1. 12 2月, 2013 12 次提交
    • C
      f2fs: stop repeated checking if cp is needed · facb0205
      Changman Lee 提交于
      If it is decided that f2fs should do checkpoint, skip next comparison.
      Signed-off-by: NChangman Lee <cm224.lee@samsung.com>
      facb0205
    • J
      f2fs: avoid balanc_fs during evict_inode · d4686d56
      Jaegeuk Kim 提交于
      1. Background
      
      Previously, if f2fs tries to move data blocks of an *evicting* inode during the
      cleaning process, it stops the process incompletely and then restarts the whole
      process, since it needs a locked inode to grab victim data pages in its address
      space. In order to get a locked inode, iget_locked() by f2fs_iget() is normally
      used, but, it waits if the inode is on freeing.
      
      So, here is a deadlock scenario.
      1. f2fs_evict_inode()       <- inode "A"
        2. f2fs_balance_fs()
          3. f2fs_gc()
            4. gc_data_segment()
              5. f2fs_iget()      <- inode "A" too!
      
      If step #1 and #5 treat a same inode "A", step #5 would fall into deadlock since
      the inode "A" is on freeing. In order to resolve this, f2fs_iget_nowait() which
      skips __wait_on_freeing_inode() was introduced in step #5, and stops f2fs_gc()
      to complete f2fs_evict_inode().
      
      1. f2fs_evict_inode()           <- inode "A"
        2. f2fs_balance_fs()
          3. f2fs_gc()
            4. gc_data_segment()
              5. f2fs_iget_nowait()   <- inode "A", then stop f2fs_gc() w/ -ENOENT
      
      2. Problem and Solution
      
      In the above scenario, however, f2fs cannot finish f2fs_evict_inode() only if:
       o there are not enough free sections, and
       o f2fs_gc() tries to move data blocks of the *evicting* inode repeatedly.
      
      So, the final solution is to use f2fs_iget() and remove f2fs_balance_fs() in
      f2fs_evict_inode().
      The f2fs_evict_inode() actually truncates all the data and node blocks, which
      means that it doesn't produce any dirty node pages accordingly.
      So, we don't need to do f2fs_balance_fs() in practical.
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      d4686d56
    • J
      f2fs: remove the use of page_cache_release · 369a708c
      Jaegeuk Kim 提交于
      Let's remove the use of page_cache_release() in f2fs, and instead, use
      f2fs_put_page(page, 0) which is exactly same but for code readability.
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      369a708c
    • N
      f2fs: fix typo mistake for data_version description · 324ddc70
      Namjae Jeon 提交于
      In f2fs_inode_info structure, the description for data_version
      has a typo mistake. It should be latest instead of lastes.
      So, correcting that.
      Signed-off-by: NNamjae Jeon <namjae.jeon@samsung.com>
      Signed-off-by: NAmit Sahrawat <a.sahrawat@samsung.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      324ddc70
    • N
      f2fs: reorganize code for ra_node_page · a2b52a59
      Namjae Jeon 提交于
      We can remove unneeded label unlock_out, avoid unnecessary jump
      and reorganize the returning conditions in this function.
      Signed-off-by: NNamjae Jeon <namjae.jeon@samsung.com>
      Signed-off-by: NAmit Sahrawat <a.sahrawat@samsung.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      a2b52a59
    • N
      f2fs: avoid redundant call to has_not_enough_free_secs in f2fs_gc · 3786dfdf
      Namjae Jeon 提交于
      After doing a write_checkpoint from garbage collection path if there is still
      need to do more garbage collection, gc_more label is used to jump and start
      the process again. And in that process, first step before getting victim is to
      check if there are not enough free sections, which is already done before
      doing a jump to gc_more. We can avoid the redundant call to check free
      sections, by checking the gc_type flag which will remain FG_GC(value 1) under
      this condition.
      Signed-off-by: NNamjae Jeon <namjae.jeon@samsung.com>
      Signed-off-by: NAmit Sahrawat <a.sahrawat@samsung.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      3786dfdf
    • C
      f2fs: add un/freeze_fs into super_operations · d6212a5f
      Changman Lee 提交于
      This patch supports ioctl FIFREEZE and FITHAW to snapshot filesystem.
      Before calling f2fs_freeze, all writers would be suspended and sync_fs
      would be completed. So no f2fs has to do something.
      Just background gc operation should be skipped due to generate dirty
      nodes and data until unfreeze.
      Signed-off-by: NChangman Lee <cm224.lee@samsung.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      d6212a5f
    • M
      f2fs: clean up the add_orphan_inode func · a2617dc6
      majianpeng 提交于
      For the code
      > prev = list_entry(orphan->list.prev, typeof(*prev), list);
      if orphan->list.prev == head, it can't get the right prev.
      And we can use the parameter 'this' to add.
      Signed-off-by: NJianpeng Ma <majianpeng@gmail.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      a2617dc6
    • A
      f2fs: fix disable_ext_identify option spelling · aa43507f
      Alejandro Martinez Ruiz 提交于
      There is a typo in the ->show_options function for disable_ext_identify.
      Fix it to match the spelling from the documentation.
      Signed-off-by: NAlejandro Martinez Ruiz <alex@nowcomputing.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      aa43507f
    • J
      f2fs: cover global locks for reserve_new_block · bd43df02
      Jaegeuk Kim 提交于
      The fill_zero() from fallocate() calls get_new_data_page() in which calls
      reserve_new_block().
      The reserve_new_block() should be covered by *DATA_NEW*, one of global locks.
      And also, before getting the lock, we should check free sections by calling
      f2fs_balance_fs().
      
