1. 08 8月, 2010 12 次提交
  2. 02 8月, 2010 1 次提交
  3. 31 7月, 2010 1 次提交
  4. 30 7月, 2010 2 次提交
    • D
      CRED: Fix __task_cred()'s lockdep check and banner comment · 8f92054e
      David Howells 提交于
      Fix __task_cred()'s lockdep check by removing the following validation
      condition:
      
      	lockdep_tasklist_lock_is_held()
      
      as commit_creds() does not take the tasklist_lock, and nor do most of the
      functions that call it, so this check is pointless and it can prevent
      detection of the RCU lock not being held if the tasklist_lock is held.
      
      Instead, add the following validation condition:
      
      	task->exit_state >= 0
      
      to permit the access if the target task is dead and therefore unable to change
      its own credentials.
      
      Fix __task_cred()'s comment to:
      
       (1) discard the bit that says that the caller must prevent the target task
           from being deleted.  That shouldn't need saying.
      
       (2) Add a comment indicating the result of __task_cred() should not be passed
           directly to get_cred(), but rather than get_task_cred() should be used
           instead.
      
      Also put a note into the documentation to enforce this point there too.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NJiri Olsa <jolsa@redhat.com>
      Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8f92054e
    • D
      CRED: Fix get_task_cred() and task_state() to not resurrect dead credentials · de09a977
      David Howells 提交于
      It's possible for get_task_cred() as it currently stands to 'corrupt' a set of
      credentials by incrementing their usage count after their replacement by the
      task being accessed.
      
      What happens is that get_task_cred() can race with commit_creds():
      
      	TASK_1			TASK_2			RCU_CLEANER
      	-->get_task_cred(TASK_2)
      	rcu_read_lock()
      	__cred = __task_cred(TASK_2)
      				-->commit_creds()
      				old_cred = TASK_2->real_cred
      				TASK_2->real_cred = ...
      				put_cred(old_cred)
      				  call_rcu(old_cred)
      		[__cred->usage == 0]
      	get_cred(__cred)
      		[__cred->usage == 1]
      	rcu_read_unlock()
      							-->put_cred_rcu()
      							[__cred->usage == 1]
      							panic()
      
      However, since a tasks credentials are generally not changed very often, we can
      reasonably make use of a loop involving reading the creds pointer and using
      atomic_inc_not_zero() to attempt to increment it if it hasn't already hit zero.
      
      If successful, we can safely return the credentials in the knowledge that, even
      if the task we're accessing has released them, they haven't gone to the RCU
      cleanup code.
      
      We then change task_state() in procfs to use get_task_cred() rather than
      calling get_cred() on the result of __task_cred(), as that suffers from the
      same problem.
      
      Without this change, a BUG_ON in __put_cred() or in put_cred_rcu() can be
      tripped when it is noticed that the usage count is not zero as it ought to be,
      for example:
      
