- 18 Aug, 2009 1 commit
-
-
Christoph Hellwig authored
The locking in xfs_iget_cache_hit currently has numerous problems: - we clear the reclaim tag without i_flags_lock which protects modifications to it - we call inode_init_always which can sleep with pag_ici_lock held (this is oss.sgi.com BZ #819) - we acquire and drop i_flags_lock a lot and thus provide no consistency between the various flags we set/clear under it This patch fixes all that with a major revamp of the locking in the function. The new version acquires i_flags_lock early and only drops it once we need to call into inode_init_always or before calling xfs_ilock. This patch fixes a bug seen in the wild where we race modifying the reclaim tag. Signed-off-by:
Christoph Hellwig <hch@lst.de> Reviewed-by:
Felix Blyakher <felixb@sgi.com> Reviewed-by:
Eric Sandeen <sandeen@sandeen.net> Signed-off-by:
-
- 11 Aug, 2009 12 commits
-
-
Christoph Hellwig authored
Without SMP or preemption spin_is_locked always returns false, so we can't do an assert with it. Instead use assert_spin_locked, which does the right thing on all builds. Signed-off-by:
Johannes Engel <jcnengel@googlemail.com> Tested-by:
-
Christoph Hellwig authored
Ramon tested XFS with a modified version of fsfuzzer and hit a NULL pointer dereference in __xfs_get_blocks due to the RT device target pointer being NULL. To fix this reject inode with the realtime bit set on a a filesystem without an RT subvolume during inode read. Signed-off-by:
Ramon de Carvalho Valle <ramon@risesecurity.org> Tested-by:
-
Eric Sandeen authored
In Red Hat Bug 512552 - Can't write to XFS mount during raid5 resync a user ran into corruption while resyncing a raid, and we failed a consistency test, but didn't get much more info; it'd be nice to call XFS_CORRUPTION_ERROR here so we can see the buffer contents. Signed-off-by:
-
Christoph Hellwig authored
xfs_attr_rmtval_get is always called with i_lock held, but i_lock is taken in reclaim context so all allocations under it must avoid recursions into the filesystem. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
Christoph Hellwig authored
xfs_readlink_bmap is called with i_lock held, but i_lock is taken in reclaim context so all allocations under it must avoid recursions into the filesystem. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
Christoph Hellwig authored
xfs_attr_rmtval_set is always called with i_lock held, and i_lock is taken in reclaim context so all allocations under it must avoid recursions into the filesystem. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
Christoph Hellwig authored
xfs_buf_associate_memory is used for setting up the spare buffer for the log wrap case in xlog_sync which can happen under i_lock when called from xfs_fsync. The i_lock mutex is taken in reclaim context so all allocations under it must avoid recursions into the filesystem. There are a couple more uses of xfs_buf_associate_memory in the log recovery code that are also affected by this, but I'd rather keep the code simple than passing on a gfp_mask argument. Longer term we should just stop requiring the memoery allocation in xlog_sync by some smaller rework of the buffer layer. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
Christoph Hellwig authored
xfs_dir_cilookup_result is always called with i_lock held, but i_lock is taken in reclaim context so all allocations under it must avoid recursions into the filesystem. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
Christoph Hellwig authored
i_lock is taken in the reclaim context so all allocations under it must avoid recursions into the filesystem. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
Christoph Hellwig authored
xfs_da_state_alloc is always called with i_lock held, but i_lock is taken in reclaim context so all allocations under it must avoid recursions into the filesystem. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
Christoph Hellwig authored
xfs_getbmap allocates memory with i_lock held, but i_lock is taken in reclaim context so all allocations under it must avoid recursions into the filesystem. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
Christoph Hellwig authored
Allocate the memory for the larger m_perag array before taking the per-AG lock as the per-AG lock can be taken under the i_lock which can be taken from reclaim context. Reported by the new reclaim context tracing in lockdep. Signed-off-by:
-
- 31 Jul, 2009 2 commits
-
-
Eric Sandeen authored
VM calculation for nr_to_write seems off. Bump it way up, this gets simple streaming writes zippy again. To be reviewed again after Jens' writeback changes. Signed-off-by:
Christoph Hellwig <hch@infradead.org> Signed-off-by:
-
Julia Lawall authored
bp was tested for NULL a few lines before, followed by a return, and there is no intervening modification of its value. A simplified version of the semantic match that finds this problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @r exists@ local idexpression x; expression E; position p1,p2; @@ if (x == NULL || ...) { ... when forall return ...; } ... when != \(x=E\|x--\|x++\|--x\|++x\|x-=E\|x+=E\|x|=E\|x&=E\|&x\) ( *x == NULL | *x != NULL ) // </smpl> Signed-off-by:
Julia Lawall <julia@diku.dk> Acked-by:
-
- 27 Jul, 2009 1 commit
-
-
Eric Sandeen authored
commit 6321e3ed caused the full bmv_count's worth of getbmapx structures to get allocated; telling it to do MAXEXTNUM was a bit insane, resulting in ENOMEM every time. Chop it down to something reasonable, the number of slots in the caller's input buffer. If this is too large the caller may get ENOMEM but the reason should not be a mystery, and they can try again with something smaller. We add 1 to the value because in the normal getbmap world, bmv_count includes the header and xfs_getbmap does: nex = bmv->bmv_count - 1; if (nex <= 0) return XFS_ERROR(EINVAL); Signed-off-by:
Olaf Weber <olaf@sgi.com> Reviewed-by:
-
- 06 Jul, 2009 1 commit
-
-
Eric Sandeen authored
Commit a19d9f88 removed the ino64 option but left the XFS_INO64_OFFSET define it used in place - just remove it. Signed-off-by:
-
- 03 Jul, 2009 1 commit
-
-
Eric Sandeen authored
CONFIG_XFS_DEBUG builds still need xfs_read_agf to be non-static, oops. Signed-off-by:
-
- 02 Jul, 2009 1 commit
-
-
Eric Sandeen authored
A lot more functions could be made static, but they need forward declarations; this does some easy ones, and also found a few unused functions in the process. Signed-off-by:
-
- 13 Jun, 2009 2 commits
-
-
Christoph Hellwig authored
Identation got messed up when merging the current_umask changes with the generic ACL support. Signed-off-by:
-
Christoph Hellwig authored
Fix warnings about unitialized dquot variables by making sure xfs_qm_vop_dqalloc touches it even when quotas are disabled. Signed-off-by:
-
- 12 Jun, 2009 1 commit
-
-
Felix Blyakher authored
Regression from commit 28e21170. Need to free temporary buffer allocated in xfs_getbmap(). Signed-off-by:
Hedi Berriche <hedi@sgi.com> Reported-by:
Justin Piszcz <jpiszcz@lucidpixels.com> Reviewed-by:
-
- 11 Jun, 2009 1 commit
-
-
- 10 Jun, 2009 4 commits
-
-
-
Christoph Hellwig authored
This patch rips out the XFS ACL handling code and uses the generic fs/posix_acl.c code instead. The ondisk format is of course left unchanged. This also introduces the same ACL caching all other Linux filesystems do by adding pointers to the acl and default acl in struct xfs_inode. Signed-off-by:
-
Linus Torvalds authored
-
Peter Botha authored
There's a bug in the mxser kernel module that still appears in the 2.6.29.4 kernel. mxser_get_ISA_conf takes a ioaddress as its first argument, by passing the not of the ioaddr, you're effectively passing 0 which means it won't be able to talk to an ISA card. I have tested this, and removing the ! fixes the problem. Cc: "Peter Botha" <peterb@goldcircle.co.za> Signed-off-by:
Jiri Slaby <jirislaby@gmail.com> Acked-by:
Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: <stable@kernel.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
- 09 Jun, 2009 13 commits
-
-
Jan Kara authored
In commit code, we scan buffers attached to a transaction. During this scan, we sometimes have to drop j_list_lock and then we recheck whether the journal buffer head didn't get freed by journal_try_to_free_buffers(). But checking for buffer_jbd(bh) isn't enough because a new journal head could get attached to our buffer head. So add a check whether the journal head remained the same and whether it's still at the same transaction and list. This is a nasty bug and can cause problems like memory corruption (use after free) or trigger various assertions in JBD code (observed). Signed-off-by:
Jan Kara <jack@suse.cz> Cc: <stable@kernel.org> Cc: <linux-ext4@vger.kernel.org> Signed-off-by:
-
Ian Kent authored
The recent ->lookup() deadlock correction required the directory inode mutex to be dropped while waiting for expire completion. We were concerned about side effects from this change and one has been identified. I saw several error messages. They cause autofs to become quite confused and don't really point to the actual problem. Things like: handle_packet_missing_direct:1376: can't find map entry for (43,1827932) which is usually totally fatal (although in this case it wouldn't be except that I treat is as such because it normally is). do_mount_direct: direct trigger not valid or already mounted /test/nested/g3c/s1/ss1 which is recoverable, however if this problem is at play it can cause autofs to become quite confused as to the dependencies in the mount tree because mount triggers end up mounted multiple times. It's hard to accurately check for this over mounting case and automount shouldn't need to if the kernel module is doing its job. There was one other message, similar in consequence of this last one but I can't locate a log example just now. When checking if a mount has already completed prior to adding a new mount request to the wait queue we check if the dentry is hashed and, if so, if it is a mount point. But, if a mount successfully completed while we slept on the wait queue mutex the dentry must exist for the mount to have completed so the test is not really needed. Mounts can also be done on top of a global root dentry, so for the above case, where a mount request completes and the wait queue entry has already been removed, the hashed test returning false can cause an incorrect callback to the daemon. Also, d_mountpoint() is not sufficient to check if a mount has completed for the multi-mount case when we don't have a real mount at the base of the tree. Signed-off-by:
Ian Kent <raven@themaw.net> Signed-off-by:
-
Mike Frysinger authored
The massive nommu update (8feae131) resulted in these warnings: ipc/shm.c: In function `sys_shmdt': ipc/shm.c:974: warning: unused variable `size' ipc/shm.c:972: warning: unused variable `next' Signed-off-by:
Mike Frysinger <vapier@gentoo.org> Cc: David Howells <dhowells@redhat.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linusLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus: kvm: fix kvm reboot crash when MAXSMP is used cpumask: alloc zeroed cpumask for static cpumask_var_ts cpumask: introduce zalloc_cpumask_var
-
git://git.kernel.dk/linux-2.6-blockLinus Torvalds authored
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: bsg: setting rq->bio to NULL
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: cls_cgroup: Fix oops when user send improperly 'tc filter add' request r8169: fix crash when large packets are received
-
git://neil.brown.name/mdLinus Torvalds authored
* 'for-linus' of git://neil.brown.name/md: md/raid5: fix bug in reshape code when chunk_size decreases. md/raid5 - avoid deadlocks in get_active_stripe during reshape md/raid5: use conf->raid_disks in preference to mddev->raid_disk
-
FUJITA Tomonori authored
Due to commit 1cd96c24 ("block: WARN in __blk_put_request() for potential bio leak"), BSG SMP requests get the false warnings: WARNING: at block/blk-core.c:1068 __blk_put_request+0x52/0xc0() This sets rq->bio to NULL to avoid that false warnings. Signed-off-by:
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> Signed-off-by:
Jens Axboe <jens.axboe@oracle.com>
-
Avi Kivity authored
one system was found there is crash during reboot then kvm/MAXSMP Sending all processes the KILL signal... done Please stand by while rebooting the system... [ 1721.856538] md: stopping all md devices. [ 1722.852139] kvm: exiting hardware virtualization [ 1722.854601] BUG: unable to handle kernel NULL pointer dereference at (null) [ 1722.872219] IP: [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4 [ 1722.877955] PGD 0 [ 1722.880042] Oops: 0000 [#1] SMP [ 1722.892548] last sysfs file: /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/host0/target0:2:0/0:2:0:0/vendor [ 1722.900977] CPU 9 [ 1722.912606] Modules linked in: [ 1722.914226] Pid: 0, comm: swapper Not tainted 2.6.30-rc7-tip-01843-g2305324-dirty #299 ... [ 1722.932589] RIP: 0010:[<ffffffff8102c6b6>] [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4 [ 1722.942709] RSP: 0018:ffffc900010b6ed8 