sdk/emulator/emulator-kernel.git
10 years agonfs: switch to iter_splice_write_file()
Al Viro [Sat, 5 Apr 2014 08:37:17 +0000 (04:37 -0400)]
nfs: switch to iter_splice_write_file()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agofs/splice.c: remove unneeded exports
Al Viro [Sat, 5 Apr 2014 08:35:49 +0000 (04:35 -0400)]
fs/splice.c: remove unneeded exports

ocfs2 was using a bunch of splice.c guts...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoocfs2: switch to iter_file_splice_write()
Al Viro [Sat, 5 Apr 2014 08:34:23 +0000 (04:34 -0400)]
ocfs2: switch to iter_file_splice_write()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years ago->splice_write() via ->write_iter()
Al Viro [Sat, 5 Apr 2014 08:27:08 +0000 (04:27 -0400)]
->splice_write() via ->write_iter()

iter_file_splice_write() - a ->splice_write() instance that gathers the
pipe buffers, builds a bio_vec-based iov_iter covering those and feeds
it to ->write_iter().  A bunch of simple cases coverted to that...

[AV: fixed the braino spotted by Cyrill]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agobio_vec-backed iov_iter
Al Viro [Sat, 5 Apr 2014 03:12:29 +0000 (23:12 -0400)]
bio_vec-backed iov_iter

New variant of iov_iter - ITER_BVEC in iter->type, backed with
bio_vec array instead of iovec one.  Primitives taught to deal
with such beasts, __swap_write() switched to using that kind
of iov_iter.

Note that bio_vec is just a <page, offset, length> triple - there's
nothing block-specific about it.  I've left the definition where it
was, but took it from under ifdef CONFIG_BLOCK.

Next target: ->splice_write()...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agooptimize copy_page_{to,from}_iter()
Al Viro [Fri, 4 Apr 2014 23:23:46 +0000 (19:23 -0400)]
optimize copy_page_{to,from}_iter()

if we'd ended up in the end of a segment, jump to the
beginning of the next one (iov_offset = 0, iov++),
rather than having the next primitive deal with that.

Ought to be folded back...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agobury generic_file_aio_{read,write}
Al Viro [Fri, 4 Apr 2014 18:20:57 +0000 (14:20 -0400)]
bury generic_file_aio_{read,write}

no callers left

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agolustre: get rid of messing with iovecs
Al Viro [Fri, 4 Apr 2014 16:15:19 +0000 (12:15 -0400)]
lustre: get rid of messing with iovecs

* switch to ->read_iter/->write_iter
* keep a pointer to iov_iter instead of iov/nr_segs
* do not modify iovecs; use iov_iter_truncate()/iov_iter_advance() and
a new primitive - iov_iter_reexpand() (expand previously truncated
iterator) istead.
* (racy) check for lustre VMAs intersecting with iovecs kept for now as
for_each_iov() loop.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoceph: switch to ->write_iter()
Al Viro [Fri, 4 Apr 2014 03:09:01 +0000 (23:09 -0400)]
ceph: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoceph_sync_direct_write: stop poking into iov_iter guts
Al Viro [Fri, 4 Apr 2014 02:58:25 +0000 (22:58 -0400)]
ceph_sync_direct_write: stop poking into iov_iter guts

all needed primitives are there...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoceph_sync_read: stop poking into iov_iter guts
Al Viro [Fri, 4 Apr 2014 02:31:22 +0000 (22:31 -0400)]
ceph_sync_read: stop poking into iov_iter guts

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonew helper: copy_page_from_iter()
Al Viro [Thu, 3 Apr 2014 19:05:18 +0000 (15:05 -0400)]
new helper: copy_page_from_iter()

parallel to copy_page_to_iter().  pipe_write() switched to it (and became
->write_iter()).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agofuse: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 18:33:23 +0000 (14:33 -0400)]
fuse: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agobtrfs: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 18:29:04 +0000 (14:29 -0400)]
btrfs: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoocfs2: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 18:25:22 +0000 (14:25 -0400)]
ocfs2: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoxfs: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 18:20:23 +0000 (14:20 -0400)]
xfs: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoafs: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 18:13:46 +0000 (14:13 -0400)]
afs: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agogfs2: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 18:11:01 +0000 (14:11 -0400)]
gfs2: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonfs: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 18:07:25 +0000 (14:07 -0400)]
nfs: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoubifs: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 18:00:23 +0000 (14:00 -0400)]
ubifs: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agobury __generic_file_aio_write()
Al Viro [Thu, 3 Apr 2014 07:32:25 +0000 (03:32 -0400)]
bury __generic_file_aio_write()

all users converted to __generic_file_write_iter() now

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agocifs: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 16:05:17 +0000 (12:05 -0400)]
cifs: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoudf: switch to ->write_iter()
Al Viro [Thu, 3 Apr 2014 07:31:17 +0000 (03:31 -0400)]
udf: switch to ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoconvert ext4 to ->write_iter()
Al Viro [Thu, 17 Apr 2014 20:09:22 +0000 (16:09 -0400)]
convert ext4 to ->write_iter()

unfortunately, Ted's changes to ext4_file_write() are *still* an
incomplete fix - playing with rlimits can let you smuggle an
unaligned request past the checks.  So there almost certainly
will be more merge PITA around that place...

[fix from Peter Ujfalusi <peter.ujfalusi@ti.com> folded]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoMerge ext4 changes in ext4_file_write() into for-next
Al Viro [Tue, 6 May 2014 21:38:41 +0000 (17:38 -0400)]
Merge ext4 changes in ext4_file_write() into for-next

