Pull core updates (RCU and locking) from Ingo Molnar:
"Most of the diffstat comes from the RCU slow boot regression fixes,
but there's also a debuggability improvements/fixes."
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
memblock: Document memblock_is_region_{memory,reserved}()
rcu: Precompute RCU_FAST_NO_HZ timer offsets
rcu: Move RCU_FAST_NO_HZ per-CPU variables to rcu_dynticks structure
rcu: Update RCU_FAST_NO_HZ tracing for lazy callbacks
rcu: RCU_FAST_NO_HZ detection of callback adoption
spinlock: Indicate that a lockup is only suspected
kdump: Execute kmsg_dump(KMSG_DUMP_PANIC) after smp_send_stop()
panic: Make panic_on_oops configurable
Pull target updates from Nicholas Bellinger:
"This series contains post merge qla_target.c / tcm_qla2xxx bugfixes
from the past weeks, including the patch to allow target-core to use
an optional session shutdown callback to help address an active I/O
shutdown bug in tcm_qla2xxx code (Joern).
Also included is a target regression bugfix releated to explict ALUA
target port group CDB emulation that is CC'ed to stable (Roland)."
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
qla2xxx: Remove version.h header file inclusion
tcm_qla2xxx: Handle malformed wwn strings properly
tcm_qla2xxx: tcm_qla2xxx_handle_tmr() can be static
qla2xxx: Don't leak commands we give up on in qlt_do_work()
qla2xxx: Don't crash if we can't find cmd for failed CTIO
tcm_qla2xxx: Don't insert nacls without sessions into the btree
target: Return error to initiator if SET TARGET PORT GROUPS emulation fails
tcm_qla2xxx: Clear session s_id + loop_id earlier during shutdown
tcm_qla2xxx: Convert to TFO->put_session() usage
target: Add TFO->put_session() caller for HW fabric session shutdown
Pull btrfs update from Chris Mason:
"The dates look like I had to rebase this morning because there was a
compiler warning for a printk arg that I had missed earlier.
These are all fixes, including one to prevent using stale pointers for
device names, and lots of fixes around transaction abort cleanups
(Josef, Liu Bo).
Jan Schmidt also sent in a number of fixes for the new reference
number tracking code.
Liu Bo beat me to updating the MAINTAINERS file. Since he thought to
also fix the git url, I kept his commit."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: (24 commits)
Btrfs: update MAINTAINERS info for BTRFS FILE SYSTEM
Btrfs: destroy the items of the delayed inodes in error handling routine
Btrfs: make sure that we've made everything in pinned tree clean
Btrfs: avoid memory leak of extent state in error handling routine
Btrfs: do not resize a seeding device
Btrfs: fix missing inherited flag in rename
Btrfs: fix incompat flags setting
Btrfs: fix defrag regression
Btrfs: call filemap_fdatawrite twice for compression
Btrfs: keep inode pinned when compressing writes
Btrfs: implement ->show_devname
Btrfs: use rcu to protect device->name
Btrfs: unlock everything properly in the error case for nocow
Btrfs: fix btrfs_destroy_marked_extents
Btrfs: abort the transaction if the commit fails
Btrfs: wake up transaction waiters when aborting a transaction
Btrfs: fix locking in btrfs_destroy_delayed_refs
Btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error
Btrfs: fix race in tree mod log addition
Btrfs: add btrfs_next_old_leaf
...
Update to the latest btrfs's maintainer mail and git repo.
Signed-off-by: Liu Bo <liubo2009@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
the items of the delayed inodes were forgotten to be freed, this patch
fixes it.
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
Since we have two trees for recording pinned extents, we need to go through
both of them to make sure that we've done everything clean.
Signed-off-by: Liu Bo <liubo2009@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
We've forgotten to clear extent states in pinned tree, which will results in
space counter mismatch and memory leak:
WARNING: at fs/btrfs/extent-tree.c:7537 btrfs_free_block_groups+0x1f3/0x2e0 [btrfs]()
...
space_info 2 has 8380416 free, is not full
space_info total=12582912, used=4096, pinned=4096, reserved=0, may_use=0, readonly=4194304
btrfs state leak: start 29364224 end 29376511 state 1 in tree ffff880075f20090 refs 1
...
