1. 08 8月, 2010 8 次提交
    • T
      O2net: Disallow o2net accept connection request from itself. · 415cf32c
      Tristan Ye 提交于
      Currently, o2net_accept_one() is allowed to accept a connection from
      listening node itself, such a fake connection will not be successfully
      established due to no handshake detected afterwards, and later end up
      with triggering connecting worker in a loop.
      
      We're going to fix this by treating such connection request as 'invalid',
      since we've got no chance of requesting connection from a node to itself
      in a OCFS2 cluster.
      
      The fix doesn't hurt user's scan for o2net-listener, it always gets a
      successful connection from userpace.
      Signed-off-by: NTristan Ye <tristan.ye@oracle.com>
      Acked-by: NSunil Mushran <sunil.mushran@oracle.com>
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      415cf32c
    • W
      ocfs2/dlm: remove potential deadlock -V3 · b11f1f1a
      Wengang Wang 提交于
      When we need to take both dlm_domain_lock and dlm->spinlock, we should take
      them in order of: dlm_domain_lock then dlm->spinlock.
      
      There is pathes disobey this order. That is calling dlm_lockres_put() with
      dlm->spinlock held in dlm_run_purge_list. dlm_lockres_put() calls dlm_put() at
      the ref and dlm_put() locks on dlm_domain_lock.
      
      Fix:
      Don't grab/put the dlm when the initialising/releasing lockres.
      That grab is not required because we don't call dlm_unregister_domain()
      based on refcount.
      Signed-off-by: NWengang Wang <wen.gang.wang@oracle.com>
      Cc: stable@kernel.org
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      b11f1f1a
    • W
      ocfs2/dlm: avoid incorrect bit set in refmap on recovery master · a524812b
      Wengang Wang 提交于
      In the following situation, there remains an incorrect bit in refmap on the
      recovery master. Finally the recovery master will fail at purging the lockres
      due to the incorrect bit in refmap.
      
      1) node A has no interest on lockres A any longer, so it is purging it.
      2) the owner of lockres A is node B, so node A is sending de-ref message
      to node B.
      3) at this time, node B crashed. node C becomes the recovery master. it recovers
      lockres A(because the master is the dead node B).
      4) node A migrated lockres A to node C with a refbit there.
      5) node A failed to send de-ref message to node B because it crashed. The failure
      is ignored. no other action is done for lockres A any more.
      
      For mormal, re-send the deref message to it to recovery master can fix it. Well,
      ignoring the failure of deref to the original master and not recovering the lockres
      to recovery master has the same effect. And the later is simpler.
      Signed-off-by: NWengang Wang <wen.gang.wang@oracle.com>
      Acked-by: NSrinivas Eeda <srinivas.eeda@oracle.com>
      Cc: stable@kernel.org
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      a524812b
    • J
      Fix the nested PR lock calling issue in ACL · 845b6cf3
      Jiaju Zhang 提交于
      Hi,
      
      Thanks a lot for all the review and comments so far;) I'd like to send
      the improved (V4) version of this patch.
      
      This patch fixes a deadlock in OCFS2 ACL. We found this bug in OCFS2
      and Samba integration using scenario, the symptom is several smbd
      processes will be hung under heavy workload. Finally we found out it
      is the nested PR lock calling that leads to this deadlock:
      
       node1        node2
                    gr PR
                      |
                      V
       PR(EX)---> BAST:OCFS2_LOCK_BLOCKED
                      |
                      V
                    rq PR
                      |
                      V
                    wait=1
      
      After requesting the 2nd PR lock, the process "smbd" went into D
      state. It can only be woken up when the 1st PR lock's RO holder equals
      zero. There should be an ocfs2_inode_unlock in the calling path later
      on, which can decrement the RO holder. But since it has been in
      uninterruptible sleep, the unlock function has no chance to be called.
      
      The related stack trace is:
      smbd          D ffff8800013d0600     0  9522   5608 0x00000000
       ffff88002ca7fb18 0000000000000282 ffff88002f964500 ffff88002ca7fa98
       ffff8800013d0600 ffff88002ca7fae0 ffff88002f964340 ffff88002f964340
       ffff88002ca7ffd8 ffff88002ca7ffd8 ffff88002f964340 ffff88002f964340
      Call Trace:
      [<ffffffff80350425>] schedule_timeout+0x175/0x210
      [<ffffffff8034f580>] wait_for_common+0xf0/0x210
      [<ffffffffa03e12b9>] __ocfs2_cluster_lock+0x3b9/0xa90 [ocfs2]
      [<ffffffffa03e7665>] ocfs2_inode_lock_full_nested+0x255/0xdb0 [ocfs2]
      [<ffffffffa0446019>] ocfs2_get_acl+0x69/0x120 [ocfs2]
      [<ffffffffa0446368>] ocfs2_check_acl+0x28/0x80 [ocfs2]
      [<ffffffff800e3507>] acl_permission_check+0x57/0xb0
      [<ffffffff800e357d>] generic_permission+0x1d/0xc0
      [<ffffffffa03eecea>] ocfs2_permission+0x10a/0x1d0 [ocfs2]
      [<ffffffff800e3f65>] inode_permission+0x45/0x100
      [<ffffffff800d86b3>] sys_chdir+0x53/0x90
      [<ffffffff80007458>] system_call_fastpath+0x16/0x1b
      [<00007f34a4ef6927>] 0x7f34a4ef6927
      
