--- /dev/null
+From 3e8f43a089f06279c5f76a9ccd42578eebf7bfa5 Mon Sep 17 00:00:00 2001
+From: "Yan, Zheng" <zheng.z.yan@intel.com>
+Date: Thu, 20 Sep 2012 17:42:25 +0800
+Subject: ceph: Fix oops when handling mdsmap that decreases max_mds
+
+From: "Yan, Zheng" <zheng.z.yan@intel.com>
+
+commit 3e8f43a089f06279c5f76a9ccd42578eebf7bfa5 upstream.
+
+When i >= newmap->m_max_mds, ceph_mdsmap_get_addr(newmap, i) return
+NULL. Passing NULL to memcmp() triggers oops.
+
+Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
+Signed-off-by: Sage Weil <sage@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ceph/mds_client.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/ceph/mds_client.c
++++ b/fs/ceph/mds_client.c
+@@ -2621,7 +2621,8 @@ static void check_new_map(struct ceph_md
+ ceph_mdsmap_is_laggy(newmap, i) ? " (laggy)" : "",
+ session_state_name(s->s_state));
+
+- if (memcmp(ceph_mdsmap_get_addr(oldmap, i),
++ if (i >= newmap->m_max_mds ||
++ memcmp(ceph_mdsmap_get_addr(oldmap, i),
+ ceph_mdsmap_get_addr(newmap, i),
+ sizeof(struct ceph_entity_addr))) {
+ if (s->s_state == CEPH_MDS_SESSION_OPENING) {
--- /dev/null
+From 238ab78469c6ab7845b43d5061cd3c92331b2452 Mon Sep 17 00:00:00 2001
+From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
+Date: Mon, 27 Aug 2012 20:56:52 -0300
+Subject: floppy: do put_disk on current dr if blk_init_queue fails
+
+From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
+
+commit 238ab78469c6ab7845b43d5061cd3c92331b2452 upstream.
+
+If blk_init_queue fails, we do not call put_disk on the current dr
+(dr is decremented first in the error handling loop).
+
+Reviewed-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/floppy.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/block/floppy.c
++++ b/drivers/block/floppy.c
+@@ -4198,6 +4198,7 @@ static int __init floppy_init(void)
+
+ disks[dr]->queue = blk_init_queue(do_fd_request, &floppy_lock);
+ if (!disks[dr]->queue) {
++ put_disk(disks[dr]);
+ err = -ENOMEM;
+ goto out_put_disk;
+ }
--- /dev/null
+From d63b77f4c552cc3a20506871046ab0fcbc332609 Mon Sep 17 00:00:00 2001
+From: Sage Weil <sage@inktank.com>
+Date: Mon, 24 Sep 2012 20:59:48 -0700
+Subject: libceph: check for invalid mapping
+
+From: Sage Weil <sage@inktank.com>
+
+commit d63b77f4c552cc3a20506871046ab0fcbc332609 upstream.
+
+If we encounter an invalid (e.g., zeroed) mapping, return an error
+and avoid a divide by zero.
+
+Signed-off-by: Sage Weil <sage@inktank.com>
+Reviewed-by: Alex Elder <elder@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ceph/osd_client.h | 2 +-
+ include/linux/ceph/osdmap.h | 6 +++---
+ net/ceph/osd_client.c | 32 ++++++++++++++++++++------------
+ net/ceph/osdmap.c | 18 ++++++++++++++++--
+ 4 files changed, 40 insertions(+), 18 deletions(-)
+
+--- a/include/linux/ceph/osd_client.h
++++ b/include/linux/ceph/osd_client.h
+@@ -202,7 +202,7 @@ extern void ceph_osdc_handle_reply(struc
+ extern void ceph_osdc_handle_map(struct ceph_osd_client *osdc,
+ struct ceph_msg *msg);
+