From ext4.git#dev, needed for switch of ext4 to ->write_iter() ;-/

10 years agoblkdev_aio_write() - turn into blkdev_write_iter()
Al Viro [Thu, 3 Apr 2014 07:21:50 +0000 (03:21 -0400)]
blkdev_aio_write() - turn into blkdev_write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agowrite_iter variants of {__,}generic_file_aio_write()
Al Viro [Thu, 3 Apr 2014 07:17:43 +0000 (03:17 -0400)]
write_iter variants of {__,}generic_file_aio_write()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoceph: switch to ->read_iter()
Al Viro [Thu, 3 Apr 2014 00:28:01 +0000 (20:28 -0400)]
ceph: switch to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonfs: switch to ->read_iter()
Al Viro [Thu, 3 Apr 2014 00:14:12 +0000 (20:14 -0400)]
nfs: switch to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agofs/block_dev.c: switch to ->read_iter()
Al Viro [Thu, 3 Apr 2014 00:02:21 +0000 (20:02 -0400)]
fs/block_dev.c: switch to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoshmem: switch to ->read_iter()
Al Viro [Thu, 3 Apr 2014 00:00:02 +0000 (20:00 -0400)]
shmem: switch to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agopipe: switch to ->read_iter()
Al Viro [Wed, 2 Apr 2014 23:56:54 +0000 (19:56 -0400)]
pipe: switch to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agocifs: switch to ->read_iter()
Al Viro [Wed, 2 Apr 2014 23:53:36 +0000 (19:53 -0400)]
cifs: switch to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agofuse_file_aio_read(): convert to ->read_iter()
Al Viro [Wed, 2 Apr 2014 18:47:09 +0000 (14:47 -0400)]
fuse_file_aio_read(): convert to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoocfs2: switch to ->read_iter()
Al Viro [Wed, 2 Apr 2014 18:44:18 +0000 (14:44 -0400)]
ocfs2: switch to ->read_iter()

tracepoints are evil, exhibit #6969...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoecryptfs: switch to ->read_iter()
Al Viro [Wed, 2 Apr 2014 18:40:38 +0000 (14:40 -0400)]
ecryptfs: switch to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoxfs: switch to ->read_iter()
Al Viro [Wed, 2 Apr 2014 18:37:59 +0000 (14:37 -0400)]
xfs: switch to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoswitch simple generic_file_aio_read() users to ->read_iter()
Al Viro [Wed, 2 Apr 2014 18:33:16 +0000 (14:33 -0400)]
switch simple generic_file_aio_read() users to ->read_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonew methods: ->read_iter() and ->write_iter()
Al Viro [Tue, 11 Feb 2014 23:37:41 +0000 (18:37 -0500)]
new methods: ->read_iter() and ->write_iter()

Beginning to introduce those.  Just the callers for now, and it's
clumsier than it'll eventually become; once we finish converting
aio_read and aio_write instances, the things will get nicer.

For now, these guys are in parallel to ->aio_read() and ->aio_write();
they take iocb and iov_iter, with everything in iov_iter already
validated.  File offset is passed in iocb->ki_pos, iov/nr_segs -
in iov_iter.

Main concerns in that series are stack footprint and ability to
split the damn thing cleanly.

[fix from Peter Ujfalusi <peter.ujfalusi@ti.com> folded]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoreplace checking for ->read/->aio_read presence with check in ->f_mode
Al Viro [Tue, 11 Feb 2014 22:49:24 +0000 (17:49 -0500)]
replace checking for ->read/->aio_read presence with check in ->f_mode

Since we are about to introduce new methods (read_iter/write_iter), the
tests in a bunch of places would have to grow inconveniently.  Check
once (at open() time) and store results in ->f_mode as FMODE_CAN_READ
and FMODE_CAN_WRITE resp.  It might end up being a temporary measure -
once everything switches from ->aio_{read,write} to ->{read,write}_iter
it might make sense to return to open-coded checks.  We'll see...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoxfs: trim the argument lists of xfs_file_{dio,buffered}_aio_write()
Al Viro [Wed, 2 Apr 2014 11:06:30 +0000 (07:06 -0400)]
xfs: trim the argument lists of xfs_file_{dio,buffered}_aio_write()

pos is redundant (it's iocb->ki_pos), and iov/nr_segs/count are taken
care of by lifting iov_iter into the caller.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoblkdev_aio_read(): switch to generic_file_read_iter(), get rid of iov_shorten()
Al Viro [Sat, 22 Mar 2014 10:57:37 +0000 (06:57 -0400)]
blkdev_aio_read(): switch to generic_file_read_iter(), get rid of iov_shorten()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoiov_iter_truncate()
Al Viro [Sat, 22 Mar 2014 10:51:37 +0000 (06:51 -0400)]
iov_iter_truncate()

Now It Can Be Done(tm) - we don't need to do iov_shorten() in
generic_file_direct_write() anymore, now that all ->direct_IO()
instances are converted to proper iov_iter methods and honour
iter->count and iter->iov_offset properly.

Get rid of count/ocount arguments of generic_file_direct_write(),
while we are at it.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agobtrfs: switch check_direct_IO() to iov_iter
Al Viro [Sat, 22 Mar 2014 09:15:17 +0000 (05:15 -0400)]
btrfs: switch check_direct_IO() to iov_iter

... and don't open-code iov_iter_alignment() there

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonew helper: iov_iter_get_pages_alloc()
Al Viro [Fri, 21 Mar 2014 08:58:33 +0000 (04:58 -0400)]
new helper: iov_iter_get_pages_alloc()

same as iov_iter_get_pages(), except that pages array is allocated
(kmalloc if possible, vmalloc if that fails) and left for caller to
free.  Lustre and NFS ->direct_IO() switched to it.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonew helper: iov_iter_npages()
Al Viro [Wed, 19 Mar 2014 05:16:16 +0000 (01:16 -0400)]
new helper: iov_iter_npages()

counts the pages covered by iov_iter, up to given limit.
do_block_direct_io() and fuse_iter_npages() switched to
it.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agof2fs: switch to iov_iter_alignment()
Al Viro [Sun, 16 Mar 2014 22:07:34 +0000 (18:07 -0400)]
f2fs: switch to iov_iter_alignment()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agofuse: switch to iov_iter_get_pages()
Al Viro [Sun, 16 Mar 2014 20:08:30 +0000 (16:08 -0400)]
fuse: switch to iov_iter_get_pages()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agofuse: pull iov_iter initializations up
Al Viro [Sun, 16 Mar 2014 19:50:47 +0000 (15:50 -0400)]
fuse: pull iov_iter initializations up

... to fuse_direct_{read,write}().  ->direct_IO() path uses the
iov_iter passed by the caller instead.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonew helper: iov_iter_get_pages()
Al Viro [Sat, 15 Mar 2014 08:05:57 +0000 (04:05 -0400)]
new helper: iov_iter_get_pages()

iov_iter_get_pages(iter, pages, maxsize, &start) grabs references pinning
the pages of up to maxsize of (contiguous) data from iter.  Returns the
amount of memory grabbed or -error.  In case of success, the requested
area begins at offset start in pages[0] and runs through pages[1], etc.
Less than requested amount might be returned - either because the contiguous
area in the beginning of iterator is smaller than requested, or because
the kernel failed to pin that many pages.

