--- /dev/null
+From 1ae88b2e446261c038f2c0c3150ffae142b227a2 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Wed, 12 Aug 2009 09:12:30 -0400
+Subject: NFS: Fix an O_DIRECT Oops...
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 1ae88b2e446261c038f2c0c3150ffae142b227a2 upstream.
+
+We can't call nfs_readdata_release()/nfs_writedata_release() without
+first initialising and referencing args.context. Doing so inside
+nfs_direct_read_schedule_segment()/nfs_direct_write_schedule_segment()
+causes an Oops.
+
+We should rather be calling nfs_readdata_free()/nfs_writedata_free() in
+those cases.
+
+Looking at the O_DIRECT code, the "struct nfs_direct_req" is already
+referencing the nfs_open_context for us. Since the readdata and writedata
+structures carry a reference to that, we can simplify things by getting rid
+of the extra nfs_open_context references, so that we can replace all
+instances of nfs_readdata_release()/nfs_writedata_release().
+
+Reported-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Tested-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/direct.c | 20 ++++++++++----------
+ fs/nfs/read.c | 6 ++----
+ fs/nfs/write.c | 6 ++----
+ include/linux/nfs_fs.h | 5 ++---
+ 4 files changed, 16 insertions(+), 21 deletions(-)
+
+--- a/fs/nfs/direct.c
++++ b/fs/nfs/direct.c
+@@ -255,7 +255,7 @@ static void nfs_direct_read_release(void
+
+ if (put_dreq(dreq))
+ nfs_direct_complete(dreq);
+- nfs_readdata_release(calldata);
++ nfs_readdata_free(data);
+ }
+
+ static const struct rpc_call_ops nfs_read_direct_ops = {
+@@ -311,14 +311,14 @@ static ssize_t nfs_direct_read_schedule_
+ data->npages, 1, 0, data->pagevec, NULL);
+ up_read(¤t->mm->mmap_sem);
+ if (result < 0) {
+- nfs_readdata_release(data);
++ nfs_readdata_free(data);
+ break;
+ }
+ if ((unsigned)result < data->npages) {
+ bytes = result * PAGE_SIZE;
+ if (bytes <= pgbase) {
+ nfs_direct_release_pages(data->pagevec, result);
+- nfs_readdata_release(data);
++ nfs_readdata_free(data);
+ break;
+ }
+ bytes -= pgbase;
+@@ -331,7 +331,7 @@ static ssize_t nfs_direct_read_schedule_
+ data->inode = inode;
+ data->cred = msg.rpc_cred;
+ data->args.fh = NFS_FH(inode);
+- data->args.context = get_nfs_open_context(ctx);
++ data->args.context = ctx;
+ data->args.offset = pos;
+ data->args.pgbase = pgbase;
+ data->args.pages = data->pagevec;
+@@ -438,7 +438,7 @@ static void nfs_direct_free_writedata(st
+ struct nfs_write_data *data = list_entry(dreq->rewrite_list.next, struct nfs_write_data, pages);
+ list_del(&data->pages);
+ nfs_direct_release_pages(data->pagevec, data->npages);
+- nfs_writedata_release(data);
++ nfs_writedata_free(data);
+ }
+ }
+
+@@ -531,7 +531,7 @@ static void nfs_direct_commit_release(vo
+
+ dprintk("NFS: %5u commit returned %d\n", data->task.tk_pid, status);
+ nfs_direct_write_complete(dreq, data->inode);
+- nfs_commitdata_release(calldata);
++ nfs_commit_free(data);
+ }
+
+ static const struct rpc_call_ops nfs_commit_direct_ops = {
+@@ -564,7 +564,7 @@ static void nfs_direct_commit_schedule(s
+ data->args.fh = NFS_FH(data->inode);
+ data->args.offset = 0;
+ data->args.count = 0;
+- data->args.context = get_nfs_open_context(dreq->ctx);
++ data->args.context = dreq->ctx;
+ data->res.count = 0;
+ data->res.fattr = &data->fattr;
+ data->res.verf = &data->verf;
+@@ -725,14 +725,14 @@ static ssize_t nfs_direct_write_schedule
+ data->npages, 0, 0, data->pagevec, NULL);
+ up_read(¤t->mm->mmap_sem);
+ if (result < 0) {
+- nfs_writedata_release(data);
++ nfs_writedata_free(data);
+ break;
+ }
+ if ((unsigned)result < data->npages) {
+ bytes = result * PAGE_SIZE;
+ if (bytes <= pgbase) {
+ nfs_direct_release_pages(data->pagevec, result);
+- nfs_writedata_release(data);
++ nfs_writedata_free(data);
+ break;
+ }
+ bytes -= pgbase;
+@@ -747,7 +747,7 @@ static ssize_t nfs_direct_write_schedule
+ data->inode = inode;
+ data->cred = msg.rpc_cred;
+ data->args.fh = NFS_FH(inode);
+- data->args.context = get_nfs_open_context(ctx);