+-extern void ceph_calc_raw_layout(struct ceph_osd_client *osdc,
++extern int ceph_calc_raw_layout(struct ceph_osd_client *osdc,
+ struct ceph_file_layout *layout,
+ u64 snapid,
+ u64 off, u64 *plen, u64 *bno,
+--- a/include/linux/ceph/osdmap.h
++++ b/include/linux/ceph/osdmap.h
+@@ -111,9 +111,9 @@ extern struct ceph_osdmap *osdmap_apply_
+ extern void ceph_osdmap_destroy(struct ceph_osdmap *map);
+
+ /* calculate mapping of a file extent to an object */
+-extern void ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
+- u64 off, u64 *plen,
+- u64 *bno, u64 *oxoff, u64 *oxlen);
++extern int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
++ u64 off, u64 *plen,
++ u64 *bno, u64 *oxoff, u64 *oxlen);
+
+ /* calculate mapping of object to a placement group */
+ extern int ceph_calc_object_layout(struct ceph_object_layout *ol,
+--- a/net/ceph/osd_client.c
++++ b/net/ceph/osd_client.c
+@@ -52,7 +52,7 @@ static int op_has_extent(int op)
+ op == CEPH_OSD_OP_WRITE);
+ }
+
+-void ceph_calc_raw_layout(struct ceph_osd_client *osdc,
++int ceph_calc_raw_layout(struct ceph_osd_client *osdc,
+ struct ceph_file_layout *layout,
+ u64 snapid,
+ u64 off, u64 *plen, u64 *bno,
+@@ -62,12 +62,15 @@ void ceph_calc_raw_layout(struct ceph_os
+ struct ceph_osd_request_head *reqhead = req->r_request->front.iov_base;
+ u64 orig_len = *plen;
+ u64 objoff, objlen; /* extent in object */
++ int r;
+
+ reqhead->snapid = cpu_to_le64(snapid);
+
+ /* object extent? */
+- ceph_calc_file_object_mapping(layout, off, plen, bno,
+- &objoff, &objlen);
++ r = ceph_calc_file_object_mapping(layout, off, plen, bno,
++ &objoff, &objlen);
++ if (r < 0)
++ return r;
+ if (*plen < orig_len)
+ dout(" skipping last %llu, final file extent %llu~%llu\n",
+ orig_len - *plen, off, *plen);
+@@ -83,7 +86,7 @@ void ceph_calc_raw_layout(struct ceph_os
+
+ dout("calc_layout bno=%llx %llu~%llu (%d pages)\n",
+ *bno, objoff, objlen, req->r_num_pages);
+-
++ return 0;
+ }
+ EXPORT_SYMBOL(ceph_calc_raw_layout);
+
+@@ -112,20 +115,25 @@ EXPORT_SYMBOL(ceph_calc_raw_layout);
+ *
+ * fill osd op in request message.
+ */
+-static void calc_layout(struct ceph_osd_client *osdc,
+- struct ceph_vino vino,
+- struct ceph_file_layout *layout,
+- u64 off, u64 *plen,
+- struct ceph_osd_request *req,
+- struct ceph_osd_req_op *op)
++static int calc_layout(struct ceph_osd_client *osdc,
++ struct ceph_vino vino,
++ struct ceph_file_layout *layout,
++ u64 off, u64 *plen,
++ struct ceph_osd_request *req,
++ struct ceph_osd_req_op *op)
+ {
+ u64 bno;
++ int r;
+
+- ceph_calc_raw_layout(osdc, layout, vino.snap, off,
+- plen, &bno, req, op);
++ r = ceph_calc_raw_layout(osdc, layout, vino.snap, off,
++ plen, &bno, req, op);
++ if (r < 0)
++ return r;
+
+ snprintf(req->r_oid, sizeof(req->r_oid), "%llx.%08llx", vino.ino, bno);
+ req->r_oid_len = strlen(req->r_oid);
++
++ return r;
+ }
+
+ /*
+--- a/net/ceph/osdmap.c
++++ b/net/ceph/osdmap.c
+@@ -941,7 +941,7 @@ bad:
+ * for now, we write only a single su, until we can
+ * pass a stride back to the caller.