direct-io.c switched to using iov_iter_get_pages()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agodio: take updating ->result into do_direct_IO()
Al Viro [Mon, 10 Mar 2014 06:30:55 +0000 (02:30 -0400)]
dio: take updating ->result into do_direct_IO()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agostart adding the tag to iov_iter
Al Viro [Thu, 6 Mar 2014 00:28:09 +0000 (19:28 -0500)]
start adding the tag to iov_iter

For now, just use the same thing we pass to ->direct_IO() - it's all
iovec-based at the moment.  Pass it explicitly to iov_iter_init() and
account for kvec vs. iovec in there, by the same kludge NFS ->direct_IO()
uses.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonew helper: generic_file_read_iter()
Al Viro [Thu, 6 Mar 2014 03:53:04 +0000 (22:53 -0500)]
new helper: generic_file_read_iter()

iov_iter-using variant of generic_file_aio_read().  Some callers
converted.  Note that it's still not quite there for use as ->read_iter() -
we depend on having zero iter->iov_offset in O_DIRECT case.  Fortunately,
that's true for all converted callers (and for generic_file_aio_read() itself).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agofuse_file_aio_write(): merge initializations of iov_iter
Al Viro [Thu, 6 Mar 2014 03:52:34 +0000 (22:52 -0500)]
fuse_file_aio_write(): merge initializations of iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoceph_aio_read(): keep iov_iter across retries
Al Viro [Thu, 6 Mar 2014 00:22:23 +0000 (19:22 -0500)]
ceph_aio_read(): keep iov_iter across retries

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agonew primitive: iov_iter_alignment()
Al Viro [Wed, 5 Mar 2014 18:50:45 +0000 (13:50 -0500)]
new primitive: iov_iter_alignment()

returns the value aligned as badly as the worst remaining segment
in iov_iter is.  Use instead of open-coded equivalents.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agogive ->direct_IO() a copy of iov_iter
Al Viro [Mon, 10 Mar 2014 18:08:45 +0000 (14:08 -0400)]
give ->direct_IO() a copy of iov_iter

the thing is, we want to advance what's given to ->direct_IO() as we
are forming the request; however, the callers care about the amount
of data actually transferred, not the amount we tried to transfer.
It's more convenient to allow ->direct_IO() instances do use
iov_iter_advance() on the copy of iov_iter, leaving the actual
advancing of the original to caller.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoswitch {__,}blockdev_direct_IO() to iov_iter
Al Viro [Wed, 5 Mar 2014 06:33:16 +0000 (01:33 -0500)]
switch {__,}blockdev_direct_IO() to iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoget rid of pointless iov_length() in ->direct_IO()
Al Viro [Wed, 5 Mar 2014 03:38:00 +0000 (22:38 -0500)]
get rid of pointless iov_length() in ->direct_IO()

all callers have iov_length(iter->iov, iter->nr_segs) == iov_iter_count(iter)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoext4: switch the guts of ->direct_IO() to iov_iter
Al Viro [Wed, 5 Mar 2014 03:14:00 +0000 (22:14 -0500)]
ext4: switch the guts of ->direct_IO() to iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoconvert the guts of nfs_direct_IO() to iov_iter
Al Viro [Wed, 5 Mar 2014 02:53:33 +0000 (21:53 -0500)]
convert the guts of nfs_direct_IO() to iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agopass iov_iter to ->direct_IO()
Al Viro [Wed, 5 Mar 2014 02:27:34 +0000 (21:27 -0500)]
pass iov_iter to ->direct_IO()

unmodified, for now

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agokill generic_segment_checks()
Al Viro [Tue, 4 Mar 2014 20:24:06 +0000 (15:24 -0500)]
kill generic_segment_checks()

all callers of ->aio_read() and ->aio_write() have iov/nr_segs already
checked - generic_segment_checks() done after that is just an odd way
to spell iov_length().

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years ago__btrfs_direct_write(): switch to iov_iter
Al Viro [Tue, 4 Mar 2014 03:09:39 +0000 (22:09 -0500)]
__btrfs_direct_write(): switch to iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agogeneric_file_direct_write(): switch to iov_iter
Al Viro [Tue, 4 Mar 2014 03:03:20 +0000 (22:03 -0500)]
generic_file_direct_write(): switch to iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agokill iov_iter_copy_from_user()
Al Viro [Fri, 11 Apr 2014 00:54:51 +0000 (20:54 -0400)]
kill iov_iter_copy_from_user()

all callers can use copy_page_from_iter() and it actually simplifies
them.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agofs/file.c: don't open-code kvfree()
Al Viro [Wed, 23 Apr 2014 14:18:46 +0000 (10:18 -0400)]
fs/file.c: don't open-code kvfree()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoMerge branch 'akpm' (incoming from Andrew)
Linus Torvalds [Tue, 6 May 2014 20:07:41 +0000 (13:07 -0700)]
Merge branch 'akpm' (incoming from Andrew)

Merge misc fixes from Andrew Morton:
 "13 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  agp: info leak in agpioc_info_wrap()
  fs/affs/super.c: bugfix / double free
  fanotify: fix -EOVERFLOW with large files on 64-bit
  slub: use sysfs'es release mechanism for kmem_cache
  revert "mm: vmscan: do not swap anon pages just because free+file is low"
  autofs: fix lockref lookup
  mm: filemap: update find_get_pages_tag() to deal with shadow entries
  mm/compaction: make isolate_freepages start at pageblock boundary
  MAINTAINERS: zswap/zbud: change maintainer email address
  mm/page-writeback.c: fix divide by zero in pos_ratio_polynom
  hugetlb: ensure hugepage access is denied if hugepages are not supported
  slub: fix memcg_propagate_slab_attrs
  drivers/rtc/rtc-pcf8523.c: fix month definition

10 years agoagp: info leak in agpioc_info_wrap()
Dan Carpenter [Tue, 6 May 2014 19:50:12 +0000 (12:50 -0700)]
agp: info leak in agpioc_info_wrap()

On 64 bit systems the agp_info struct has a 4 byte hole between
->agp_mode and ->aper_base.  We need to clear it to avoid disclosing
stack information to userspace.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agofs/affs/super.c: bugfix / double free
Fabian Frederick [Tue, 6 May 2014 19:50:11 +0000 (12:50 -0700)]
fs/affs/super.c: bugfix / double free

Commit 842a859db26b ("affs: use ->kill_sb() to simplify ->put_super()
and failure exits of ->mount()") adds .kill_sb which frees sbi but
doesn't remove sbi free in case of parse_options error causing double
free+random crash.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org> [3.14.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agofanotify: fix -EOVERFLOW with large files on 64-bit
Will Woods [Tue, 6 May 2014 19:50:10 +0000 (12:50 -0700)]
fanotify: fix -EOVERFLOW with large files on 64-bit

On 64-bit systems, O_LARGEFILE is automatically added to flags inside
the open() syscall (also openat(), blkdev_open(), etc).  Userspace
therefore defines O_LARGEFILE to be 0 - you can use it, but it's a
no-op.  Everything should be O_LARGEFILE by default.