      If we break this rule, f2fs is able to face with out-of-control free space
      management and fall into infinite loop like the following scenario as well.
      
      [f2fs_sync_fs()]             [fallocate()]
       - write_checkpoint()        - fill_zero()
        - block_operations()        - get_new_data_page()
         : grab NODE_NEW             - get_dnode_of_data()
                                      : get locked dirty node page
          - sync_node_pages()
                                      : try to grab NODE_NEW for data allocation
           : trylock and skip the dirty node page
         : call sync_node_pages() repeatedly in order to flush all the dirty node
           pages!
      
      In order to avoid this, we should grab another global lock such as DATA_NEW
      before calling get_new_data_page() in fill_zero().
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      bd43df02
    • J
      f2fs: prevent checkpoint once any IO failure is detected · 577e3495
      Jaegeuk Kim 提交于
      This patch enhances the checkpoint routine to cope with IO errors.
      
      Basically f2fs detects IO errors from end_io_write, and the errors are able to
      be occurred during one of data, node, and meta page writes.
      
      In the previous code, when an IO error is occurred during writes, f2fs sets a
      flag, CP_ERROR_FLAG, in the raw ckeckpoint buffer which will be written to disk.
      Afterwards, write_checkpoint() will check the flag and remount f2fs as a
      read-only (ro) mode.
      
      However, even once f2fs is remounted as a ro mode, dirty checkpoint pages are
      freely able to be written to disk by flusher or kswapd in background.
      In such a case, after cold reboot, f2fs would restore the checkpoint data having
      CP_ERROR_FLAG, resulting in disabling write_checkpoint and remounting f2fs as
      a ro mode again.
      
      Therefore, let's prevent any checkpoint page (meta) writes once an IO error is
      occurred, and remount f2fs as a ro mode right away at that moment.
      Reported-by: NOliver Winker <oliver@oli1170.net>
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      Reviewed-by: NNamjae Jeon <namjae.jeon@samsung.com>
      577e3495
    • C
      f2fs: save device node number into f2fs_inode · 7d79e75f
      Changman Lee 提交于
      This patch stores inode->i_rdev into on-disk inode structure.
      
      Alun reported that:
       aspire tmp # mount -t f2fs /dev/sdb mnt
       aspire tmp # mknod mnt/sda1 b 8 1
       aspire tmp # mknod mnt/null c 1 3
       aspire tmp # mknod mnt/console c 5 1
       aspire tmp # ls -l mnt
       total 2
       crw-r--r-- 1 root root 5, 1 Jan 22 18:44 console
       crw-r--r-- 1 root root 1, 3 Jan 22 18:44 null
       brw-r--r-- 1 root root 8, 1 Jan 22 18:44 sda1
       aspire tmp # umount mnt
       aspire tmp # mount -t f2fs /dev/sdb mnt
       aspire tmp # ls -l mnt
       total 2
       crw-r--r-- 1 root root 0, 0 Jan 22 18:44 console
       crw-r--r-- 1 root root 0, 0 Jan 22 18:44 null
       brw-r--r-- 1 root root 0, 0 Jan 22 18:44 sda1
      
      In this report, f2fs lost the major/minor numbers of device files after umount.
      The reason was revealed that f2fs does not store the inode->i_rdev to the
      on-disk inode data structure.
      
      So, as the other file systems do, f2fs also stores i_rdev into the i_addr fields
      in on-disk inode structure without any on-disk layout changes.
      Note that, this bug is limited to device files made by mknod().
      Reported-and-Tested-by: NAlun Jones <alun.linux@ty-penguin.org.uk>
      Signed-off-by: NChangman Lee <cm224.lee@samsung.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk.kim@samsung.com>
      7d79e75f
  2. 09 2月, 2013 7 次提交
    • L
      Linux 3.8-rc7 · 836dc9e3
      Linus Torvalds 提交于
      836dc9e3
    • L
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 39923134
      Linus Torvalds 提交于
      Pull ARM fixes from Russell King:
       "I was going to hold these off until v3.8 was out, and send them with a
        stable tag, but as everyone else is pushing much bigger fixes which
        Linus is accepting, let's save people from the hastle of having to
        patch v3.8 back into working or use a stable kernel.
      
