348225 Commits

Author SHA1 Message Date
Hugh Dickins
a7a88b2373 mempolicy: remove arg from mpol_parse_str, mpol_to_str
Remove the unused argument (formerly no_context) from mpol_parse_str()
and from mpol_to_str().

Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-01-02 09:27:10 -08:00
Hugh Dickins
f2a07f40db tmpfs mempolicy: fix /proc/mounts corrupting memory
Recently I suggested using "mount -o remount,mpol=local /tmp" in NUMA
mempolicy testing.  Very nasty.  Reading /proc/mounts, /proc/pid/mounts
or /proc/pid/mountinfo may then corrupt one bit of kernel memory, often
in a page table (causing "Bad swap" or "Bad page map" warning or "Bad
pagetable" oops), sometimes in a vm_area_struct or rbnode or somewhere
worse.  "mpol=prefer" and "mpol=prefer:Node" are equally toxic.

Recent NUMA enhancements are not to blame: this dates back to 2.6.35,
when commit e17f74af351c "mempolicy: don't call mpol_set_nodemask() when
no_context" skipped mpol_parse_str()'s call to mpol_set_nodemask(),
which used to initialize v.preferred_node, or set MPOL_F_LOCAL in flags.
With slab poisoning, you can then rely on mpol_to_str() to set the bit
for node 0x6b6b, probably in the next page above the caller's stack.

mpol_parse_str() is only called from shmem_parse_options(): no_context
is always true, so call it unused for now, and remove !no_context code.
Set v.nodes or v.preferred_node or MPOL_F_LOCAL as mpol_to_str() might
expect.  Then mpol_to_str() can ignore its no_context argument also,
the mpol being appropriately initialized whether contextualized or not.
Rename its no_context unused too, and let subsequent patch remove them
(that's not needed for stable backporting, which would involve rejects).

I don't understand why MPOL_LOCAL is described as a pseudo-policy:
it's a reasonable policy which suffers from a confusing implementation
in terms of MPOL_PREFERRED with MPOL_F_LOCAL.  I believe this would be
much more robust if MPOL_LOCAL were recognized in switch statements
throughout, MPOL_F_LOCAL deleted, and MPOL_PREFERRED use the (possibly
empty) nodes mask like everyone else, instead of its preferred_node
variant (I presume an optimization from the days before MPOL_LOCAL).
But that would take me too long to get right and fully tested.

Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-01-02 09:27:10 -08:00
Eric Wong
128dd1759d epoll: prevent missed events on EPOLL_CTL_MOD
EPOLL_CTL_MOD sets the interest mask before calling f_op->poll() to
ensure events are not missed.  Since the modifications to the interest
mask are not protected by the same lock as ep_poll_callback, we need to
ensure the change is visible to other CPUs calling ep_poll_callback.

We also need to ensure f_op->poll() has an up-to-date view of past
events which occured before we modified the interest mask.  So this
barrier also pairs with the barrier in wq_has_sleeper().

This should guarantee either ep_poll_callback or f_op->poll() (or both)
will notice the readiness of a recently-ready/modified item.

This issue was encountered by Andreas Voellmy and Junchang(Jason) Wang in:
http://thread.gmane.org/gmane.linux.kernel/1408782/

Signed-off-by: Eric Wong <normalperson@yhbt.net>
Cc: Hans Verkuil <hans.verkuil@cisco.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: David Miller <davem@davemloft.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andreas Voellmy <andreas.voellmy@yale.edu>
Tested-by: "Junchang(Jason) Wang" <junchang.wang@yale.edu>
Cc: netdev@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-01-02 09:16:43 -08:00
Aaro Koskinen
8899b8d93e watchdog: twl4030_wdt: add DT support
Add DT support for twl4030_wdt. This is needed to get twl4030_wdt to
probe when booting with DT.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
2013-01-02 12:07:05 +01:00
Aaro Koskinen
412b3729dd watchdog: omap_wdt: eliminate unused variable and a compiler warning
We forgot to delete this in the commit 4f4753d9 (watchdog: omap_wdt:
convert to devm_ functions), and as a result the following compilation
warning was introduced:

drivers/watchdog/omap_wdt.c: In function 'omap_wdt_remove':
drivers/watchdog/omap_wdt.c:299:19: warning: unused variable 'res' [-Wunused-variable]

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Reviewed-by: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
2013-01-02 12:06:58 +01:00
Axel Lin
98e4a29389 watchdog: da9055: Don't update wdt_dev->timeout in da9055_wdt_set_timeout error path
Otherwise, WDIOC_GETTIMEOUT returns wrong value if set_timeout fails.
This patch also removes unnecessary ret variable in da9055_wdt_ping function.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
2013-01-02 12:06:49 +01:00
Axel Lin
ee8c94adff watchdog: da9055: Fix invalid free of devm_ allocated data
It is not required to free devm_ allocated data. Since kref_put
needs a valid release function, da9055_wdt_release_resources()
is not deleted.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
2013-01-02 12:06:43 +01:00
Linus Torvalds
4a490b78cb Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux
Pull DRM update from Dave Airlie:
 "This is a bit larger due to me not bothering to do anything since
  before Xmas, and other people working too hard after I had clearly
  given up.

  It's got the 3 main x86 driver fixes pulls, and a bunch of tegra
  fixes, doesn't fix the Ironlake bug yet, but that does seem to be
  getting closer.

   - radeon: gpu reset fixes and userspace packet support
   - i915: watermark fixes, workarounds, i830/845 fix,
   - nouveau: nvd9/kepler microcode fixes, accel is now enabled and
     working, gk106 support
   - tegra: misc fixes."