      kernel BUG at kernel/cred.c:168!
      invalid opcode: 0000 [#1] SMP
      last sysfs file: /sys/kernel/mm/ksm/run
      CPU 0
      Pid: 2436, comm: master Not tainted 2.6.33.3-85.fc13.x86_64 #1 0HR330/OptiPlex
      745
      RIP: 0010:[<ffffffff81069881>]  [<ffffffff81069881>] __put_cred+0xc/0x45
      RSP: 0018:ffff88019e7e9eb8  EFLAGS: 00010202
      RAX: 0000000000000001 RBX: ffff880161514480 RCX: 00000000ffffffff
      RDX: 00000000ffffffff RSI: ffff880140c690c0 RDI: ffff880140c690c0
      RBP: ffff88019e7e9eb8 R08: 00000000000000d0 R09: 0000000000000000
      R10: 0000000000000001 R11: 0000000000000040 R12: ffff880140c690c0
      R13: ffff88019e77aea0 R14: 00007fff336b0a5c R15: 0000000000000001
      FS:  00007f12f50d97c0(0000) GS:ffff880007400000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f8f461bc000 CR3: 00000001b26ce000 CR4: 00000000000006f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process master (pid: 2436, threadinfo ffff88019e7e8000, task ffff88019e77aea0)
      Stack:
       ffff88019e7e9ec8 ffffffff810698cd ffff88019e7e9ef8 ffffffff81069b45
      <0> ffff880161514180 ffff880161514480 ffff880161514180 0000000000000000
      <0> ffff88019e7e9f28 ffffffff8106aace 0000000000000001 0000000000000246
      Call Trace:
       [<ffffffff810698cd>] put_cred+0x13/0x15
       [<ffffffff81069b45>] commit_creds+0x16b/0x175
       [<ffffffff8106aace>] set_current_groups+0x47/0x4e
       [<ffffffff8106ac89>] sys_setgroups+0xf6/0x105
       [<ffffffff81009b02>] system_call_fastpath+0x16/0x1b
      Code: 48 8d 71 ff e8 7e 4e 15 00 85 c0 78 0b 8b 75 ec 48 89 df e8 ef 4a 15 00
      48 83 c4 18 5b c9 c3 55 8b 07 8b 07 48 89 e5 85 c0 74 04 <0f> 0b eb fe 65 48 8b
      04 25 00 cc 00 00 48 3b b8 58 04 00 00 75
      RIP  [<ffffffff81069881>] __put_cred+0xc/0x45
       RSP <ffff88019e7e9eb8>
      ---[ end trace df391256a100ebdd ]---
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NJiri Olsa <jolsa@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      de09a977
  5. 28 7月, 2010 1 次提交
  6. 25 7月, 2010 2 次提交
  7. 23 7月, 2010 3 次提交
    • S
      vmlinux.lds: fix .data..init_task output section (fix popwerpc boot) · da5e37ef
      Sam Ravnborg 提交于
      The .data..init_task output section was missing
      a load offset causing a popwerpc target to fail to boot.
      
      Sean MacLennan tracked it down to the definition of
      INIT_TASK_DATA_SECTION().
      
      There are only two users of INIT_TASK_DATA_SECTION()
      in the kernel today: cris and popwerpc.
      cris do not support relocatable kernels and is thus not
      impacted by this change.
      
      Fix INIT_TASK_DATA_SECTION() to specify load offset like
      all other output sections.
      Reported-by: NSean MacLennan <smaclennan@pikatech.com>
      Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      da5e37ef
    • L
      ACPI: skip checking BM_STS if the BIOS doesn't ask for it · 718be4aa
      Len Brown 提交于
      It turns out that there is a bit in the _CST for Intel FFH C3
      that tells the OS if we should be checking BM_STS or not.
      
      Linux has been unconditionally checking BM_STS.
      If the chip-set is configured to enable BM_STS,
      it can retard or completely prevent entry into
      deep C-states -- as illustrated by turbostat:
      
      http://userweb.kernel.org/~lenb/acpi/utils/pmtools/turbostat/
      
      ref: Intel Processor Vendor-Specific ACPI Interface Specification
      table 4 "_CST FFH GAS Field Encoding"
      Bit 1: Set to 1 if OSPM should use Bus Master avoidance for this C-state
      
      https://bugzilla.kernel.org/show_bug.cgi?id=15886Signed-off-by: NLen Brown <len.brown@intel.com>
      718be4aa
    • H
      macvtap: Limit packet queue length · 8a35747a
      Herbert Xu 提交于
      Mark Wagner reported OOM symptoms when sending UDP traffic over
      a macvtap link to a kvm receiver.
      
      This appears to be caused by the fact that macvtap packet queues
      are unlimited in length.  This means that if the receiver can't
      keep up with the rate of flow, then we will hit OOM. Of course
      it gets worse if the OOM killer then decides to kill the receiver.
      
      This patch imposes a cap on the packet queue length, in the same
      way as the tuntap driver, using the device TX queue length.
      
      Please note that macvtap currently has no way of giving congestion
      notification, that means the software device TX queue cannot be
      used and packets will always be dropped once the macvtap driver
      queue fills up.
      
      This shouldn't be a great problem for the scenario where macvtap
      is used to feed a kvm receiver, as the traffic is most likely
      external in origin so congestion notification can't be applied
      anyway.
      
      Of course, if anybody decides to complain about guest-to-guest
      UDP packet loss down the track, then we may have to revisit this.
      
      Incidentally, this patch also fixes a real memory leak when
      macvtap_get_queue fails.
      