        Looking at the diffstat, this really is high value for its size; this
        is miniscule compared to how the -rc6 to tip diffstat currently looks.
      
        So, four patches in this set:
         - Punit Agrawal reports that the kernel no longer boots on MPCore due
           to a new assumption made in the GIC code which isn't true of
           earlier GIC designs.  This is the biggest change in this set.
         - Punit's boot log also revealed a bunch of WARN_ON() dumps caused by
           the DT-ification of the GIC support without fixing up non-DT
           Realview - which now sees a greater number of interrupts than it
           did before.
         - A fix for the DMA coherent code from Marek which uses the wrong
           check for atomic allocations; this can result in spinlock lockups
           or other nasty effects.
         - A fix from Will, which will affect all Android based platforms if
           not applied (which use the 2G:2G VM split) - this causes
           particularly 'make' to misbehave unless this bug is fixed."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: 7641/1: memory: fix broken mmap by ensuring TASK_UNMAPPED_BASE is aligned
        ARM: DMA mapping: fix bad atomic test
        ARM: realview: ensure that we have sufficient IRQs available
        ARM: GIC: fix GIC cpumask initialization
      39923134
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · e06b8405
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Revert iwlwifi reclaimed packet tracking, it causes problems for a
          bunch of folks.  From Emmanuel Grumbach.
      
       2) Work limiting code in brcmsmac wifi driver can clear tx status
          without processing the event.  From Arend van Spriel.
      
       3) rtlwifi USB driver processes wrong SKB, fix from Larry Finger.
      
       4) l2tp tunnel delete can race with close, fix from Tom Parkin.
      
       5) pktgen_add_device() failures are not checked at all, fix from Cong
          Wang.
      
       6) Fix unintentional removal of carrier off from tun_detach(),
          otherwise we confuse userspace, from Michael S.  Tsirkin.
      
       7) Don't leak socket reference counts and ubufs in vhost-net driver,
          from Jason Wang.
      
       8) vmxnet3 driver gets it's initial carrier state wrong, fix from Neil
          Horman.
      
       9) Protect against USB networking devices which spam the host with 0
          length frames, from Bjørn Mork.
      
      10) Prevent neighbour overflows in ipv6 for locally destined routes,
          from Marcelo Ricardo.  This is the best short-term fix for this, a
          longer term fix has been implemented in net-next.
      
      11) L2TP uses ipv4 datagram routines in it's ipv6 code, whoops.  This
          mistake is largely because the ipv6 functions don't even have some
          kind of prefix in their names to suggest they are ipv6 specific.
          From Tom Parkin.
      
      12) Check SYN packet drops properly in tcp_rcv_fastopen_synack(), from
          Yuchung Cheng.
      
      13) Fix races and TX skb freeing bugs in via-rhine's NAPI support, from
          Francois Romieu and your's truly.
      
      14) Fix infinite loops and divides by zero in TCP congestion window
          handling, from Eric Dumazet, Neal Cardwell, and Ilpo Järvinen.
      
      15) AF_PACKET tx ring handling can leak kernel memory to userspace, fix
          from Phil Sutter.
      
      16) Fix error handling in ipv6 GRE tunnel transmit, from Tommi Rantala.
      
      17) Protect XEN netback driver against hostile frontend putting garbage
          into the rings, don't leak pages in TX GOP checking, and add proper
          resource releasing in error path of xen_netbk_get_requests().  From
          Ian Campbell.
      
      18) SCTP authentication keys should be cleared out and released with
          kzfree(), from Daniel Borkmann.
      
      19) L2TP is a bit too clever trying to maintain skb->truesize, and ends
          up corrupting socket memory accounting to the point where packet
          sending is halted indefinitely.  Just remove the adjustments
          entirely, they aren't really needed.  From Eric Dumazet.
      
      20) ATM Iphase driver uses a data type with the same name as the S390
          headers, rename to fix the build.  From Heiko Carstens.
      