Signed-off-by: Liu Bo <liubo2009@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
Seeding devices are not supposed to change any more.
Signed-off-by: Liu Bo <liubo2009@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
When we move a file into a directory with compression flag, we need to
inherite BTRFS_INODE_COMPRESS and clear BTRFS_INODE_NOCOMPRESS as well.
But if we move a file into a directory without compression flag, we need
to clear both of them.
It is the way how our setflags deals with compression flag, so keep
the same behaviour here.
Signed-off-by: Liu Bo <liubo2009@cn.fujitsu.com>
Signed-off-by: Chris Mason <chris.mason@fusionio.com>
If a file has 3 small extents:
| ext1 | ext2 | ext3 |
Running "btrfs fi defrag" will only defrag the last two extents, if those
extent mappings hasn't been read into memory from disk.
This bug was introduced by commit 17ce6ef8d7
("Btrfs: add a check to decide if we should defrag the range")
The cause is, that commit looked into previous and next extents using
lookup_extent_mapping() only.
While at it, remove the code that checks the previous extent, since
it's sufficient to check the next extent.
Signed-off-by: Li Zefan <lizefan@huawei.com>
I removed this in an earlier commit and I was wrong. Because compression
can return from filemap_fdatawrite() without having actually set any of it's
pages as writeback() it can make filemap_fdatawait() do essentially nothing,
and then we won't find any ordered extents because they may not have been
created yet. So not only does this make fsync() completely useless, but it
will also screw up if you truncate on a non-page aligned offset since we
zero out the end and then wait on ordered extents and then call drop caches.
We can drop the cache before the io completes and then we try to unpin the
extent we just wrote we won't find it and everything goes sideways. So fix
this by putting it back and put a giant comment there to keep me from trying
to remove it in the future. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
A user reported lots of problems using compression on the new code and it
turns out part of the problem was that igrab() was failing when we added a
new ordered extent. This is because when writing out an inode under
compression we immediately return without actually doing anything to the
pages, and then in another thread at some point down the line actually do
the ordered dance. The problem is between the point that we start writeback
and we actually add the ordered extent we could be trying to reclaim the
inode, which makes igrab() return NULL. So we need to do an igrab() when we
create the async extent and then drop it when we are done with it. This
makes sure we stay pinned in memory until the ordered extent can get a
reference on it and we are good to go. With this patch we no longer panic
in btrfs_finish_ordered_io(). Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
Because btrfs can remove the device that was mounted we need to have a
->show_devname so that in this case we can print out some other device in
the file system to /proc/mount. So if there are multiple devices in a btrfs
file system we will just print the device with the lowest devid that we can
find. This will make everything consistent and deal with device removal
properly. The drawback is if you mount with a device that is higher than
the lowest devicd it won't show up as the mounted device in /proc/mounts,
but this is a small price to pay. This was inspired by Miao Xie's patch.
Thanks,
Reviewed-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Josef Bacik <josef@redhat.com>
Al pointed out that we can just toss out the old name on a device and add a
new one arbitrarily, so anybody who uses device->name in printk could
possibly use free'd memory. Instead of adding locking around all of this he
suggested doing it with RCU, so I've introduced a struct rcu_string that
does just that and have gone through and protected all accesses to
device->name that aren't under the uuid_mutex with rcu_read_lock(). This
protects us and I will use it for dealing with removing the device that we
used to mount the file system in a later patch. Thanks,
Reviewed-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Josef Bacik <josef@redhat.com>
I was getting hung on umount when a transaction was aborted because a range
of one of the free space inodes was still locked. This is because the nocow
stuff doesn't unlock anything on error. This fixed the problem and I
verified that is what was happening. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
So we're forcing the eb's to have their ref count set to 1 so invalidatepage
works but this breaks lots of things, for example root nodes, and is just
plain wrong, we don't need to just evict all of this stuff. Also drop the
invalidatepage altogether and add a page_cache_release(). With this patch
we no longer hang when trying to access the root nodes after an aborted
transaction and we no longer leak memory. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
If a transaction commit fails we don't abort it so we don't set an error on
the file system. This patch fixes that by actually calling the abort stuff
and then adding a check for a fs error in the transaction start stuff to
make sure it is caught properly. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
I was getting lots of hung tasks and a NULL pointer dereference because we
are not cleaning up the transaction properly when it aborts. First we need
to reset the running_transaction to NULL so we don't get a bad dereference
for any start_transaction callers after this. Also we cannot rely on
waitqueue_active() since it's just a list_empty(), so just call wake_up()
directly since that will do the barrier for us and such. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
The transaction abort stuff was throwing warnings from the list debugging
code because we do a list_del_init outside of the delayed_refs spin lock.