      Chris Wright noticed that for this patch to work, we need a
      non-zero TX queue length.  This patch includes his work to change
      the default macvtap TX queue length to 500.
      Reported-by: NMark Wagner <mwagner@redhat.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: NChris Wright <chrisw@sous-sol.org>
      Acked-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8a35747a
  8. 22 7月, 2010 1 次提交
  9. 21 7月, 2010 4 次提交
    • M
      math-emu: correct test for downshifting fraction in _FP_FROM_INT() · f8324e20
      Mikael Pettersson 提交于
      The kernel's math-emu code contains a macro _FP_FROM_INT() which is
      used to convert an integer to a raw normalized floating-point value.
      It does this basically in three steps:
      
      1. Compute the exponent from the number of leading zero bits.
      2. Downshift large fractions to put the MSB in the right position
         for normalized fractions.
      3. Upshift small fractions to put the MSB in the right position.
      
      There is an boundary error in step 2, causing a fraction with its
      MSB exactly one bit above the normalized MSB position to not be
      downshifted.  This results in a non-normalized raw float, which when
      packed becomes a massively inaccurate representation for that input.
      
      The impact of this depends on a number of arch-specific factors,
      but it is known to have broken emulation of FXTOD instructions
      on UltraSPARC III, which was originally reported as GCC bug 44631
      <http://gcc.gnu.org/bugzilla/show_bug.cgi?id=44631>.
      
      Any arch which uses math-emu to emulate conversions from integers to
      same-size floats may be affected.
      
      The fix is simple: the exponent comparison used to determine if the
      fraction should be downshifted must be "<=" not "<".
      
      I'm sending a kernel module to test this as a reply to this message.
      There are also SPARC user-space test cases in the GCC bug entry.
      Signed-off-by: NMikael Pettersson <mikpe@it.uu.se>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f8324e20
    • D
      include/linux/vgaarb.h: add missing part of include guard · a6a1a095
      Doug Goldstein 提交于
      vgaarb.h was missing the #define of the #ifndef at the top for the guard
      to prevent multiple #include's from causing re-define errors
      Signed-off-by: NDoug Goldstein <cardoe@gentoo.org>
      Cc: Dave Airlie <airlied@redhat.com>
      Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      a6a1a095
    • P
      vfs: fix RCU-lockdep false positive due to /proc · 844b9a87
      Paul E. McKenney 提交于
      If a single-threaded process does a file-descriptor operation, and some
      other process accesses that same file descriptor via /proc, the current
      rcu_dereference_check_fdtable() can give a false-positive RCU-lockdep
      splat due to the reference count being increased by the /proc access after
      the reference-count check in fget_light() but before the check in
      rcu_dereference_check_fdtable().
      
      This commit prevents this false positive by checking for a single-threaded
      process.  To avoid #include hell, this commit uses the wrapper for
      thread_group_empty(current) defined by rcu_my_thread_group_empty()
      provided in a separate commit.
      Located-by: NMiles Lane <miles.lane@gmail.com>
      Located-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: Al Viro <viro@ZenIV.linux.org.uk>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      844b9a87
    • S
      tracing: Properly align linker defined symbols · 07fca0e5
      Sam Ravnborg 提交于
      We define a number of symbols in the linker scipt like this:
      
          __start_syscalls_metadata = .;
          *(__syscalls_metadata)
      
      But we do not know the alignment of "." when we assign
      the __start_syscalls_metadata symbol.
      gcc started to uses bigger alignment for structs (32 bytes),
      so we saw situations where the linker due to alignment
      constraints increased the value of "." after the symbol assignment.
      
      This resulted in boot fails.
      
      Fix this by forcing a 32 byte alignment of "." before the
      assignment.
      