      21) Fix a typo in copying the inner network header offset from one SKB
          to another, from Pravin B Shelar.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (56 commits)
        net: sctp: sctp_endpoint_free: zero out secret key data
        net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
        atm/iphase: rename fregt_t -> ffreg_t
        net: usb: fix regression from FLAG_NOARP code
        l2tp: dont play with skb->truesize
        net: sctp: sctp_auth_key_put: use kzfree instead of kfree
        netback: correct netbk_tx_err to handle wrap around.
        xen/netback: free already allocated memory on failure in xen_netbk_get_requests
        xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop.
        xen/netback: shutdown the ring if it contains garbage.
        net: qmi_wwan: add more Huawei devices, including E320
        net: cdc_ncm: add another Huawei vendor specific device
        ipv6/ip6_gre: fix error case handling in ip6gre_tunnel_xmit()
        tcp: fix for zero packets_in_flight was too broad
        brcmsmac: rework of mac80211 .flush() callback operation
        ssb: unregister gpios before unloading ssb
        bcma: unregister gpios before unloading bcma
        rtlwifi: Fix scheduling while atomic bug
        net: usbnet: fix tx_dropped statistics
        tcp: ipv6: Update MIB counters for drops
        ...
      e06b8405
    • D
      Merge branch 'sctp_keys' · a1c83b05
      David S. Miller 提交于
      Daniel Borkmann says:
      
      ====================
      Cryptographically used keys should be zeroed out when our session
      ends resp. memory is freed, thus do not leave them somewhere in the
      memory.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a1c83b05
    • D
      net: sctp: sctp_endpoint_free: zero out secret key data · b5c37fe6
      Daniel Borkmann 提交于
      On sctp_endpoint_destroy, previously used sensitive keying material
      should be zeroed out before the memory is returned, as we already do
      with e.g. auth keys when released.
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Acked-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b5c37fe6
    • D
      net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree · 6ba542a2
      Daniel Borkmann 提交于
      In sctp_setsockopt_auth_key, we create a temporary copy of the user
      passed shared auth key for the endpoint or association and after
      internal setup, we free it right away. Since it's sensitive data, we
      should zero out the key before returning the memory back to the
      allocator. Thus, use kzfree instead of kfree, just as we do in
      sctp_auth_key_put().
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6ba542a2
    • H
      atm/iphase: rename fregt_t -> ffreg_t · ab54ee80
      Heiko Carstens 提交于
      We have conflicting type qualifiers for "freg_t" in s390's ptrace.h and the
      iphase atm device driver, which causes the compile error below.
      Unfortunately the s390 typedef can't be renamed, since it's a user visible api,
      nor can I change the include order in s390 code to avoid the conflict.
      
      So simply rename the iphase typedef to a new name. Fixes this compile error:
      
      In file included from drivers/atm/iphase.c:66:0:
      drivers/atm/iphase.h:639:25: error: conflicting type qualifiers for 'freg_t'
      In file included from next/arch/s390/include/asm/ptrace.h:9:0,
                       from next/arch/s390/include/asm/lowcore.h:12,
                       from next/arch/s390/include/asm/thread_info.h:30,
                       from include/linux/thread_info.h:54,
                       from include/linux/preempt.h:9,
                       from include/linux/spinlock.h:50,
                       from include/linux/seqlock.h:29,
                       from include/linux/time.h:5,
                       from include/linux/stat.h:18,
                       from include/linux/module.h:10,
                       from drivers/atm/iphase.c:43:
      next/arch/s390/include/uapi/asm/ptrace.h:197:3: note: previous declaration of 'freg_t' was here
      Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
      Acked-by: Nchas williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ab54ee80
  3. 08 2月, 2013 21 次提交
    • W
      ARM: 7641/1: memory: fix broken mmap by ensuring TASK_UNMAPPED_BASE is aligned · 79d1f5c9
      Will Deacon 提交于
      We have received multiple reports of mmap failures when running with a
      2:2 vm split. These manifest as either -EINVAL with a non page-aligned
      address (ending 0xaaa) or a SEGV, depending on the application. The
      issue is commonly observed in children of make, which appears to use
      bottom-up mmap (assumedly because it changes the stack rlimit).
      
      Further investigation reveals that this regression was triggered by
      394ef640 ("mm: use vm_unmapped_area() on arm architecture"), whereby
      TASK_UNMAPPED_BASE is no longer page-aligned for bottom-up mmap, causing
      get_unmapped_area to choke on misaligned addressed.
      
