1. 21 Aug, 2012 3 commits
    • Sage Weil's avatar
      ceph: avoid divide by zero in __validate_layout() · 45f2e081
      Sage Weil authored
      If "l->stripe_unit" is zero the the mod on the next line will cause a
      divide by zero bug.  This comes from the copy_from_user() in
      ceph_ioctl_set_layout_policy().  Passing 0 is valid, though (it means
      "do not change") so avoid the % check in that case.
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarSage Weil <sage@inktank.com>
      Reviewed-by: default avatarAlex Elder <elder@inktank.com>
      45f2e081
    • Jim Schutt's avatar
      libceph: avoid truncation due to racing banners · 6d4221b5
      Jim Schutt authored
      Because the Ceph client messenger uses a non-blocking connect, it is
      possible for the sending of the client banner to race with the
      arrival of the banner sent by the peer.
      
      When ceph_sock_state_change() notices the connect has completed, it
      schedules work to process the socket via con_work().  During this
      time the peer is writing its banner, and arrival of the peer banner
      races with con_work().
      
      If con_work() calls try_read() before the peer banner arrives, there
      is nothing for it to do, after which con_work() calls try_write() to
      send the client's banner.  In this case Ceph's protocol negotiation
      can complete succesfully.
      
      The server-side messenger immediately sends its banner and addresses
      after accepting a connect request, *before* actually attempting to
      read or verify the banner from the client.  As a result, it is
      possible for the banner from the server to arrive before con_work()
      calls try_read().  If that happens, try_read() will read the banner
      and prepare protocol negotiation info via prepare_write_connect().
      prepare_write_connect() calls con_out_kvec_reset(), which discards
      the as-yet-unsent client banner.  Next, con_work() calls
      try_write(), which sends the protocol negotiation info rather than
      the banner that the peer is expecting.
      
      The result is that the peer sees an invalid banner, and the client
      reports "negotiation failed".
      
      Fix this by moving con_out_kvec_reset() out of
      prepare_write_connect() to its callers at all locations except the
      one where the banner might still need to be sent.
      
      [elder@inktak.com: added note about server-side behavior]
      Signed-off-by: default avatarJim Schutt <jaschut@sandia.gov>
      Reviewed-by: default avatarAlex Elder <elder@inktank.com>
      6d4221b5
    • Sage Weil's avatar
      ceph: tolerate (and warn on) extraneous dentry from mds · 6c5e50fa
      Sage Weil authored
      If the MDS gives us a dentry and we weren't prepared to handle it,
      WARN_ON_ONCE instead of crashing.
      Reported-by: default avatarYan, Zheng <zheng.z.yan@intel.com>
      Signed-off-by: default avatarSage Weil <sage@inktank.com>
      Reviewed-by: default avatarAlex Elder <elder@inktank.com>
      6c5e50fa
  2. 20 Aug, 2012 1 commit
  3. 18 Aug, 2012 4 commits
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 6dab7ede
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "The largest thing in this set of changes is bringing back some of the
        ARMv3 code to fix a compile problem noticed on RiscPC, which we still
        support, even though we only support ARMv4 there.
      
        (The reason is that the system bus doesn't support ARMv4 half-word
        accesses, so we need the ARMv3 library code for this platform.)
      
        The rest are all quite minor fixes."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: 7490/1: Drop duplicate select for GENERIC_IRQ_PROBE
        ARM: Bring back ARMv3 IO and user access code
        ARM: 7489/1: errata: fix workaround for erratum #720789 on UP systems
        ARM: 7488/1: mm: use 5 bits for swapfile type encoding
        ARM: 7487/1: mm: avoid setting nG bit for user mappings that aren't present
        ARM: 7486/1: sched_clock: update epoch_cyc on resume
        ARM: 7484/1: Don't enable GENERIC_LOCKBREAK with ticket spinlocks
        ARM: 7483/1: vfp: only advertise VFPv4 in hwcaps if CONFIG_VFPv3 is enabled
        ARM: 7482/1: topology: fix section mismatch warning for init_cpu_topology
      6dab7ede
    • Linus Torvalds's avatar
      Merge tag 'pm-for-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · d9ec0fdc
      Linus Torvalds authored
      Pull power management fixes from Rafael J. Wysocki:
        - Fixes for three obscure problems in the runtime PM core code found
         recently.
       - Two fixes for the new "coupled" cpuidle code from Colin Cross and Jon
         Medhurst.
       - intel_idle driver fix from Konrad Rzeszutek Wilk.
      
