--- /dev/null
+From 76ae281f6307331aa063288edb6422ae99f435f0 Mon Sep 17 00:00:00 2001
+From: Junxiao Bi <junxiao.bi@oracle.com>
+Date: Thu, 21 Nov 2013 14:31:56 -0800
+Subject: configfs: fix race between dentry put and lookup
+
+From: Junxiao Bi <junxiao.bi@oracle.com>
+
+commit 76ae281f6307331aa063288edb6422ae99f435f0 upstream.
+
+A race window in configfs, it starts from one dentry is UNHASHED and end
+before configfs_d_iput is called. In this window, if a lookup happen,
+since the original dentry was UNHASHED, so a new dentry will be
+allocated, and then in configfs_attach_attr(), sd->s_dentry will be
+updated to the new dentry. Then in configfs_d_iput(),
+BUG_ON(sd->s_dentry != dentry) will be triggered and system panic.
+
+sys_open: sys_close:
+ ... fput
+ dput
+ dentry_kill
+ __d_drop <--- dentry unhashed here,
+ but sd->dentry still point
+ to this dentry.
+
+ lookup_real
+ configfs_lookup
+ configfs_attach_attr---> update sd->s_dentry
+ to new allocated dentry here.
+
+ d_kill
+ configfs_d_iput <--- BUG_ON(sd->s_dentry != dentry)
+ triggered here.
+
+To fix it, change configfs_d_iput to not update sd->s_dentry if
+sd->s_count > 2, that means there are another dentry is using the sd
+beside the one that is going to be put. Use configfs_dirent_lock in
+configfs_attach_attr to sync with configfs_d_iput.
+
+With the following steps, you can reproduce the bug.
+
+1. enable ocfs2, this will mount configfs at /sys/kernel/config and
+ fill configure in it.
+
+2. run the following script.
+ while [ 1 ]; do cat /sys/kernel/config/cluster/$your_cluster_name/idle_timeout_ms > /dev/null; done &
+ while [ 1 ]; do cat /sys/kernel/config/cluster/$your_cluster_name/idle_timeout_ms > /dev/null; done &
+
+Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/configfs/dir.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+--- a/fs/configfs/dir.c
++++ b/fs/configfs/dir.c
+@@ -56,10 +56,19 @@ static void configfs_d_iput(struct dentr
+ struct configfs_dirent *sd = dentry->d_fsdata;
+
+ if (sd) {
+- BUG_ON(sd->s_dentry != dentry);
+ /* Coordinate with configfs_readdir */
+ spin_lock(&configfs_dirent_lock);
+- sd->s_dentry = NULL;
++ /* Coordinate with configfs_attach_attr where will increase
++ * sd->s_count and update sd->s_dentry to new allocated one.
++ * Only set sd->dentry to null when this dentry is the only
++ * sd owner.
++ * If not do so, configfs_d_iput may run just after
++ * configfs_attach_attr and set sd->s_dentry to null
++ * even it's still in use.
++ */
++ if (atomic_read(&sd->s_count) <= 2)
++ sd->s_dentry = NULL;
++
+ spin_unlock(&configfs_dirent_lock);
+ configfs_put(sd);
+ }
+@@ -426,8 +435,11 @@ static int configfs_attach_attr(struct c
+ struct configfs_attribute * attr = sd->s_element;
+ int error;
+
++ spin_lock(&configfs_dirent_lock);
+ dentry->d_fsdata = configfs_get(sd);
+ sd->s_dentry = dentry;
++ spin_unlock(&configfs_dirent_lock);
++
+ error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG,
+ configfs_init_file);
+ if (error) {
--- /dev/null
+From 72a0c5571351f5184195754d23db3e14495b2080 Mon Sep 17 00:00:00 2001
+From: Mauro Carvalho Chehab <m.chehab@samsung.com>
+Date: Tue, 12 Nov 2013 15:06:49 -0800
+Subject: cris: media platform drivers: fix build
+
+From: Mauro Carvalho Chehab <m.chehab@samsung.com>
+
+commit 72a0c5571351f5184195754d23db3e14495b2080 upstream.