      This patch fixes the problem by defining TASK_UNMAPPED_BASE in terms of
      TASK_SIZE and explicitly aligns the result to 16M, matching the other
      end of the heap.
      Acked-by: NNicolas Pitre <nico@linaro.org>
      Reported-by: NSteve Capper <steve.capper@arm.com>
      Reported-by: NJean-Francois Moine <moinejf@free.fr>
      Reported-by: NChristoffer Dall <cdall@cs.columbia.edu>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      79d1f5c9
    • R
      ARM: DMA mapping: fix bad atomic test · 633dc92a
      Russell King 提交于
      Realview fails to boot with this warning:
      BUG: spinlock lockup suspected on CPU#0, init/1
       lock: 0xcf8bde10, .magic: dead4ead, .owner: init/1, .owner_cpu: 0
      Backtrace:
      [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:cf8bde10 r5:cf83d1c0 r4:cf8bde10 r3:cf83d1c0
      [<c03294d0>] (dump_stack+0x0/0x1c) from [<c018926c>] (spin_dump+0x84/0x98)
      [<c01891e8>] (spin_dump+0x0/0x98) from [<c0189460>] (do_raw_spin_lock+0x100/0x198)
      [<c0189360>] (do_raw_spin_lock+0x0/0x198) from [<c032cbac>] (_raw_spin_lock+0x3c/0x44)
      [<c032cb70>] (_raw_spin_lock+0x0/0x44) from [<c01c9224>] (pl011_console_write+0xe8/0x11c)
      [<c01c913c>] (pl011_console_write+0x0/0x11c) from [<c002aea8>] (call_console_drivers.clone.7+0xdc/0x104)
      [<c002adcc>] (call_console_drivers.clone.7+0x0/0x104) from [<c002b320>] (console_unlock+0x2e8/0x454)
      [<c002b038>] (console_unlock+0x0/0x454) from [<c002b8b4>] (vprintk_emit+0x2d8/0x594)
      [<c002b5dc>] (vprintk_emit+0x0/0x594) from [<c0329718>] (printk+0x3c/0x44)
      [<c03296dc>] (printk+0x0/0x44) from [<c002929c>] (warn_slowpath_common+0x28/0x6c)
      [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c)
      [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c0070ab0>] (lockdep_trace_alloc+0xd8/0xf0)
      [<c00709d8>] (lockdep_trace_alloc+0x0/0xf0) from [<c00c0850>] (kmem_cache_alloc+0x24/0x11c)
      [<c00c082c>] (kmem_cache_alloc+0x0/0x11c) from [<c00bb044>] (__get_vm_area_node.clone.24+0x7c/0x16c)
      [<c00bafc8>] (__get_vm_area_node.clone.24+0x0/0x16c) from [<c00bb7b8>] (get_vm_area_caller+0x48/0x54)
      [<c00bb770>] (get_vm_area_caller+0x0/0x54) from [<c0020064>] (__alloc_remap_buffer.clone.15+0x38/0xb8)
      [<c002002c>] (__alloc_remap_buffer.clone.15+0x0/0xb8) from [<c0020244>] (__dma_alloc+0x160/0x2c8)
      [<c00200e4>] (__dma_alloc+0x0/0x2c8) from [<c00204d8>] (arm_dma_alloc+0x88/0xa0)[<c0020450>] (arm_dma_alloc+0x0/0xa0) from [<c00beb00>] (dma_pool_alloc+0xcc/0x1a8)
      [<c00bea34>] (dma_pool_alloc+0x0/0x1a8) from [<c01a9d14>] (pl08x_fill_llis_for_desc+0x28/0x568)
      [<c01a9cec>] (pl08x_fill_llis_for_desc+0x0/0x568) from [<c01aab8c>] (pl08x_prep_slave_sg+0x258/0x3b0)
      [<c01aa934>] (pl08x_prep_slave_sg+0x0/0x3b0) from [<c01c9f74>] (pl011_dma_tx_refill+0x140/0x288)
      [<c01c9e34>] (pl011_dma_tx_refill+0x0/0x288) from [<c01ca748>] (pl011_start_tx+0xe4/0x120)
      [<c01ca664>] (pl011_start_tx+0x0/0x120) from [<c01c54a4>] (__uart_start+0x48/0x4c)
      [<c01c545c>] (__uart_start+0x0/0x4c) from [<c01c632c>] (uart_start+0x2c/0x3c)
      [<c01c6300>] (uart_start+0x0/0x3c) from [<c01c795c>] (uart_write+0xcc/0xf4)
      [<c01c7890>] (uart_write+0x0/0xf4) from [<c01b0384>] (n_tty_write+0x1c0/0x3e4)
      [<c01b01c4>] (n_tty_write+0x0/0x3e4) from [<c01acfe8>] (tty_write+0x144/0x240)
      [<c01acea4>] (tty_write+0x0/0x240) from [<c01ad17c>] (redirected_tty_write+0x98/0xac)
      [<c01ad0e4>] (redirected_tty_write+0x0/0xac) from [<c00c371c>] (vfs_write+0xbc/0x150)
      [<c00c3660>] (vfs_write+0x0/0x150) from [<c00c39c0>] (sys_write+0x4c/0x78)
      [<c00c3974>] (sys_write+0x0/0x78) from [<c0014460>] (ret_fast_syscall+0x0/0x3c)
      
      This happens because the DMA allocation code is not respecting atomic
      allocations correctly.
      
      GFP flags should not be tested for GFP_ATOMIC to determine if an
      atomic allocation is being requested.  GFP_ATOMIC is not a flag but
      a value.  The GFP bitmask flags are all prefixed with __GFP_.
      