      * tag 'pm-for-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing it.
        cpuidle: Prevent null pointer dereference in cpuidle_coupled_cpu_notify
        cpuidle: coupled: fix sleeping while atomic in cpu notifier
        PM / Runtime: Check device PM QoS setting before "no callbacks" check
        PM / Runtime: Clear power.deferred_resume on success in rpm_suspend()
        PM / Runtime: Fix rpm_resume() return value for power.no_callbacks set
      d9ec0fdc
    • Linus Torvalds's avatar
      Merge branch 'vfs-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 20fb1936
      Linus Torvalds authored
      Pull vfs fixes from Miklos Szeredi.
      
      This mainly fixes some confusion about whether the open 'mode' variable
      passed around should contain the full file type (S_IFREG etc)
      information or just the permission mode.  In particular, the lack of
      proper file type information had confused fuse.
      
      * 'vfs-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        vfs: fix propagation of atomic_open create error on negative dentry
        fuse: check create mode in atomic open
        vfs: pass right create mode to may_o_create()
        vfs: atomic_open(): fix create mode usage
        vfs: canonicalize create mode in build_open_flags()
      20fb1936
    • Linus Torvalds's avatar
      Merge tag 'md-3.6-fixes' of git://neil.brown.name/md · 1ce41cd8
      Linus Torvalds authored
      Pull md fixes from NeilBrown:
       "2 fixes for md, tagged for -stable"
      
      * tag 'md-3.6-fixes' of git://neil.brown.name/md:
        md/raid10: fix problem with on-stack allocation of r10bio structure.
        md: Don't truncate size at 4TB for RAID0 and Linear
      1ce41cd8
  4. 17 Aug, 2012 22 commits
    • NeilBrown's avatar
      md/raid10: fix problem with on-stack allocation of r10bio structure. · e0ee7785
      NeilBrown authored
      A 'struct r10bio' has an array of per-copy information at the end.
      This array is declared with size [0] and r10bio_pool_alloc allocates
      enough extra space to store the per-copy information depending on the
      number of copies needed.
      
      So declaring a 'struct r10bio on the stack isn't going to work.  It
      won't allocate enough space, and memory corruption will ensue.
      
      So in the two places where this is done, declare a sufficiently large
      structure and use that instead.
      
      The two call-sites of this bug were introduced in 3.4 and 3.5
      so this is suitable for both those kernels.  The patch will have to
      be modified for 3.4 as it only has one bug.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarIvan Vasilyev <ivan.vasilyev@gmail.com>
      Tested-by: default avatarIvan Vasilyev <ivan.vasilyev@gmail.com>
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      e0ee7785
    • Linus Torvalds's avatar
      Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband · 846b9996
      Linus Torvalds authored
      Pull infiniband/rdma fixes from Roland Dreier:
       "Grab bag of InfiniBand/RDMA fixes:
         - IPoIB fixes for regressions introduced by path database conversion
         - mlx4 fixes for bugs with large memory systems and regressions from
           SR-IOV patches
         - RDMA CM fix for passing bad event up to userspace
         - Other minor fixes"
      
      * tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
        IB/mlx4: Check iboe netdev pointer before dereferencing it
        mlx4_core: Clean up buddy bitmap allocation
        mlx4_core: Fix integer overflow issues around MTT table
        mlx4_core: Allow large mlx4_buddy bitmaps
        IB/srp: Fix a race condition
        IB/qib: Fix error return code in qib_init_7322_variables()
        IB: Fix typos in infiniband drivers
        IB/ipoib: Fix RCU pointer dereference of wrong object
        IB/ipoib: Add missing locking when CM object is deleted
        RDMA/ucma.c: Fix for events with wrong context on iWARP
        RDMA/ocrdma: Don't call vlan_dev_real_dev() for non-VLAN netdevs
        IB/mlx4: Fix possible deadlock on sm_lock spinlock
      846b9996
    • Linus Torvalds's avatar
      Merge tag 'tty-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 225a389b
      Linus Torvalds authored
      Pull TTY fixes from Greg Kroah-Hartman:
       "Here are 4 tiny patches, each fixing a serial driver problem that
        people have reported.
      
        Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
      
      * tag 'tty-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        pmac_zilog,kdb: Fix console poll hook to return instead of loop
        serial: mxs-auart: fix the wrong RTS hardware flow control
        serial: ifx6x60: fix paging fault on spi_register_driver
        serial: Change Kconfig entry for CLPS711X-target
      225a389b
    • Konrad Rzeszutek Wilk's avatar
      intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing it. · 3735d524
      Konrad Rzeszutek Wilk authored
      If the machine is booted without any cpu_idle driver set
      (b/c disable_cpuidle() has been called) we should follow
      other users of cpu_idle API and check the return value
      for NULL before using it.
      Reported-and-tested-by: default avatarMark van Dijk <mark@internecto.net>
      Suggested-by: default avatarJan Beulich <JBeulich@suse.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      3735d524
    • Jon Medhurst (Tixy)'s avatar
      cpuidle: Prevent null pointer dereference in cpuidle_coupled_cpu_notify · 5fbbb90d
      Jon Medhurst (Tixy) authored
      When a kernel is built to support multiple hardware types it's possible
      that CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is set but the hardware the
      kernel is run on doesn't support cpuidle and therefore doesn't load a
      driver for it. In this case, when the system is shut down,
      cpuidle_coupled_cpu_notify() gets called with cpuidle_devices set to
      NULL. There are quite possibly other circumstances where this
      situation can also occur and we should check for it.
      Signed-off-by: default avatarJon Medhurst <tixy@linaro.org>
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      5fbbb90d
    • Colin Cross's avatar
      cpuidle: coupled: fix sleeping while atomic in cpu notifier · 63c6ba43
      Colin Cross authored
      The cpu hotplug notifier gets called in both atomic and non-atomic
      contexts, it is not always safe to lock a mutex.  Filter out all events
      except the six necessary ones, which are all sleepable, before taking
      the mutex.
      Signed-off-by: default avatarColin Cross <ccross@android.com>
      Reviewed-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      63c6ba43
    • Rafael J. Wysocki's avatar
      PM / Runtime: Check device PM QoS setting before "no callbacks" check · 55d7ec45
      Rafael J. Wysocki authored
      If __dev_pm_qos_read_value(dev) returns a negative value,
      rpm_suspend() should return -EPERM for dev even if its
      power.no_callbacks flag is set.  For this to happen, the device's
      power.no_callbacks flag has to be checked after the PM QoS check,
      so move the PM QoS check to rpm_check_suspend_allowed() (this will
      make it cover idle notifications as well as runtime suspend too).
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Cc: stable@vger.kernel.org
      55d7ec45
    • Rafael J. Wysocki's avatar
      PM / Runtime: Clear power.deferred_resume on success in rpm_suspend() · 58a34de7
      Rafael J. Wysocki authored
      The power.deferred_resume can only be set if the runtime PM status
      of device is RPM_SUSPENDING and it should be cleared after its
      status has been changed, regardless of whether or not the runtime
      suspend has been successful.  However, it only is cleared on
      suspend failure, while it may remain set on successful suspend and
      is happily leaked to rpm_resume() executed in that case.
      
      That shouldn't happen, so if power.deferred_resume is set in
      rpm_suspend() after the status has been changed to RPM_SUSPENDED,
      clear it before calling rpm_resume().  Then, it doesn't need to be
      cleared before changing the status to RPM_SUSPENDING any more,
      because it's always cleared after the status has been changed to
      either RPM_SUSPENDED (on success) or RPM_ACTIVE (on failure).
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Cc: stable@vger.kernel.org
      58a34de7
    • Rafael J. Wysocki's avatar
      PM / Runtime: Fix rpm_resume() return value for power.no_callbacks set · 7f321c26
      Rafael J. Wysocki authored
      For devices whose power.no_callbacks flag is set, rpm_resume()
      should return 1 if the device's parent is already active, so that
      the callers of pm_runtime_get() don't think that they have to wait
      for the device to resume (asynchronously) in that case (the core
      won't queue up an asynchronous resume in that case, so there's
      nothing to wait for anyway).
      