The delayed refs locking makes baby Jesus cry so it's not hard to get wrong,
but we need to take the ref head mutex to make sure it's not being processed
currently, and so if it is we need to drop the spin lock and then take and
drop the mutex and do the search again. If we can take the mutex then we
can safely remove the head from the list and carry on. Now when the
transaction aborts I don't get the list debugging warnings. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
While doing my enospc work I got a transaction abortion that resulted in a
panic when we tried to unlock_page() an already unlocked page. This is
because we aren't calling extent_clear_unlock_delalloc with the locked page
so it was unlocking all the pages in the range. This is wrong since
__extent_writepage expects to have the page locked still unless we return
*page_started as 1. This should keep us from panicing. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
When adding to the tree modification log, we grab two locks at different
stages. We must not drop the outer lock until we're done with section
protected by the inner lock. This moves the unlock call for the outer lock
to the appropriate position.
Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net>
To make sense of the tree mod log, the backref walker not only needs
btrfs_search_old_slot, but it also called btrfs_next_leaf, which in turn was
calling btrfs_search_slot. This obviously didn't give the correct result.
This commit adds btrfs_next_old_leaf, a drop-in replacement for
btrfs_next_leaf with a time_seq parameter. If it is zero, it behaves exactly
like btrfs_next_leaf. If it is non-zero, it will use btrfs_search_old_slot
with this time_seq parameter.
Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net>
In __tree_mod_log_oldest_root() we must return the found operation even if
it's not a ROOT_REPLACE operation. Otherwise, the caller assumes that there
are no operations to be rewinded and returns immediately.
The code in the caller is modified to improve readability.
Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net>
get_old_root could race with root node updates because we weren't locking
the node early enough. Use btrfs_read_lock_root_node to grab the root locked
in the very beginning and release the lock as soon as possible (just like
btrfs_search_slot does).
Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net>
When resolving indirect refs, we used to call btrfs_next_leaf in case we
didn't find an exact match. While we should find exact matches most of the
time, in case we don't, we must continue searching. Treating those matches
differently depending on the level we're searching doesn't make sense.
Even worse, we might end up searching for a key larger than the largest, in
which case there is no next_leaf and subsequent jobs would fail. This commit
drops the bogous lines.
Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net>
- section markup fixes
- clk_prepare() fix to conform to the clk API
- memory leaks
- incorrect debug messages
- bad errorpaths
- typos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAABAgAGBQJP2ZIRAAoJEEEQszewGV1zJEsP/jwNNj1+OvGYiOg+Tn29wc0q
J02EJGb0mNCPX8JzWpKSXoEdCzqbmqdjR7zfmetQV1GpiUgidrnIjyLnUCXZnNaF
2z210SoOWKnats9kvwdbptZ/xY/o1Ncdlfw2QgLiX6gx+bRmyNWR/4IOilsNMywA
u7gPcfGGNgidUCAjNz5tFS5o8kFI+Z9FF/7f8gs4TAT70k40n79RGpgW7gA2PhR8
c8WcJk2TOBThMdSl07JKChTtBtU1ZrPrv8quuk6+voPJa71nJfHNYkAd78cegOBS
5pfh0rCGElHDMfZ5DdFBsFL1ETxni0mSziBIdgnBX85Ll/wJH6tEPjcVA1sv8Jka
kLm61XKsDwV+A0KibgmGPSu6nYqGZMaAsvJPSWJjXcPcS3VhXK4lly3OCD1KB6U+
5u6hD+yavYX8mpEOik3y9pnKYS80d8zvR22/jGpqTByG3DbLwAlLzen7iWHqAbLG
JJLpD6pxkVA15x+TkS3I1kBMzjM5G11AjticgIxAfx4pSqL/n0CJ1m9tXQ1X7iis
Kl526ZWxh+GDy9/cM/AqjEJYoefmcCTv1wSieWVsgEKc7+tut47rdaNa4eC+jqho
NprmfhS16na5GCagh0yI+YXl+nK0Kd9oWoGiJqQcS67UZEn06SzRNdABBPa5OO1F
ZVfnheS1t4UVw/E5Gmz2
=F/II
-----END PGP SIGNATURE-----
Merge tag 'pinctrl-fixes-for-v3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pinctrl fixes from Linus Walleij:
- section markup fixes
- clk_prepare() fix to conform to the clk API
- memory leaks
- incorrect debug messages
- bad errorpaths
- typos
* tag 'pinctrl-fixes-for-v3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: pinctrl-mxs: set platform driver data to NULL at errpath and at unregister
pinctrl: pinctrl-mxs: Take care of frees if the kzalloc fails
pinctrl: pinctrl-imx: fix incorrect debug message of maps
pinctrl: pinctrl-imx: free if of_get_parent fails to get the parent node
pinctrl: pinctrl-imx: free allocated pinctrl_map structure only once and use kernel facilities for IMX_PMX_DUMP
pinctrl: nomadik: fix up typo
pinctrl: nomadik: add clk_prepare() call
pinctrl: fix a minor harmless typo
pinctrl: sirf: mark of_device_id match table as __devinitconst
- Fix a regression of USB-audio PCM assignment since 3.4
- A few VGA-switcheroo-related fixes for proper HDMI audio enablement
- Fixed the missing initializations of HD-audio verbs, which may have
resulted in various breakage
- Some driver-specific ASoC updates
- A few fixes for the dynamic PCM code
- The addition of pinctrl support for the i.MX audmux which didn't make it
into -rc1 due to cross tree dependency issues
- A few minor fixes in compress API codes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iQIcBAABAgAGBQJP2KtCAAoJEGwxgFQ9KSmkCosQAIKjgSBIT9JMZ714q2LkyZkb
bo+Rr4N/WKq7E2xV/2nsziWhZoPlInws+hYvFx8eFP84gKlGUCZyJwV5Rzn37h3W
IK6ACkgDD3f9U50oO9jwM2M6lFxpu+4LJPIJEewYAfhtr9gLv9uxALDhocfhg6Gd
H+IaYdCKZxffCaXTNUiLURoEDA+qp7/T4d5CHuc7/l/RRCb2n7ZaKXoreCvon+iK
h6I3J91MdudDvn6X+h7KFOIq01L5R5gp3ml+T7REg9rNB2aQk9UGo+qBqsKEoihO
/7Ih0pvny167dVZJKGzjh3uM7G7cnLcnhmc88jFFRhRooETNDwk1Qz3V+ur+sSdw
rkoNicdgujXRsuPr+xqmWYRZrfmeBZ3SJWEA+aFA8pRhrU/WrbNAaj7EBVc0Gq3f
p1rEZ4t16Qqj+1Px+xHUEMjOidF1voCX3NiWZrfYBqO8AheerrNKe6zmCY20cRaC
4PYWJYzRui9rec1Ic5fW/7BWqWEv+2rAoBdisZmVAqjNEUlP/pHEdi4OTmCL8ss0
hrp0BLksfeedDcVhdVSQG6UjA4U6IOcA528Z731FGZ5QP7ZZ3IdwvuZFiact5QHx
HbBTjCYR52VsmTPSWJpQ5rc5Kq0lBz5VayTrTIt0f9nom7Qm7RgiFatDkMeObwgm
Ncwa8CIInqsFq384g4E4
=Hrh7
-----END PGP SIGNATURE-----
Merge tag 'sound-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
