--- /dev/null
+From f274ef8747d3be649bba8708696fb31cb00fa75a Mon Sep 17 00:00:00 2001
+From: "Srivatsa S. Bhat" <srivatsa.bhat@linux.vnet.ibm.com>
+Date: Tue, 21 May 2013 09:32:48 +0000
+Subject: powerpc/pseries: Always enable CONFIG_HOTPLUG_CPU on PSERIES SMP
+
+From: "Srivatsa S. Bhat" <srivatsa.bhat@linux.vnet.ibm.com>
+
+commit f274ef8747d3be649bba8708696fb31cb00fa75a upstream.
+
+Adam Lackorzynski reported the following build failure on
+!CONFIG_HOTPLUG_CPU configuration:
+
+ CC arch/powerpc/kernel/rtas.o
+arch/powerpc/kernel/rtas.c: In function ‘rtas_cpu_state_change_mask’:
+arch/powerpc/kernel/rtas.c:843:4: error: implicit declaration of function ‘cpu_down’ [-Werror=implicit-function-declaration]
+cc1: all warnings being treated as errors
+make[1]: *** [arch/powerpc/kernel/rtas.o] Error 1
+make: *** [arch/powerpc/kernel] Error 2
+
+The build fails because cpu_down() is defined only under CONFIG_HOTPLUG_CPU.
+
+Looking further, the mobility code in pseries is one of the call-sites which
+uses rtas_ibm_suspend_me(), which in turn calls rtas_cpu_state_change_mask().
+And the mobility code is unconditionally compiled-in (it does not fall under
+any Kconfig option). And commit 120496ac (powerpc: Bring all threads online
+prior to migration/hibernation) which introduced this build regression is
+critical for the proper functioning of the migration code. So it appears
+that the only solution to this problem is to enable CONFIG_HOTPLUG_CPU if
+SMP is enabled on PPC_PSERIES platforms. So make that change in the Kconfig.
+
+Reported-by: Adam Lackorzynski <adam@os.inf.tu-dresden.de>
+Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/platforms/pseries/Kconfig | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/powerpc/platforms/pseries/Kconfig
++++ b/arch/powerpc/platforms/pseries/Kconfig
+@@ -18,6 +18,8 @@ config PPC_PSERIES
+ select PPC_PCI_CHOICE if EXPERT
+ select ZLIB_DEFLATE
+ select PPC_DOORBELL
++ select HOTPLUG if SMP
++ select HOTPLUG_CPU if SMP
+ default y
+
+ config PPC_SPLPAR
--- /dev/null
+From a1457c0ce976bad1356b9b0437f2a5c3ab8a9cfc Mon Sep 17 00:00:00 2001
+From: Jeff Mahoney <jeffm@suse.com>
+Date: Fri, 31 May 2013 15:51:17 -0400
+Subject: reiserfs: fix deadlock with nfs racing on create/lookup
+
+From: Jeff Mahoney <jeffm@suse.com>
+
+commit a1457c0ce976bad1356b9b0437f2a5c3ab8a9cfc upstream.
+
+Reiserfs is currently able to be deadlocked by having two NFS clients
+where one has removed and recreated a file and another is accessing the
+file with an open file handle.
+
+If one client deletes and recreates a file with timing such that the
+recreated file obtains the same [dirid, objectid] pair as the original
+file while another client accesses the file via file handle, the create
+and lookup can race and deadlock if the lookup manages to create the
+in-memory inode first.
+
+The create thread, in insert_inode_locked4, will hold the write lock
+while waiting on the other inode to be unlocked. The lookup thread,
+anywhere in the iget path, will release and reacquire the write lock while
+it schedules. If it needs to reacquire the lock while the create thread
+has it, it will never be able to make forward progress because it needs
+to reacquire the lock before ultimately unlocking the inode.
+
+This patch drops the write lock across the insert_inode_locked4 call so
+that the ordering of inode_wait -> write lock is retained. Since this
+would have been the case before the BKL push-down, this is safe.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/reiserfs/inode.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/fs/reiserfs/inode.c
++++ b/fs/reiserfs/inode.c
+@@ -1810,11 +1810,16 @@ int reiserfs_new_inode(struct reiserfs_t
+ TYPE_STAT_DATA, SD_SIZE, MAX_US_INT);
+ memcpy(INODE_PKEY(inode), &(ih.ih_key), KEY_SIZE);
+ args.dirid = le32_to_cpu(ih.ih_key.k_dir_id);
+- if (insert_inode_locked4(inode, args.objectid,
+- reiserfs_find_actor, &args) < 0) {
++
++ reiserfs_write_unlock(inode->i_sb);
++ err = insert_inode_locked4(inode, args.objectid,
++ reiserfs_find_actor, &args);
++ reiserfs_write_lock(inode->i_sb);
++ if (err) {
+ err = -EINVAL;
+ goto out_bad_inode;
+ }
++
+ if (old_format_only(sb))
+ /* not a perfect generation count, as object ids can be reused, but
+ ** this is as good as reiserfs can do right now.