* 'drm-next' of git://people.freedesktop.org/~airlied/linux: (34 commits)
  Revert "drm: tegra: protect DC register access with mutex"
  drm: tegra: program only one window during modeset
  drm: tegra: clean out old gem prototypes
  drm: tegra: remove redundant tegra2_tmds_config entry
  drm: tegra: protect DC register access with mutex
  drm: tegra: don't leave clients host1x member uninitialized
  drm: tegra: fix front_porch <-> back_porch mixup
  drm/nve0/graph: fix fuc, and enable acceleration on all known chipsets
  drm/nvc0/graph: fix fuc, and enable acceleration on GF119
  drm/nouveau/bios: cache ramcfg strap on later chipsets
  drm/nouveau/mxm: silence output if no bios data
  drm/nouveau/bios: parse/display extra version component
  drm/nouveau/bios: implement opcode 0xa9
  drm/nouveau/bios: update gpio parsing apis to match current design
  drm/nouveau: initial support for GK106
  drm/radeon: add WAIT_UNTIL to evergreen VM safe reg list
  drm/i915: disable shrinker lock stealing for create_mmap_offset
  drm/i915: optionally disable shrinker lock stealing
  drm/i915: fix flags in dma buf exporting
  drm/radeon: add support for MEM_WRITE packet
  ...
2012-12-30 10:00:37 -08:00
Linus Torvalds
8d91a42e54 ARM: arm-soc: late cleanups for omap
From Tony Lindgren:
 Here are few more patches to finish the omap changes for
 multiplatform conversion that are not strictly fixes, but
 were too complex to do with the dependencies during the
 merge window. Those are to move of serial-omap.h to
 platform_data, and the removal of remaining cpu_is_omap
 macro usage outside mach-omap2.
 
 Then there are several trivial fixes for typos and few
 minimal omap2plus_defconfig updates.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQ3es9AAoJEIwa5zzehBx3bpwP/j4k4mGm4RMLTY9e8KNNxrDW
 FAeU52h91qDONn3EXcF7oSd5IqbDoQRCQx9vn4XBfSm23uOzvP3hOSDe8iIz9t8C
 XdLSXJfJDuYKuEBYxFNOVBdBziZoE7Gtp1JP9s79qfGfQurUfnRQ9gg6zoMMoxMg
 KdVnzFbaCeN/Dgbyq/WToDdOCUv2jeiSNI0gf6oe3Tju0uVjBSmlZUnkbAsRMvOW
 RL2uwp66yS6uLc/w5cfPI/wcp1jRZDYm2E7JB+TmHWqCYx2qpDE5EuDuW5+cY/DR
 RTBr1c0fSl3k3o3iNOEijkFwGShivf1PksesMA+Fx9BrFwtrhtYT/dVZbuS3AjVL
 1vIn3c+8rp3p63EsS1WxAMBvBq3qgqAl2shgow1B3QlXdErB9HNRErFKjU9rJ1ES
 fZgtWkzLtCqFaN/WnQAj0nfooPmrmhaDrbHJd7Bt7g8dfgGBHl9nkmQ4tMAa/z4x
 f/mZ0MxtXwhSUYBDvJ9vvtcNdeo9WmVV5zCfHUiMB7LB4wjxJUf7xMT9AquQUGqj
 H5EkaSyRjWG35293WDmxAOKlAkMP+AH5cuROKNNwNN5+i7ypJC+jrMDcgwfwQoXl
 i0yJeJhzFg9WV9buNB7+uWTA9vz7uveHSeaVXbbTVbuZ+apTgWl+MTsua0C2hhbU
 81k7fmqW2fCWkiw5eUeZ
 =RE6Z
 -----END PGP SIGNATURE-----

Merge tag 'omap-late-cleanups' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull late ARM cleanups for omap from Olof Johansson:
 "From Tony Lindgren:

  Here are few more patches to finish the omap changes for multiplatform
  conversion that are not strictly fixes, but were too complex to do
  with the dependencies during the merge window.  Those are to move of
  serial-omap.h to platform_data, and the removal of remaining
  cpu_is_omap macro usage outside mach-omap2.

  Then there are several trivial fixes for typos and few minimal
  omap2plus_defconfig updates."

* tag 'omap-late-cleanups' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  arch/arm/mach-omap2/dpll3xxx.c: drop if around WARN_ON
  OMAP2: Fix a typo - replace regist with register.
  ARM/omap: use module_platform_driver macro
  ARM: OMAP2+: PMU: Remove unused header
  ARM: OMAP4: remove duplicated include from omap_hwmod_44xx_data.c
  ARM: OMAP2+: omap2plus_defconfig: enable twl4030 SoC audio
  ARM: OMAP2+: omap2plus_defconfig: Add tps65217 support
  ARM: OMAP2+: enable devtmpfs and devtmpfs automount
  ARM: OMAP2+: omap_twl: Change TWL4030_MODULE_PM_RECEIVER to TWL_MODULE_PM_RECEIVER
  ARM: OMAP2+: Drop plat/cpu.h for omap2plus
  ARM: OMAP: Split fb.c to remove last remaining cpu_is_omap usage
  MAINTAINERS: Add an entry for omap related .dts files
2012-12-30 09:59:21 -08:00
Linus Torvalds
4fe2dfabe4 ARM: arm-soc: fixes for -rc2
It's been quiet over the holidays, but we have had a couple of trivial
 fixes coming in for the newly introduced sunxi platform; one to add it
 to the multiplatform defconfig for build coverage, and one fixup for
 device tree strings.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQ3evMAAoJEIwa5zzehBx3wNUP/jraZ3hA+3YxedAXlrB3BYzr
 Sfwq2k41cZTiZKK2PT93vU8A1xYE/8f1pK9fp/mO12W/KY9jBAJ2Xf6RI/cHe5aQ
 sEIJ5jHk7ty5vGJXyxYVVWOIy5ZSxdjwOfP3mxd5rz1pWUv0sLWAlfjrQ/nCkVxt
 wj6cvT1pkyZqLyWbmkm9E8BumDTmAdlaQbppTeLJ36zBgnYqIuhpxASu/K87XEH8
 dj57HEcZ67YKcp0nXYZNlkCzOlQHeUeW+1FbaVfPei1zh2dP/zai4Z+4Q8g/C2ee
 Rx2b1YJ3Pb/2DquL67n/BwmQDiJreHCzgPX1MjcDEL8U67VtJLWg3XYpat8MjtJR
 3wQKMyxmlSY7UuBRM42biM963g2qaO7XokBwc2f+ChaaGqdvJI8/JfnNjO+VGdWX
 jiEVMdODo4AlJMtyrj6G/24rKx4mrMqaZEtHRr6uwD2mO4Kk2Mgf+BPXkDwDrkMP
 dkxLgpaDFpIrbub9+vYD9oGtjTNKU/dS8F8FvrxPctDMPYMuJ1Xjw3ckbDKA/pDs
 VCmhmuXQy3DSzgN22rY58FfLt09+AzUAdG7ioW095nZTL8rT3RcKpnYR+ADI9XJ0
 OIBX33IQgXLwkeCIhsaAaXA9Sf+KFVIJXmAFlPvYmSA8wDYKfaX75uc2gz4VNnsr
 NKb40iwl5ulI/kpEo0jG
 =9cQy
 -----END PGP SIGNATURE-----

