
           the whole radix tree.  Further, its nodes are a bit on the capacious side
           for what I want - especially given that key serial numbers are randomly
           allocated, thus leaving a lot of empty space in the tree.
      
           So what I have is an associative array that internally is a radix-tree
           with 16 pointers per node where the index key is constructed from the key
           type pointer and the key description.  This means that an exact lookup by
           type+description is very fast as this tells us how to navigate directly to
           the target key.
      
           I made the data structure general in lib/assoc_array.c as far as it is
           concerned, its index key is just a sequence of bits that leads to a
           pointer.  It's possible that someone else will be able to make use of it
           also.  FS-Cache might, for example.
      
         (2) Mark keys as 'trusted' and keyrings as 'trusted only'.
      
              KEYS: verify a certificate is signed by a 'trusted' key
              KEYS: Make the system 'trusted' keyring viewable by userspace
              KEYS: Add a 'trusted' flag and a 'trusted only' flag
              KEYS: Separate the kernel signature checking keyring from module signing
      
           These patches allow keys carrying asymmetric public keys to be marked as
           being 'trusted' and allow keyrings to be marked as only permitting the
           addition or linkage of trusted keys.
      
           Keys loaded from hardware during kernel boot or compiled into the kernel
           during build are marked as being trusted automatically.  New keys can be
           loaded at runtime with add_key().  They are checked against the system
           keyring contents and if their signatures can be validated with keys that
           are already marked trusted, then they are marked trusted also and can
           thus be added into the master keyring.
      
           Patches from Mimi Zohar make this usable with the IMA keyrings also.
      
         (3) Remove the date checks on the key used to validate a module signature.
      
              X.509: Remove certificate date checks
      
           It's not reasonable to reject a signature just because the key that it was
           generated with is no longer valid datewise - especially if the kernel
           hasn't yet managed to set the system clock when the first module is
           loaded - so just remove those checks.
      
         (4) Make it simpler to deal with additional X.509 being loaded into the kernel.
      
              KEYS: Load *.x509 files into kernel keyring
              KEYS: Have make canonicalise the paths of the X.509 certs better to deduplicate
      
           The builder of the kernel now just places files with the extension ".x509"
           into the kernel source or build trees and they're concatenated by the
           kernel build and stuffed into the appropriate section.
      
         (5) Add support for userspace kerberos to use keyrings.
      
              KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches
              KEYS: Implement a big key type that can save to tmpfs
      
           Fedora went to, by default, storing kerberos tickets and tokens in tmpfs.
           We looked at storing it in keyrings instead as that confers certain
           advantages such as tickets being automatically deleted after a certain
           amount of time and the ability for the kernel to get at these tokens more
           easily.
      
           To make this work, two things were needed:
      
           (a) A way for the tickets to persist beyond the lifetime of all a user's
               sessions so that cron-driven processes can still use them.
      
               The problem is that a user's session keyrings are deleted when the
               session that spawned them logs out and the user's user keyring is
               deleted when the UID is deleted (typically when the last log out
               happens), so neither of these places is suitable.
      
               I've added a system keyring into which a 'persistent' keyring is
               created for each UID on request.  Each time a user requests their
               persistent keyring, the expiry time on it is set anew.  If the user
               doesn't ask for it for, say, three days, the keyring is automatically
               expired and garbage collected using the existing gc.  All the kerberos
               tokens it held are then also gc'd.
      
           (b) A key type that can hold really big tickets (up to 1MB in size).
      
               The problem is that Active Directory can return huge tickets with lots
               of auxiliary data attached.  We don't, however, want to eat up huge
               tracts of unswappable kernel space for this, so if the ticket is
               greater than a certain size, we create a swappable shmem file and dump
               the contents in there and just live with the fact we then have an
               inode and a dentry overhead.  If the ticket is smaller than that, we
               slap it in a kmalloc()'d buffer"
      
      * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (121 commits)
        KEYS: Fix keyring content gc scanner
        KEYS: Fix error handling in big_key instantiation
        KEYS: Fix UID check in keyctl_get_persistent()
        KEYS: The RSA public key algorithm needs to select MPILIB
        ima: define '_ima' as a builtin 'trusted' keyring
        ima: extend the measurement list to include the file signature
        kernel/system_certificate.S: use real contents instead of macro GLOBAL()
        KEYS: fix error return code in big_key_instantiate()
        KEYS: Fix keyring quota misaccounting on key replacement and unlink
        KEYS: Fix a race between negating a key and reading the error set
        KEYS: Make BIG_KEYS boolean
        apparmor: remove the "task" arg from may_change_ptraced_domain()
        apparmor: remove parent task info from audit logging
        apparmor: remove tsk field from the apparmor_audit_struct
        apparmor: fix capability to not use the current task, during reporting
        Smack: Ptrace access check mode
        ima: provide hash algo info in the xattr
        ima: enable support for larger default filedata hash algorithms
        ima: define kernel parameter 'ima_template=' to change configured default
        ima: add Kconfig default measurement list template
        ...
      78dc53c4
    • L
      Merge git://git.infradead.org/users/eparis/audit · 3eaded86
      Linus Torvalds 提交于
      Pull audit updates from Eric Paris:
       "Nothing amazing.  Formatting, small bug fixes, couple of fixes where
        we didn't get records due to some old VFS changes, and a change to how
        we collect execve info..."
      
      Fixed conflict in fs/exec.c as per Eric and linux-next.
      
      * git://git.infradead.org/users/eparis/audit: (28 commits)
        audit: fix type of sessionid in audit_set_loginuid()
        audit: call audit_bprm() only once to add AUDIT_EXECVE information
        audit: move audit_aux_data_execve contents into audit_context union
        audit: remove unused envc member of audit_aux_data_execve
        audit: Kill the unused struct audit_aux_data_capset
        audit: do not reject all AUDIT_INODE filter types
        audit: suppress stock memalloc failure warnings since already managed
        audit: log the audit_names record type
        audit: add child record before the create to handle case where create fails
        audit: use given values in tty_audit enable api
        audit: use nlmsg_len() to get message payload length
        audit: use memset instead of trying to initialize field by field
        audit: fix info leak in AUDIT_GET requests
        audit: update AUDIT_INODE filter rule to comparator function
        audit: audit feature to set loginuid immutable
        audit: audit feature to only allow unsetting the loginuid
        audit: allow unsetting the loginuid (with priv)
        audit: remove CONFIG_AUDIT_LOGINUID_IMMUTABLE
        audit: loginuid functions coding style
        selinux: apply selinux checks on new audit message types
        ...
      3eaded86
    • K
      mm: place page->pmd_huge_pte to right union · 7aa555bf
      Kirill A. Shutemov 提交于
      I don't know what went wrong, mis-merge or something, but ->pmd_huge_pte
      placed in wrong union within struct page.
      
      In original patch[1] it's placed to union with ->lru and ->slab, but in
      commit e009bb30 ("mm: implement split page table lock for PMD
      level") it's in union with ->index and ->freelist.
      
      That union seems also unused for pages with table tables and safe to
      re-use, but it's not what I've tested.
      
      Let's move it to original place.  It fixes indentation at least.  :)
      
      [1] https://lkml.org/lkml/2013/10/7/288Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reviewed-by: NNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      7aa555bf
    • H
      MAINTAINERS: add keyboard driver to Hyper-V file list · f92ca80b
      Haiyang Zhang 提交于
      Signed-off-by: NHaiyang Zhang <haiyangz@microsoft.com>
      Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
      Cc: "K. Y. Srinivasan" <kys@microsoft.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f92ca80b
    • K
      x86, mm: do not leak page->ptl for pmd page tables · c283610e
      Kirill A. Shutemov 提交于
      There are two code paths how page with pmd page table can be freed:
      pmd_free() and pmd_free_tlb().
      
      I've missed the second one and didn't add page table destructor call
      there.  It leads to leak of page->ptl for pmd page tables, if
      dynamically allocated page->ptl is in use.
      
      The patch adds the missed destructor and modifies documentation
      accordingly.
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reported-by: NAndrey Vagin <avagin@openvz.org>
      Tested-by: NAndrey Vagin <avagin@openvz.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c283610e
    • J
      ipc,shm: correct error return value in shmctl (SHM_UNLOCK) · 3a72660b
      Jesper Nilsson 提交于
      Commit 2caacaa8 ("ipc,shm: shorten critical region for shmctl")
      restructured the ipc shm to shorten critical region, but introduced a
      path where the return value could be -EPERM, even if the operation
      actually was performed.
      