But: when fanotify does create_fd() it uses dentry_open(), which skips
all that.  And userspace can't set O_LARGEFILE in fanotify_init()
because it's defined to 0.  So if fanotify gets an event regarding a
large file, the read() will just fail with -EOVERFLOW.

This patch adds O_LARGEFILE to fanotify_init()'s event_f_flags on 64-bit
systems, using the same test as open()/openat()/etc.

Addresses https://bugzilla.redhat.com/show_bug.cgi?id=696821

Signed-off-by: Will Woods <wwoods@redhat.com>
Acked-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoslub: use sysfs'es release mechanism for kmem_cache
Christoph Lameter [Tue, 6 May 2014 19:50:08 +0000 (12:50 -0700)]
slub: use sysfs'es release mechanism for kmem_cache

debugobjects warning during netfilter exit:

    ------------[ cut here ]------------
    WARNING: CPU: 6 PID: 4178 at lib/debugobjects.c:260 debug_print_object+0x8d/0xb0()
    ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x20
    Modules linked in:
    CPU: 6 PID: 4178 Comm: kworker/u16:2 Tainted: G        W 3.11.0-next-20130906-sasha #3984
    Workqueue: netns cleanup_net
    Call Trace:
      dump_stack+0x52/0x87
      warn_slowpath_common+0x8c/0xc0
      warn_slowpath_fmt+0x46/0x50
      debug_print_object+0x8d/0xb0
      __debug_check_no_obj_freed+0xa5/0x220
      debug_check_no_obj_freed+0x15/0x20
      kmem_cache_free+0x197/0x340
      kmem_cache_destroy+0x86/0xe0
      nf_conntrack_cleanup_net_list+0x131/0x170
      nf_conntrack_pernet_exit+0x5d/0x70
      ops_exit_list+0x5e/0x70
      cleanup_net+0xfb/0x1c0
      process_one_work+0x338/0x550
      worker_thread+0x215/0x350
      kthread+0xe7/0xf0
      ret_from_fork+0x7c/0xb0

Also during dcookie cleanup:

    WARNING: CPU: 12 PID: 9725 at lib/debugobjects.c:260 debug_print_object+0x8c/0xb0()
    ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x20
    Modules linked in:
    CPU: 12 PID: 9725 Comm: trinity-c141 Not tainted 3.15.0-rc2-next-20140423-sasha-00018-gc4ff6c4 #408
    Call Trace:
      dump_stack (lib/dump_stack.c:52)
      warn_slowpath_common (kernel/panic.c:430)
      warn_slowpath_fmt (kernel/panic.c:445)
      debug_print_object (lib/debugobjects.c:262)
      __debug_check_no_obj_freed (lib/debugobjects.c:697)
      debug_check_no_obj_freed (lib/debugobjects.c:726)
      kmem_cache_free (mm/slub.c:2689 mm/slub.c:2717)
      kmem_cache_destroy (mm/slab_common.c:363)
      dcookie_unregister (fs/dcookies.c:302 fs/dcookies.c:343)
      event_buffer_release (arch/x86/oprofile/../../../drivers/oprofile/event_buffer.c:153)
      __fput (fs/file_table.c:217)
      ____fput (fs/file_table.c:253)
      task_work_run (kernel/task_work.c:125 (discriminator 1))
      do_notify_resume (include/linux/tracehook.h:196 arch/x86/kernel/signal.c:751)
      int_signal (arch/x86/kernel/entry_64.S:807)

Sysfs has a release mechanism.  Use that to release the kmem_cache
structure if CONFIG_SYSFS is enabled.

Only slub is changed - slab currently only supports /proc/slabinfo and
not /sys/kernel/slab/*.  We talked about adding that and someone was
working on it.

[akpm@linux-foundation.org: fix CONFIG_SYSFS=n build]
[akpm@linux-foundation.org: fix CONFIG_SYSFS=n build even more]
Signed-off-by: Christoph Lameter <cl@linux.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Tested-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Greg KH <greg@kroah.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agorevert "mm: vmscan: do not swap anon pages just because free+file is low"
Johannes Weiner [Tue, 6 May 2014 19:50:07 +0000 (12:50 -0700)]
revert "mm: vmscan: do not swap anon pages just because free+file is low"

This reverts commit 0bf1457f0cfc ("mm: vmscan: do not swap anon pages
just because free+file is low") because it introduced a regression in
mostly-anonymous workloads, where reclaim would become ineffective and
trap every allocating task in direct reclaim.

The problem is that there is a runaway feedback loop in the scan balance
between file and anon, where the balance tips heavily towards a tiny
thrashing file LRU and anonymous pages are no longer being looked at.
The commit in question removed the safe guard that would detect such
situations and respond with forced anonymous reclaim.

This commit was part of a series to fix premature swapping in loads with
relatively little cache, and while it made a small difference, the cure
is obviously worse than the disease.  Revert it.

Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Rafael Aquini <aquini@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: <stable@kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoautofs: fix lockref lookup
Ian Kent [Tue, 6 May 2014 19:50:06 +0000 (12:50 -0700)]
autofs: fix lockref lookup

autofs needs to be able to see private data dentry flags for its dentrys
that are being created but not yet hashed and for its dentrys that have
been rmdir()ed but not yet freed.  It needs to do this so it can block
processes in these states until a status has been returned to indicate
the given operation is complete.

It does this by keeping two lists, active and expring, of dentrys in
this state and uses ->d_release() to keep them stable while it checks
the reference count to determine if they should be used.

But with the recent lockref changes dentrys being freed sometimes don't
transition to a reference count of 0 before being freed so autofs can
occassionally use a dentry that is invalid which can lead to a panic.