Merge tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "It's been quiet over the holidays, but we have had a couple of trivial
  fixes coming in for the newly introduced sunxi platform; one to add it
  to the multiplatform defconfig for build coverage, and one fixup for
  device tree strings."

* tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  sunxi: Change the machine compatible string.
  ARM: multi_v7_defconfig: Add ARCH_SUNXI
2012-12-30 09:58:36 -08:00
Dave Airlie
d5757dbe79 Revert "drm: tegra: protect DC register access with mutex"
This reverts commit 83c0bcb694be31dcd6c04bdd935b96a95a0af548.

Lucas pointed out this was a mistake, and I missed the discussion,
so just revert it out to save a rebase.

Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-12-30 21:58:20 +10:00
Lucas Stach
500df2e5d8 drm: tegra: program only one window during modeset
The intention is to program exactly WIN_A, not WIN_A and possibly
others.

Signed-off-by: Lucas Stach <dev@lynxeye.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-12-30 14:01:35 +10:00
Lucas Stach
e39250aa52 drm: tegra: clean out old gem prototypes
There is no gem.c anymore, those functions are implemented by the
drm_cma_helpers now.

Signed-off-by: Lucas Stach <dev@lynxeye.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-12-30 14:01:34 +10:00
Lucas Stach
fa416ddc0a drm: tegra: remove redundant tegra2_tmds_config entry
The 720p and 1080p entries are completely redundant, as we are matching
the table entries against <=pclk.
Also generalize the comment, as we are using those table entries even
when driving other modes than the standard TV ones.

Signed-off-by: Lucas Stach <dev@lynxeye.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-12-30 14:01:33 +10:00
Lucas Stach
83c0bcb694 drm: tegra: protect DC register access with mutex
Window properties are programmed through a shared aperture and have to
happen atomically. Also we do the read-update-write dance on some of the
shared regs.
To make sure that different functions don't stumble over each other
protect the register access with a mutex.

Signed-off-by: Lucas Stach <dev@lynxeye.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-12-30 14:01:33 +10:00
Lucas Stach
4026bfb39a drm: tegra: don't leave clients host1x member uninitialized
No real problem for now, as nothing is using this, but leaving it
unitialized is asking for trouble later on.

Signed-off-by: Lucas Stach <dev@lynxeye.de>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-12-30 14:01:32 +10:00
Lucas Stach
4049508988 drm: tegra: fix front_porch <-> back_porch mixup
Fixes wrong picture offset observed when using HDMI output with a
Technisat HD TV.

Signed-off-by: Lucas Stach <dev@lynxeye.de>
Acked-by: Mark Zhang <markz@nvidia.com>
Tested-by: Mark Zhang <markz@nvidia.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-12-30 14:01:31 +10:00
Dave Airlie
8be0e5c427 Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-next
Some fixes for 3.8:
- Watermark fixups from Chris Wilson (4 pieces).
- 2 snb workarounds, seem to be recently added to our internal DB.
- workaround for the infamous i830/i845 hang, seems now finally solid!
  Based on Chris' fix for SNA, now also for UXA/mesa&old SNA.
- Some more fixlets for shrinker-pulls-the-rug issues (Chris&me).
- Fix dma-buf flags when exporting (you).
- Disable the VGA plane if it's enabled on lid open - similar fix in
  spirit to the one I've sent you last weeek, BIOS' really like to mess
  with the display when closing the lid (awesome debug work from Krzysztof
  Mazur).

* 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
  drm/i915: disable shrinker lock stealing for create_mmap_offset
  drm/i915: optionally disable shrinker lock stealing
  drm/i915: fix flags in dma buf exporting
  i915: ensure that VGA plane is disabled
  drm/i915: Preallocate the drm_mm_node prior to manipulating the GTT drm_mm manager
  drm: Export routines for inserting preallocated nodes into the mm manager
  drm/i915: don't disable disconnected outputs
  drm/i915: Implement workaround for broken CS tlb on i830/845
  drm/i915: Implement WaSetupGtModeTdRowDispatch
  drm/i915: Implement WaDisableHiZPlanesWhenMSAAEnabled
  drm/i915: Prefer CRTC 'active' rather than 'enabled' during WM computations
  drm/i915: Clear self-refresh watermarks when disabled
  drm/i915: Double the cursor self-refresh latency on Valleyview
  drm/i915: Fixup cursor latency used for IVB lp3 watermarks
2012-12-30 13:54:12 +10:00
Dave Airlie
b1d778b970 Merge branch 'drm-fixes-3.8' of git://people.freedesktop.org/~agd5f/linux into drm-next
Misc fixes for reset and new packets for userspace usage.