      Before the commit, the err return value was reset by the return value
      from security_shm_shmctl() after the if (!ns_capable(...)) statement.
      
      Now, we still exit the if statement with err set to -EPERM, and in the
      case of SHM_UNLOCK, it is not reset at all, and used as the return value
      from shmctl.
      
      To fix this, we only set err when errors occur, leaving the fallthrough
      case alone.
      Signed-off-by: NJesper Nilsson <jesper.nilsson@axis.com>
      Cc: Davidlohr Bueso <davidlohr@hp.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Michel Lespinasse <walken@google.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: <stable@vger.kernel.org>	[3.12.x]
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3a72660b
    • D
      mm, mempolicy: silence gcc warning · b7a9f420
      David Rientjes 提交于
      Fengguang Wu reports that compiling mm/mempolicy.c results in a warning:
      
        mm/mempolicy.c: In function 'mpol_to_str':
        mm/mempolicy.c:2878:2: error: format not a string literal and no format arguments
      
      Kees says this is because he is using -Wformat-security.
      
      Silence the warning.
      Signed-off-by: NDavid Rientjes <rientjes@google.com>
      Reported-by: NFengguang Wu <fengguang.wu@intel.com>
      Suggested-by: NKees Cook <keescook@chromium.org>
      Acked-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      b7a9f420
    • A
      block/partitions/efi.c: fix bound check · 49204c11
      Antti P Miettinen 提交于
      Use ARRAY_SIZE instead of sizeof to get proper max for label length.
      
      Since this is just a read out of bounds it's not that bad, but the
      problem becomes user-visible eg if one tries to use DEBUG_PAGEALLOC and
      DEBUG_RODATA, at least with some enhancements from Hiroshi.  Of course
      the destination array can contain garbage when we read beyond the end of
      source array so that would be another user-visible problem.
      Signed-off-by: NAntti P Miettinen <amiettinen@nvidia.com>
      Reviewed-by: NHiroshi Doyu <hdoyu@nvidia.com>
      Tested-by: NHiroshi Doyu <hdoyu@nvidia.com>
      Cc: Will Drewry <wad@chromium.org>
      Cc: Matt Fleming <matt.fleming@intel.com>
      Acked-by: NDavidlohr Bueso <davidlohr@hp.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      49204c11
    • J
      ARM: drivers/rtc/rtc-at91rm9200.c: disable interrupts at shutdown · 51a0d036
      Johan Hovold 提交于
      Make sure RTC-interrupts are disabled at shutdown.
      
      As the RTC is generally powered by backup power (VDDBU), its interrupts
      are not disabled on wake-up, user, watchdog or software reset.  This
      could cause troubles on other systems (e.g.  older kernels) if an
      interrupt occurs before a handler has been installed at next boot.
      
      Let us be well-behaved and disable them on clean shutdowns at least (as
      do the RTT-based rtc-at91sam9 driver).
      Signed-off-by: NJohan Hovold <jhovold@gmail.com>
      Acked-by: NNicolas Ferre <nicolas.ferre@atmel.com>
      Cc: Jean-Christophe Plagniol-Villard <plagnioj@jcrosoft.com>
      Cc: Andrew Victor <linux@maxim.org.za>
      Cc: Alessandro Zummo <a.zummo@towertech.it>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      51a0d036
    • A
      mm: hugetlbfs: fix hugetlbfs optimization · 27c73ae7
      Andrea Arcangeli 提交于
      Commit 7cb2ef56 ("mm: fix aio performance regression for database
      caused by THP") can cause dereference of a dangling pointer if
      split_huge_page runs during PageHuge() if there are updates to the
      tail_page->private field.
      
      Also it is repeating compound_head twice for hugetlbfs and it is running
      compound_head+compound_trans_head for THP when a single one is needed in
      both cases.
      
      The new code within the PageSlab() check doesn't need to verify that the
      THP page size is never bigger than the smallest hugetlbfs page size, to
      avoid memory corruption.
      
      A longstanding theoretical race condition was found while fixing the
      above (see the change right after the skip_unlock label, that is
      relevant for the compound_lock path too).
      