Signed-off-by: Ian Kent <raven@themaw.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agomm: filemap: update find_get_pages_tag() to deal with shadow entries
Johannes Weiner [Tue, 6 May 2014 19:50:05 +0000 (12:50 -0700)]
mm: filemap: update find_get_pages_tag() to deal with shadow entries

Dave Jones reports the following crash when find_get_pages_tag() runs
into an exceptional entry:

  kernel BUG at mm/filemap.c:1347!
  RIP: find_get_pages_tag+0x1cb/0x220
  Call Trace:
    find_get_pages_tag+0x36/0x220
    pagevec_lookup_tag+0x21/0x30
    filemap_fdatawait_range+0xbe/0x1e0
    filemap_fdatawait+0x27/0x30
    sync_inodes_sb+0x204/0x2a0
    sync_inodes_one_sb+0x19/0x20
    iterate_supers+0xb2/0x110
    sys_sync+0x44/0xb0
    ia32_do_call+0x13/0x13

  1343                         /*
  1344                          * This function is never used on a shmem/tmpfs
  1345                          * mapping, so a swap entry won't be found here.
  1346                          */
  1347                         BUG();

After commit 0cd6144aadd2 ("mm + fs: prepare for non-page entries in
page cache radix trees") this comment and BUG() are out of date because
exceptional entries can now appear in all mappings - as shadows of
recently evicted pages.

However, as Hugh Dickins notes,

  "it is truly surprising for a PAGECACHE_TAG_WRITEBACK (and probably
   any other PAGECACHE_TAG_*) to appear on an exceptional entry.

   I expect it comes down to an occasional race in RCU lookup of the
   radix_tree: lacking absolute synchronization, we might sometimes
   catch an exceptional entry, with the tag which really belongs with
   the unexceptional entry which was there an instant before."

And indeed, not only is the tree walk lockless, the tags are also read
in chunks, one radix tree node at a time.  There is plenty of time for
page reclaim to swoop in and replace a page that was already looked up
as tagged with a shadow entry.

Remove the BUG() and update the comment.  While reviewing all other
lookup sites for whether they properly deal with shadow entries of
evicted pages, update all the comments and fix memcg file charge moving
to not miss shmem/tmpfs swapcache pages.

Fixes: 0cd6144aadd2 ("mm + fs: prepare for non-page entries in page cache radix trees")
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Dave Jones <davej@redhat.com>
Acked-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agomm/compaction: make isolate_freepages start at pageblock boundary
Vlastimil Babka [Tue, 6 May 2014 19:50:03 +0000 (12:50 -0700)]
mm/compaction: make isolate_freepages start at pageblock boundary

The compaction freepage scanner implementation in isolate_freepages()
starts by taking the current cc->free_pfn value as the first pfn.  In a
for loop, it scans from this first pfn to the end of the pageblock, and
then subtracts pageblock_nr_pages from the first pfn to obtain the first
pfn for the next for loop iteration.

This means that when cc->free_pfn starts at offset X rather than being
aligned on pageblock boundary, the scanner will start at offset X in all
scanned pageblock, ignoring potentially many free pages.  Currently this
can happen when

 a) zone's end pfn is not pageblock aligned, or

 b) through zone->compact_cached_free_pfn with CONFIG_HOLES_IN_ZONE
    enabled and a hole spanning the beginning of a pageblock

This patch fixes the problem by aligning the initial pfn in
isolate_freepages() to pageblock boundary.  This also permits replacing
the end-of-pageblock alignment within the for loop with a simple
pageblock_nr_pages increment.

Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Heesub Shin <heesub.shin@samsung.com>
Acked-by: Minchan Kim <minchan@kernel.org>
Cc: Mel Gorman <mgorman@suse.de>
Acked-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Christoph Lameter <cl@linux.com>
Acked-by: Rik van Riel <riel@redhat.com>
Cc: Dongjun Shin <d.j.shin@samsung.com>
Cc: Sunghwan Yun <sunghwan.yun@samsung.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoMAINTAINERS: zswap/zbud: change maintainer email address
Seth Jennings [Tue, 6 May 2014 19:50:02 +0000 (12:50 -0700)]
MAINTAINERS: zswap/zbud: change maintainer email address

sjenning@linux.vnet.ibm.com is no longer a viable entity.

Signed-off-by: Seth Jennings <sjennings@variantweb.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agomm/page-writeback.c: fix divide by zero in pos_ratio_polynom
Rik van Riel [Tue, 6 May 2014 19:50:01 +0000 (12:50 -0700)]
mm/page-writeback.c: fix divide by zero in pos_ratio_polynom

It is possible for "limit - setpoint + 1" to equal zero, after getting
truncated to a 32 bit variable, and resulting in a divide by zero error.

Using the fully 64 bit divide functions avoids this problem.  It also
will cause pos_ratio_polynom() to return the correct value when
(setpoint - limit) exceeds 2^32.

Also uninline pos_ratio_polynom, at Andrew's request.

Signed-off-by: Rik van Riel <riel@redhat.com>
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agohugetlb: ensure hugepage access is denied if hugepages are not supported
Nishanth Aravamudan [Tue, 6 May 2014 19:50:00 +0000 (12:50 -0700)]
hugetlb: ensure hugepage access is denied if hugepages are not supported

Currently, I am seeing the following when I `mount -t hugetlbfs /none
/dev/hugetlbfs`, and then simply do a `ls /dev/hugetlbfs`.  I think it's
related to the fact that hugetlbfs is properly not correctly setting
itself up in this state?:

  Unable to handle kernel paging request for data at address 0x00000031
  Faulting instruction address: 0xc000000000245710
  Oops: Kernel access of bad area, sig: 11 [#1]
  SMP NR_CPUS=2048 NUMA pSeries
  ....

In KVM guests on Power, in a guest not backed by hugepages, we see the
following:

  AnonHugePages:         0 kB
  HugePages_Total:       0
  HugePages_Free:        0
  HugePages_Rsvd:        0
  HugePages_Surp:        0
  Hugepagesize:         64 kB

HPAGE_SHIFT == 0 in this configuration, which indicates that hugepages
are not supported at boot-time, but this is only checked in
hugetlb_init().  Extract the check to a helper function, and use it in a
few relevant places.

This does make hugetlbfs not supported (not registered at all) in this
environment.  I believe this is fine, as there are no valid hugepages
and that won't change at runtime.