      For details, please see:
      https://bugzilla.novell.com/show_bug.cgi?id=614332 and
      http://oss.oracle.com/bugzilla/show_bug.cgi?id=1278Signed-off-by: NJiaju Zhang <jjzhang@suse.de>
      Acked-by: NMark Fasheh <mfasheh@suse.com>
      Cc: stable@kernel.org
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      845b6cf3
    • T
      ocfs2: Count more refcount records in file system fragmentation. · 8a2e70c4
      Tao Ma 提交于
      The refcount record calculation in ocfs2_calc_refcount_meta_credits
      is too optimistic that we can always allocate contiguous clusters
      and handle an already existed refcount rec as a whole. Actually
      because of file system fragmentation, we may have the chance to split
      a refcount record into 3 parts during the transaction. So consider
      the worst case in record calculation.
      
      Cc: stable@kernel.org
      Signed-off-by: NTao Ma <tao.ma@oracle.com>
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      8a2e70c4
    • S
      ocfs2 fix o2dlm dlm run purgelist (rev 3) · 7beaf243
      Srinivas Eeda 提交于
      This patch fixes two problems in dlm_run_purgelist
      
      1. If a lockres is found to be in use, dlm_run_purgelist keeps trying to purge
      the same lockres instead of trying the next lockres.
      
      2. When a lockres is found unused, dlm_run_purgelist releases lockres spinlock
      before setting DLM_LOCK_RES_DROPPING_REF and calls dlm_purge_lockres.
      spinlock is reacquired but in this window lockres can get reused. This leads
      to BUG.
      
      This patch modifies dlm_run_purgelist to skip lockres if it's in use and purge
       next lockres. It also sets DLM_LOCK_RES_DROPPING_REF before releasing the
      lockres spinlock protecting it from getting reused.
      Signed-off-by: NSrinivas Eeda <srinivas.eeda@oracle.com>
      Acked-by: NSunil Mushran <sunil.mushran@oracle.com>
      Cc: stable@kernel.org
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      7beaf243
    • W
      ocfs2/dlm: fix a dead lock · 6d98c3cc
      Wengang Wang 提交于
      When we have to take both dlm->master_lock and lockres->spinlock,
      take them in order
      
      lockres->spinlock and then dlm->master_lock.
      
      The patch fixes a violation of the rule.
      We can simply move taking dlm->master_lock to where we have dropped res->spinlock
      since when we access res->state and free mle memory we don't need master_lock's
      protection.
      Signed-off-by: NWengang Wang <wen.gang.wang@oracle.com>
      Cc: stable@kernel.org
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      6d98c3cc
    • T
      ocfs2: do not overwrite error codes in ocfs2_init_acl · 6eda3dd3
      Tiger Yang 提交于
      Setting the acl while creating a new inode depends on
      the error codes of posix_acl_create_masq. This patch fix
      a issue of overwriting the error codes of it.
      Reported-by: NPawel Zawora <pzawora@gmail.com>
      Cc: <stable@kernel.org> [ .33, .34 ]
      Signed-off-by: NTiger Yang <tiger.yang@oracle.com>
      Signed-off-by: NJoel Becker <joel.becker@oracle.com>
      6eda3dd3
  2. 02 8月, 2010 2 次提交
  3. 31 7月, 2010 13 次提交
  4. 30 7月, 2010 6 次提交
    • L
      Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6 · a2dccdb2
      Linus Torvalds 提交于
      * 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
        [S390] etr: fix clock synchronization race
        [S390] Fix IRQ tracing in case of PER
      a2dccdb2
    • L
    • L
      Merge branch 'fix/hda' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6 · e271e872
      Linus Torvalds 提交于
      * 'fix/hda' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
        ALSA: hda - Add a PC-beep workaround for ASUS P5-V
        ALSA: hda - Assume PC-beep as default for Realtek
        ALSA: hda - Don't register beep input device when no beep is available
        ALSA: hda - Fix pin-detection of Nvidia HDMI
      e271e872
    • D
      CRED: Fix __task_cred()'s lockdep check and banner comment · 8f92054e
      David Howells 提交于
      Fix __task_cred()'s lockdep check by removing the following validation
      condition:
      
      	lockdep_tasklist_lock_is_held()
      
      as commit_creds() does not take the tasklist_lock, and nor do most of the
      functions that call it, so this check is pointless and it can prevent
      detection of the RCU lock not being held if the tasklist_lock is held.
      
      Instead, add the following validation condition:
      
      	task->exit_state >= 0
      
      to permit the access if the target task is dead and therefore unable to change
      its own credentials.
      
