1. 10 Feb, 2012 10 commits
  2. 09 Feb, 2012 9 commits
  3. 08 Feb, 2012 5 commits
  4. 06 Feb, 2012 1 commit
  5. 03 Feb, 2012 2 commits
  6. 02 Feb, 2012 13 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client · 6c073a7e
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
        rbd: fix safety of rbd_put_client()
        rbd: fix a memory leak in rbd_get_client()
        ceph: create a new session lock to avoid lock inversion
        ceph: fix length validation in parse_reply_info()
        ceph: initialize client debugfs outside of monc->mutex
        ceph: change "ceph.layout" xattr to be "ceph.file.layout"
      6c073a7e
    • Josh Triplett's avatar
    • Alex Elder's avatar
      rbd: fix safety of rbd_put_client() · d23a4b3f
      Alex Elder authored
      The rbd_client structure uses a kref to arrange for cleaning up and
      freeing an instance when its last reference is dropped.  The cleanup
      routine is rbd_client_release(), and one of the things it does is
      delete the rbd_client from rbd_client_list.  It acquires node_lock
      to do so, but the way it is done is still not safe.
      
      The problem is that when attempting to reuse an existing rbd_client,
      the structure found might already be in the process of getting
      destroyed and cleaned up.
      
      Here's the scenario, with "CLIENT" representing an existing
      rbd_client that's involved in the race:
      
       Thread on CPU A                | Thread on CPU B
       ---------------                | ---------------
       rbd_put_client(CLIENT)         | rbd_get_client()
         kref_put()                   |   (acquires node_lock)
           kref->refcount becomes 0   |   __rbd_client_find() returns CLIENT
           calls rbd_client_release() |   kref_get(&CLIENT->kref);
                                      |   (releases node_lock)
             (acquires node_lock)     |
             deletes CLIENT from list | ...and starts using CLIENT...
             (releases node_lock)     |
             and frees CLIENT         | <-- but CLIENT gets freed here
      
      Fix this by having rbd_put_client() acquire node_lock.  The result
      could still be improved, but at least it avoids this problem.
      Signed-off-by: default avatarAlex Elder <elder@dreamhost.com>
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      d23a4b3f
    • Christopher Yeoh's avatar
      Fix race in process_vm_rw_core · 8cdb878d
      Christopher Yeoh authored
      This fixes the race in process_vm_core found by Oleg (see
      
        http://article.gmane.org/gmane.linux.kernel/1235667/
      
      for details).
      
      This has been updated since I last sent it as the creation of the new
      mm_access() function did almost exactly the same thing as parts of the
      previous version of this patch did.
      
      In order to use mm_access() even when /proc isn't enabled, we move it to
      kernel/fork.c where other related process mm access functions already
      are.
      Signed-off-by: default avatarChris Yeoh <yeohc@au1.ibm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8cdb878d
    • Alex Elder's avatar
      rbd: fix a memory leak in rbd_get_client() · 97bb59a0
      Alex Elder authored
      If an existing rbd client is found to be suitable for use in
      rbd_get_client(), the rbd_options structure is not being
      freed as it should.  Fix that.
      Signed-off-by: default avatarAlex Elder <elder@dreamhost.com>
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      97bb59a0
    • Alex Elder's avatar
      ceph: create a new session lock to avoid lock inversion · d8fb02ab
      Alex Elder authored
      Lockdep was reporting a possible circular lock dependency in
      dentry_lease_is_valid().  That function needs to sample the
      session's s_cap_gen and and s_cap_ttl fields coherently, but needs
      to do so while holding a dentry lock.  The s_cap_lock field was
      being used to protect the two fields, but that can't be taken while
      holding a lock on a dentry within the session.
      
      In most cases, the s_cap_gen and s_cap_ttl fields only get operated
      on separately.  But in three cases they need to be updated together.
      Implement a new lock to protect the spots updating both fields
      atomically is required.
      Signed-off-by: default avatarAlex Elder <elder@dreamhost.com>
      Reviewed-by: default avatarSage Weil <sage@newdream.net>
      d8fb02ab
    • Xi Wang's avatar
      ceph: fix length validation in parse_reply_info() · 32852a81
      Xi Wang authored
      "len" is read from network and thus needs validation.  Otherwise, given
      a bogus "len" value, p+len could be an out-of-bounds pointer, which is
      used in further parsing.
      Signed-off-by: default avatarXi Wang <xi.wang@gmail.com>
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      32852a81
    • Sage Weil's avatar
      ceph: initialize client debugfs outside of monc->mutex · ab434b60
      Sage Weil authored
      Initializing debufs under monc->mutex introduces a lock dependency for
      sb->s_type->i_mutex_key, which (combined with several other dependencies)
      leads to an annoying lockdep warning.  There's no particular reason to do
      the debugfs setup under this lock, so move it out.
      
      It used to be the case that our first monmap could come from the OSD; that
      is no longer the case with recent servers, so we will reliably set up the
      client entry during the initial authentication.
      