[akpm@linux-foundation.org: use pr_info(), per Mel]
[akpm@linux-foundation.org: fix build when HPAGE_SHIFT is undefined]
Signed-off-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Mel Gorman <mgorman@suse.de>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoslub: fix memcg_propagate_slab_attrs
Vladimir Davydov [Tue, 6 May 2014 19:49:59 +0000 (12:49 -0700)]
slub: fix memcg_propagate_slab_attrs

After creating a cache for a memcg we should initialize its sysfs attrs
with the values from its parent.  That's what memcg_propagate_slab_attrs
is for.  Currently it's broken - we clearly muddled root-vs-memcg caches
there.  Let's fix it up.

Signed-off-by: Vladimir Davydov <vdavydov@parallels.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agodrivers/rtc/rtc-pcf8523.c: fix month definition
Chris Cui [Tue, 6 May 2014 19:49:58 +0000 (12:49 -0700)]
drivers/rtc/rtc-pcf8523.c: fix month definition

PCF8523 uses 1-12 to represent month according to datasheet.
link: www.nxp.com/documents/data_sheet/PCF8523.pdf.

Signed-off-by: Chris Cui <chris.wei.cui@gmail.com>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Linus Torvalds [Tue, 6 May 2014 19:22:20 +0000 (12:22 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs

Pull vfs fixes from Al Viro:
 "dcache fixes + kvfree() (uninlined, exported by mm/util.c) + posix_acl
  bugfix from hch"

The dcache fixes are for a subtle LRU list corruption bug reported by
Miklos Szeredi, where people inside IBM saw list corruptions with the
LTP/host01 test.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  nick kvfree() from apparmor
  posix_acl: handle NULL ACL in posix_acl_equiv_mode
  dcache: don't need rcu in shrink_dentry_list()
  more graceful recovery in umount_collect()
  don't remove from shrink list in select_collect()
  dentry_kill(): don't try to remove from shrink list
  expand the call of dentry_lru_del() in dentry_kill()
  new helper: dentry_free()
  fold try_prune_one_dentry()
  fold d_kill() and d_free()
  fix races between __d_instantiate() and checks of dentry flags

10 years agonick kvfree() from apparmor
Al Viro [Tue, 6 May 2014 18:02:53 +0000 (14:02 -0400)]
nick kvfree() from apparmor

too many places open-code it

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoposix_acl: handle NULL ACL in posix_acl_equiv_mode
Christoph Hellwig [Sun, 4 May 2014 11:03:32 +0000 (13:03 +0200)]
posix_acl: handle NULL ACL in posix_acl_equiv_mode

Various filesystems don't bother checking for a NULL ACL in
posix_acl_equiv_mode, and thus can dereference a NULL pointer when it
gets passed one. This usually happens from the NFS server, as the ACL tools
never pass a NULL ACL, but instead of one representing the mode bits.

Instead of adding boilerplat to all filesystems put this check into one place,
which will allow us to remove the check from other filesystems as well later
on.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Ben Greear <greearb@candelatech.com>
Reported-by: Marco Munderloh <munderl@tnt.uni-hannover.de>,
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
10 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi...
Linus Torvalds [Tue, 6 May 2014 16:09:35 +0000 (09:09 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/mszeredi/fuse

Pull fuse fixes from Miklos Szeredi:
 "This adds ctime update in the new cached writeback mode and also
  fixes/simplifies the mtime update handling.  Support for rename flags
  (aka renameat2) is also added to the userspace API"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: add renameat2 support
  fuse: clear MS_I_VERSION
  fuse: clear FUSE_I_CTIME_DIRTY flag on setattr
  fuse: trust kernel i_ctime only
  fuse: remove .update_time
  fuse: allow ctime flushing to userspace
  fuse: fuse: add time_gran to INIT_OUT
  fuse: add .write_inode
  fuse: clean up fsync
  fuse: fuse: fallocate: use file_update_time()
  fuse: update mtime on open(O_TRUNC) in atomic_o_trunc mode
  fuse: update mtime on truncate(2)
  fuse: do not use uninitialized i_mode
  fuse: fix mtime update error in fsync
  fuse: check fallocate mode
  fuse: add __exit to fuse_ctl_cleanup

10 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Linus Torvalds [Tue, 6 May 2014 16:08:03 +0000 (09:08 -0700)]
Merge git://git./linux/kernel/git/davem/sparc

Pull sparc fixes from David Miller:
 "I've been auditing the THP support on sparc64 and found several bugs,
  hopefully most of which are fixed completely here.

  Also an RT kernel locking fix from Kirill Tkhai"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc64: Give more detailed information in {pgd,pmd}_ERROR() and kill pte_ERROR().
  sparc64: Add basic validations to {pud,pmd}_bad().
  sparc64: Use 'ILOG2_4MB' instead of constant '22'.
  sparc64: Fix range check in kern_addr_valid().
  sparc64: Fix top-level fault handling bugs.
  sparc64: Handle 32-bit tasks properly in compute_effective_address().
  sparc64: Don't use _PAGE_PRESENT in pte_modify() mask.
  sparc64: Fix hex values in comment above pte_modify().
  sparc64: Fix bugs in get_user_pages_fast() wrt. THP.
  sparc64: Fix huge PMD invalidation.
  sparc64: Fix executable bit testing in set_pmd_at() paths.
  sparc64: Normalize NMI watchdog logging and behavior.
  sparc64: Make itc_sync_lock raw
  sparc64: Fix argument sign extension for compat_sys_futex().

10 years agoslab: Fix off by one in object max number tests.
David Miller [Mon, 5 May 2014 20:20:04 +0000 (16:20 -0400)]
slab: Fix off by one in object max number tests.

If freelist_idx_t is a byte, SLAB_OBJ_MAX_NUM should be 255 not 256, and
likewise if freelist_idx_t is a short, then it should be 65535 not
65536.

This was leading to all kinds of random crashes on sparc64 where
PAGE_SIZE is 8192.  One problem shown was that if spinlock debugging was
enabled, we'd get deadlocks in copy_pte_range() or do_wp_page() with the
same cpu already holding a lock it shouldn't hold, or the lock belonging
to a completely unrelated process.

Fixes: a41adfaa23df ("slab: introduce byte sized index for the freelist of a slab")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoslab: fix the type of the index on freelist index accessor
Joonsoo Kim [Fri, 18 Apr 2014 07:24:09 +0000 (16:24 +0900)]
slab: fix the type of the index on freelist index accessor

Commit a41adfaa23df ("slab: introduce byte sized index for the freelist
of a slab") changes the size of freelist index and also changes
prototype of accessor function to freelist index.  And there was a
mistake.