++ data->args.context = ctx;
+ data->args.offset = pos;
+ data->args.pgbase = pgbase;
+ data->args.pages = data->pagevec;
+--- a/fs/nfs/read.c
++++ b/fs/nfs/read.c
+@@ -59,17 +59,15 @@ struct nfs_read_data *nfs_readdata_alloc
+ return p;
+ }
+
+-static void nfs_readdata_free(struct nfs_read_data *p)
++void nfs_readdata_free(struct nfs_read_data *p)
+ {
+ if (p && (p->pagevec != &p->page_array[0]))
+ kfree(p->pagevec);
+ mempool_free(p, nfs_rdata_mempool);
+ }
+
+-void nfs_readdata_release(void *data)
++static void nfs_readdata_release(struct nfs_read_data *rdata)
+ {
+- struct nfs_read_data *rdata = data;
+-
+ put_nfs_open_context(rdata->args.context);
+ nfs_readdata_free(rdata);
+ }
+--- a/fs/nfs/write.c
++++ b/fs/nfs/write.c
+@@ -84,17 +84,15 @@ struct nfs_write_data *nfs_writedata_all
+ return p;
+ }
+
+-static void nfs_writedata_free(struct nfs_write_data *p)
++void nfs_writedata_free(struct nfs_write_data *p)
+ {
+ if (p && (p->pagevec != &p->page_array[0]))
+ kfree(p->pagevec);
+ mempool_free(p, nfs_wdata_mempool);
+ }
+
+-void nfs_writedata_release(void *data)
++static void nfs_writedata_release(struct nfs_write_data *wdata)
+ {
+- struct nfs_write_data *wdata = data;
+-
+ put_nfs_open_context(wdata->args.context);
+ nfs_writedata_free(wdata);
+ }
+--- a/include/linux/nfs_fs.h
++++ b/include/linux/nfs_fs.h
+@@ -473,7 +473,6 @@ extern int nfs_writepages(struct addres
+ extern int nfs_flush_incompatible(struct file *file, struct page *page);
+ extern int nfs_updatepage(struct file *, struct page *, unsigned int, unsigned int);
+ extern int nfs_writeback_done(struct rpc_task *, struct nfs_write_data *);
+-extern void nfs_writedata_release(void *);
+
+ /*
+ * Try to write back everything synchronously (but check the
+@@ -488,7 +487,6 @@ extern int nfs_wb_page_cancel(struct ino
+ extern int nfs_commit_inode(struct inode *, int);
+ extern struct nfs_write_data *nfs_commitdata_alloc(void);
+ extern void nfs_commit_free(struct nfs_write_data *wdata);
+-extern void nfs_commitdata_release(void *wdata);
+ #else
+ static inline int
+ nfs_commit_inode(struct inode *inode, int how)
+@@ -507,6 +505,7 @@ nfs_have_writebacks(struct inode *inode)
+ * Allocate nfs_write_data structures
+ */
+ extern struct nfs_write_data *nfs_writedata_alloc(unsigned int npages);
++extern void nfs_writedata_free(struct nfs_write_data *);
+
+ /*
+ * linux/fs/nfs/read.c
+@@ -515,7 +514,6 @@ extern int nfs_readpage(struct file *,
+ extern int nfs_readpages(struct file *, struct address_space *,
+ struct list_head *, unsigned);
+ extern int nfs_readpage_result(struct rpc_task *, struct nfs_read_data *);
+-extern void nfs_readdata_release(void *data);
+ extern int nfs_readpage_async(struct nfs_open_context *, struct inode *,
+ struct page *);
+
+@@ -523,6 +521,7 @@ extern int nfs_readpage_async(struct nf
+ * Allocate nfs_read_data structures
+ */
+ extern struct nfs_read_data *nfs_readdata_alloc(unsigned int npages);
++extern void nfs_readdata_free(struct nfs_read_data *);
+
+ /*
+ * linux/fs/nfs3proc.c
--- /dev/null
+From robert.richter@amd.com Thu Aug 13 12:03:02 2009
+From: Robert Richter <robert.richter@amd.com>
+Date: Wed, 12 Aug 2009 17:59:52 +0200
+Subject: ring-buffer: Fix advance of reader in rb_buffer_peek()
+To: Greg KH <greg@kroah.com>
+Cc: Robert Richter <robert.richter@amd.com>, Ingo Molnar <mingo@elte.hu>, stable@kernel.org, Steven Rostedt <rostedt@goodmis.org>
+Message-ID: <1250092792-14517-1-git-send-email-robert.richter@amd.com>
+
+From: Robert Richter <robert.richter@amd.com>
+
+Backport for 2.6.30-stable of:
+
+ 469535a ring-buffer: Fix advance of reader in rb_buffer_peek()
+
+When calling rb_buffer_peek() from ring_buffer_consume() and a
+padding event is returned, the function rb_advance_reader() is
+called twice. This may lead to missing samples or under high
+workloads to the warning below. This patch fixes this. If a padding
+event is returned by rb_buffer_peek() it will be consumed by the
+calling function now.