- Fix a regression of USB-audio PCM assignment since 3.4
- A few VGA-switcheroo-related fixes for proper HDMI audio enablement
- Fixed the missing initializations of HD-audio verbs, which may have
resulted in various breakage
- Some driver-specific ASoC updates
- A few fixes for the dynamic PCM code
- The addition of pinctrl support for the i.MX audmux which didn't make
it into -rc1 due to cross tree dependency issues
- A few minor fixes in compress API codes
* tag 'sound-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Don't forget to call init verbs added by fixup list
ALSA: HDA: Pin fixup for Zotac Z68 motherboard
ALSA: compress_core: cleanup pointers on stop
ALSA: compress_core: don't wake up on pause
ALSA: hda - Fix detection of Creative SoundCore3D controllers
vga_switcheroo: Enable/disable audio clients at the right time
ALSA: hda - HDMI Audio init all connectors when VGA-switcheroo is off
vga_switcheroo: Fix error without CONFIG_VGA_SWITCHEROO
ALSA: hda - Fix uninitialized HDMI controllers with VGA-switcheroo
vga_switcheroo: Add a helper function to get the client state
ALSA: usb-audio: Fix substream assignments
ASoC: tegra: add MODULE_DEVICE_TABLE to tegra30_ahub
ASoC: wm2000: Always use a 4s timeout for the firmware
ASoC: dapm: Fix input list to use source widgets
ASoC: dpcm: Fix dpcm_get_be() to check that DAI is BE
ASoC: wm8994: Apply volume updates with clocks enabled
ASoC: wm8994: Ensure all AIFnCLK events are run from the _late variants
ASoC: imx-audmux: add pinctrl support
ASoC: dapm: Fix connected widget capture path query.
Pull networking fixes from David S. Miller:
This has the fix for the wireless issues I ran into the other week as
well as:
1) Fix CAN c_can driver transmit handling resulting in BUG check
triggers, from AnilKumar Ch.
2) Fix packet drop monitor sleeping in atomic context, from Eric
Dumazet.
3) Fix mv643xx_eth driver build regression, from Andrew Lunn.
4) Inetpeer freeing needs an RCU grace period in order to avoid races
during tree invalidation. From Eric Dumazet.
5) Fix endianness bugs in xt_HMARK netfilter module, from Hans
Schillstrom.
6) Add proper module refcounting to l2tp_eth to avoid crash on module
unload, from Eric Dumazet.
7) Fix truncation of neighbour entry dumps due to logic errors in
neigh_dump_info() and friends, from Eric Dumazet.
8) The conversion of fib6_age() to dst_neigh_lookup() accidently
reversed the logic of a flags test, fix from Thomas Graf.
9) Fix checksum configuration in newer sky2 chips, from Stephen
Hemminger.
10) Revert BQL support in NIU driver, doesn't work.
11) l2tp_ip_sendmsg() illegally uses a route without a proper reference.
From Eric Dumazet.
12) be2net driver references an SKB after it's potentially been freed,
also from Eric Dumazet.
13) Fix RCU stalls in dummy net driver init. Also from Eric Dumazet.
14) lpc_eth has several bugs in it's transmit engine leading to packet
leaks and improper queue wakes, from Eric Dumazet.
15) Apply short DMA workaround to more tg3 chips, from Matt Carlson.
16) Add tilegx network driver.
17) Bonding queue mapping for a packet can get corrupted, fix from Eric
Dumazet.
18) Fix bug in netpoll_send_udp() SKB management that can leave garbage
in the payload in certain situations. From Eric Dumazet.