The mistake is that although it changes the size of freelist index
correctly, it changes the size of the index of freelist index
incorrectly.  With patch, freelist index can be 1 byte or 2 bytes, that
means that num of object on on a slab can be more than 255.  So we need
more than 1 byte for the index to find the index of free object on
freelist.  But, above patch makes this index type 1 byte, so slab which
have more than 255 objects cannot work properly and in consequence of
it, the system cannot boot.

This issue was reported by Steven King on m68knommu which would use
2 bytes freelist index:

  https://lkml.org/lkml/2014/4/16/433

To fix is easy.  To change the type of the index of freelist index on
accessor functions is enough to fix this bug.  Although 2 bytes is
enough, I use 4 bytes since it have no bad effect and make things more
easier.  This fix was suggested and tested by Steven in his original
report.

Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Reported-and-acked-by: Steven King <sfking@fdwdc.com>
Acked-by: Christoph Lameter <cl@linux.com>
Tested-by: James Hogan <james.hogan@imgtec.com>
Tested-by: David Miller <davem@davemloft.net>
Cc: Pekka Enberg <penberg@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Mon, 5 May 2014 22:59:46 +0000 (15:59 -0700)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) e1000e computes header length incorrectly wrt vlans, fix from Vlad
    Yasevich.

 2) ns_capable() check in sock_diag netlink code, from Andrew
    Lutomirski.

 3) Fix invalid queue pairs handling in virtio_net, from Amos Kong.

 4) Checksum offloading busted in sxgbe driver due to incorrect
    descriptor layout, fix from Byungho An.

 5) Fix build failure with SMC_DEBUG set to 2 or larger, from Zi Shen
    Lim.

 6) Fix uninitialized A and X registers in BPF interpreter, from Alexei
    Starovoitov.

 7) Fix arch dependencies of candence driver.

 8) Fix netlink capabilities checking tree-wide, from Eric W Biederman.

 9) Don't dump IFLA_VF_PORTS if netlink request didn't ask for it in
    IFLA_EXT_MASK, from David Gibson.

10) IPV6 FIB dump restart doesn't handle table changes that happen
    meanwhile, causing the code to loop forever or emit dups, fix from
    Kumar Sandararajan.

11) Memory leak on VF removal in bnx2x, from Yuval Mintz.

12) Bug fixes for new Altera TSE driver from Vince Bridgers.

13) Fix route lookup key in SCTP, from Xugeng Zhang.

14) Use BH blocking spinlocks in SLIP, as per a similar fix to CAN/SLCAN
    driver.  From Oliver Hartkopp.

15) TCP doesn't bump retransmit counters in some code paths, fix from
    Eric Dumazet.

16) Clamp delayed_ack in tcp_cubic to prevent theoretical divides by
    zero.  Fix from Liu Yu.

17) Fix locking imbalance in error paths of HHF packet scheduler, from
    John Fastabend.

18) Properly reference the transport module when vsock_core_init() runs,
    from Andy King.

19) Fix buffer overflow in cdc_ncm driver, from Bjørn Mork.

20) IP_ECN_decapsulate() doesn't see a correct SKB network header in
    ip_tunnel_rcv(), fix from Ying Cai.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (132 commits)
  net: macb: Fix race between HW and driver
  net: macb: Remove 'unlikely' optimization
  net: macb: Re-enable RX interrupt only when RX is done
  net: macb: Clear interrupt flags
  net: macb: Pass same size to DMA_UNMAP as used for DMA_MAP
  ip_tunnel: Set network header properly for IP_ECN_decapsulate()
  e1000e: Restrict MDIO Slow Mode workaround to relevant parts
  e1000e: Fix issue with link flap on 82579
  e1000e: Expand workaround for 10Mb HD throughput bug
  e1000e: Workaround for dropped packets in Gig/100 speeds on 82579
  net/mlx4_core: Don't issue PCIe speed/width checks for VFs
  net/mlx4_core: Load the Eth driver first
  net/mlx4_core: Fix slave id computation for single port VF
  net/mlx4_core: Adjust port number in qp_attach wrapper when detaching
  net: cdc_ncm: fix buffer overflow
  Altera TSE: ALTERA_TSE should depend on HAS_DMA
  vsock: Make transport the proto owner
  net: sched: lock imbalance in hhf qdisc
  net: mvmdio: Check for a valid interrupt instead of an error
  net phy: Check for aneg completion before setting state to PHY_RUNNING
  ...

10 years agoMerge tag 'usb-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Linus Torvalds [Mon, 5 May 2014 22:51:17 +0000 (15:51 -0700)]
Merge tag 'usb-3.15-rc4' of git://git./linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some small fixes and device ids for 3.15-rc4.

  All have been in linux-next just fine"

* tag 'usb-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  USB: Nokia 5300 should be treated as unusual dev
  USB: Nokia 305 should be treated as unusual dev
  fsl-usb: do not test for PHY_CLK_VALID bit on controller version 1.6
  usb: storage: shuttle_usbat: fix discs being detected twice
  usb: qcserial: add a number of Dell devices
  USB: OHCI: fix problem with global suspend on ATI controllers
  usb: gadget: at91-udc: fix irq and iomem resource retrieval
  usb: phy: fsm: change "|" to "||" for condition OTG_STATE_A_WAIT_BCON at statemachine
  usb: phy: fsm: update OTG HNP state transition

10 years agoMerge tag 'tty-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Linus Torvalds [Mon, 5 May 2014 22:50:16 +0000 (15:50 -0700)]
Merge tag 'tty-3.15-rc4' of git://git./linux/kernel/git/gregkh/tty

Pull tty/serial fixes from Greg KH:
 "Here are some tty and serial driver fixes for things reported
  recently"

* tag 'tty-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  tty: Fix lockless tty buffer race
  Revert "tty: Fix race condition between __tty_buffer_request_room and flush_to_ldisc"
  drivers/tty/hvc: don't free hvc_console_setup after init
  n_tty: Fix n_tty_write crash when echoing in raw mode
  tty: serial: 8250_core.c Bug fix for Exar chips.