      The rest of the kernel tests for __GFP_WAIT not being set to indicate
      an atomic allocation.  We need to do the same.
      Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      633dc92a
    • R
      ARM: realview: ensure that we have sufficient IRQs available · e210101d
      Russell King 提交于
      Realview EB with a rev B MPcore tile results in lots of warnings at
      boot because it can't allocate enough IRQs.  Fix this by increasing
      the number of available IRQs.
      
      WARNING: at /home/rmk/git/linux-rmk/arch/arm/common/gic.c:757 gic_init_bases+0x12c/0x2ec()
      Cannot allocate irq_descs @ IRQ96, assuming pre-allocated
      Modules linked in:
      Backtrace:
      [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000002f5 r5:c042c62c r4:c044ff40 r3:c045f240
      [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c)
      [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029384>] (warn_slowpath_fmt+0x38/0x40)
      [<c002934c>] (warn_slowpath_fmt+0x0/0x40) from [<c042c62c>] (gic_init_bases+0x12c/0x2ec)
      [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8)
      [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24)
      [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300)
      [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070)
      ---[ end trace 1b75b31a2719ed1c ]---
      ------------[ cut here ]------------
      WARNING: at /home/rmk/git/linux-rmk/kernel/irq/irqdomain.c:234 irq_domain_add_legacy+0x80/0x140()
      Modules linked in:
      Backtrace:
      [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000000ea r5:c0081a38 r4:00000000 r3:c045f240
      [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c)
      [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c)
      [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c0081a38>] (irq_domain_add_legacy+0x80/0x140)
      [<c00819b8>] (irq_domain_add_legacy+0x0/0x140) from [<c042c64c>] (gic_init_bases+0x14c/0x2ec)
      [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8)
      [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24)
      [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300)
      [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070)
      ---[ end trace 1b75b31a2719ed1d ]---
      ------------[ cut here ]------------
      WARNING: at /home/rmk/git/linux-rmk/arch/arm/common/gic.c:762 gic_init_bases+0x170/0x2ec()
      Modules linked in:
      Backtrace:
      [<c00185d8>] (dump_backtrace+0x0/0x10c) from [<c03294e8>] (dump_stack+0x18/0x1c) r6:000002fa r5:c042c670 r4:00000000 r3:c045f240
      [<c03294d0>] (dump_stack+0x0/0x1c) from [<c00292c8>] (warn_slowpath_common+0x54/0x6c)
      [<c0029274>] (warn_slowpath_common+0x0/0x6c) from [<c0029304>] (warn_slowpath_null+0x24/0x2c)
      [<c00292e0>] (warn_slowpath_null+0x0/0x2c) from [<c042c670>] (gic_init_bases+0x170/0x2ec)
      [<c042c500>] (gic_init_bases+0x0/0x2ec) from [<c042cdc8>] (gic_init_irq+0x8c/0xd8)
      [<c042cd3c>] (gic_init_irq+0x0/0xd8) from [<c042827c>] (init_IRQ+0x1c/0x24)
      [<c0428260>] (init_IRQ+0x0/0x24) from [<c04256c8>] (start_kernel+0x1a4/0x300)
      [<c0425524>] (start_kernel+0x0/0x300) from [<70008070>] (0x70008070)
      ---[ end trace 1b75b31a2719ed1e ]---
      Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      e210101d
    • R
      ARM: GIC: fix GIC cpumask initialization · 2bb31351
      Russell King 提交于
      Punit Agrawal reports:
      > I was trying to boot 3.8-rc5 on Realview EB 11MPCore using
      > realview-smp_defconfig as a starting point but the kernel failed to
      > progress past the log below (config attached).
      >
      > Pawel suggested I try reverting 384a2902 - "ARM: gic: use a private
      > mapping for CPU target interfaces" that you've authored. With this
      > commit reverted the kernel boots.
      >
      > I am not quite sure why the commit breaks 11MPCore but Pawel (cc'd)
      > might be able to shed light on that.
      
      Some early GIC implementations return zero for the first distributor
      CPU routing register.  This means we can't rely on that telling us
      which CPU interface we're connected to.  We know that these platforms
      implement PPIs for IRQs 29-31 - but we shouldn't assume that these
      will always be populated.
      
      So, instead, scan for a non-zero CPU routing register in the first
      32 IRQs and use that as our CPU mask.
      Reported-by: NPunit Agrawal <punit.agrawal@arm.com>
      Reviewed-by: NNicolas Pitre <nico@linaro.org>
      Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      2bb31351
    • L
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 2a1a6e7a
      Linus Torvalds 提交于
      Pull drm regression fix from Dave Airlie:
       "This one fixes a sleep while locked regression that was introduced
        earlier in 3.8."
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/ttm: fix fence locking in ttm_buffer_object_transfer, 2nd try
      2a1a6e7a
    • L
      net: usb: fix regression from FLAG_NOARP code · 9c79330d
      Lucas Stach 提交于
      In commit 6509141f ("usbnet: add new
      flag FLAG_NOARP for usb net devices"), the newly added flag NOARP was
      using an already defined value, which broke drivers using flag
      MULTI_PACKET.
      Signed-off-by: NLucas Stach <dev@lynxeye.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9c79330d
    • E
      l2tp: dont play with skb->truesize · 87c084a9
      Eric Dumazet 提交于
      Andrew Savchenko reported a DNS failure and we diagnosed that
      some UDP sockets were unable to send more packets because their
      sk_wmem_alloc was corrupted after a while (tx_queue column in
      following trace)
      