+ */
+-void ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
++int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
+ u64 off, u64 *plen,
+ u64 *ono,
+ u64 *oxoff, u64 *oxlen)
+@@ -955,11 +955,17 @@ void ceph_calc_file_object_mapping(struc
+
+ dout("mapping %llu~%llu osize %u fl_su %u\n", off, *plen,
+ osize, su);
++ if (su == 0 || sc == 0)
++ goto invalid;
+ su_per_object = osize / su;
++ if (su_per_object == 0)
++ goto invalid;
+ dout("osize %u / su %u = su_per_object %u\n", osize, su,
+ su_per_object);
+
+- BUG_ON((su & ~PAGE_MASK) != 0);
++ if ((su & ~PAGE_MASK) != 0)
++ goto invalid;
++
+ /* bl = *off / su; */
+ t = off;
+ do_div(t, su);
+@@ -987,6 +993,14 @@ void ceph_calc_file_object_mapping(struc
+ *plen = *oxlen;
+
+ dout(" obj extent %llu~%llu\n", *oxoff, *oxlen);
++ return 0;
++
++invalid:
++ dout(" invalid layout\n");
++ *ono = 0;
++ *oxoff = 0;
++ *oxlen = 0;
++ return -EINVAL;
+ }
+ EXPORT_SYMBOL(ceph_calc_file_object_mapping);
+
--- /dev/null
+floppy-do-put_disk-on-current-dr-if-blk_init_queue-fails.patch
+x86-remove-the-ancient-and-deprecated-disable_hlt-and-enable_hlt-facility.patch
+ceph-fix-oops-when-handling-mdsmap-that-decreases-max_mds.patch
+libceph-check-for-invalid-mapping.patch
--- /dev/null
+From f6365201d8a21fb347260f89d6e9b3e718d63c70 Mon Sep 17 00:00:00 2001
+From: Len Brown <len.brown@intel.com>
+Date: Thu, 29 Mar 2012 14:49:17 -0700
+Subject: x86: Remove the ancient and deprecated disable_hlt() and enable_hlt() facility
+
+From: Len Brown <len.brown@intel.com>
+
+commit f6365201d8a21fb347260f89d6e9b3e718d63c70 upstream.
+
+The X86_32-only disable_hlt/enable_hlt mechanism was used by the
+32-bit floppy driver. Its effect was to replace the use of the
+HLT instruction inside default_idle() with cpu_relax() - essentially
+it turned off the use of HLT.
+
+This workaround was commented in the code as:
+
+ "disable hlt during certain critical i/o operations"
+
+ "This halt magic was a workaround for ancient floppy DMA
+ wreckage. It should be safe to remove."
+
+H. Peter Anvin additionally adds:
+
+ "To the best of my knowledge, no-hlt only existed because of
+ flaky power distributions on 386/486 systems which were sold to
+ run DOS. Since DOS did no power management of any kind,
+ including HLT, the power draw was fairly uniform; when exposed
+ to the much hhigher noise levels you got when Linux used HLT
+ caused some of these systems to fail.
+
+ They were by far in the minority even back then."
+
+Alan Cox further says:
+
+ "Also for the Cyrix 5510 which tended to go castors up if a HLT
+ occurred during a DMA cycle and on a few other boxes HLT during
+ DMA tended to go astray.
+
+ Do we care ? I doubt it. The 5510 was pretty obscure, the 5520
+ fixed it, the 5530 is probably the oldest still in any kind of
+ use."
+
+So, let's finally drop this.
+
+Signed-off-by: Len Brown <len.brown@intel.com>
+Signed-off-by: Josh Boyer <jwboyer@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Acked-by: "H. Peter Anvin" <hpa@zytor.com>
+Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Cc: Stephen Hemminger <shemminger@vyatta.com
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Link: http://lkml.kernel.org/n/tip-3rhk9bzf0x9rljkv488tloib@git.kernel.org
+[ If anyone cares then alternative instruction patching could be
+ used to replace HLT with a one-byte NOP instruction. Much simpler. ]
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/feature-removal-schedule.txt | 8 ------
+ arch/x86/include/asm/system.h | 7 -----
+ arch/x86/kernel/process.c | 24 -------------------
+ drivers/block/floppy.c | 36 -----------------------------
+ 4 files changed, 75 deletions(-)
+
+--- a/Documentation/feature-removal-schedule.txt
++++ b/Documentation/feature-removal-schedule.txt
+@@ -6,14 +6,6 @@ be removed from this file.
+
+ ---------------------------
+
+-What: x86 floppy disable_hlt
+-When: 2012
+-Why: ancient workaround of dubious utility clutters the
+- code used by everybody else.