+
+Also, I simplified some code in ring_buffer_consume().
+
+------------[ cut here ]------------
+WARNING: at /dev/shm/.source/linux/kernel/trace/ring_buffer.c:2289 rb_advance_reader+0x2e/0xc5()
+Hardware name: Anaheim
+Modules linked in:
+Pid: 29, comm: events/2 Tainted: G W 2.6.31-rc3-oprofile-x86_64-standard-00059-g5050dc2 #1
+Call Trace:
+[<ffffffff8106776f>] ? rb_advance_reader+0x2e/0xc5
+[<ffffffff81039ffe>] warn_slowpath_common+0x77/0x8f
+[<ffffffff8103a025>] warn_slowpath_null+0xf/0x11
+[<ffffffff8106776f>] rb_advance_reader+0x2e/0xc5
+[<ffffffff81068bda>] ring_buffer_consume+0xa0/0xd2
+[<ffffffff81326933>] op_cpu_buffer_read_entry+0x21/0x9e
+[<ffffffff810be3af>] ? __find_get_block+0x4b/0x165
+[<ffffffff8132749b>] sync_buffer+0xa5/0x401
+[<ffffffff810be3af>] ? __find_get_block+0x4b/0x165
+[<ffffffff81326c1b>] ? wq_sync_buffer+0x0/0x78
+[<ffffffff81326c76>] wq_sync_buffer+0x5b/0x78
+[<ffffffff8104aa30>] worker_thread+0x113/0x1ac
+[<ffffffff8104dd95>] ? autoremove_wake_function+0x0/0x38
+[<ffffffff8104a91d>] ? worker_thread+0x0/0x1ac
+[<ffffffff8104dc9a>] kthread+0x88/0x92
+[<ffffffff8100bdba>] child_rip+0xa/0x20
+[<ffffffff8104dc12>] ? kthread+0x0/0x92
+[<ffffffff8100bdb0>] ? child_rip+0x0/0x20
+---[ end trace f561c0a58fcc89bd ]---
+
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Robert Richter <robert.richter@amd.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/trace/ring_buffer.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -2102,7 +2102,6 @@ rb_buffer_peek(struct ring_buffer *buffe
+ * the box. Return the padding, and we will release
+ * the current locks, and try again.
+ */
+- rb_advance_reader(cpu_buffer);
+ return event;
+
+ case RINGBUF_TYPE_TIME_EXTEND:
+@@ -2219,6 +2218,8 @@ ring_buffer_peek(struct ring_buffer *buf
+ again:
+ spin_lock_irqsave(&cpu_buffer->reader_lock, flags);
+ event = rb_buffer_peek(buffer, cpu, ts);
++ if (event && event->type == RINGBUF_TYPE_PADDING)
++ rb_advance_reader(cpu_buffer);
+ spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
+
+ if (event && event->type == RINGBUF_TYPE_PADDING) {
+@@ -2283,12 +2284,9 @@ ring_buffer_consume(struct ring_buffer *
+ spin_lock_irqsave(&cpu_buffer->reader_lock, flags);
+
+ event = rb_buffer_peek(buffer, cpu, ts);
+- if (!event)
+- goto out_unlock;
+-
+- rb_advance_reader(cpu_buffer);
++ if (event)
++ rb_advance_reader(cpu_buffer);
+
+- out_unlock:
+ spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
+
+ out:
projects / thirdparty / kernel / stable-queue.git / commitdiff