EFLAGS: 00010046 [ 1722.956121] RAX: 0000000000000000 RBX: ffffc9000e253140 RCX: 0000000000000009 [ 1722.972202] RDX: 000000000000b020 RSI: ffffc900010c3220 RDI: ffffffffffffd790 [ 1722.977399] RBP: ffffc900010b6f08 R08: 0000000000000000 R09: 0000000000000000 [ 1722.995149] R10: 00000000000004b8 R11: 966912b6c78fddbd R12: 0000000000000009 [ 1723.011551] R13: 000000000000b020 R14: 0000000000000009 R15: 0000000000000000 [ 1723.019898] FS: 0000000000000000(0000) GS:ffffc900010b3000(0000) knlGS:0000000000000000 [ 1723.034389] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b [ 1723.041164] CR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0 [ 1723.056192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1723.072546] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1723.080562] Process swapper (pid: 0, threadinfo ffff88107e464000, task ffff88047e5a2550) [ 1723.096144] Stack: [ 1723.099071] 0000000000000046 ffffc9000e253168 966912b6c78fddbd ffffc9000e253140 [ 1723.115471] ffff880c7d4304d0 ffffc9000e253168 ffffc900010b6f28 ffffffff81011022 [ 1723.132428] ffffc900010b6f48 966912b6c78fddbd ffffc900010b6f48 ffffffff8100b83b [ 1723.141973] Call Trace: [ 1723.142981] <IRQ> <0> [<ffffffff81011022>] kvm_arch_hardware_disable+0x26/0x3c [ 1723.158153] [<ffffffff8100b83b>] hardware_disable+0x3f/0x55 [ 1723.172168] [<ffffffff810b95f6>] generic_smp_call_function_interrupt+0x76/0x13c [ 1723.178836] [<ffffffff8104cbea>] smp_call_function_interrupt+0x3a/0x5e [ 1723.194689] [<ffffffff81035bf3>] call_function_interrupt+0x13/0x20 [ 1723.199750] <EOI> <0> [<ffffffff814ad3b4>] ? acpi_idle_enter_c1+0xd3/0xf4 [ 1723.217508] [<ffffffff814ad3ae>] ? acpi_idle_enter_c1+0xcd/0xf4 [ 1723.232172] [<ffffffff814ad4bc>] ? acpi_idle_enter_bm+0xe7/0x2ce [ 1723.235141] [<ffffffff81a8d93f>] ? __atomic_notifier_call_chain+0x0/0xac [ 1723.253381] [<ffffffff818c3dff>] ? menu_select+0x58/0xd2 [ 1723.258179] [<ffffffff818c2c9d>] ? cpuidle_idle_call+0xa4/0xf3 [ 1723.272828] [<ffffffff81034085>] ? cpu_idle+0xb8/0x101 [ 1723.277085] [<ffffffff81a80163>] ? start_secondary+0x1bc/0x1d7 [ 1723.293708] Code: b0 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 8b 04 cd 30 ee 27 82 49 89 cc 49 89 d5 48 8b 04 10 48 8d b8 90 d7 ff ff <48> 8b 87 70 28 00 00 48 8d 98 90 d7 ff ff eb 16 e8 e9 fe ff ff [ 1723.335524] RIP [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4 [ 1723.342076] RSP <ffffc900010b6ed8> [ 1723.352021] CR2: 0000000000000000 [ 1723.354348] ---[ end trace e2aec53dae150aa1 ]--- it turns out that we need clear cpus_hardware_enabled in that case. Reported-and-tested-by:
Yinghai Lu <yinghai@kernel.org> Signed-off-by:
Rusty Russell <rusty@rustcorp.com.au>
-
Yinghai Lu authored
These are defined as static cpumask_var_t so if MAXSMP is not used, they are cleared already. Avoid surprises when MAXSMP is enabled. Signed-off-by:
Yinghai Lu <yinghai.lu@kernel.org> Signed-off-by:
-
Yinghai Lu authored
So can get cpumask_var with cpumask_clear Signed-off-by:
-
Minoru Usui authored
I found a bug in cls_cgroup_change() in cls_cgroup.c. cls_cgroup_change() expected tca[TCA_OPTIONS] was set from user space properly, but tc in iproute2-2.6.29-1 (which I used) didn't set it. In the current source code of tc in git, it set tca[TCA_OPTIONS]. git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git If we always use a newest iproute2 in git when we use cls_cgroup, we don't face this oops probably. But I think, kernel shouldn't panic regardless of use program's behaviour. Signed-off-by:
Minoru Usui <usui@mxm.nes.nec.co.jp> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Michael Tokarev reported receiving a large packet could crash a machine with RTL8169 NIC. ( original thread at http://lkml.org/lkml/2009/6/8/192 ) Problem is this driver tells that NIC frames up to 16383 bytes can be received but provides skb to rx ring allocated with smaller sizes (1536 bytes in case standard 1500 bytes MTU is used) When a frame larger than what was allocated by driver is received, dma transfert can occurs past the end of buffer and corrupt kernel memory. Fix is to tell to NIC what is the maximum size a frame can be. This bug is very old, (before git introduction, linux-2.6.10), and should be backported to stable versions. Reported-by:
Michael Tokarev <mjt@tls.msk.ru> Signed-off-by:
Eric Dumazet <eric.dumazet@gmail.com> Tested-by:
-