      $ cat /proc/net/udp
        sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops
      ...
        459: 00000000:0270 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 4507 2 ffff88003d612380 0
        466: 00000000:0277 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 4802 2 ffff88003d613180 0
        470: 076A070A:007B 00000000:0000 07 FFFF4600:00000000 00:00000000 00000000   123        0 5552 2 ffff880039974380 0
        470: 010213AC:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 4986 2 ffff88003dbd3180 0
        470: 010013AC:007B 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 4985 2 ffff88003dbd2e00 0
        470: 00FCA8C0:007B 00000000:0000 07 FFFFFB00:00000000 00:00000000 00000000     0        0 4984 2 ffff88003dbd2a80 0
      ...
      
      Playing with skb->truesize is tricky, especially when
      skb is attached to a socket, as we can fool memory charging.
      
      Just remove this code, its not worth trying to be ultra
      precise in xmit path.
      Reported-by: NAndrew Savchenko <bircoph@gmail.com>
      Tested-by: NAndrew Savchenko <bircoph@gmail.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: James Chapman <jchapman@katalix.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      87c084a9
    • D
      net: sctp: sctp_auth_key_put: use kzfree instead of kfree · 586c31f3
      Daniel Borkmann 提交于
      For sensitive data like keying material, it is common practice to zero
      out keys before returning the memory back to the allocator. Thus, use
      kzfree instead of kfree.
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Acked-by: NVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      586c31f3
    • D
      Merge branch 'fixes' of... · 6cddded4
      David S. Miller 提交于
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch into openvswitch
      
      Jesse Gross says:
      
      ====================
      One bug fix for net/3.8 for a long standing problem that was reported a few
      times recently.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6cddded4
    • D
      Merge branch 'netback' · 0c35565b
      David S. Miller 提交于
      Ian Campbell says:
      
      ====================
      The Xen netback implementation contains a couple of flaws which can
      allow a guest to cause a DoS in the backend domain, potentially
      affecting other domains in the system.
      
      CVE-2013-0216 is a failure to sanity check the ring producer/consumer
      pointers which can allow a guest to cause netback to loop for an
      extended period preventing other work from occurring.
      
      CVE-2013-0217 is a memory leak on an error path which is guest
      triggerable.
      
      The following series contains the fixes for these issues, as previously
      included in Xen Security Advisory 39:
      http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html
      
      Changes in v2:
       - Typo and block comment format fixes
       - Added stable Cc
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0c35565b
    • I
    • I
    • M
    • I
      xen/netback: shutdown the ring if it contains garbage. · 48856286
      Ian Campbell 提交于
      A buggy or malicious frontend should not be able to confuse netback.
      If we spot anything which is not as it should be then shutdown the
      device and don't try to continue with the ring in a potentially
      hostile state. Well behaved and non-hostile frontends will not be
      penalised.
      
      As well as making the existing checks for such errors fatal also add a
      new check that ensures that there isn't an insane number of requests
      on the ring (i.e. more than would fit in the ring). If the ring
      contains garbage then previously is was possible to loop over this
      insane number, getting an error each time and therefore not generating
      any more pending requests and therefore not exiting the loop in
      xen_netbk_tx_build_gops for an externded period.
      
      Also turn various netdev_dbg calls which no precipitate a fatal error
      into netdev_err, they are rate limited because the device is shutdown
      afterwards.
      
      This fixes at least one known DoS/softlockup of the backend domain.
      Signed-off-by: NIan Campbell <ian.campbell@citrix.com>
      Reviewed-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Acked-by: NJan Beulich <JBeulich@suse.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      48856286
    • L
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux · 124b69b6
      Linus Torvalds 提交于
      Pull virtio fix from Rusty Russell:
       "Obviously I forgot to push this before linux.conf.au..."
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
        virtio_console: Don't access uninitialized data.
      124b69b6
    • L
      Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband · bb5204c2
      Linus Torvalds 提交于
      Pull IB regression fixes from Roland Dreier:
      
