1. 13 Feb, 2012 8 commits
  2. 09 Feb, 2012 3 commits
  3. 07 Feb, 2012 1 commit
    • Dave Airlie's avatar
      Merge branch 'for-airlied' of git://people.freedesktop.org/~danvet/drm-intel into drm-core-next · 198ceac0
      Dave Airlie authored
      * 'for-airlied' of git://people.freedesktop.org/~danvet/drm-intel:
        drm/i915: add a LLC feature flag in device description
        drm/i915: kill i915_mem.c
        drm/i915: Use kcalloc instead of kzalloc to allocate array
        drm/i915/dp: Check for AUXCH error before checking for success
        drm/i915/dp: Use auxch precharge value of 5 everywhere
        drm/i915/dp: Tweak auxch clock divider for PCH
        drm/i915: Remove a comment about PCH from the non-PCH path
        drm/i915: Fix assert_pch_hdmi_disabled to mention HDMI (not DP)
        drm/i915: Implement plane-disabled assertion for PCH too
        drivers: i915: Fix BLC PWM register setup
        drm/i915: Check that plane/pipe is disabled before removing the fb
        drm/i915: fix typo in function name
        drm/i915: split out pll divider code
        drm/i915: split 9xx refclk & sdvo tv code out
        agp/intel: Add pci id for hostbridge from has/qemu
        drm/i915: there is no pipe CxSR on ironlake
        drm/i915: Only look for matching clocks for LVDS downclock
        drm/i915: Silence _DSM errors
      198ceac0
  4. 03 Feb, 2012 20 commits
  5. 02 Feb, 2012 8 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client · 6c073a7e
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
        rbd: fix safety of rbd_put_client()
        rbd: fix a memory leak in rbd_get_client()
        ceph: create a new session lock to avoid lock inversion
        ceph: fix length validation in parse_reply_info()
        ceph: initialize client debugfs outside of monc->mutex
        ceph: change "ceph.layout" xattr to be "ceph.file.layout"
      6c073a7e
    • Josh Triplett's avatar
    • Alex Elder's avatar
      rbd: fix safety of rbd_put_client() · d23a4b3f
      Alex Elder authored
      The rbd_client structure uses a kref to arrange for cleaning up and
      freeing an instance when its last reference is dropped.  The cleanup
      routine is rbd_client_release(), and one of the things it does is
      delete the rbd_client from rbd_client_list.  It acquires node_lock
      to do so, but the way it is done is still not safe.
      
      The problem is that when attempting to reuse an existing rbd_client,
      the structure found might already be in the process of getting
      destroyed and cleaned up.
      
      Here's the scenario, with "CLIENT" representing an existing
      rbd_client that's involved in the race:
      
       Thread on CPU A                | Thread on CPU B
       ---------------                | ---------------
       rbd_put_client(CLIENT)         | rbd_get_client()
         kref_put()                   |   (acquires node_lock)
           kref->refcount becomes 0   |   __rbd_client_find() returns CLIENT
           calls rbd_client_release() |   kref_get(&CLIENT->kref);
                                      |   (releases node_lock)
             (acquires node_lock)     |
             deletes CLIENT from list | ...and starts using CLIENT...
             (releases node_lock)     |
             and frees CLIENT         | <-- but CLIENT gets freed here
      
      Fix this by having rbd_put_client() acquire node_lock.  The result
      could still be improved, but at least it avoids this problem.
      Signed-off-by: default avatarAlex Elder <elder@dreamhost.com>
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      d23a4b3f
    • Christopher Yeoh's avatar
      Fix race in process_vm_rw_core · 8cdb878d
      Christopher Yeoh authored
      This fixes the race in process_vm_core found by Oleg (see
      
        http://article.gmane.org/gmane.linux.kernel/1235667/
      
      for details).
      
      This has been updated since I last sent it as the creation of the new
      mm_access() function did almost exactly the same thing as parts of the
      previous version of this patch did.
      
      In order to use mm_access() even when /proc isn't enabled, we move it to
      kernel/fork.c where other related process mm access functions already
      are.
      Signed-off-by: default avatarChris Yeoh <yeohc@au1.ibm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8cdb878d
    • Alex Elder's avatar
      rbd: fix a memory leak in rbd_get_client() · 97bb59a0
      Alex Elder authored
      If an existing rbd client is found to be suitable for use in
      rbd_get_client(), the rbd_options structure is not being
      freed as it should.  Fix that.
      Signed-off-by: default avatarAlex Elder <elder@dreamhost.com>
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      97bb59a0
    • Alex Elder's avatar
      ceph: create a new session lock to avoid lock inversion · d8fb02ab
      Alex Elder authored
      Lockdep was reporting a possible circular lock dependency in
      dentry_lease_is_valid().  That function needs to sample the
      session's s_cap_gen and and s_cap_ttl fields coherently, but needs
      to do so while holding a dentry lock.  The s_cap_lock field was
      being used to protect the two fields, but that can't be taken while
      holding a lock on a dentry within the session.
      
      In most cases, the s_cap_gen and s_cap_ttl fields only get operated
      on separately.  But in three cases they need to be updated together.
      Implement a new lock to protect the spots updating both fields
      atomically is required.
      Signed-off-by: default avatarAlex Elder <elder@dreamhost.com>
      Reviewed-by: default avatarSage Weil <sage@newdream.net>
      d8fb02ab
    • Xi Wang's avatar
      ceph: fix length validation in parse_reply_info() · 32852a81
      Xi Wang authored
      "len" is read from network and thus needs validation.  Otherwise, given
      a bogus "len" value, p+len could be an out-of-bounds pointer, which is
      used in further parsing.
      Signed-off-by: default avatarXi Wang <xi.wang@gmail.com>
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      32852a81
    • Sage Weil's avatar
      ceph: initialize client debugfs outside of monc->mutex · ab434b60
      Sage Weil authored
      Initializing debufs under monc->mutex introduces a lock dependency for
      sb->s_type->i_mutex_key, which (combined with several other dependencies)
      leads to an annoying lockdep warning.  There's no particular reason to do
      the debugfs setup under this lock, so move it out.
      
      It used to be the case that our first monmap could come from the OSD; that
      is no longer the case with recent servers, so we will reliably set up the
      client entry during the initial authentication.
      
      We don't have to worry about racing with debugfs teardown by
      ceph_debugfs_client_cleanup() because ceph_destroy_client() calls
      ceph_msgr_flush() first, which will wait for the message dispatch work
      to complete (and the debugfs init to complete).
      
      Fixes: #1940
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      ab434b60