* 'drm-fixes-3.8' of git://people.freedesktop.org/~agd5f/linux:
  drm/radeon: add WAIT_UNTIL to evergreen VM safe reg list
  drm/radeon: add support for MEM_WRITE packet
  drm/radeon: restore modeset late in GPU reset path
  drm/radeon: avoid deadlock in pm path when waiting for fence
  drm/radeon: don't leave fence blocked process on failed GPU reset
2012-12-30 13:02:48 +10:00
Dave Airlie
344f9067d5 Merge branch 'drm-nouveau-fixes-3.8' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-next
Fixes the accel support for nvd9 + kepler chipsets, also fixes GK106 support.

* 'drm-nouveau-fixes-3.8' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
  drm/nve0/graph: fix fuc, and enable acceleration on all known chipsets
  drm/nvc0/graph: fix fuc, and enable acceleration on GF119
  drm/nouveau/bios: cache ramcfg strap on later chipsets
  drm/nouveau/mxm: silence output if no bios data
  drm/nouveau/bios: parse/display extra version component
  drm/nouveau/bios: implement opcode 0xa9
  drm/nouveau/bios: update gpio parsing apis to match current design
  drm/nouveau: initial support for GK106
2012-12-30 13:01:52 +10:00
Zlatko Calusic
ecccd1248d mm: fix null pointer dereference in wait_iff_congested()
An unintended consequence of commit 4ae0a48b5efc ("mm: modify
pgdat_balanced() so that it also handles order-0") is that
wait_iff_congested() can now be called with NULL 'struct zone *'
producing kernel oops like this:

  BUG: unable to handle kernel NULL pointer dereference
  IP: [<ffffffff811542d9>] wait_iff_congested+0x59/0x140

This trivial patch fixes it.

Reported-by: Zhouping Liu <zliu@redhat.com>
Reported-and-tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Zlatko Calusic <zlatko.calusic@iskon.hr>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-12-28 08:42:39 -08:00
Olof Johansson
2e376799b2 Fixes for the sunxi core to be merged in 3.8-rc2
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iEYEABECAAYFAlDbOW4ACgkQGxsu9jQV9naGaQCfQmoDu0hvCzZmSs8yLj3VUY7I
 S+YAn3Hx8ixoaZLlo/GEgFH7hE2EXQoI
 =qZXn
 -----END PGP SIGNATURE-----

Merge tag 'sunxi-fixes-for-3.8-rc2' of git://github.com/mripard/linux into fixes

From Maxime Ripard:
Fixes for the sunxi core to be merged in 3.8-rc2

* tag 'sunxi-fixes-for-3.8-rc2' of git://github.com/mripard/linux:
  sunxi: Change the machine compatible string.
  ARM: multi_v7_defconfig: Add ARCH_SUNXI
2012-12-28 08:53:01 +01:00
Sage Weil
0fa6ebc600 libceph: fix protocol feature mismatch failure path
We should not set con->state to CLOSED here; that happens in
ceph_fault() in the caller, where it first asserts that the state
is not yet CLOSED.  Avoids a BUG when the features don't match.

Since the fail_protocol() has become a trivial wrapper, replace
calls to it with direct calls to reset_connection().

Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
2012-12-27 20:27:04 -06:00
Alex Elder
122070a2ff libceph: WARN, don't BUG on unexpected connection states
A number of assertions in the ceph messenger are implemented with
BUG_ON(), killing the system if connection's state doesn't match
what's expected.  At this point our state model is (evidently) not
well understood enough for these assertions to trigger a BUG().
Convert all BUG_ON(con->state...) calls to be WARN_ON(con->state...)
so we learn about these issues without killing the machine.

We now recognize that a connection fault can occur due to a socket
closure at any time, regardless of the state of the connection.  So
there is really nothing we can assert about the state of the
connection at that point so eliminate that assertion.

Reported-by: Ugis <ugis22@gmail.com>
Tested-by: Ugis <ugis22@gmail.com>
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
2012-12-27 20:27:04 -06:00
Alex Elder
e6d50f67a6 libceph: always reset osds when kicking
When ceph_osdc_handle_map() is called to process a new osd map,
kick_requests() is called to ensure all affected requests are
updated if necessary to reflect changes in the osd map.  This
happens in two cases:  whenever an incremental map update is
processed; and when a full map update (or the last one if there is
more than one) gets processed.

In the former case, the kick_requests() call is followed immediately
by a call to reset_changed_osds() to ensure any connections to osds
affected by the map change are reset.  But for full map updates
this isn't done.

Both cases should be doing this osd reset.

Rather than duplicating the reset_changed_osds() call, move it into
the end of kick_requests().

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
2012-12-27 20:27:04 -06:00
Alex Elder
ab60b16d3c libceph: move linger requests sooner in kick_requests()
The kick_requests() function is called by ceph_osdc_handle_map()
when an osd map change has been indicated.  Its purpose is to
re-queue any request whose target osd is different from what it
was when it was originally sent.

It is structured as two loops, one for incomplete but registered
requests, and a second for handling completed linger requests.
As a special case, in the first loop if a request marked to linger
has not yet completed, it is moved from the request list to the
linger list.  This is as a quick and dirty way to have the second
loop handle sending the request along with all the other linger
requests.