      By re-establishing the _mapcount tail refcounting for all compound
      pages, this also fixes the below problem:
      
        echo 0 >/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
      
        BUG: Bad page state in process bash  pfn:59a01
        page:ffffea000139b038 count:0 mapcount:10 mapping:          (null) index:0x0
        page flags: 0x1c00000000008000(tail)
        Modules linked in:
        CPU: 6 PID: 2018 Comm: bash Not tainted 3.12.0+ #25
        Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
        Call Trace:
          dump_stack+0x55/0x76
          bad_page+0xd5/0x130
          free_pages_prepare+0x213/0x280
          __free_pages+0x36/0x80
          update_and_free_page+0xc1/0xd0
          free_pool_huge_page+0xc2/0xe0
          set_max_huge_pages.part.58+0x14c/0x220
          nr_hugepages_store_common.isra.60+0xd0/0xf0
          nr_hugepages_store+0x13/0x20
          kobj_attr_store+0xf/0x20
          sysfs_write_file+0x189/0x1e0
          vfs_write+0xc5/0x1f0
          SyS_write+0x55/0xb0
          system_call_fastpath+0x16/0x1b
      Signed-off-by: NKhalid Aziz <khalid.aziz@oracle.com>
      Signed-off-by: NAndrea Arcangeli <aarcange@redhat.com>
      Tested-by: NKhalid Aziz <khalid.aziz@oracle.com>
      Cc: Pravin Shelar <pshelar@nicira.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Ben Hutchings <bhutchings@solarflare.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Johannes Weiner <jweiner@redhat.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: Minchan Kim <minchan@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      27c73ae7
    • Y
      kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS cleanly · 044c8d4b
      Yuanhan Liu 提交于
      Remove CONFIG_USE_GENERIC_SMP_HELPERS left by commit 0a06ff06
      ("kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS").
      Signed-off-by: NYuanhan Liu <yuanhan.liu@linux.intel.com>
      Cc: Christoph Hellwig <hch@infradead.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      044c8d4b
    • G
      ipc,shm: fix shm_file deletion races · a399b29d
      Greg Thelen 提交于
      When IPC_RMID races with other shm operations there's potential for
      use-after-free of the shm object's associated file (shm_file).
      
      Here's the race before this patch:
      
        TASK 1                     TASK 2
        ------                     ------
        shm_rmid()
          ipc_lock_object()
                                   shmctl()
                                   shp = shm_obtain_object_check()
      
          shm_destroy()
            shum_unlock()
            fput(shp->shm_file)
                                   ipc_lock_object()
                                   shmem_lock(shp->shm_file)
                                   <OOPS>
      
      The oops is caused because shm_destroy() calls fput() after dropping the
      ipc_lock.  fput() clears the file's f_inode, f_path.dentry, and
      f_path.mnt, which causes various NULL pointer references in task 2.  I
      reliably see the oops in task 2 if with shmlock, shmu
      
      This patch fixes the races by:
      1) set shm_file=NULL in shm_destroy() while holding ipc_object_lock().
      2) modify at risk operations to check shm_file while holding
         ipc_object_lock().
      
      Example workloads, which each trigger oops...
      
      Workload 1:
        while true; do
          id=$(shmget 1 4096)
          shm_rmid $id &
          shmlock $id &
          wait
        done
      
        The oops stack shows accessing NULL f_inode due to racing fput:
          _raw_spin_lock
          shmem_lock
          SyS_shmctl
      
      Workload 2:
        while true; do
          id=$(shmget 1 4096)
          shmat $id 4096 &
          shm_rmid $id &
          wait
        done
      
        The oops stack is similar to workload 1 due to NULL f_inode:
          touch_atime
          shmem_mmap
          shm_mmap
          mmap_region
          do_mmap_pgoff
          do_shmat
          SyS_shmat
      
      Workload 3:
        while true; do
          id=$(shmget 1 4096)
          shmlock $id
          shm_rmid $id &
          shmunlock $id &
          wait
        done
      
        The oops stack shows second fput tripping on an NULL f_inode.  The
        first fput() completed via from shm_destroy(), but a racing thread did
        a get_file() and queued this fput():
          locks_remove_flock
          __fput
          ____fput
          task_work_run
          do_notify_resume
          int_signal
      