       - Fix mlx4 VFs not working on old guests because of 64B CQE changes
      
       - Fix ill-considered sparse fix for qib
      
       - Fix IPoIB crash due to skb double destruct introduced in 3.8-rc1
      
      * tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
        IB/qib: Fix for broken sparse warning fix
        mlx4_core: Fix advertisement of wrong PF context behaviour
        IPoIB: Fix crash due to skb double destruct
      bb5204c2
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 8d19514f
      Linus Torvalds 提交于
      Pull btrfs fixes from Chris Mason:
       "We've got corner cases for updating i_size that ceph was hitting,
        error handling for quotas when we run out of space, a very subtle
        snapshot deletion race, a crash while removing devices, and one
        deadlock between subvolume creation and the sb_internal code (thanks
        lockdep)."
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Btrfs: move d_instantiate outside the transaction during mksubvol
        Btrfs: fix EDQUOT handling in btrfs_delalloc_reserve_metadata
        Btrfs: fix possible stale data exposure
        Btrfs: fix missing i_size update
        Btrfs: fix race between snapshot deletion and getting inode
        Btrfs: fix missing release of the space/qgroup reservation in start_transaction()
        Btrfs: fix wrong sync_writers decrement in btrfs_file_aio_write()
        Btrfs: do not merge logged extents if we've removed them from the tree
        btrfs: don't try to notify udev about missing devices
      8d19514f
    • L
      Merge tag 'pinctrl-for-v3.8-late' of... · 95436ada
      Linus Torvalds 提交于
      Merge tag 'pinctrl-for-v3.8-late' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
      
      Pull late pinctrl fixes from Linus Walleij:
       "Two patches appeared as of late, one was completely news to me, the
        other one was rotated in -next for the next merge window but turned
        out to be a showstopper.
      
         - Exynos Kconfig fixup
         - SIRF DT translation bug"
      
      * tag 'pinctrl-for-v3.8-late' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: sirf: replace of_gpio_simple_xlate by sirf specific of_xlate
        pinctrl: exynos: change PINCTRL_EXYNOS option
      95436ada
    • L
      Merge tag 'stable/for-linus-3.8-rc6-tag' of... · a04521ab
      Linus Torvalds 提交于
      Merge tag 'stable/for-linus-3.8-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
      
      Pull Xen fixes from Konrad Rzeszutek Wilk:
       "This has two fixes.  One is a security fix wherein we would spam the
        kernel printk buffer if one of the guests was misbehaving.  The other
        is much tamer and it was us only checking for one type of error from
        the IRQ subsystem (when allocating new IRQs) instead of for all of
        them.
      
         - Fix an IRQ allocation where we only check for a specific error (-1).
         - CVE-2013-0231 / XSA-43.  Make xen-pciback rate limit error messages
           from xen_pcibk_enable_msi{,x}()"
      
      * tag 'stable/for-linus-3.8-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
        xen: fix error handling path if xen_allocate_irq_dynamic fails
        xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}()
      a04521ab
    • L
      Merge tag 'regulator-v3.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator · 3227e04e
      Linus Torvalds 提交于
      Pull regulator fixes from Mark Brown:
       "Mostly driver specific fixes here, though one of them uncovered the
        issue Stephen Warren fixed with multiple OF matches getting upset due
        to a lack of cleanup."
      
      * tag 'regulator-v3.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: s2mps11: fix incorrect register for buck10
        regulator: clear state each invocation of of_regulator_match
        regulator: max8997: Fix using wrong dev argument at various places
        regulator: max77686: Fix using wrong dev argument at various places
        regulator: max8907: Fix using wrong dev argument for calling of_regulator_match
        regulator: max8998: fix incorrect min_uV value for ldo10
        regulator: tps65910: Fix using wrong dev argument for calling of_regulator_match
        regulator: tps65217: Fix using wrong dev argument for calling of_regulator_match
      3227e04e
    • D
      drm/ttm: fix fence locking in ttm_buffer_object_transfer, 2nd try · ff7c60c5
      Daniel Vetter 提交于
      This fixes up
      
      commit e8e89622
      Author: Daniel Vetter <daniel.vetter@ffwll.ch>
      Date:   Tue Dec 18 22:25:11 2012 +0100
      
          drm/ttm: fix fence locking in ttm_buffer_object_transfer
      
      which leaves behind a might_sleep in atomic context, since the
      fence_lock spinlock is held over a kmalloc(GFP_KERNEL) call. The fix
      is to revert the above commit and only take the lock where we need it,
      around the call to ->sync_obj_ref.
      
      v2: Fixup things noticed by Maarten Lankhorst:
      - Brown paper bag locking bug.
      - No need for kzalloc if we clear the entire thing on the next line.
      - check for bo->sync_obj (totally unlikely race, but still someone
        else could have snuck in) and clear fbo->sync_obj if it's cleared
        already.
      Reported-by: NDave Airlie <airlied@gmail.com>
      Cc: Jerome Glisse <jglisse@redhat.com>
      Cc: Maarten Lankhorst <maarten.lankhorst@canonical.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      ff7c60c5