      Modify the code accordingly (and make sure that an idle notification
      will be queued up on success, even if 1 is to be returned).
      Signed-off-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Cc: stable@vger.kernel.org
      7f321c26
    • Linus Torvalds's avatar
      Merge tag 'staging-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 557e2e2e
      Linus Torvalds authored
      Pull staging fixes from Greg Kroah-Hartman:
       "Here are some staging driver fixes (and iio driver fixes, they get
        lumped in with the staging stuff due to dependancies) for your 3.6-rc3
        tree.
      
        Nothing major, just a bunch of fixes that people have reported.
      
        Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
      
      * tag 'staging-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (26 commits)
        iio: lm3533-als: Fix build warnings
        staging:iio:ad7780: Mark channels as unsigned
        staging:iio:ad7192: Report offset and scale for temperature channel
        staging:iio:ad7192: Report channel offset
        staging:iio:ad7192: Mark channels as unsigned
        staging:iio:ad7192: Fix setting ACX
        staging:iio:ad7192: Add missing break in switch statement
        staging:iio:ad7793: Fix internal reference value
        staging:iio:ad7793: Follow new IIO naming spec
        staging:iio:ad7793: Fix temperature scale and offset
        staging:iio:ad7793: Report channel offset
        staging:iio:ad7793: Mark channels as unsigned
        staging:iio:ad7793: Add missing break in switch statement
        iio/adjd_s311: Fix potential memory leak in adjd_s311_update_scan_mode()
        iio: frequency: ADF4350: Fix potential reference div factor overflow.
        iio: staging: ad7298_ring: Fix maybe-uninitialized warning
        staging: comedi: usbduxfast: Declare MODULE_FIRMWARE usage
        staging: comedi: usbdux: Declare MODULE_FIRMWARE usage
        staging: comedi: usbduxsigma: Declare MODULE_FIRMWARE usage
        staging: csr: add INET dependancy
        ...
      557e2e2e
    • Linus Torvalds's avatar
      Merge tag 'driver-core-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · c8391797
      Linus Torvalds authored
      Pull driver core fixes from Greg Kroah-Hartman:
       "Here are two tiny patches, one fixing a dynamic debug problem that the
        printk rework turned up, and the other one fixing an extcon problem
        that people reported.
      
        Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
      
      * tag 'driver-core-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        extcon: extcon_gpio: Replace gpio_request_one by devm_gpio_request_one
        drivers-core: make structured logging play nice with dynamic-debug
      c8391797
    • Linus Torvalds's avatar
      Merge tag 'char-misc-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · d7d45fed
      Linus Torvalds authored
      Pull Char / Misc driver fixes from Greg Kroah-Hartman:
       "Here are some small misc and w1 driver fixes for 3.6-rc3.  Nothing
        major, just some some bugfixes and a new device id for a w1 driver.
      
        Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
      
      * tag 'char-misc-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        1-Wire: Add support for the maxim ds1825 temperature sensor
        ti-st: Fix check for pdata->chip_awake function pointer
        mei: add mei_quirk_probe function
        mei: fix device stall after wd is stopped
      d7d45fed
    • Linus Torvalds's avatar
      Merge tag 'usb-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 9134e7d2
      Linus Torvalds authored
      Pull USB patches from Greg Kroah-Hartman:
       "Here are a number of small USB patches for 3.6-rc3.
      
        The "large" one is just a number of device id updates to the option
        driver, done by the manufacturer, properly fixing up the device ids
        based on shipping devices.
      
        Other than that, some gadget driver fixes, the obligitary XHCI
        patches, and some other device ids and bugs fixed.
      
        Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
      
      * tag 'usb-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits)
        USB: qcserial: fix port handling on Gobi 1K and 2K+
        USB: serial: Fix mos7840 timeout
        USB: option: add ZTE K5006-Z
        usb: gadget: u_ether: fix kworker 100% CPU issue with still used interfaces in eth_stop
        usb: host: tegra: fix warning messages in ehci_remove
        usb: host: mips: sead3: Update for EHCI register structure.
        usb: renesas_usbhs: fixup resume method for autonomy mode
        usb: renesas_usbhs: mod_host: add missing .bus_suspend/resume
        update MAINTAINERS for Oliver Neukum
        usb: usb_wwan: resume/suspend can be called after port is gone
        usb: serial: prevent suspend/resume from racing against probe/remove
        usb: usb_wwan: replace release and disconnect with a port_remove hook
        usb: serial: mos7840: Fixup mos7840_chars_in_buffer()
        USB: isp1362-hcd.c: usb message always saved in case of underrun
        OMAP: USB : Fix the EHCI enumeration and core retention issue
        usb: chipidea: fix and improve dependencies if usb host or gadget support is built as module
        USB: support the new interfaces of Huawei Data Card devices in option driver
        USB: ftdi_sio: Add VID/PID for Kondo Serial USB
        xhci: Switch PPT ports to EHCI on shutdown.
        xhci: Fix bug after deq ptr set to link TRB.
        ...
      9134e7d2
    • Randy Dunlap's avatar
      scripts/kernel-doc: fix fatal script error · 0df7c0e3
      Randy Dunlap authored
      Fix fatal error in scripts/kernel-doc by ignoring the "__weak" attribute:
      
        Error(drivers/pci/pci.c:2820): cannot understand prototype: 'char * __weak pcibios_setup(char *str) '
      Signed-off-by: default avatarRandy Dunlap <rdunlap@xenotime.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0df7c0e3
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 0b0402d4
      Linus Torvalds authored
      Pull a Yama bugfix from James Morris.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        Yama: access task_struct->comm directly
      0b0402d4
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming · 9d0f8140
      Linus Torvalds authored
      Pull C6X atomic64 support from Mark Salter:
       "Enable atomic64 ops in C6X
         - define L1_CACHE_SHIFT
         - select GENERIC_ATOMIC64"
      
      * tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming:
        C6X: select GENERIC_ATOMIC64
        C6X: add Lx_CACHE_SHIFT defines
      9d0f8140
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · ef824bfb
      Linus Torvalds authored
      Pull ext4 bug fixes from Ted Ts'o:
       "The following are all bug fixes and regressions.  The most notable are
        the ones which cause problems for ext4 on RAID --- a performance
        problem when mounting very large filesystems, and a kernel OOPS when
        doing an rm -rf on large directory hierarchies on fast devices."
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix kernel BUG on large-scale rm -rf commands
        ext4: fix long mount times on very big file systems
        ext4: don't call ext4_error while block group is locked
        ext4: avoid kmemcheck complaint from reading uninitialized memory
        ext4: make sure the journal sb is written in ext4_clear_journal_err()
      ef824bfb
    • Ian Kent's avatar
      autofs4 - fix expire check · d807ff83
      Ian Kent authored
      In some cases when an autofs indirect mount is contained in a file
      system that is marked as shared (such as when systemd does the
      equivalent of "mount --make-rshared /" early in the boot), mounts
      stop expiring.
      
      When this happens the first expiry check on a mountpoint dentry in
      autofs_expire_indirect() sees a mountpoint dentry with a higher
      than minimal reference count. Consequently the dentry is condidered
      busy and the actual expiry check is never done.
      
      This particular check was originally meant as an optimisation to
      detect a path walk in progress but with the addition of rcu-walk
      it can be ineffective anyway.
      