+
+On cris arch, the functions below aren't defined:
+
+ drivers/media/platform/sh_veu.c: In function 'sh_veu_reg_read':
+
+ drivers/media/platform/sh_veu.c:228:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration]
+ drivers/media/platform/sh_veu.c: In function 'sh_veu_reg_write':
+
+ drivers/media/platform/sh_veu.c:234:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration]
+ drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_read':
+ drivers/media/platform/vsp1/vsp1.h:66:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration]
+ drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_write':
+ drivers/media/platform/vsp1/vsp1.h:71:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration]
+ drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_read':
+ drivers/media/platform/vsp1/vsp1.h:66:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration]
+ drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_write':
+ drivers/media/platform/vsp1/vsp1.h:71:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration]
+ drivers/media/platform/soc_camera/rcar_vin.c: In function 'rcar_vin_setup':
+ drivers/media/platform/soc_camera/rcar_vin.c:284:3: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration]
+
+ drivers/media/platform/soc_camera/rcar_vin.c: In function 'rcar_vin_request_capture_stop':
+ drivers/media/platform/soc_camera/rcar_vin.c:353:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration]
+
+Yet, they're available, as CONFIG_GENERIC_IOMAP is defined. What happens
+is that asm/io.h was not including asm-generic/iomap.h.
+
+Suggested-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
+Cc: Mikael Starvik <starvik@axis.com>
+Cc: Jesper Nilsson <jesper.nilsson@axis.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/cris/include/asm/io.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/cris/include/asm/io.h
++++ b/arch/cris/include/asm/io.h
+@@ -3,6 +3,7 @@
+
+ #include <asm/page.h> /* for __va, __pa */
+ #include <arch/io.h>
++#include <asm-generic/iomap.h>
+ #include <linux/kernel.h>
+
+ struct cris_io_operations
--- /dev/null
+From 0d0d110720d7960b77c03c9f2597faaff4b484ae Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@suse.cz>
+Date: Mon, 16 Sep 2013 14:52:00 +0200
+Subject: GFS2: d_splice_alias() can't return error
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit 0d0d110720d7960b77c03c9f2597faaff4b484ae upstream.
+
+unless it was given an IS_ERR(inode), which isn't the case here. So clean
+up the unnecessary error handling in gfs2_create_inode().
+
+This paves the way for real fixes (hence the stable Cc).
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/gfs2/inode.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/fs/gfs2/inode.c
++++ b/fs/gfs2/inode.c
+@@ -584,7 +584,7 @@ static int gfs2_create_inode(struct inod
+ if (!IS_ERR(inode)) {
+ d = d_splice_alias(inode, dentry);
+ error = 0;
+- if (file && !IS_ERR(d)) {
++ if (file) {
+ if (d == NULL)
+ d = dentry;
+ if (S_ISREG(inode->i_mode))
+@@ -593,8 +593,6 @@ static int gfs2_create_inode(struct inod
+ error = finish_no_open(file, d);
+ }
+ gfs2_glock_dq_uninit(ghs);
+- if (IS_ERR(d))
+- return PTR_ERR(d);
+ return error;
+ } else if (error != -ENOENT) {
+ goto fail_gunlock;
--- /dev/null
+From 5ca1db41ecdeb0358b968265fadb755213558a85 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <miklos@szeredi.hu>
+Date: Mon, 23 Sep 2013 13:21:04 +0100
+Subject: GFS2: fix dentry leaks
+
+From: Miklos Szeredi <miklos@szeredi.hu>
+
+commit 5ca1db41ecdeb0358b968265fadb755213558a85 upstream.
+
+We need to dput() the result of d_splice_alias(), unless it is passed to
+finish_no_open().
+
+Edited by Steven Whitehouse in order to make it apply to the current
+GFS2 git tree, and taking account of a prerequisite patch which hasn't
+been applied.
+
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/gfs2/inode.c | 26 ++++++++++++++++----------
+ 1 file changed, 16 insertions(+), 10 deletions(-)
+
+--- a/fs/gfs2/inode.c
++++ b/fs/gfs2/inode.c
+@@ -585,12 +585,14 @@ static int gfs2_create_inode(struct inod
+ d = d_splice_alias(inode, dentry);
+ error = 0;
+ if (file) {
+- if (d == NULL)
+- d = dentry;
+- if (S_ISREG(inode->i_mode))
+- error = finish_open(file, d, gfs2_open_common, opened);
+- else
++ if (S_ISREG(inode->i_mode)) {
++ WARN_ON(d != NULL);
++ error = finish_open(file, dentry, gfs2_open_common, opened);
++ } else {
+ error = finish_no_open(file, d);
++ }
++ } else {
++ dput(d);
+ }
+ gfs2_glock_dq_uninit(ghs);
+ return error;
+@@ -779,8 +781,10 @@ static struct dentry *__gfs2_lookup(stru
+ error = finish_open(file, dentry, gfs2_open_common, opened);
+
+ gfs2_glock_dq_uninit(&gh);
+- if (error)
++ if (error) {
++ dput(d);
+ return ERR_PTR(error);
++ }
+ return d;
+ }
+
+@@ -1161,14 +1165,16 @@ static int gfs2_atomic_open(struct inode
+ d = __gfs2_lookup(dir, dentry, file, opened);
+ if (IS_ERR(d))
+ return PTR_ERR(d);
+- if (d == NULL)
+- d = dentry;
+- if (d->d_inode) {
++ if (d != NULL)
++ dentry = d;
++ if (dentry->d_inode) {
+ if (!(*opened & FILE_OPENED))
+- return finish_no_open(file, d);
++ return finish_no_open(file, dentry);
++ dput(d);
+ return 0;
+ }
+
++ BUG_ON(d != NULL);
+ if (!(flags & O_CREAT))
+ return -ENOENT;
+
--- /dev/null
+From 7ab64a85e1a009046f97413a573e83fd85f7804d Mon Sep 17 00:00:00 2001
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Date: Mon, 28 Oct 2013 11:17:10 +0100
+Subject: s390/time: fix get_tod_clock_ext inline assembly
+
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+
+commit 7ab64a85e1a009046f97413a573e83fd85f7804d upstream.