19) bnx2x driver interprets chip RX checksum offload incorrectly in
encapsulation situations. Fix from Eric Dumazet.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits)
bnx2x: fix checksum validation
netpoll: fix netpoll_send_udp() bugs
bonding: Fix corrupted queue_mapping
bonding:record primary when modify it via sysfs
tilegx network driver: initial support
tg3: Apply short DMA frag workaround to 5906
net: stmmac: Fix clock en-/disable calls
lpc_eth: fix tx completion
lpc_eth: add missing ndo_change_mtu()
dummy: fix rcu_sched self-detected stalls
net: Reorder initialization in ip_route_output to fix gcc warning
virtio-net: fix a race on 32bit arches
r8169: avoid NAPI scheduling delay.
net: Make linux/tcp.h C++ friendly (trivial)
netdev: fix drivers/net/phy/ kernel-doc warnings
net/core: fix kernel-doc warnings
be2net: fix a race in be_xmit()
l2tp: fix a race in l2tp_ip_sendmsg()
mac80211: add back channel change flag
NFC: Fix possible NULL ptr deref when getting the name of a socket
...
bnx2x driver incorrectly sets ip_summed to CHECKSUM_UNNECESSARY on
encapsulated segments. TCP stack happily accepts frames with bad
checksums, if they are inside a GRE or IPIP encapsulation.
Our understanding is that if no IP or L4 csum validation was done by the
hardware, we should leave ip_summed as is (CHECKSUM_NONE), since
hardware doesn't provide CHECKSUM_COMPLETE support in its cqe.
Then, if IP/L4 checksumming was done by the hardware, set
CHECKSUM_UNNECESSARY if no error was flagged.
Patch based on findings and analysis from Robert Evans
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Eilon Greenstein <eilong@broadcom.com>
Cc: Yaniv Rosner <yanivr@broadcom.com>
Cc: Merav Sicron <meravs@broadcom.com>
Cc: Tom Herbert <therbert@google.com>
Cc: Robert Evans <evansr@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Bogdan Hamciuc diagnosed and fixed following bug in netpoll_send_udp() :
"skb->len += len;" instead of "skb_put(skb, len);"
Meaning that _if_ a network driver needs to call skb_realloc_headroom(),
only packet headers would be copied, leaving garbage in the payload.
However the skb_realloc_headroom() must be avoided as much as possible
since it requires memory and netpoll tries hard to work even if memory
is exhausted (using a pool of preallocated skbs)
It appears netpoll_send_udp() reserved 16 bytes for the ethernet header,
which happens to work for typicall drivers but not all.
Right thing is to use LL_RESERVED_SPACE(dev)
(And also add dev->needed_tailroom of tailroom)
This patch combines both fixes.
Many thanks to Bogdan for raising this issue.
Reported-by: Bogdan Hamciuc <bogdan.hamciuc@freescale.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Bogdan Hamciuc <bogdan.hamciuc@freescale.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Neil Horman <nhorman@tuxdriver.com>
Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
iEYEABECAAYFAk/YA2QACgkQGkmNcg7/o7iquwCg1dTXMRl6iC+/nGrfBylFhbvQ
IjQAnj/+piJJlqdN8HDPnnXOvbcgZLNk
=hO8d
-----END PGP SIGNATURE-----
Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh
Pull SuperH fixes from Paul Mundt.
* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
sh: Kill off additional asm-generic wrappers.
sh: Setup CROSS_COMPILE at the top
sh: Fix up link time defsym warnings.
sh: use the new generic strnlen_user() function
sh: switch to generic strncpy_from_user().
sh: Kill off last dead UBC header
serial: sh-sci: Make probe fail for ports that exceed the maximum count
serial: sh-sci: Fix probe error paths
clocksource: sh_tmu: Use clockevents_config_and_register().
clocksource: sh_tmu: Convert timer lock to raw spinlock.
clocksource: sh_mtu2: Convert timer lock to raw spinlock.
clocksource: sh_cmt: Convert timer lock to raw spinlock.
bug.h: need linux/kernel.h for TAINT_WARN.
sh: convert to kbuild asm-generic support.
sh64: Fix up fallout from generic init_task conversion.
sh: arch/sh/kernel/process.c needs asm/fpu.h for unlazy_fpu().