      Fix __task_cred()'s comment to:
      
       (1) discard the bit that says that the caller must prevent the target task
           from being deleted.  That shouldn't need saying.
      
       (2) Add a comment indicating the result of __task_cred() should not be passed
           directly to get_cred(), but rather than get_task_cred() should be used
           instead.
      
      Also put a note into the documentation to enforce this point there too.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NJiri Olsa <jolsa@redhat.com>
      Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8f92054e
    • D
      CRED: Fix get_task_cred() and task_state() to not resurrect dead credentials · de09a977
      David Howells 提交于
      It's possible for get_task_cred() as it currently stands to 'corrupt' a set of
      credentials by incrementing their usage count after their replacement by the
      task being accessed.
      
      What happens is that get_task_cred() can race with commit_creds():
      
      	TASK_1			TASK_2			RCU_CLEANER
      	-->get_task_cred(TASK_2)
      	rcu_read_lock()
      	__cred = __task_cred(TASK_2)
      				-->commit_creds()
      				old_cred = TASK_2->real_cred
      				TASK_2->real_cred = ...
      				put_cred(old_cred)
      				  call_rcu(old_cred)
      		[__cred->usage == 0]
      	get_cred(__cred)
      		[__cred->usage == 1]
      	rcu_read_unlock()
      							-->put_cred_rcu()
      							[__cred->usage == 1]
      							panic()
      
      However, since a tasks credentials are generally not changed very often, we can
      reasonably make use of a loop involving reading the creds pointer and using
      atomic_inc_not_zero() to attempt to increment it if it hasn't already hit zero.
      
      If successful, we can safely return the credentials in the knowledge that, even
      if the task we're accessing has released them, they haven't gone to the RCU
      cleanup code.
      
      We then change task_state() in procfs to use get_task_cred() rather than
      calling get_cred() on the result of __task_cred(), as that suffers from the
      same problem.
      
      Without this change, a BUG_ON in __put_cred() or in put_cred_rcu() can be
      tripped when it is noticed that the usage count is not zero as it ought to be,
      for example:
      
      kernel BUG at kernel/cred.c:168!
      invalid opcode: 0000 [#1] SMP
      last sysfs file: /sys/kernel/mm/ksm/run
      CPU 0
      Pid: 2436, comm: master Not tainted 2.6.33.3-85.fc13.x86_64 #1 0HR330/OptiPlex
      745
      RIP: 0010:[<ffffffff81069881>]  [<ffffffff81069881>] __put_cred+0xc/0x45
      RSP: 0018:ffff88019e7e9eb8  EFLAGS: 00010202
      RAX: 0000000000000001 RBX: ffff880161514480 RCX: 00000000ffffffff
      RDX: 00000000ffffffff RSI: ffff880140c690c0 RDI: ffff880140c690c0
      RBP: ffff88019e7e9eb8 R08: 00000000000000d0 R09: 0000000000000000
      R10: 0000000000000001 R11: 0000000000000040 R12: ffff880140c690c0
      R13: ffff88019e77aea0 R14: 00007fff336b0a5c R15: 0000000000000001
      FS:  00007f12f50d97c0(0000) GS:ffff880007400000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f8f461bc000 CR3: 00000001b26ce000 CR4: 00000000000006f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process master (pid: 2436, threadinfo ffff88019e7e8000, task ffff88019e77aea0)
      Stack:
       ffff88019e7e9ec8 ffffffff810698cd ffff88019e7e9ef8 ffffffff81069b45
      <0> ffff880161514180 ffff880161514480 ffff880161514180 0000000000000000
      <0> ffff88019e7e9f28 ffffffff8106aace 0000000000000001 0000000000000246
      Call Trace:
       [<ffffffff810698cd>] put_cred+0x13/0x15
       [<ffffffff81069b45>] commit_creds+0x16b/0x175
       [<ffffffff8106aace>] set_current_groups+0x47/0x4e
       [<ffffffff8106ac89>] sys_setgroups+0xf6/0x105
       [<ffffffff81009b02>] system_call_fastpath+0x16/0x1b
      Code: 48 8d 71 ff e8 7e 4e 15 00 85 c0 78 0b 8b 75 ec 48 89 df e8 ef 4a 15 00
      48 83 c4 18 5b c9 c3 55 8b 07 8b 07 48 89 e5 85 c0 74 04 <0f> 0b eb fe 65 48 8b
      04 25 00 cc 00 00 48 3b b8 58 04 00 00 75
      RIP  [<ffffffff81069881>] __put_cred+0xc/0x45
       RSP <ffff88019e7e9eb8>
      ---[ end trace df391256a100ebdd ]---
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NJiri Olsa <jolsa@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      de09a977
    • W
      watchdog: update MAINTAINERS entry · 230a5cef
      Wim Van Sebroeck 提交于
      Add Mailing-list and website to watchdog MAINTAINERS entry.
      Signed-off-by: NWim Van Sebroeck <wim@iguana.be>
      230a5cef
  5. 29 7月, 2010 11 次提交