Because of the way it's done now, however, this quick and dirty
solution can result in these incomplete linger requests never
getting re-sent as desired.  The problem lies in the fact that
the second loop only arranges for a linger request to be sent
if it appears its target osd has changed.  This is the proper
handling for *completed* linger requests (it avoids issuing
the same linger request twice to the same osd).

But although the linger requests added to the list in the first loop
may have been sent, they have not yet completed, so they need to be
re-sent regardless of whether their target osd has changed.

The first required fix is we need to avoid calling __map_request()
on any incomplete linger request.  Otherwise the subsequent
__map_request() call in the second loop will find the target osd
has not changed and will therefore not re-send the request.

Second, we need to be sure that a sent but incomplete linger request
gets re-sent.  If the target osd is the same with the new osd map as
it was when the request was originally sent, this won't happen.
This can be fixed through careful handling when we move these
requests from the request list to the linger list, by unregistering
the request *before* it is registered as a linger request.  This
works because a side-effect of unregistering the request is to make
the request's r_osd pointer be NULL, and *that* will ensure the
second loop actually re-sends the linger request.

Processing of such a request is done at that point, so continue with
the next one once it's been moved.

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
2012-12-27 20:27:04 -06:00
Linus Torvalds
101e5c7470 Report i2c errors to userspace in lm73 driver
Fix problem with DIV_ROUND_CLOSEST and unsigned divisors in emc6w201 driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJQ11BwAAoJEMsfJm/On5mBQrEP/0mnrSDdrtIRL04x1g3zvcmW
 Bd6Eq2utwll2+3KisModNm1Jetshw1wXOW5CE/IhpsJoxDfd1PE0+jKF8pY/IBVS
 pBVOk9K2er+i4tRNEjMjpe/w+nxKGISfrkF9hKFpGE0kfiM4mz6yoj1EwIX7OHZf
 wBeJC7upvRS+MYzT0tffBTkRFR2yEV4bUH2tur/xDrFnWljNA2SGc62QAQXAIhYh
 fmV6T8Zxbms7L+Q0g3b9UMMIFiAf/5IvF6DPnXuJqoPRYdyD7x0UMr6JiuagLWwH
 0IQoLRzTewvGhwCmpZTWKFMhwjXhwxdB31PtBWg+xScPDL8ty98Fb0IsYSUORjTh
 dy+GFTmQKAmMnnq6+Jl4WebNZwf8NrjiDAe+kV05FeGHacEgAYR/e+KRzfB0yCRv
 8hWAm2wXCOZVlaqJozTenmoUsLft+QXEZ1GZu+r9xNPIDXBy90j4toOkfh98FUoO
 1W+FbMMhYM1Hx+gpwneEIl0gtHityzcgnxgZVGXkoGAuevnQXvIbtbPtpPeJG9XD
 I6JOhBpvYdB6Ka198vAwQNpPAs7omlKCWJ7ZiAFlOjAu8W1fQjbZ+NtBtEtCEBHA
 KT1f/jgS8V6vRZg0Dors3u7Cc58eyHrnmpYlsJlSDyNQmYtvuBx3NAGQGKvwZhQ1
 R0Vi3N9eZwjrlw+bkKih
 =2sDG
 -----END PGP SIGNATURE-----

Merge tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging

Pull hwmon fixes from Guenter Roeck:

 - Report i2c errors to userspace in lm73 driver

 - Fix problem with DIV_ROUND_CLOSEST and unsigned divisors in emc6w201
   driver

* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (emc6w201) Fix DIV_ROUND_CLOSEST problem with unsigned divisors
  hwmon: (lm73} Detect and report i2c bus errors
2012-12-27 10:46:47 -08:00
Linus Torvalds
ddf75ae34e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace fixes from Eric Biederman:
 "This tree includes two bug fixes for problems Oleg spotted on his
  review of the recent pid namespace work.  A small fix to not enable
  bottom halves with irqs disabled, and a trivial build fix for f2fs
  with user namespaces enabled."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  f2fs: Don't assign e_id in f2fs_acl_from_disk
  proc: Allow proc_free_inum to be called from any context
  pidns: Stop pid allocation when init dies
  pidns: Outlaw thread creation after unshare(CLONE_NEWPID)
2012-12-27 10:42:46 -08:00
Linus Torvalds
7fd83b47ce Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

1) GRE tunnel drivers don't set the transport header properly, they also
   blindly deref the inner protocol ipv4 and needs some checks.  Fixes
   from Isaku Yamahata.

2) Fix sleeps while atomic in netdevice rename code, from Eric Dumazet.

3) Fix double-spinlock in solos-pci driver, from Dan Carpenter.

4) More ARP bug fixes.  Fix lockdep splat in arp_solicit() and then the
   bug accidentally added by that fix.  From Eric Dumazet and Cong Wang.

5) Remove some __dev* annotations that slipped back in, as well as all
   HOTPLUG references.  From Greg KH

6) RDS protocol uses wrong interfaces to access scatter-gather elements,
   causing a regression.  From Mike Marciniszyn.

7) Fix build error in cpts driver, from Richard Cochran.

8) Fix arithmetic in packet scheduler, from Stefan Hasko.