+
+The get_tod_clock_ext inline assembly does not specify its output
+operands correctly. This can cause incorrect code to be generated.
+
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/include/asm/timex.h | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/s390/include/asm/timex.h
++++ b/arch/s390/include/asm/timex.h
+@@ -71,9 +71,11 @@ static inline void local_tick_enable(uns
+
+ typedef unsigned long long cycles_t;
+
+-static inline void get_tod_clock_ext(char *clk)
++static inline void get_tod_clock_ext(char clk[16])
+ {
+- asm volatile("stcke %0" : "=Q" (*clk) : : "cc");
++ typedef struct { char _[sizeof(clk)]; } addrtype;
++
++ asm volatile("stcke %0" : "=Q" (*(addrtype *) clk) : : "cc");
+ }
+
+ static inline unsigned long long get_tod_clock(void)
--- /dev/null
+From 4560e7c3317c7a2b370e36dadd3a3bac2ed70818 Mon Sep 17 00:00:00 2001
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Date: Mon, 28 Oct 2013 12:15:32 +0100
+Subject: s390/vtime: correct idle time calculation
+
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+
+commit 4560e7c3317c7a2b370e36dadd3a3bac2ed70818 upstream.
+
+Use the ACCESS_ONCE macro for both accesses to idle->sequence in the
+loops to calculate the idle time. If only one access uses the macro,
+the compiler is free to cache the value for the second access which
+can cause endless loops.
+
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/kernel/smp.c | 4 ++--
+ arch/s390/kernel/vtime.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/s390/kernel/smp.c
++++ b/arch/s390/kernel/smp.c
+@@ -929,7 +929,7 @@ static ssize_t show_idle_count(struct de
+ idle_count = ACCESS_ONCE(idle->idle_count);
+ if (ACCESS_ONCE(idle->clock_idle_enter))
+ idle_count++;
+- } while ((sequence & 1) || (idle->sequence != sequence));
++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
+ return sprintf(buf, "%llu\n", idle_count);
+ }
+ static DEVICE_ATTR(idle_count, 0444, show_idle_count, NULL);
+@@ -947,7 +947,7 @@ static ssize_t show_idle_time(struct dev
+ idle_time = ACCESS_ONCE(idle->idle_time);
+ idle_enter = ACCESS_ONCE(idle->clock_idle_enter);
+ idle_exit = ACCESS_ONCE(idle->clock_idle_exit);
+- } while ((sequence & 1) || (idle->sequence != sequence));
++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
+ idle_time += idle_enter ? ((idle_exit ? : now) - idle_enter) : 0;
+ return sprintf(buf, "%llu\n", idle_time >> 12);
+ }
+--- a/arch/s390/kernel/vtime.c
++++ b/arch/s390/kernel/vtime.c
+@@ -191,7 +191,7 @@ cputime64_t s390_get_idle_time(int cpu)
+ sequence = ACCESS_ONCE(idle->sequence);
+ idle_enter = ACCESS_ONCE(idle->clock_idle_enter);
+ idle_exit = ACCESS_ONCE(idle->clock_idle_exit);
+- } while ((sequence & 1) || (idle->sequence != sequence));
++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
+ return idle_enter ? ((idle_exit ?: now) - idle_enter) : 0;
+ }
+
usb-musb-dsps-move-try_idle-to-start-hook.patch
usb-musb-dsps-redo-the-otg-timer.patch
usb-musb-core-properly-free-host-device-structs-in-err-path.patch
+s390-time-fix-get_tod_clock_ext-inline-assembly.patch
+s390-vtime-correct-idle-time-calculation.patch
+configfs-fix-race-between-dentry-put-and-lookup.patch
+gfs2-d_splice_alias-can-t-return-error.patch
+gfs2-fix-dentry-leaks.patch
+cris-media-platform-drivers-fix-build.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
