From: Greg Kroah-Hartman Date: Sun, 14 Dec 2014 20:10:25 +0000 (-0800) Subject: 3.18-stable patches X-Git-Tag: v3.10.63~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0287f07c4127ecb86bb22594fb55da9d4b759a82;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: deal-with-deadlock-in-d_walk.patch move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch rtlwifi-rtl8192ce-fix-editing-error-that-causes-silent-memory-corruption.patch rtlwifi-rtl8192ce-fix-kernel-crashes-due-to-missing-callback-entry.patch rtlwifi-rtl8192ce-fix-missing-interrupt-ready-flag.patch --- diff --git a/queue-3.18/deal-with-deadlock-in-d_walk.patch b/queue-3.18/deal-with-deadlock-in-d_walk.patch new file mode 100644 index 00000000000..2ceeb0dbcd8 --- /dev/null +++ b/queue-3.18/deal-with-deadlock-in-d_walk.patch @@ -0,0 +1,88 @@ +From ca5358ef75fc69fee5322a38a340f5739d997c10 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 26 Oct 2014 19:31:10 -0400 +Subject: deal with deadlock in d_walk() + +From: Al Viro + +commit ca5358ef75fc69fee5322a38a340f5739d997c10 upstream. + +... by not hitting rename_retry for reasons other than rename having +happened. In other words, do _not_ restart when finding that +between unlocking the child and locking the parent the former got +into __dentry_kill(). Skip the killed siblings instead... + +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + fs/dcache.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -495,7 +495,7 @@ static void __dentry_kill(struct dentry + } + /* if it was on the hash then remove it */ + __d_drop(dentry); +- list_del(&dentry->d_child); ++ __list_del_entry(&dentry->d_child); + /* + * Inform d_walk() that we are no longer attached to the + * dentry tree +@@ -1082,33 +1082,31 @@ resume: + /* + * All done at this level ... ascend and resume the search. + */ ++ rcu_read_lock(); ++ascend: + if (this_parent != parent) { + struct dentry *child = this_parent; + this_parent = child->d_parent; + +- rcu_read_lock(); + spin_unlock(&child->d_lock); + spin_lock(&this_parent->d_lock); + +- /* +- * might go back up the wrong parent if we have had a rename +- * or deletion +- */ +- if (this_parent != child->d_parent || +- (child->d_flags & DCACHE_DENTRY_KILLED) || +- need_seqretry(&rename_lock, seq)) { +- spin_unlock(&this_parent->d_lock); +- rcu_read_unlock(); ++ /* might go back up the wrong parent if we have had a rename. */ ++ if (need_seqretry(&rename_lock, seq)) + goto rename_retry; ++ next = child->d_child.next; ++ while (unlikely(child->d_flags & DCACHE_DENTRY_KILLED)) { ++ if (next == &this_parent->d_subdirs) ++ goto ascend; ++ child = list_entry(next, struct dentry, d_child); ++ next = next->next; + } + rcu_read_unlock(); +- next = child->d_child.next; + goto resume; + } +- if (need_seqretry(&rename_lock, seq)) { +- spin_unlock(&this_parent->d_lock); ++ if (need_seqretry(&rename_lock, seq)) + goto rename_retry; +- } ++ rcu_read_unlock(); + if (finish) + finish(data); + +@@ -1118,6 +1116,9 @@ out_unlock: + return; + + rename_retry: ++ spin_unlock(&this_parent->d_lock); ++ rcu_read_unlock(); ++ BUG_ON(seq & 1); + if (!retry) + return; + seq = 1; diff --git a/queue-3.18/move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch b/queue-3.18/move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch new file mode 100644 index 00000000000..15d1f158c35 --- /dev/null +++ b/queue-3.18/move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch @@ -0,0 +1,699 @@ +From 946e51f2bf37f1656916eb75bd0742ba33983c28 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 26 Oct 2014 19:19:16 -0400 +Subject: move d_rcu from overlapping d_child to overlapping d_alias + +From: Al Viro + +commit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream. + +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/cell/spufs/inode.c | 2 + drivers/staging/lustre/lustre/llite/dcache.c | 2 + drivers/staging/lustre/lustre/llite/llite_lib.c | 2 + drivers/staging/lustre/lustre/llite/namei.c | 8 +-- + fs/affs/amigaffs.c | 2 + fs/autofs4/expire.c | 12 ++--- + fs/autofs4/root.c | 2 + fs/ceph/dir.c | 8 +-- + fs/ceph/inode.c | 2 + fs/cifs/inode.c | 2 + fs/coda/cache.c | 2 + fs/dcache.c | 53 +++++++++++------------- + fs/debugfs/inode.c | 2 + fs/exportfs/expfs.c | 2 + fs/libfs.c | 12 ++--- + fs/ncpfs/dir.c | 2 + fs/ncpfs/ncplib_kernel.h | 4 - + fs/nfs/getroot.c | 2 + fs/notify/fsnotify.c | 4 - + fs/ocfs2/dcache.c | 2 + include/linux/dcache.h | 8 +-- + kernel/trace/trace.c | 4 - + kernel/trace/trace_events.c | 2 + security/selinux/selinuxfs.c | 6 +- + 24 files changed, 73 insertions(+), 74 deletions(-) + +--- a/arch/powerpc/platforms/cell/spufs/inode.c ++++ b/arch/powerpc/platforms/cell/spufs/inode.c +@@ -164,7 +164,7 @@ static void spufs_prune_dir(struct dentr + struct dentry *dentry, *tmp; + + mutex_lock(&dir->d_inode->i_mutex); +- list_for_each_entry_safe(dentry, tmp, &dir->d_subdirs, d_u.d_child) { ++ list_for_each_entry_safe(dentry, tmp, &dir->d_subdirs, d_child) { + spin_lock(&dentry->d_lock); + if (!(d_unhashed(dentry)) && dentry->d_inode) { + dget_dlock(dentry); +--- a/drivers/staging/lustre/lustre/llite/dcache.c ++++ b/drivers/staging/lustre/lustre/llite/dcache.c +@@ -258,7 +258,7 @@ void ll_invalidate_aliases(struct inode + inode->i_ino, inode->i_generation, inode); + + ll_lock_dcache(inode); +- ll_d_hlist_for_each_entry(dentry, p, &inode->i_dentry, d_alias) { ++ ll_d_hlist_for_each_entry(dentry, p, &inode->i_dentry, d_u.d_alias) { + CDEBUG(D_DENTRY, "dentry in drop %.*s (%p) parent %p " + "inode %p flags %d\n", dentry->d_name.len, + dentry->d_name.name, dentry, dentry->d_parent, +--- a/drivers/staging/lustre/lustre/llite/llite_lib.c ++++ b/drivers/staging/lustre/lustre/llite/llite_lib.c +@@ -711,7 +711,7 @@ void lustre_dump_dentry(struct dentry *d + return; + + list_for_each(tmp, &dentry->d_subdirs) { +- struct dentry *d = list_entry(tmp, struct dentry, d_u.d_child); ++ struct dentry *d = list_entry(tmp, struct dentry, d_child); + lustre_dump_dentry(d, recur - 1); + } + } +--- a/drivers/staging/lustre/lustre/llite/namei.c ++++ b/drivers/staging/lustre/lustre/llite/namei.c +@@ -167,14 +167,14 @@ static void ll_invalidate_negative_child + struct ll_d_hlist_node *p; + + ll_lock_dcache(dir); +- ll_d_hlist_for_each_entry(dentry, p, &dir->i_dentry, d_alias) { ++ ll_d_hlist_for_each_entry(dentry, p, &dir->i_dentry, d_u.d_alias) { + spin_lock(&dentry->d_lock); + if (!list_empty(&dentry->d_subdirs)) { + struct dentry *child; + + list_for_each_entry_safe(child, tmp_subdir, + &dentry->d_subdirs, +- d_u.d_child) { ++ d_child) { + if (child->d_inode == NULL) + d_lustre_invalidate(child, 1); + } +@@ -362,7 +362,7 @@ static struct dentry *ll_find_alias(stru + discon_alias = invalid_alias = NULL; + + ll_lock_dcache(inode); +- ll_d_hlist_for_each_entry(alias, p, &inode->i_dentry, d_alias) { ++ ll_d_hlist_for_each_entry(alias, p, &inode->i_dentry, d_u.d_alias) { + LASSERT(alias != dentry); + + spin_lock(&alias->d_lock); +@@ -953,7 +953,7 @@ static void ll_get_child_fid(struct inod + { + struct dentry *parent, *child; + +- parent = ll_d_hlist_entry(dir->i_dentry, struct dentry, d_alias); ++ parent = ll_d_hlist_entry(dir->i_dentry, struct dentry, d_u.d_alias); + child = d_lookup(parent, name); + if (child) { + if (child->d_inode) +--- a/fs/affs/amigaffs.c ++++ b/fs/affs/amigaffs.c +@@ -125,7 +125,7 @@ affs_fix_dcache(struct inode *inode, u32 + { + struct dentry *dentry; + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + if (entry_ino == (u32)(long)dentry->d_fsdata) { + dentry->d_fsdata = (void *)inode->i_ino; + break; +--- a/fs/autofs4/expire.c ++++ b/fs/autofs4/expire.c +@@ -85,7 +85,7 @@ static struct dentry *get_next_positive_ + spin_lock(&root->d_lock); + + if (prev) +- next = prev->d_u.d_child.next; ++ next = prev->d_child.next; + else { + prev = dget_dlock(root); + next = prev->d_subdirs.next; +@@ -99,13 +99,13 @@ cont: + return NULL; + } + +- q = list_entry(next, struct dentry, d_u.d_child); ++ q = list_entry(next, struct dentry, d_child); + + spin_lock_nested(&q->d_lock, DENTRY_D_LOCK_NESTED); + /* Already gone or negative dentry (under construction) - try next */ + if (!d_count(q) || !simple_positive(q)) { + spin_unlock(&q->d_lock); +- next = q->d_u.d_child.next; ++ next = q->d_child.next; + goto cont; + } + dget_dlock(q); +@@ -155,13 +155,13 @@ again: + goto relock; + } + spin_unlock(&p->d_lock); +- next = p->d_u.d_child.next; ++ next = p->d_child.next; + p = parent; + if (next != &parent->d_subdirs) + break; + } + } +- ret = list_entry(next, struct dentry, d_u.d_child); ++ ret = list_entry(next, struct dentry, d_child); + + spin_lock_nested(&ret->d_lock, DENTRY_D_LOCK_NESTED); + /* Negative dentry - try next */ +@@ -489,7 +489,7 @@ found: + spin_lock(&sbi->lookup_lock); + spin_lock(&expired->d_parent->d_lock); + spin_lock_nested(&expired->d_lock, DENTRY_D_LOCK_NESTED); +- list_move(&expired->d_parent->d_subdirs, &expired->d_u.d_child); ++ list_move(&expired->d_parent->d_subdirs, &expired->d_child); + spin_unlock(&expired->d_lock); + spin_unlock(&expired->d_parent->d_lock); + spin_unlock(&sbi->lookup_lock); +--- a/fs/autofs4/root.c ++++ b/fs/autofs4/root.c +@@ -687,7 +687,7 @@ static void autofs_clear_leaf_automount_ + /* only consider parents below dentrys in the root */ + if (IS_ROOT(parent->d_parent)) + return; +- d_child = &dentry->d_u.d_child; ++ d_child = &dentry->d_child; + /* Set parent managed if it's becoming empty */ + if (d_child->next == &parent->d_subdirs && + d_child->prev == &parent->d_subdirs) +--- a/fs/ceph/dir.c ++++ b/fs/ceph/dir.c +@@ -111,7 +111,7 @@ static int fpos_cmp(loff_t l, loff_t r) + /* + * When possible, we try to satisfy a readdir by peeking at the + * dcache. We make this work by carefully ordering dentries on +- * d_u.d_child when we initially get results back from the MDS, and ++ * d_child when we initially get results back from the MDS, and + * falling back to a "normal" sync readdir if any dentries in the dir + * are dropped. + * +@@ -147,11 +147,11 @@ static int __dcache_readdir(struct file + p = parent->d_subdirs.prev; + dout(" initial p %p/%p\n", p->prev, p->next); + } else { +- p = last->d_u.d_child.prev; ++ p = last->d_child.prev; + } + + more: +- dentry = list_entry(p, struct dentry, d_u.d_child); ++ dentry = list_entry(p, struct dentry, d_child); + di = ceph_dentry(dentry); + while (1) { + dout(" p %p/%p %s d_subdirs %p/%p\n", p->prev, p->next, +@@ -174,7 +174,7 @@ more: + !dentry->d_inode ? " null" : ""); + spin_unlock(&dentry->d_lock); + p = p->prev; +- dentry = list_entry(p, struct dentry, d_u.d_child); ++ dentry = list_entry(p, struct dentry, d_child); + di = ceph_dentry(dentry); + } + +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -1399,7 +1399,7 @@ retry_lookup: + /* reorder parent's d_subdirs */ + spin_lock(&parent->d_lock); + spin_lock_nested(&dn->d_lock, DENTRY_D_LOCK_NESTED); +- list_move(&dn->d_u.d_child, &parent->d_subdirs); ++ list_move(&dn->d_child, &parent->d_subdirs); + spin_unlock(&dn->d_lock); + spin_unlock(&parent->d_lock); + } +--- a/fs/cifs/inode.c ++++ b/fs/cifs/inode.c +@@ -895,7 +895,7 @@ inode_has_hashed_dentries(struct inode * + struct dentry *dentry; + + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + if (!d_unhashed(dentry) || IS_ROOT(dentry)) { + spin_unlock(&inode->i_lock); + return true; +--- a/fs/coda/cache.c ++++ b/fs/coda/cache.c +@@ -92,7 +92,7 @@ static void coda_flag_children(struct de + struct dentry *de; + + spin_lock(&parent->d_lock); +- list_for_each_entry(de, &parent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(de, &parent->d_subdirs, d_child) { + /* don't know what to do with negative dentries */ + if (de->d_inode ) + coda_flag_inode(de->d_inode, flag); +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -44,7 +44,7 @@ + /* + * Usage: + * dcache->d_inode->i_lock protects: +- * - i_dentry, d_alias, d_inode of aliases ++ * - i_dentry, d_u.d_alias, d_inode of aliases + * dcache_hash_bucket lock protects: + * - the dcache hash table + * s_anon bl list spinlock protects: +@@ -59,7 +59,7 @@ + * - d_unhashed() + * - d_parent and d_subdirs + * - childrens' d_child and d_parent +- * - d_alias, d_inode ++ * - d_u.d_alias, d_inode + * + * Ordering: + * dentry->d_inode->i_lock +@@ -252,14 +252,12 @@ static void __d_free(struct rcu_head *he + { + struct dentry *dentry = container_of(head, struct dentry, d_u.d_rcu); + +- WARN_ON(!hlist_unhashed(&dentry->d_alias)); + kmem_cache_free(dentry_cache, dentry); + } + + static void __d_free_external(struct rcu_head *head) + { + struct dentry *dentry = container_of(head, struct dentry, d_u.d_rcu); +- WARN_ON(!hlist_unhashed(&dentry->d_alias)); + kfree(external_name(dentry)); + kmem_cache_free(dentry_cache, dentry); + } +@@ -271,6 +269,7 @@ static inline int dname_external(const s + + static void dentry_free(struct dentry *dentry) + { ++ WARN_ON(!hlist_unhashed(&dentry->d_u.d_alias)); + if (unlikely(dname_external(dentry))) { + struct external_name *p = external_name(dentry); + if (likely(atomic_dec_and_test(&p->u.count))) { +@@ -311,7 +310,7 @@ static void dentry_iput(struct dentry * + struct inode *inode = dentry->d_inode; + if (inode) { + dentry->d_inode = NULL; +- hlist_del_init(&dentry->d_alias); ++ hlist_del_init(&dentry->d_u.d_alias); + spin_unlock(&dentry->d_lock); + spin_unlock(&inode->i_lock); + if (!inode->i_nlink) +@@ -336,7 +335,7 @@ static void dentry_unlink_inode(struct d + struct inode *inode = dentry->d_inode; + __d_clear_type(dentry); + dentry->d_inode = NULL; +- hlist_del_init(&dentry->d_alias); ++ hlist_del_init(&dentry->d_u.d_alias); + dentry_rcuwalk_barrier(dentry); + spin_unlock(&dentry->d_lock); + spin_unlock(&inode->i_lock); +@@ -496,7 +495,7 @@ static void __dentry_kill(struct dentry + } + /* if it was on the hash then remove it */ + __d_drop(dentry); +- list_del(&dentry->d_u.d_child); ++ list_del(&dentry->d_child); + /* + * Inform d_walk() that we are no longer attached to the + * dentry tree +@@ -722,7 +721,7 @@ static struct dentry *__d_find_alias(str + + again: + discon_alias = NULL; +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) { + spin_lock(&alias->d_lock); + if (S_ISDIR(inode->i_mode) || !d_unhashed(alias)) { + if (IS_ROOT(alias) && +@@ -772,7 +771,7 @@ void d_prune_aliases(struct inode *inode + struct dentry *dentry; + restart: + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + spin_lock(&dentry->d_lock); + if (!dentry->d_lockref.count) { + struct dentry *parent = lock_parent(dentry); +@@ -1051,7 +1050,7 @@ repeat: + resume: + while (next != &this_parent->d_subdirs) { + struct list_head *tmp = next; +- struct dentry *dentry = list_entry(tmp, struct dentry, d_u.d_child); ++ struct dentry *dentry = list_entry(tmp, struct dentry, d_child); + next = tmp->next; + + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); +@@ -1103,7 +1102,7 @@ resume: + goto rename_retry; + } + rcu_read_unlock(); +- next = child->d_u.d_child.next; ++ next = child->d_child.next; + goto resume; + } + if (need_seqretry(&rename_lock, seq)) { +@@ -1455,8 +1454,8 @@ struct dentry *__d_alloc(struct super_bl + INIT_HLIST_BL_NODE(&dentry->d_hash); + INIT_LIST_HEAD(&dentry->d_lru); + INIT_LIST_HEAD(&dentry->d_subdirs); +- INIT_HLIST_NODE(&dentry->d_alias); +- INIT_LIST_HEAD(&dentry->d_u.d_child); ++ INIT_HLIST_NODE(&dentry->d_u.d_alias); ++ INIT_LIST_HEAD(&dentry->d_child); + d_set_d_op(dentry, dentry->d_sb->s_d_op); + + this_cpu_inc(nr_dentry); +@@ -1486,7 +1485,7 @@ struct dentry *d_alloc(struct dentry * p + */ + __dget_dlock(parent); + dentry->d_parent = parent; +- list_add(&dentry->d_u.d_child, &parent->d_subdirs); ++ list_add(&dentry->d_child, &parent->d_subdirs); + spin_unlock(&parent->d_lock); + + return dentry; +@@ -1579,7 +1578,7 @@ static void __d_instantiate(struct dentr + spin_lock(&dentry->d_lock); + __d_set_type(dentry, add_flags); + if (inode) +- hlist_add_head(&dentry->d_alias, &inode->i_dentry); ++ hlist_add_head(&dentry->d_u.d_alias, &inode->i_dentry); + dentry->d_inode = inode; + dentry_rcuwalk_barrier(dentry); + spin_unlock(&dentry->d_lock); +@@ -1603,7 +1602,7 @@ static void __d_instantiate(struct dentr + + void d_instantiate(struct dentry *entry, struct inode * inode) + { +- BUG_ON(!hlist_unhashed(&entry->d_alias)); ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + if (inode) + spin_lock(&inode->i_lock); + __d_instantiate(entry, inode); +@@ -1642,7 +1641,7 @@ static struct dentry *__d_instantiate_un + return NULL; + } + +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) { + /* + * Don't need alias->d_lock here, because aliases with + * d_parent == entry->d_parent are not subject to name or +@@ -1668,7 +1667,7 @@ struct dentry *d_instantiate_unique(stru + { + struct dentry *result; + +- BUG_ON(!hlist_unhashed(&entry->d_alias)); ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + + if (inode) + spin_lock(&inode->i_lock); +@@ -1699,7 +1698,7 @@ EXPORT_SYMBOL(d_instantiate_unique); + */ + int d_instantiate_no_diralias(struct dentry *entry, struct inode *inode) + { +- BUG_ON(!hlist_unhashed(&entry->d_alias)); ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + + spin_lock(&inode->i_lock); + if (S_ISDIR(inode->i_mode) && !hlist_empty(&inode->i_dentry)) { +@@ -1738,7 +1737,7 @@ static struct dentry * __d_find_any_alia + + if (hlist_empty(&inode->i_dentry)) + return NULL; +- alias = hlist_entry(inode->i_dentry.first, struct dentry, d_alias); ++ alias = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias); + __dget(alias); + return alias; + } +@@ -1800,7 +1799,7 @@ static struct dentry *__d_obtain_alias(s + spin_lock(&tmp->d_lock); + tmp->d_inode = inode; + tmp->d_flags |= add_flags; +- hlist_add_head(&tmp->d_alias, &inode->i_dentry); ++ hlist_add_head(&tmp->d_u.d_alias, &inode->i_dentry); + hlist_bl_lock(&tmp->d_sb->s_anon); + hlist_bl_add_head(&tmp->d_hash, &tmp->d_sb->s_anon); + hlist_bl_unlock(&tmp->d_sb->s_anon); +@@ -2235,7 +2234,7 @@ int d_validate(struct dentry *dentry, st + struct dentry *child; + + spin_lock(&dparent->d_lock); +- list_for_each_entry(child, &dparent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &dparent->d_subdirs, d_child) { + if (dentry == child) { + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); + __dget_dlock(dentry); +@@ -2526,13 +2525,13 @@ static void __d_move(struct dentry *dent + /* splicing a tree */ + dentry->d_parent = target->d_parent; + target->d_parent = target; +- list_del_init(&target->d_u.d_child); +- list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); ++ list_del_init(&target->d_child); ++ list_move(&dentry->d_child, &dentry->d_parent->d_subdirs); + } else { + /* swapping two dentries */ + swap(dentry->d_parent, target->d_parent); +- list_move(&target->d_u.d_child, &target->d_parent->d_subdirs); +- list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); ++ list_move(&target->d_child, &target->d_parent->d_subdirs); ++ list_move(&dentry->d_child, &dentry->d_parent->d_subdirs); + if (exchange) + fsnotify_d_move(target); + fsnotify_d_move(dentry); +@@ -3321,7 +3320,7 @@ void d_tmpfile(struct dentry *dentry, st + { + inode_dec_link_count(inode); + BUG_ON(dentry->d_name.name != dentry->d_iname || +- !hlist_unhashed(&dentry->d_alias) || ++ !hlist_unhashed(&dentry->d_u.d_alias) || + !d_unlinked(dentry)); + spin_lock(&dentry->d_parent->d_lock); + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); +--- a/fs/debugfs/inode.c ++++ b/fs/debugfs/inode.c +@@ -553,7 +553,7 @@ void debugfs_remove_recursive(struct den + * use the d_u.d_child as the rcu head and corrupt this list. + */ + spin_lock(&parent->d_lock); +- list_for_each_entry(child, &parent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &parent->d_subdirs, d_child) { + if (!debugfs_positive(child)) + continue; + +--- a/fs/exportfs/expfs.c ++++ b/fs/exportfs/expfs.c +@@ -50,7 +50,7 @@ find_acceptable_alias(struct dentry *res + + inode = result->d_inode; + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + dget(dentry); + spin_unlock(&inode->i_lock); + if (toput) +--- a/fs/libfs.c ++++ b/fs/libfs.c +@@ -114,18 +114,18 @@ loff_t dcache_dir_lseek(struct file *fil + + spin_lock(&dentry->d_lock); + /* d_lock not required for cursor */ +- list_del(&cursor->d_u.d_child); ++ list_del(&cursor->d_child); + p = dentry->d_subdirs.next; + while (n && p != &dentry->d_subdirs) { + struct dentry *next; +- next = list_entry(p, struct dentry, d_u.d_child); ++ next = list_entry(p, struct dentry, d_child); + spin_lock_nested(&next->d_lock, DENTRY_D_LOCK_NESTED); + if (simple_positive(next)) + n--; + spin_unlock(&next->d_lock); + p = p->next; + } +- list_add_tail(&cursor->d_u.d_child, p); ++ list_add_tail(&cursor->d_child, p); + spin_unlock(&dentry->d_lock); + } + } +@@ -150,7 +150,7 @@ int dcache_readdir(struct file *file, st + { + struct dentry *dentry = file->f_path.dentry; + struct dentry *cursor = file->private_data; +- struct list_head *p, *q = &cursor->d_u.d_child; ++ struct list_head *p, *q = &cursor->d_child; + + if (!dir_emit_dots(file, ctx)) + return 0; +@@ -159,7 +159,7 @@ int dcache_readdir(struct file *file, st + list_move(q, &dentry->d_subdirs); + + for (p = q->next; p != &dentry->d_subdirs; p = p->next) { +- struct dentry *next = list_entry(p, struct dentry, d_u.d_child); ++ struct dentry *next = list_entry(p, struct dentry, d_child); + spin_lock_nested(&next->d_lock, DENTRY_D_LOCK_NESTED); + if (!simple_positive(next)) { + spin_unlock(&next->d_lock); +@@ -287,7 +287,7 @@ int simple_empty(struct dentry *dentry) + int ret = 0; + + spin_lock(&dentry->d_lock); +- list_for_each_entry(child, &dentry->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &dentry->d_subdirs, d_child) { + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED); + if (simple_positive(child)) { + spin_unlock(&child->d_lock); +--- a/fs/ncpfs/dir.c ++++ b/fs/ncpfs/dir.c +@@ -403,7 +403,7 @@ ncp_dget_fpos(struct dentry *dentry, str + + /* If a pointer is invalid, we search the dentry. */ + spin_lock(&parent->d_lock); +- list_for_each_entry(dent, &parent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(dent, &parent->d_subdirs, d_child) { + if ((unsigned long)dent->d_fsdata == fpos) { + if (dent->d_inode) + dget(dent); +--- a/fs/ncpfs/ncplib_kernel.h ++++ b/fs/ncpfs/ncplib_kernel.h +@@ -191,7 +191,7 @@ ncp_renew_dentries(struct dentry *parent + struct dentry *dentry; + + spin_lock(&parent->d_lock); +- list_for_each_entry(dentry, &parent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(dentry, &parent->d_subdirs, d_child) { + if (dentry->d_fsdata == NULL) + ncp_age_dentry(server, dentry); + else +@@ -207,7 +207,7 @@ ncp_invalidate_dircache_entries(struct d + struct dentry *dentry; + + spin_lock(&parent->d_lock); +- list_for_each_entry(dentry, &parent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(dentry, &parent->d_subdirs, d_child) { + dentry->d_fsdata = NULL; + ncp_age_dentry(server, dentry); + } +--- a/fs/nfs/getroot.c ++++ b/fs/nfs/getroot.c +@@ -58,7 +58,7 @@ static int nfs_superblock_set_dummy_root + */ + spin_lock(&sb->s_root->d_inode->i_lock); + spin_lock(&sb->s_root->d_lock); +- hlist_del_init(&sb->s_root->d_alias); ++ hlist_del_init(&sb->s_root->d_u.d_alias); + spin_unlock(&sb->s_root->d_lock); + spin_unlock(&sb->s_root->d_inode->i_lock); + } +--- a/fs/notify/fsnotify.c ++++ b/fs/notify/fsnotify.c +@@ -63,14 +63,14 @@ void __fsnotify_update_child_dentry_flag + spin_lock(&inode->i_lock); + /* run all of the dentries associated with this inode. Since this is a + * directory, there damn well better only be one item on this list */ +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) { + struct dentry *child; + + /* run all of the children of the original inode and fix their + * d_flags to indicate parental interest (their parent is the + * original inode) */ + spin_lock(&alias->d_lock); +- list_for_each_entry(child, &alias->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &alias->d_subdirs, d_child) { + if (!child->d_inode) + continue; + +--- a/fs/ocfs2/dcache.c ++++ b/fs/ocfs2/dcache.c +@@ -172,7 +172,7 @@ struct dentry *ocfs2_find_local_alias(st + struct dentry *dentry; + + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + spin_lock(&dentry->d_lock); + if (ocfs2_match_dentry(dentry, parent_blkno, skip_unhashed)) { + trace_ocfs2_find_local_alias(dentry->d_name.len, +--- a/include/linux/dcache.h ++++ b/include/linux/dcache.h +@@ -124,15 +124,15 @@ struct dentry { + void *d_fsdata; /* fs-specific data */ + + struct list_head d_lru; /* LRU list */ ++ struct list_head d_child; /* child of parent list */ ++ struct list_head d_subdirs; /* our children */ + /* +- * d_child and d_rcu can share memory ++ * d_alias and d_rcu can share memory + */ + union { +- struct list_head d_child; /* child of parent list */ ++ struct hlist_node d_alias; /* inode alias list */ + struct rcu_head d_rcu; + } d_u; +- struct list_head d_subdirs; /* our children */ +- struct hlist_node d_alias; /* inode alias list */ + }; + + /* +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -6417,7 +6417,7 @@ static int instance_mkdir (struct inode + int ret; + + /* Paranoid: Make sure the parent is the "instances" directory */ +- parent = hlist_entry(inode->i_dentry.first, struct dentry, d_alias); ++ parent = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias); + if (WARN_ON_ONCE(parent != trace_instance_dir)) + return -ENOENT; + +@@ -6444,7 +6444,7 @@ static int instance_rmdir(struct inode * + int ret; + + /* Paranoid: Make sure the parent is the "instances" directory */ +- parent = hlist_entry(inode->i_dentry.first, struct dentry, d_alias); ++ parent = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias); + if (WARN_ON_ONCE(parent != trace_instance_dir)) + return -ENOENT; + +--- a/kernel/trace/trace_events.c ++++ b/kernel/trace/trace_events.c +@@ -461,7 +461,7 @@ static void remove_event_file_dir(struct + + if (dir) { + spin_lock(&dir->d_lock); /* probably unneeded */ +- list_for_each_entry(child, &dir->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &dir->d_subdirs, d_child) { + if (child->d_inode) /* probably unneeded */ + child->d_inode->i_private = NULL; + } +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c +@@ -1200,7 +1200,7 @@ static void sel_remove_entries(struct de + spin_lock(&de->d_lock); + node = de->d_subdirs.next; + while (node != &de->d_subdirs) { +- struct dentry *d = list_entry(node, struct dentry, d_u.d_child); ++ struct dentry *d = list_entry(node, struct dentry, d_child); + + spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED); + list_del_init(node); +@@ -1674,12 +1674,12 @@ static void sel_remove_classes(void) + + list_for_each(class_node, &class_dir->d_subdirs) { + struct dentry *class_subdir = list_entry(class_node, +- struct dentry, d_u.d_child); ++ struct dentry, d_child); + struct list_head *class_subdir_node; + + list_for_each(class_subdir_node, &class_subdir->d_subdirs) { + struct