9) Similarly, fix association during calculation of random backoff in
   batman-adv.  From Akinobu Mita.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (21 commits)
  ipv6/ip6_gre: set transport header correctly
  ipv4/ip_gre: set transport header correctly to gre header
  IB/rds: suppress incompatible protocol when version is known
  IB/rds: Correct ib_api use with gs_dma_address/sg_dma_len
  net/vxlan: Use the underlying device index when joining/leaving multicast groups
  tcp: should drop incoming frames without ACK flag set
  netprio_cgroup: define sk_cgrp_prioidx only if NETPRIO_CGROUP is enabled
  cpts: fix a run time warn_on.
  cpts: fix build error by removing useless code.
  batman-adv: fix random jitter calculation
  arp: fix a regression in arp_solicit()
  net: sched: integer overflow fix
  CONFIG_HOTPLUG removal from networking core
  Drivers: network: more __dev* removal
  bridge: call br_netpoll_disable in br_add_if
  ipv4: arp: fix a lockdep splat in arp_solicit()
  tuntap: dont use a private kmem_cache
  net: devnet_rename_seq should be a seqcount
  ip_gre: fix possible use after free
  ip_gre: make ipgre_tunnel_xmit() not parse network header as IP unconditionally
  ...
2012-12-27 10:40:30 -08:00
Theodore Ts'o
0e9a9a1ad6 ext4: avoid hang when mounting non-journal filesystems with orphan list
When trying to mount a file system which does not contain a journal,
but which does have a orphan list containing an inode which needs to
be truncated, the mount call with hang forever in
ext4_orphan_cleanup() because ext4_orphan_del() will return
immediately without removing the inode from the orphan list, leading
to an uninterruptible loop in kernel code which will busy out one of
the CPU's on the system.

This can be trivially reproduced by trying to mount the file system
found in tests/f_orphan_extents_inode/image.gz from the e2fsprogs
source tree.  If a malicious user were to put this on a USB stick, and
mount it on a Linux desktop which has automatic mounts enabled, this
could be considered a potential denial of service attack.  (Not a big
deal in practice, but professional paranoids worry about such things,
and have even been known to allocate CVE numbers for such problems.)

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Zheng Liu <wenqing.lz@taobao.com>
Cc: stable@vger.kernel.org
2012-12-27 01:42:50 -05:00
Theodore Ts'o
721e3eba21 ext4: lock i_mutex when truncating orphan inodes
Commit c278531d39 added a warning when ext4_flush_unwritten_io() is
called without i_mutex being taken.  It had previously not been taken
during orphan cleanup since races weren't possible at that point in
the mount process, but as a result of this c278531d39, we will now see
a kernel WARN_ON in this case.  Take the i_mutex in
ext4_orphan_cleanup() to suppress this warning.

Reported-by: Alexander Beregalov <a.beregalov@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Reviewed-by: Zheng Liu <wenqing.lz@taobao.com>
Cc: stable@vger.kernel.org
2012-12-27 01:42:48 -05:00
Isaku Yamahata
ae782bb16c ipv6/ip6_gre: set transport header correctly
ip6gre_xmit2() incorrectly sets transport header to inner payload
instead of GRE header. It seems copy-and-pasted from ipip.c.
Set transport header to gre header.
(In ipip case the transport header is the inner ip header, so that's
correct.)

Found by inspection. In practice the incorrect transport header
doesn't matter because the skb usually is sent to another net_device
or socket, so the transport header isn't referenced.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 15:19:56 -08:00
Isaku Yamahata
861aa6d56d ipv4/ip_gre: set transport header correctly to gre header
ipgre_tunnel_xmit() incorrectly sets transport header to inner payload
instead of GRE header. It seems copy-and-pasted from ipip.c.
So set transport header to gre header.
(In ipip case the transport header is the inner ip header, so that's
correct.)

Found by inspection. In practice the incorrect transport header
doesn't matter because the skb usually is sent to another net_device
or socket, so the transport header isn't referenced.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 15:19:56 -08:00
Marciniszyn, Mike
a49675988c IB/rds: suppress incompatible protocol when version is known
Add an else to only print the incompatible protocol message
when version hasn't been established.

Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 15:17:37 -08:00
Marciniszyn, Mike
f2e9bd7032 IB/rds: Correct ib_api use with gs_dma_address/sg_dma_len
0b088e00 ("RDS: Use page_remainder_alloc() for recv bufs")
added uses of sg_dma_len() and sg_dma_address(). This makes
RDS DOA with the qib driver.

IB ulps should use ib_sg_dma_len() and ib_sg_dma_address
respectively since some HCAs overload ib_sg_dma* operations.

Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 15:17:37 -08:00
Yan Burman
af9b078e35 net/vxlan: Use the underlying device index when joining/leaving multicast groups
The socket calls from vxlan to join/leave multicast group aren't
using the index of the underlying device, as a result the stack uses
the first interface that is up. This results in vxlan being non functional
over a device which isn't the 1st to be up.
Fix this by providing the iflink field to the vxlan instance
to the multicast calls.

Signed-off-by: Yan Burman <yanb@mellanox.com>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 15:09:55 -08:00
Eric Dumazet
c3ae62af8e tcp: should drop incoming frames without ACK flag set
In commit 96e0bf4b5193d (tcp: Discard segments that ack data not yet
sent) John Dykstra enforced a check against ack sequences.

In commit 354e4aa391ed5 (tcp: RFC 5961 5.2 Blind Data Injection Attack
Mitigation) I added more safety tests.

But we missed fact that these tests are not performed if ACK bit is
not set.

RFC 793 3.9 mandates TCP should drop a frame without ACK flag set.

" fifth check the ACK field,
      if the ACK bit is off drop the segment and return"

Not doing so permits an attacker to only guess an acceptable sequence
number, evading stronger checks.

Many thanks to Zhiyun Qian for bringing this issue to our attention.

See :
http://web.eecs.umich.edu/~zhiyunq/pub/ccs12_TCP_sequence_number_inference.pdf

Reported-by: Zhiyun Qian <zhiyunq@umich.edu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Nandita Dukkipati <nanditad@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: John Dykstra <john.dykstra1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 15:08:55 -08:00
Christoffer Dall
ad4b3fb7ff mm: Fix PageHead when !CONFIG_PAGEFLAGS_EXTENDED
Unfortunately with !CONFIG_PAGEFLAGS_EXTENDED, (!PageHead) is false, and
(PageHead) is true, for tail pages.  If this is indeed the intended
behavior, which I doubt because it breaks cache cleaning on some ARM
systems, then the nomenclature is highly problematic.