      This patch introduces the forced alignment for
      ftrace_events and syscalls_metadata.
      It may be required in more places.
      Reported-by: NZeev Tarantov <zeev.tarantov@gmail.com>
      Signed-off-by: NSam Ravnborg <sam@ravnborg.org>
      LKML-Reference: <20100710063459.GA14596@merkur.ravnborg.org>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      07fca0e5
  10. 20 7月, 2010 1 次提交
  11. 19 7月, 2010 1 次提交
    • D
      mm: add context argument to shrinker callback · 7f8275d0
      Dave Chinner 提交于
      The current shrinker implementation requires the registered callback
      to have global state to work from. This makes it difficult to shrink
      caches that are not global (e.g. per-filesystem caches). Pass the shrinker
      structure to the callback so that users can embed the shrinker structure
      in the context the shrinker needs to operate on and get back to it in the
      callback via container_of().
      Signed-off-by: NDave Chinner <dchinner@redhat.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      7f8275d0
  12. 17 7月, 2010 1 次提交
    • B
      PCI: fall back to original BIOS BAR addresses · 58c84eda
      Bjorn Helgaas 提交于
      If we fail to assign resources to a PCI BAR, this patch makes us try the
      original address from BIOS rather than leaving it disabled.
      
      Linux tries to make sure all PCI device BARs are inside the upstream
      PCI host bridge or P2P bridge apertures, reassigning BARs if necessary.
      Windows does similar reassignment.
      
      Before this patch, if we could not move a BAR into an aperture, we left
      the resource unassigned, i.e., at address zero.  Windows leaves such BARs
      at the original BIOS addresses, and this patch makes Linux do the same.
      
      This is a bit ugly because we disable the resource long before we try to
      reassign it, so we have to keep track of the BIOS BAR address somewhere.
      For lack of a better place, I put it in the struct pci_dev.
      
      I think it would be cleaner to attempt the assignment immediately when the
      claim fails, so we could easily remember the original address.  But we
      currently claim motherboard resources in the middle, after attempting to
      claim PCI resources and before assigning new PCI resources, and changing
      that is a fairly big job.
      
      Addresses https://bugzilla.kernel.org/show_bug.cgi?id=16263Reported-by: NAndrew <nitr0@seti.kr.ua>
      Tested-by: NAndrew <nitr0@seti.kr.ua>
      Signed-off-by: NBjorn Helgaas <bjorn.helgaas@hp.com>
      Signed-off-by: NJesse Barnes <jbarnes@virtuousgeek.org>
      58c84eda
  13. 16 7月, 2010 1 次提交
    • J
      jbd2/ocfs2: Fix block checksumming when a buffer is used in several transactions · 13ceef09
      Jan Kara 提交于
      OCFS2 uses t_commit trigger to compute and store checksum of the just
      committed blocks. When a buffer has b_frozen_data, checksum is computed
      for it instead of b_data but this can result in an old checksum being
      written to the filesystem in the following scenario:
      
      1) transaction1 is opened
      2) handle1 is opened
      3) journal_access(handle1, bh)
          - This sets jh->b_transaction to transaction1
      4) modify(bh)
      5) journal_dirty(handle1, bh)
      6) handle1 is closed
      7) start committing transaction1, opening transaction2
      8) handle2 is opened
      9) journal_access(handle2, bh)
          - This copies off b_frozen_data to make it safe for transaction1 to commit.
            jh->b_next_transaction is set to transaction2.
      10) jbd2_journal_write_metadata() checksums b_frozen_data
      11) the journal correctly writes b_frozen_data to the disk journal
      12) handle2 is closed
          - There was no dirty call for the bh on handle2, so it is never queued for
            any more journal operation
      13) Checkpointing finally happens, and it just spools the bh via normal buffer
      writeback.  This will write b_data, which was never triggered on and thus
      contains a wrong (old) checksum.
      
      This patch fixes the problem by calling the trigger at the moment data is
      frozen for journal commit - i.e., either when b_frozen_data is created by
      do_get_write_access or just before we write a buffer to the log if
      b_frozen_data does not exist. We also rename the trigger to t_frozen as
      that better describes when it is called.
      Signed-off-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NMark Fasheh <mfasheh@suse.com>
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      13ceef09
  14. 15 7月, 2010 1 次提交
    • T
      net: fix problem in reading sock TX queue · b0f77d0e
      Tom Herbert 提交于
      Fix problem in reading the tx_queue recorded in a socket.  In
      dev_pick_tx, the TX queue is read by doing a check with
      sk_tx_queue_recorded on the socket, followed by a sk_tx_queue_get.
      The problem is that there is not mutual exclusion across these
      calls in the socket so it it is possible that the queue in the
      sock can be invalidated after sk_tx_queue_recorded is called so
      that sk_tx_queue get returns -1, which sets 65535 in queue_index
      and thus dev_pick_tx returns 65536 which is a bogus queue and
      can cause crash in dev_queue_xmit.
      