--- /dev/null
+From 4a8570112b76a63ad21cfcbe2783f98f7fd5ba1b Mon Sep 17 00:00:00 2001
+From: Jeff Mahoney <jeffm@suse.com>
+Date: Fri, 31 May 2013 15:54:17 -0400
+Subject: reiserfs: fix problems with chowning setuid file w/ xattrs
+
+From: Jeff Mahoney <jeffm@suse.com>
+
+commit 4a8570112b76a63ad21cfcbe2783f98f7fd5ba1b upstream.
+
+reiserfs_chown_xattrs() takes the iattr struct passed into ->setattr
+and uses it to iterate over all the attrs associated with a file to change
+ownership of xattrs (and transfer quota associated with the xattr files).
+
+When the setuid bit is cleared during chown, ATTR_MODE and iattr->ia_mode
+are passed to all the xattrs as well. This means that the xattr directory
+will have S_IFREG added to its mode bits.
+
+This has been prevented in practice by a missing IS_PRIVATE check
+in reiserfs_acl_chmod, which caused a double-lock to occur while holding
+the write lock. Since the file system was completely locked up, the
+writeout of the corrupted mode never happened.
+
+This patch temporarily clears everything but ATTR_UID|ATTR_GID for the
+calls to reiserfs_setattr and adds the missing IS_PRIVATE check.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/reiserfs/xattr.c | 14 +++++++++++++-
+ fs/reiserfs/xattr_acl.c | 3 +++
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+--- a/fs/reiserfs/xattr.c
++++ b/fs/reiserfs/xattr.c
+@@ -318,7 +318,19 @@ static int delete_one_xattr(struct dentr
+ static int chown_one_xattr(struct dentry *dentry, void *data)
+ {
+ struct iattr *attrs = data;
+- return reiserfs_setattr(dentry, attrs);
++ int ia_valid = attrs->ia_valid;
++ int err;
++
++ /*
++ * We only want the ownership bits. Otherwise, we'll do
++ * things like change a directory to a regular file if
++ * ATTR_MODE is set.
++ */
++ attrs->ia_valid &= (ATTR_UID|ATTR_GID);
++ err = reiserfs_setattr(dentry, attrs);
++ attrs->ia_valid = ia_valid;
++
++ return err;
+ }
+
+ /* No i_mutex, but the inode is unconnected. */
+--- a/fs/reiserfs/xattr_acl.c
++++ b/fs/reiserfs/xattr_acl.c
+@@ -443,6 +443,9 @@ int reiserfs_acl_chmod(struct inode *ino
+ int depth;
+ int error;
+
++ if (IS_PRIVATE(inode))
++ return 0;
++
+ if (S_ISLNK(inode->i_mode))
+ return -EOPNOTSUPP;
+
--- /dev/null
+From 0bdc7acba56a7ca4232f15f37b16f7ec079385ab Mon Sep 17 00:00:00 2001
+From: Jeff Mahoney <jeffm@jeffreymahoney.com>
+Date: Fri, 31 May 2013 15:07:52 -0400
+Subject: reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry
+
+From: Jeff Mahoney <jeffm@jeffreymahoney.com>
+
+commit 0bdc7acba56a7ca4232f15f37b16f7ec079385ab upstream.
+
+After sleeping for filldir(), we check to see if the file system has
+changed and research. The next_pos pointer is updated but its value
+isn't pushed into the key used for the search itself. As a result,
+the search returns the same item that the last cycle of the loop did
+and filldir() is called multiple times with the same data.
+
+The end result is that the buffer can contain the same name multiple
+times. This can be returned to userspace or used internally in the
+xattr code where it can manifest with the following warning:
+
+jdm-20004 reiserfs_delete_xattrs: Couldn't delete all xattrs (-2)
+
+reiserfs_for_each_xattr uses reiserfs_readdir_dentry to iterate over
+the xattr names and ends up trying to unlink the same name twice. The
+second attempt fails with -ENOENT and the error is returned. At some
+point I'll need to add support into reiserfsck to remove the orphaned
+directories left behind when this occurs.
+
+The fix is to push the value into the key before researching.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/reiserfs/dir.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/reiserfs/dir.c
++++ b/fs/reiserfs/dir.c
+@@ -204,6 +204,8 @@ int reiserfs_readdir_dentry(struct dentr
+ next_pos = deh_offset(deh) + 1;
+
+ if (item_moved(&tmp_ih, &path_to_entry)) {
++ set_cpu_key_k_offset(&pos_key,
++ next_pos);
+ goto research;
+ }
+ } /* for */
kvm-emulate-multibyte-nop.patch
kvm-fix-sil-dil-bpl-spl-in-the-mod-rm-fields.patch
regulator-palmas-fix-enable_reg-to-point-to-the-correct-reg-for-smps10.patch
+powerpc-pseries-always-enable-config_hotplug_cpu-on-pseries-smp.patch
+reiserfs-fix-deadlock-with-nfs-racing-on-create-lookup.patch
+reiserfs-fix-problems-with-chowning-setuid-file-w-xattrs.patch
+reiserfs-fix-spurious-multiple-fill-in-reiserfs_readdir_dentry.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