This patch makes sure PageHead is only true for head pages and PageTail
is only true for tail pages, and neither is true for non-compound pages.

[ This buglet seems ancient - seems to have been introduced back in Apr
  2008 in commit 6a1e7f777f61: "pageflags: convert to the use of new
  macros".  And the reason nobody noticed is because the PageHead()
  tests are almost all about just sanity-checking, and only used on
  pages that are actual page heads.  The fact that the old code returned
  true for tail pages too was thus not really noticeable.   - Linus ]

Signed-off-by: Christoffer Dall <cdall@cs.columbia.edu>
Acked-by:  Andrea Arcangeli <aarcange@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Will Deacon <Will.Deacon@arm.com>
Cc: Steve Capper <Steve.Capper@arm.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: stable@kernel.org  # 2.6.26+
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-12-26 14:57:34 -08:00
Li Zefan
3d0dcfbd8f netprio_cgroup: define sk_cgrp_prioidx only if NETPRIO_CGROUP is enabled
sock->sk_cgrp_prioidx won't be used at all if CONFIG_NETPRIO_CGROUP=n.

Signed-off-by: Li Zefan <lizefan@huawei.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 14:16:23 -08:00
Richard Cochran
ccb6e984a1 cpts: fix a run time warn_on.
This patch fixes a warning in clk_enable by calling clk_prepare_enable
instead.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 14:15:09 -08:00
Richard Cochran
cbc44dbe1f cpts: fix build error by removing useless code.
The cpts driver tries to obtain the input clock frequency by calling the
clock's internal 'recalc' method. Since <plat/clock.h> has been removed,
this code can no longer compile.

However, the driver never makes use of the frequency value, so this patch
fixes the issue by removing the offending code altogether.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 14:15:09 -08:00
Akinobu Mita
143cdd8f33 batman-adv: fix random jitter calculation
batadv_iv_ogm_emit_send_time() attempts to calculates a random integer
in the range of 'orig_interval +- BATADV_JITTER' by the below lines.

        msecs = atomic_read(&bat_priv->orig_interval) - BATADV_JITTER;
        msecs += (random32() % 2 * BATADV_JITTER);

But it actually gets 'orig_interval' or 'orig_interval - BATADV_JITTER'
because '%' and '*' have same precedence and associativity is
left-to-right.

This adds the parentheses at the appropriate position so that it matches
original intension.

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Cc: Marek Lindner <lindner_marek@yahoo.de>
Cc: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Cc: Antonio Quartulli <ordex@autistici.org>
Cc: b.a.t.m.a.n@lists.open-mesh.org
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 14:13:23 -08:00
Andy Lutomirski
812089e01b PCI: Reduce Ricoh 0xe822 SD card reader base clock frequency to 50MHz
Otherwise it fails like this on cards like the Transcend 16GB SDHC card:

    mmc0: new SDHC card at address b368
    mmcblk0: mmc0:b368 SDC   15.0 GiB
    mmcblk0: error -110 sending status command, retrying
    mmcblk0: error -84 transferring data, sector 0, nr 8, cmd response 0x900, card status 0xb0

Tested on my Lenovo x200 laptop.

[bhelgaas: changelog]
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Chris Ball <cjb@laptop.org>
CC: Manoj Iyer <manoj.iyer@canonical.com>
CC: stable@vger.kernel.org
2012-12-26 10:43:06 -07:00
Huang Ying
c733b77475 PCI/PM: Do not suspend port if any subordinate device needs PME polling
Ulrich reported that his USB3 cardreader does not work reliably when
connected to the USB3 port.  It turns out that USB3 controller failed to
awaken when plugging in the USB3 cardreader.  Further experiments found
that the USB3 host controller can only be awakened via polling, not via PME
interrupt.  But if the PCIe port to which the USB3 host controller is
connected is suspended, we cannot poll the controller because its config
space is not accessible when the PCIe port is in a low power state.

To solve the issue, the PCIe port will not be suspended if any subordinate
device needs PME polling.

[bhelgaas: use bool consistently rather than mixing int/bool]
Reference: http://lkml.kernel.org/r/50841CCC.9030809@uli-eckhardt.de
Reported-by: Ulrich Eckhardt <usb@uli-eckhardt.de>
Tested-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
CC: stable@vger.kernel.org	# v3.6+
2012-12-26 10:39:23 -07:00
Bjorn Helgaas
130f1b8f35 PCI: Add PCIe Link Capability link speed and width names
Add standard #defines for the Supported Link Speeds field in the PCIe
Link Capabilities register.

Note that prior to PCIe spec r3.0, these encodings were defined:

    0001b  2.5GT/s Link speed supported
    0010b  5.0GT/s and 2.5GT/s Link speed supported

Starting with spec r3.0, these encodings refer to bits 0 and 1 in the
Supported Link Speeds Vector in the Link Capabilities 2 register, and bits
0 and 1 there mean 2.5 GT/s and 5.0 GT/s, respectively.  Therefore, code
that followed r2.0 and interpreted 0x1 as 2.5GT/s and 0x2 as 5.0GT/s will
continue to work, and we can identify a device using the new encodings
because it will have a non-zero Link Capabilities 2 register.

Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2012-12-26 10:39:23 -07:00
Myron Stowe
1278998f8f PCI: Work around Stratus ftServer broken PCIe hierarchy (fix DMI check)
Commit 284f5f9 was intended to disable the "only_one_child()" optimization
on Stratus ftServer systems, but its DMI check is wrong.  It looks for
DMI_SYS_VENDOR that contains "ftServer", when it should look for
DMI_SYS_VENDOR containing "Stratus" and DMI_PRODUCT_NAME containing
"ftServer".