      Removing the test allows automounts to expire again since the
      actual expire check doesn't rely on the dentry reference count.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d807ff83
    • Theodore Ts'o's avatar
      ext4: fix kernel BUG on large-scale rm -rf commands · 89a4e48f
      Theodore Ts'o authored
      Commit 968dee77: "ext4: fix hole punch failure when depth is greater
      than 0" introduced a regression in v3.5.1/v3.6-rc1 which caused kernel
      crashes when users ran run "rm -rf" on large directory hierarchy on
      ext4 filesystems on RAID devices:
      
          BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
      
          Process rm (pid: 18229, threadinfo ffff8801276bc000, task ffff880123631710)
          Call Trace:
           [<ffffffff81236483>] ? __ext4_handle_dirty_metadata+0x83/0x110
           [<ffffffff812353d3>] ext4_ext_truncate+0x193/0x1d0
           [<ffffffff8120a8cf>] ? ext4_mark_inode_dirty+0x7f/0x1f0
           [<ffffffff81207e05>] ext4_truncate+0xf5/0x100
           [<ffffffff8120cd51>] ext4_evict_inode+0x461/0x490
           [<ffffffff811a1312>] evict+0xa2/0x1a0
           [<ffffffff811a1513>] iput+0x103/0x1f0
           [<ffffffff81196d84>] do_unlinkat+0x154/0x1c0
           [<ffffffff8118cc3a>] ? sys_newfstatat+0x2a/0x40
           [<ffffffff81197b0b>] sys_unlinkat+0x1b/0x50
           [<ffffffff816135e9>] system_call_fastpath+0x16/0x1b
          Code: 8b 4d 20 0f b7 41 02 48 8d 04 40 48 8d 04 81 49 89 45 18 0f b7 49 02 48 83 c1 01 49 89 4d 00 e9 ae f8 ff ff 0f 1f 00 49 8b 45 28 <48> 8b 40 28 49 89 45 20 e9 85 f8 ff ff 0f 1f 80 00 00 00
      
          RIP  [<ffffffff81233164>] ext4_ext_remove_space+0xa34/0xdf0
      
      This could be reproduced as follows:
      
      The problem in commit 968dee77 was that caused the variable 'i' to
      be left uninitialized if the truncate required more space than was
      available in the journal.  This resulted in the function
      ext4_ext_truncate_extend_restart() returning -EAGAIN, which caused
      ext4_ext_remove_space() to restart the truncate operation after
      starting a new jbd2 handle.
      Reported-by: default avatarMaciej Żenczykowski <maze@google.com>
      Reported-by: default avatarMarti Raudsepp <marti@juffo.org>
      Tested-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      89a4e48f
    • Theodore Ts'o's avatar
      ext4: fix long mount times on very big file systems · 0548bbb8
      Theodore Ts'o authored
      Commit 8aeb00ff: "ext4: fix overhead calculation used by
      ext4_statfs()" introduced a O(n**2) calculation which makes very large
      file systems take forever to mount.  Fix this with an optimization for
      non-bigalloc file systems.  (For bigalloc file systems the overhead
      needs to be set in the the superblock.)
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      0548bbb8
    • Theodore Ts'o's avatar
      ext4: don't call ext4_error while block group is locked · 7a4c5de2
      Theodore Ts'o authored
      While in ext4_validate_block_bitmap(), if an block allocation bitmap
      is found to be invalid, we call ext4_error() while the block group is
      still locked.  This causes ext4_commit_super() to call a function
      which might sleep while in an atomic context.
      
      There's no need to keep the block group locked at this point, so hoist
      the ext4_error() call up to ext4_validate_block_bitmap() and release
      the block group spinlock before calling ext4_error().
      
      The reported stack trace can be found at:
      
      	http://article.gmane.org/gmane.comp.file-systems.ext4/33731Reported-by: default avatarDave Jones <davej@redhat.com>
      Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
      Cc: stable@vger.kernel.org
      7a4c5de2
    • Kees Cook's avatar
      Yama: access task_struct->comm directly · 7612bfee
      Kees Cook authored
      The core ptrace access checking routine holds a task lock, and when
      reporting a failure, Yama takes a separate task lock. To avoid a
      potential deadlock with two ptracers taking the opposite locks, do not
      use get_task_comm() and just use ->comm directly since accuracy is not
      important for the report.
      Reported-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Suggested-by: default avatarOleg Nesterov <oleg@redhat.com>
      CC: stable@vger.kernel.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      7612bfee
  5. 16 Aug, 2012 10 commits