10 years agoMerge tag 'staging-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Mon, 5 May 2014 22:49:38 +0000 (15:49 -0700)]
Merge tag 'staging-3.15-rc4' of git://git./linux/kernel/git/gregkh/staging

Pull staging / iio fixes from Greg KH:
 "Here are some small IIO driver fixes for 3.15-rc4 that resolve some
  reported issues"

* tag 'staging-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  iio: adc: Nothing in ADC should be a bool CONFIG
  iio: exynos_adc: use indio_dev->dev structure to handle child nodes
  iio:imu:mpu6050: Fixed segfault in Invensens MPU driver due to null dereference
  staging:iio:ad2s1200 fix missing parenthesis in a for statment.

10 years agoMerge tag 'xtensa-next-20140503' of git://github.com/czankel/xtensa-linux
Linus Torvalds [Mon, 5 May 2014 22:36:59 +0000 (15:36 -0700)]
Merge tag 'xtensa-next-20140503' of git://github.com/czankel/xtensa-linux

Pull Xtensa fixes from Chris Zankel:
 - Fixes allmodconfig, allnoconfig builds
 - Adds highmem support
 - Enables build-time exception table sorting.

* tag 'xtensa-next-20140503' of git://github.com/czankel/xtensa-linux:
  xtensa: ISS: don't depend on CONFIG_TTY
  xtensa: xt2000: drop redundant sysmem initialization
  xtensa: add support for KC705
  xtensa: xtfpga: introduce SoC I/O bus
  xtensa: add HIGHMEM support
  xtensa: optimize local_flush_tlb_kernel_range
  xtensa: dump sysmem from the bootmem_init
  xtensa: handle memmap kernel option
  xtensa: keep sysmem banks ordered in mem_reserve
  xtensa: keep sysmem banks ordered in add_sysmem_bank
  xtensa: split bootparam and kernel meminfo
  xtensa: enable sorting extable at build time
  xtensa: export __{invalidate,flush}_dcache_range
  xtensa: Export __invalidate_icache_range

10 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph...
Linus Torvalds [Mon, 5 May 2014 22:17:02 +0000 (15:17 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/sage/ceph-client

Pull Ceph fixes from Sage Weil:
 "First, there is a critical fix for the new primary-affinity function
  that went into -rc1.

  The second batch of patches from Zheng fix a range of problems with
  directory fragmentation, readdir, and a few odds and ends for cephfs"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  ceph: reserve caps for file layout/lock MDS requests
  ceph: avoid releasing caps that are being used
  ceph: clear directory's completeness when creating file
  libceph: fix non-default values check in apply_primary_affinity()
  ceph: use fpos_cmp() to compare dentry positions
  ceph: check directory's completeness before emitting directory entry

10 years agonet: macb: Fix race between HW and driver
Soren Brinkmann [Sun, 4 May 2014 22:43:02 +0000 (15:43 -0700)]
net: macb: Fix race between HW and driver

Under "heavy" RX load, the driver cannot handle the descriptors fast
enough. In detail, when a descriptor is consumed, its used flag is
cleared and once the RX budget is consumed all descriptors with a
cleared used flag are prepared to receive more data. Under load though,
the HW may constantly receive more data and use those descriptors with a
cleared used flag before they are actually prepared for next usage.

The head and tail pointers into the RX-ring should always be valid and
we can omit clearing and checking of the used flag.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: macb: Remove 'unlikely' optimization
Soren Brinkmann [Sun, 4 May 2014 22:43:01 +0000 (15:43 -0700)]
net: macb: Remove 'unlikely' optimization

Coverage data suggests that the unlikely case of receiving data while
the receive handler is running may not be that unlikely.
Coverage data after running iperf for a while:
    91320:  891: work_done = bp->macbgem_ops.mog_rx(bp, budget);
    91320:  892: if (work_done < budget) {
     2362:  893: napi_complete(napi);
        -:  894:
        -:  895: /* Packets received while interrupts were disabled */
     4724:  896: status = macb_readl(bp, RSR);
     2362:  897: if (unlikely(status)) {
      762:  898: if (bp->caps & MACB_CAPS_ISR_CLEAR_ON_WRITE)
      762:  899: macb_writel(bp, ISR, MACB_BIT(RCOMP));
        -:  900: napi_reschedule(napi);
        -:  901: } else {
     1600:  902: macb_writel(bp, IER, MACB_RX_INT_FLAGS);
        -:  903: }
        -:  904: }

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: macb: Re-enable RX interrupt only when RX is done
Soren Brinkmann [Sun, 4 May 2014 22:43:00 +0000 (15:43 -0700)]
net: macb: Re-enable RX interrupt only when RX is done

When data is received during the driver processing received data the
NAPI is re-scheduled. In that case the RX interrupt should not be
re-enabled.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: macb: Clear interrupt flags
Soren Brinkmann [Sun, 4 May 2014 22:42:59 +0000 (15:42 -0700)]
net: macb: Clear interrupt flags

A few interrupt flags were not cleared in the ISR, resulting in a sytem
trapped in the ISR in cases one of those interrupts occurred. Clear all
flags to avoid such situations.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agonet: macb: Pass same size to DMA_UNMAP as used for DMA_MAP
Soren Brinkmann [Sun, 4 May 2014 22:42:58 +0000 (15:42 -0700)]
net: macb: Pass same size to DMA_UNMAP as used for DMA_MAP

Just as commit "net: macb: DMA-unmap full rx-buffer"
(48330e08fa168395b9fd9f369f06cca1df204361), pass the size that
was used for mapping the memory also to the unmap routine to
avoid warnings from the DMA_API.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
10 years agoip_tunnel: Set network header properly for IP_ECN_decapsulate()
Ying Cai [Sun, 4 May 2014 22:20:04 +0000 (15:20 -0700)]
ip_tunnel: Set network header properly for IP_ECN_decapsulate()

In ip_tunnel_rcv(), set skb->network_header to inner IP header
before IP_ECN_decapsulate().

Without the fix, IP_ECN_decapsulate() takes outer IP header as
inner IP header, possibly causing error messages or packet drops.

Note that this skb_reset_network_header() call was in this spot when
the original feature for checking consistency of ECN bits through
tunnels was added in eccc1bb8d4b4 ("tunnel: drop packet if ECN present
with not-ECT"). It was only removed from this spot in 3d7b46cd20e3
("ip_tunnel: push generic protocol handling to ip_tunnel module.").

Fixes: 3d7b46cd20e3 ("ip_tunnel: push generic protocol handling to ip_tunnel module.")
Reported-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Ying Cai <ycai@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>