Tested on Stratus ftServer 6400.

Reported-by: Fadeeva Marina <astarta@rat.ru>
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=51331
Signed-off-by: Myron Stowe <myron.stowe@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
CC: stable@vger.kernel.org	# v3.5+
2012-12-26 10:39:23 -07:00
Bjorn Helgaas
faa48a507f PCI: Remove spurious error for sriov_numvfs store and simplify flow
If we request "num_vfs" and the driver's sriov_configure() method enables
exactly that number ("num_vfs_enabled"), we complain "Invalid value for
number of VFs to enable" and return an error.  We should silently return
success instead.

Also, use kstrtou16() since numVFs is defined to be a 16-bit field and
rework to simplify control flow.

Reported-by: Greg Rose <gregory.v.rose@intel.com>
Reference: http://lkml.kernel.org/r/20121214101911.00002f59@unknown
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Donald Dutile <ddutile@redhat.com>
2012-12-26 10:39:22 -07:00
Eric W. Biederman
48c6d1217e f2fs: Don't assign e_id in f2fs_acl_from_disk
With user namespaces enabled building f2fs fails with:

 CC      fs/f2fs/acl.o
fs/f2fs/acl.c: In function ‘f2fs_acl_from_disk’:
fs/f2fs/acl.c:85:21: error: ‘struct posix_acl_entry’ has no member named ‘e_id’
make[2]: *** [fs/f2fs/acl.o] Error 1
make[2]: Target `__build' not remade because of errors.

e_id is a backwards compatibility field only used for file systems
that haven't been converted to use kuids and kgids.  When the posix
acl tag field is neither ACL_USER nor ACL_GROUP assigning e_id is
unnecessary.  Remove the assignment so f2fs will build with user
namespaces enabled.

Cc: Namjae Jeon <namjae.jeon@samsung.com>
Cc: Amit Sahrawat <a.sahrawat@samsung.com>
Acked-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2012-12-25 20:05:15 -08:00
Eric W. Biederman
dfb2ea45be proc: Allow proc_free_inum to be called from any context
While testing the pid namespace code I hit this nasty warning.

[  176.262617] ------------[ cut here ]------------
[  176.263388] WARNING: at /home/eric/projects/linux/linux-userns-devel/kernel/softirq.c:160 local_bh_enable_ip+0x7a/0xa0()
[  176.265145] Hardware name: Bochs
[  176.265677] Modules linked in:
[  176.266341] Pid: 742, comm: bash Not tainted 3.7.0userns+ #18
[  176.266564] Call Trace:
[  176.266564]  [<ffffffff810a539f>] warn_slowpath_common+0x7f/0xc0
[  176.266564]  [<ffffffff810a53fa>] warn_slowpath_null+0x1a/0x20
[  176.266564]  [<ffffffff810ad9ea>] local_bh_enable_ip+0x7a/0xa0
[  176.266564]  [<ffffffff819308c9>] _raw_spin_unlock_bh+0x19/0x20
[  176.266564]  [<ffffffff8123dbda>] proc_free_inum+0x3a/0x50
[  176.266564]  [<ffffffff8111d0dc>] free_pid_ns+0x1c/0x80
[  176.266564]  [<ffffffff8111d195>] put_pid_ns+0x35/0x50
[  176.266564]  [<ffffffff810c608a>] put_pid+0x4a/0x60
[  176.266564]  [<ffffffff8146b177>] tty_ioctl+0x717/0xc10
[  176.266564]  [<ffffffff810aa4d5>] ? wait_consider_task+0x855/0xb90
[  176.266564]  [<ffffffff81086bf9>] ? default_spin_lock_flags+0x9/0x10
[  176.266564]  [<ffffffff810cab0a>] ? remove_wait_queue+0x5a/0x70
[  176.266564]  [<ffffffff811e37e8>] do_vfs_ioctl+0x98/0x550
[  176.266564]  [<ffffffff810b8a0f>] ? recalc_sigpending+0x1f/0x60
[  176.266564]  [<ffffffff810b9127>] ? __set_task_blocked+0x37/0x80
[  176.266564]  [<ffffffff810ab95b>] ? sys_wait4+0xab/0xf0
[  176.266564]  [<ffffffff811e3d31>] sys_ioctl+0x91/0xb0
[  176.266564]  [<ffffffff810a95f0>] ? task_stopped_code+0x50/0x50
[  176.266564]  [<ffffffff81939199>] system_call_fastpath+0x16/0x1b
[  176.266564] ---[ end trace 387af88219ad6143 ]---

It turns out that spin_unlock_bh(proc_inum_lock) is not safe when
put_pid is called with another spinlock held and irqs disabled.

For now take the easy path and use spin_lock_irqsave(proc_inum_lock)
in proc_free_inum and spin_loc_irq in proc_alloc_inum(proc_inum_lock).

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2012-12-25 16:23:12 -08:00
Eric W. Biederman
c876ad7682 pidns: Stop pid allocation when init dies
Oleg pointed out that in a pid namespace the sequence.
- pid 1 becomes a zombie
- setns(thepidns), fork,...
- reaping pid 1.
- The injected processes exiting.

Can lead to processes attempting access their child reaper and
instead following a stale pointer.

That waitpid for init can return before all of the processes in
the pid namespace have exited is also unfortunate.

Avoid these problems by disabling the allocation of new pids in a pid
namespace when init dies, instead of when the last process in a pid
namespace is reaped.

Pointed-out-by:  Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2012-12-25 16:10:05 -08:00