      Fixes: c2c737a0 ("ipc,shm: shorten critical region for shmat")
      Fixes: 2caacaa8 ("ipc,shm: shorten critical region for shmctl")
      Signed-off-by: NGreg Thelen <gthelen@google.com>
      Cc: Davidlohr Bueso <davidlohr@hp.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Manfred Spraul <manfred@colorfullife.com>
      Cc: <stable@vger.kernel.org>  # 3.10.17+ 3.11.6+
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a399b29d
    • D
      mm: thp: give transparent hugepage code a separate copy_page · 30b0a105
      Dave Hansen 提交于
      Right now, the migration code in migrate_page_copy() uses copy_huge_page()
      for hugetlbfs and thp pages:
      
             if (PageHuge(page) || PageTransHuge(page))
                      copy_huge_page(newpage, page);
      
      So, yay for code reuse.  But:
      
        void copy_huge_page(struct page *dst, struct page *src)
        {
              struct hstate *h = page_hstate(src);
      
      and a non-hugetlbfs page has no page_hstate().  This works 99% of the
      time because page_hstate() determines the hstate from the page order
      alone.  Since the page order of a THP page matches the default hugetlbfs
      page order, it works.
      
      But, if you change the default huge page size on the boot command-line
      (say default_hugepagesz=1G), then we might not even *have* a 2MB hstate
      so page_hstate() returns null and copy_huge_page() oopses pretty fast
      since copy_huge_page() dereferences the hstate:
      
        void copy_huge_page(struct page *dst, struct page *src)
        {
              struct hstate *h = page_hstate(src);
              if (unlikely(pages_per_huge_page(h) > MAX_ORDER_NR_PAGES)) {
        ...
      
      Mel noticed that the migration code is really the only user of these
      functions.  This moves all the copy code over to migrate.c and makes
      copy_huge_page() work for THP by checking for it explicitly.
      
      I believe the bug was introduced in commit b32967ff ("mm: numa: Add
      THP migration for the NUMA working set scanning fault case")
      
      [akpm@linux-foundation.org: fix coding-style and comment text, per Naoya Horiguchi]
      Signed-off-by: NDave Hansen <dave.hansen@linux.intel.com>
      Acked-by: NMel Gorman <mgorman@suse.de>
      Reviewed-by: NNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Hillf Danton <dhillf@gmail.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Tested-by: NDave Jiang <dave.jiang@intel.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      30b0a105
    • J
      checkpatch: fix "Use of uninitialized value" warnings · c11230f4
      Joe Perches 提交于
      checkpatch is currently confused about some complex macros and references
      undefined variables $stat and $cond.
      
      Make sure these are defined before using them.
      Signed-off-by: NJoe Perches <joe@perches.com>
      Reported-by: NGerhard Sittig <gsi@denx.de>
      Acked-by: NAndy Whitcroft <apw@canonical.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c11230f4
    • J
      configfs: fix race between dentry put and lookup · 76ae281f
      Junxiao Bi 提交于
      A race window in configfs, it starts from one dentry is UNHASHED and end
      before configfs_d_iput is called.  In this window, if a lookup happen,
      since the original dentry was UNHASHED, so a new dentry will be
      allocated, and then in configfs_attach_attr(), sd->s_dentry will be
      updated to the new dentry.  Then in configfs_d_iput(),
      BUG_ON(sd->s_dentry != dentry) will be triggered and system panic.
      
      sys_open:                     sys_close:
       ...                           fput
                                      dput
                                       dentry_kill
                                        __d_drop <--- dentry unhashed here,
                                                 but sd->dentry still point
                                                 to this dentry.
      
       lookup_real
        configfs_lookup
         configfs_attach_attr---> update sd->s_dentry
                                  to new allocated dentry here.
      
                                         d_kill
                                           configfs_d_iput <--- BUG_ON(sd->s_dentry != dentry)
                                                           triggered here.
      
      To fix it, change configfs_d_iput to not update sd->s_dentry if
      sd->s_count > 2, that means there are another dentry is using the sd
      beside the one that is going to be put.  Use configfs_dirent_lock in
      configfs_attach_attr to sync with configfs_d_iput.
      
      With the following steps, you can reproduce the bug.
      
      1. enable ocfs2, this will mount configfs at /sys/kernel/config and
         fill configure in it.
      
      2. run the following script.
      	while [ 1 ]; do cat /sys/kernel/config/cluster/$your_cluster_name/idle_timeout_ms > /dev/null; done &
      	while [ 1 ]; do cat /sys/kernel/config/cluster/$your_cluster_name/idle_timeout_ms > /dev/null; done &
      Signed-off-by: NJunxiao Bi <junxiao.bi@oracle.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      76ae281f