      We fix this by only calling sk_tx_queue_get which does the proper
      checks.  The interface is that sk_tx_queue_get returns the TX queue
      if the sock argument is non-NULL and TX queue is recorded, else it
      returns -1.  sk_tx_queue_recorded is no longer used so it can be
      completely removed.
      Signed-off-by: NTom Herbert <therbert@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b0f77d0e
  15. 14 7月, 2010 1 次提交
  16. 10 7月, 2010 1 次提交
  17. 09 7月, 2010 1 次提交
  18. 07 7月, 2010 2 次提交
    • F
      drm/ttm: Allocate the page pool manager in the heap. · 5870a4d9
      Francisco Jerez 提交于
      Repeated ttm_page_alloc_init/fini fails noisily because the pool
      manager kobj isn't zeroed out between uses (we could do just that but
      statically allocated kobjects are generally considered a bad thing).
      Move it to kzalloc'ed memory.
      
      Note that this patch drops the refcounting behavior of the pool
      allocator init/fini functions: it would have led to a race condition
      in its current form, and anyway it was never exploited.
      
      This fixes a regression with reloading kms modules at runtime, since
      page allocator was introduced.
      Signed-off-by: NFrancisco Jerez <currojerez@riseup.net>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      5870a4d9
    • A
      VFS: introduce s_dirty accessors · 140236b4
      Artem Bityutskiy 提交于
      This patch introduces 3 VFS accessors: 'sb_mark_dirty()',
      'sb_mark_clean()', and 'sb_is_dirty()'. They simply
      set 'sb->s_dirt' or test 'sb->s_dirt'. The plan is to make
      every FS use these accessors later instead of manipulating
      the 'sb->s_dirt' flag directly.
      
      Ultimately, this change is a preparation for the periodic
      superblock synchronization optimization which is about
      preventing the "sync_supers" kernel thread from waking up
      even if there is nothing to synchronize.
      
      This patch does not do any functional change, just adds
      accessor functions.
      Signed-off-by: NArtem Bityutskiy <Artem.Bityutskiy@nokia.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      140236b4
  19. 06 7月, 2010 3 次提交
    • C
      writeback: simplify the write back thread queue · 83ba7b07
      Christoph Hellwig 提交于
      First remove items from work_list as soon as we start working on them.  This
      means we don't have to track any pending or visited state and can get
      rid of all the RCU magic freeing the work items - we can simply free
      them once the operation has finished.  Second use a real completion for
      tracking synchronous requests - if the caller sets the completion pointer
      we complete it, otherwise use it as a boolean indicator that we can free
      the work item directly.  Third unify struct wb_writeback_args and struct
      bdi_work into a single data structure, wb_writeback_work.  Previous we
      set all parameters into a struct wb_writeback_args, copied it into
      struct bdi_work, copied it again on the stack to use it there.  Instead
      of just allocate one structure dynamically or on the stack and use it
      all the way through the stack.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJens Axboe <jaxboe@fusionio.com>
      83ba7b07
    • C
      writeback: split writeback_inodes_wb · edadfb10
      Christoph Hellwig 提交于
      The case where we have a superblock doesn't require a loop here as we scan
      over all inodes in writeback_sb_inodes. Split it out into a separate helper
      to make the code simpler.  This also allows to get rid of the sb member in
      struct writeback_control, which was rather out of place there.
      
      Also update the comments in writeback_sb_inodes that explain the handling
      of inodes from wrong superblocks.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJens Axboe <jaxboe@fusionio.com>
      edadfb10
    • C
      writeback: remove writeback_inodes_wbc · 9c3a8ee8
      Christoph Hellwig 提交于
      This was just an odd wrapper around writeback_inodes_wb.  Removing this
      also allows to get rid of the bdi member of struct writeback_control
      which was rather out of place there.
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJens Axboe <jaxboe@fusionio.com>
      9c3a8ee8