+-Who: Len Brown <len.brown@intel.com>
+-
+----------------------------
+-
+ What: CONFIG_APM_CPU_IDLE, and its ability to call APM BIOS in idle
+ When: 2012
+ Why: This optional sub-feature of APM is of dubious reliability,
+--- a/arch/x86/include/asm/system.h
++++ b/arch/x86/include/asm/system.h
+@@ -93,10 +93,6 @@ do { \
+ "memory"); \
+ } while (0)
+
+-/*
+- * disable hlt during certain critical i/o operations
+- */
+-#define HAVE_DISABLE_HLT
+ #else
+
+ /* frame pointer must be last for get_wchan */
+@@ -392,9 +388,6 @@ static inline void clflush(volatile void
+
+ #define nop() asm volatile ("nop")
+
+-void disable_hlt(void);
+-void enable_hlt(void);
+-
+ void cpu_idle_wait(void);
+
+ extern unsigned long arch_align_stack(unsigned long sp);
+--- a/arch/x86/kernel/process.c
++++ b/arch/x86/kernel/process.c
+@@ -341,34 +341,10 @@ void (*pm_idle)(void);
+ EXPORT_SYMBOL(pm_idle);
+ #endif
+
+-#ifdef CONFIG_X86_32
+-/*
+- * This halt magic was a workaround for ancient floppy DMA
+- * wreckage. It should be safe to remove.
+- */
+-static int hlt_counter;
+-void disable_hlt(void)
+-{
+- hlt_counter++;
+-}
+-EXPORT_SYMBOL(disable_hlt);
+-
+-void enable_hlt(void)
+-{
+- hlt_counter--;
+-}
+-EXPORT_SYMBOL(enable_hlt);
+-
+-static inline int hlt_use_halt(void)
+-{
+- return (!hlt_counter && boot_cpu_data.hlt_works_ok);
+-}
+-#else
+ static inline int hlt_use_halt(void)
+ {
+ return 1;
+ }
+-#endif
+
+ /*
+ * We use this if we don't have any better
+--- a/drivers/block/floppy.c
++++ b/drivers/block/floppy.c
+@@ -1032,37 +1032,6 @@ static int fd_wait_for_completion(unsign
+ return 0;
+ }
+
+-static DEFINE_SPINLOCK(floppy_hlt_lock);
+-static int hlt_disabled;
+-static void floppy_disable_hlt(void)
+-{
+- unsigned long flags;
+-
+- WARN_ONCE(1, "floppy_disable_hlt() scheduled for removal in 2012");
+- spin_lock_irqsave(&floppy_hlt_lock, flags);
+- if (!hlt_disabled) {
+- hlt_disabled = 1;
+-#ifdef HAVE_DISABLE_HLT
+- disable_hlt();
+-#endif
+- }
+- spin_unlock_irqrestore(&floppy_hlt_lock, flags);
+-}
+-
+-static void floppy_enable_hlt(void)
+-{
+- unsigned long flags;
+-
+- spin_lock_irqsave(&floppy_hlt_lock, flags);
+- if (hlt_disabled) {
+- hlt_disabled = 0;
+-#ifdef HAVE_DISABLE_HLT
+- enable_hlt();
+-#endif
+- }
+- spin_unlock_irqrestore(&floppy_hlt_lock, flags);
+-}
+-
+ static void setup_DMA(void)
+ {
+ unsigned long f;
+@@ -1107,7 +1076,6 @@ static void setup_DMA(void)
+ fd_enable_dma();
+ release_dma_lock(f);
+ #endif
+- floppy_disable_hlt();
+ }
+
+ static void show_floppy(void);
+@@ -1709,7 +1677,6 @@ irqreturn_t floppy_interrupt(int irq, vo
+ fd_disable_dma();
+ release_dma_lock(f);
+
+- floppy_enable_hlt();
+ do_floppy = NULL;
+ if (fdc >= N_FDC || FDCS->address == -1) {
+ /* we don't even know which FDC is the culprit */
+@@ -1858,8 +1825,6 @@ static void floppy_shutdown(unsigned lon
+ show_floppy();
+ cancel_activity();
+
+- floppy_enable_hlt();
+-
+ flags = claim_dma_lock();
+ fd_disable_dma();
+ release_dma_lock(flags);
+@@ -4505,7 +4470,6 @@ static void floppy_release_irq_and_dma(v
+ #if N_FDC > 1
+ set_dor(1, ~8, 0);
+ #endif
+- floppy_enable_hlt();
+
+ if (floppy_track_buffer && max_buffer_sectors) {
+ tmpsize = max_buffer_sectors * 1024;
projects / thirdparty / kernel / stable-queue.git / commitdiff