      We don't have to worry about racing with debugfs teardown by
      ceph_debugfs_client_cleanup() because ceph_destroy_client() calls
      ceph_msgr_flush() first, which will wait for the message dispatch work
      to complete (and the debugfs init to complete).
      
      Fixes: #1940
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      ab434b60
    • Alex Elder's avatar
      ceph: change "ceph.layout" xattr to be "ceph.file.layout" · 114fc474
      Alex Elder authored
      The virtual extended attribute named "ceph.layout" is meaningful
      only for regular files.  Change its name to be "ceph.file.layout" to
      more directly reflect that in the ceph xattr namespace.  Preserve
      the old "ceph.layout" name for the time being (until we decide it's
      safe to get rid of it entirely).
      
      Add a missing initializer for "readonly" in the terminating entry.
      Signed-off-by: default avatarAlex Elder <elder@dreamhost.com>
      Reviewed-by: default avatarSage Weil <sage@newdream.net>
      114fc474
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 24b36da3
      Linus Torvalds authored
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/radeon/kms/blit: fix blit copy for very large buffers
        drm/radeon/kms: fix TRAVIS panel setup
        drm/radeon: fix use after free in ATRM bios reading code.
        drm/radeon/kms: Fix device tree linkage of DP i2c buses too
        drm/radeon: Set DESKTOP_HEIGHT register to the framebuffer (not mode) height.
        drm/radeon/kms: disable output polling when suspended
        drm/nv50/pm: signedness bug in nv50_pm_clocks_pre()
        drm/nouveau/gem: fix fence_sync race / oops
        drm/nouveau: fix typo on mxmdcb option
        drm/nouveau/mxm: pretend to succeed, even if we can't shadow the MXM-SIS
        drm/nouveau/disp: check that panel power gpio is enabled at init time
      24b36da3
    • Linus Torvalds's avatar
      Merge branch 'next' of git://git.monstr.eu/linux-2.6-microblaze · c84e295b
      Linus Torvalds authored
      * 'next' of git://git.monstr.eu/linux-2.6-microblaze:
        Revert "microblaze: Add topology init"
      c84e295b
    • Linus Torvalds's avatar
      Merge branches 'core-urgent-for-linus', 'perf-urgent-for-linus',... · 2f2fde92
      Linus Torvalds authored
      Merge branches 'core-urgent-for-linus', 'perf-urgent-for-linus', 'sched-urgent-for-linus' and 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        bugs, x86: Fix printk levels for panic, softlockups and stack dumps
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf top: Fix number of samples displayed
        perf tools: Fix strlen() bug in perf_event__synthesize_event_type()
        perf tools: Fix broken build by defining _GNU_SOURCE in Makefile
        x86/dumpstack: Remove unneeded check in dump_trace()
        perf: Fix broken interrupt rate throttling
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/rt: Fix task stack corruption under __ARCH_WANT_INTERRUPTS_ON_CTXSW
        sched: Fix ancient race in do_exit()
        sched/nohz: Fix nohz cpu idle load balancing state with cpu hotplug
        sched/s390: Fix compile error in sched/core.c
        sched: Fix rq->nr_uninterruptible update race
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/reboot: Remove VersaLogic Menlow reboot quirk
        x86/reboot: Skip DMI checks if reboot set by user
        x86: Properly parenthesize cmpxchg() macro arguments
      2f2fde92
    • Ilija Hadzic's avatar
      drm/radeon/kms/blit: fix blit copy for very large buffers · 52b53a0b
      Ilija Hadzic authored
      Evergreen and NI blit copy was broken if the buffer maps to a rectangle
      whose one dimension is 16384 (max dimension allowed by these chips).
      In the mainline kernel, the problem is exposed only when buffers are
      very large (1G), but it's still a problem. The problem could be exposed
      for smaller buffers if anyone modifies the algorithm for rectangle
      construction in r600_blit_create_rect() (the reason why someone would
      modify that algorithm is to tune the performance of buffer moves).
      
      The root cause was in i2f() function which only operated on range between
      0 and 16383. Fix this by extending the range of i2f() function to 0 to
      32767.
      
      While at it improve the function so that the range can be easily
      extended in the future (if it becomes necessary), cleanup lines
      over 80 characters, and replace in-line comments with one strategic
      comment that explains the crux of the function.
      
      Credits to michel@daenzer.net for pointing out the root cause of
      the bug.
      
      v2: Fix I2F_MAX_INPUT constant definition goof and warn only once
          if input argument is out of range. Edit the comment a little
          bit to avoid some linguistic confusion and make it look better
          in general.
      Signed-off-by: default avatarIlija Hadzic <ihadzic@research.bell-labs.com>
      Reviewed-by: default avatarAlex Deucher <alexander.deucher@amd.com>
      Reviewed-by: default avatarMichel Dänzer <michel@daenzer.net>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      52b53a0b