Pull led fixes from Bryan Wu.
* 'fixes-for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds:
leds: Make LEDS_ASIC3 and LEDS_RENESAS_TPU depend on LEDS_CLASS=y
leds: fixed a coding style issue.
leds: don't disable blinking when writing the same value to delay_on or delay_off
Pull m68k update from Geert Uytterhoeven.
This makes m68k use the generic library functions for the user-space
strn[cpy|len] functions.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k: Use generic strncpy_from_user(), strlen_user(), and strnlen_user()
debugfs or omapdss debug support is turned off, and fixes a suspend related
crash.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJPzhSwAAoJEPo9qoy8lh71dsoP/jaG+94RexLOAAr4uzqV7t3c
PB/CTp1SwALNhGYflZMtQF6tx6hVWbqEQqY0KmyseJeC2hp5pNluKuMkxspyPyfx
aoYER3XNb0ncsjQzhrFWa4HgBUt3nAeS0e2mDLQDEkhuh5bsgtyu3OsPIHELbZGL
4kW3xO3ujEJLVQlHP58EWGgE8051dU608uEAte95lxeNhLaF27WNFJBDYIwriGjl
a6vglYkoMAW+nV3k1KjOq2WNpVSh/uvCPZJd+aPa36z16IGR7EfQPTdh0yVtdbjc
ABdaOnoUKkb8AfQtMQaCLzVWMnIao6klbAJv/RIue3VCjdj4Rhjd4Ds0rTh9sIqM
VrKyg1j+VKJyuuIPSo4SlNETMi2kMLnaKjKd+hXcft5eVkdWlpPOGcEg1OtdosMA
pPOLdg+VmAKTey3Sjn8oBRZIJbfG6uKPDB/EWFHNgii+8H3WMU7LBuGj9JlB8ERY
Tnl17cxS5YnVFkpjvzIAYk7vgY5v3rh9y6VwlfTaU0FMJ4z0VMwkUN6nCvGezvM0
A1cJ9Yvm8tMkBjurEkdBIyysjBVa8D4oEnsMBUMXzz8besGkPaFRBhPBu9buKwdz
mbwkla7STxQ5/jWQjsabvzwMuZ+oHuo5GdVZd65w0+VU+fSZ3jVN8chikDHyISEu
6W9OV0PeZp0miTlhynKW
=yO72
-----END PGP SIGNATURE-----
Merge tag 'omapdss-for-3.5-rc2' of git://gitorious.org/linux-omap-dss2/linux
Pull omapdss build problem fix from Tomi Valkeinen:
"Small fixes for omapdss driver. Most importantly, fixes a build
problem when debugfs or omapdss debug support is turned off, and fixes
a suspend related crash."
This has apparently been annoying rmk for a while..
* tag 'omapdss-for-3.5-rc2' of git://gitorious.org/linux-omap-dss2/linux:
OMAPDSS: fix registration of DPI and SDI devices
OMAPDSS: DSI: Fix bug when calculating LP command interleaving parameters
OMAPDSS: fix bogus WARN_ON in dss_runtime_put()
OMAPDSS: Taal: fix compilation warning
OMAPDSS: fix build when DEBUG_FS or DSS_DEBUG_SUPPORT disabled
During the split to the auto-parser helper functions, the actual call
of init verbs was lost.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=43366
Signed-off-by: Takashi Iwai <tiwai@suse.de>
version.h header file is no longer required for qla_target code.
Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
If we make a variable an unsigned int and then expect it to be < 0 on
a bad character, we're going to have a bad time. Fix the tcm_qla2xxx
code to actually notice if hex_to_bin() returns a negative variable.
This was detected by the compiler warning:
scsi/qla2xxx/tcm_qla2xxx.c: In function ‘tcm_qla2xxx_npiv_extract_wwn’:
scsi/qla2xxx/tcm_qla2xxx.c:148:3: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
If we go to the "out_term:" exit path in qlt_do_work(), we call
qlt_send_term_exchange() with a NULL cmd, which means that it can't
possibly free the cmd for us. Add an explicit call to free the
command memory, so we don't leak the allocation.
This will also fix warnings about "BUG qla_tgt_cmd_cachep: Objects
remaining on kmem_cache_close" from slub when unloading the qla2xxx
target module.
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
In qlt_do_ctio_completion(), there's no point in calling
qlt_term_ctio_exchange() with a NULL cmd -- all that it does is crash
in a NULL pointer dereference, since it does
qlt_send_term_exchange(vha, cmd, &cmd->atio, 1);
and dereferencing &cmd->atio is a bad idea if cmd itself is NULL.
If we really need to do this, we could take the values from the
failed CTIO we're processing, but it's not clear if it's worth
the replumbing to do that.
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
When we create an explicit node ACL in tcm_qla2xxx_make_nodeacl(),
there is a call to tcm_qla2xxx_setup_nacl_from_rport(), which puts the
node ACL into the lport_fcport_map even though there is no session yet
for the initiator. Since the only time we remove entries from this
map is when we free a session, this means that if we later delete this
node ACL without the initiator ever creating a session, we'll leave
the nacl pointer in the btree pointing at freed memory.
This is especially bad if that initiator later does send us a command
that would cause us to create a dynamic ACL and session: we'll find
the stale freed nacl pointer in the btree and end up with use-after-free.
We could add more code to clear the btree entry when deleting the
explicit nacl, but the original insertion is pointless: without a
session attached, we'll just have to update the entry when a session
appears anyway. So we can just delete tcm_qla2xxx_setup_nacl_from_rport()
and the code that calls it.
Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: Chad Dupuis <chad.dupuis@qlogic.com>
Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
The error paths in target_emulate_set_target_port_groups() are all
essentially "rc = -EINVAL; goto out;" but the code at "out:" ignores
rc and always returns success. This means that even if eg explicit
ALUA is turned off, the initiator will always see a good SCSI status
for SET TARGET PORT GROUPS.
Fix this by returning rc as is intended. It appears this bug was
added by the following patch:
commit 05d1c7c0d0
Author: Andy Grover <agrover@redhat.com>
Date: Wed Jul 20 19:13:28 2011 +0000
target: Make all control CDBs scatter-gather
Signed-off-by: Roland Dreier <roland@purestorage.com>
Cc: Andy Grover <agrover@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
This patch adds a new tcm_qla2xxx_clear_sess_lookup() call to clear session
specific s_id + loop_id entries used for se_node_acl pointer lookup ahead
of releasing se_session within the process context workqueue callback in
tcm_qla2xxx_free_session().
It makes the call in existing tcm_qla2xxx_clear_nacl_from_fcport_map()
code invoked from qlt_unreg_sess() in interrupt context w/ hardware_lock
held, ahead of the process context callback into qlt_free_session_done()
-> tcm_qla2xxx_free_session().
We are doing this to address a race between incoming ATIO or TMR packets
using stale se_node_acl pointer once session shutdown has been invoked via
qlt_unreg_sess() in qla_target.c LLD code, and when the entire tcm_qla2xxx
endpoint has not been forced into shutdown w/ echo 0 > ../$QLA2XXX_PORT/enable
Cc: Joern Engel <joern@logfs.org>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
CROSS_COMPILE must be setup before using e.g. cc-option (and a few other
as-*, cc-*, ld-* macros), else they will check against the wrong compiler
when cross-compiling, and may invoke the cross compiler with wrong or
suboptimal compiler options.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: linux-sh@vger.kernel.org
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This patch converts tcm_qla2xxx code to use an internal kref_put() for
se_session->sess_kref in order to ensure that qla_hw_data->hardware_lock
can be held while calling qlt_unreg_sess() for the final put.
Signed-off-by: Joern Engel <joern@logfs.org>
Cc: Roland Dreier <roland@purestorage.com>
Cc: Arun Easi <arun.easi@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>