dentry *d = list_entry(class_subdir_node, +- struct dentry, d_u.d_child); ++ struct dentry, d_child); + + if (d->d_inode) + if (d->d_inode->i_mode & S_IFDIR) diff --git a/queue-3.18/rtlwifi-rtl8192ce-fix-editing-error-that-causes-silent-memory-corruption.patch b/queue-3.18/rtlwifi-rtl8192ce-fix-editing-error-that-causes-silent-memory-corruption.patch new file mode 100644 index 00000000000..b8036dfcfa1 --- /dev/null +++ b/queue-3.18/rtlwifi-rtl8192ce-fix-editing-error-that-causes-silent-memory-corruption.patch @@ -0,0 +1,47 @@ +From 99a82f734aa6c6d397e029e6dfa933f04e0fa8c8 Mon Sep 17 00:00:00 2001 +From: Larry Finger +Date: Fri, 28 Nov 2014 10:41:14 -0600 +Subject: rtlwifi: rtl8192ce: Fix editing error that causes silent memory corruption + +From: Larry Finger + +commit 99a82f734aa6c6d397e029e6dfa933f04e0fa8c8 upstream. + +In the major update of the rtlwifi-family of drivers, there was an editing +mistake. Unfortunately, this particular error leads to memory corruption that +silently leads to failure of the system. This patch is one of three needed to +fix the kernel regression reported at https://bugzilla.kernel.org/show_bug.cgi?id=88951. + +Signed-off-by: Larry Finger +Reported-by: Catalin Iacob +Tested-by: Catalin Iacob +Cc: Catalin Iacob +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtlwifi/rtl8192ce/trx.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c +@@ -720,16 +720,15 @@ u32 rtl92ce_get_desc(u8 *p_desc, bool is + break; + } + } else { +- struct rx_desc_92c *pdesc = (struct rx_desc_92c *)p_desc; + switch (desc_name) { + case HW_DESC_OWN: +- ret = GET_RX_DESC_OWN(pdesc); ++ ret = GET_RX_DESC_OWN(p_desc); + break; + case HW_DESC_RXPKT_LEN: +- ret = GET_RX_DESC_PKT_LEN(pdesc); ++ ret = GET_RX_DESC_PKT_LEN(p_desc); + break; + case HW_DESC_RXBUFF_ADDR: +- ret = GET_RX_STATUS_DESC_BUFF_ADDR(pdesc); ++ ret = GET_RX_DESC_BUFF_ADDR(p_desc); + break; + default: + RT_ASSERT(false, "ERR rxdesc :%d not process\n", diff --git a/queue-3.18/rtlwifi-rtl8192ce-fix-kernel-crashes-due-to-missing-callback-entry.patch b/queue-3.18/rtlwifi-rtl8192ce-fix-kernel-crashes-due-to-missing-callback-entry.patch new file mode 100644 index 00000000000..16a4a5b37a0 --- /dev/null +++ b/queue-3.18/rtlwifi-rtl8192ce-fix-kernel-crashes-due-to-missing-callback-entry.patch @@ -0,0 +1,84 @@ +From f892914c03131a445b926b82815b03162c19288e Mon Sep 17 00:00:00 2001 +From: Larry Finger +Date: Fri, 28 Nov 2014 10:41:15 -0600 +Subject: rtlwifi: rtl8192ce: Fix kernel crashes due to missing callback entry + +From: Larry Finger + +commit f892914c03131a445b926b82815b03162c19288e upstream. + +In the major update of the rtlwifi-family of drivers, one of the callback entries +was missed, which leads to memory corruption. Unfortunately, this corruption +never caused a kernel oops, but showed up in other parts of the system. +This patch is one of three needed to fix the kernel regression reported at +https://bugzilla.kernel.org/show_bug.cgi?id=88951. + +Signed-off-by: Larry Finger +Reported-by: Catalin Iacob +Tested-by: Catalin Iacob +Cc: Catalin Iacob +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtlwifi/rtl8192ce/sw.c | 3 +++ + drivers/net/wireless/rtlwifi/rtl8192ce/trx.c | 17 +++++++++++++++++ + drivers/net/wireless/rtlwifi/rtl8192ce/trx.h | 2 ++ + 3 files changed, 22 insertions(+) + +--- a/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/sw.c +@@ -228,6 +228,7 @@ static struct rtl_hal_ops rtl8192ce_hal_ + .led_control = rtl92ce_led_control, + .set_desc = rtl92ce_set_desc, + .get_desc = rtl92ce_get_desc, ++ .is_tx_desc_closed = rtl92ce_is_tx_desc_closed, + .tx_polling = rtl92ce_tx_polling, + .enable_hw_sec = rtl92ce_enable_hw_security_config, + .set_key = rtl92ce_set_key, +@@ -271,6 +272,8 @@ static struct rtl_hal_cfg rtl92ce_hal_cf + .maps[MAC_RCR_ACRC32] = ACRC32, + .maps[MAC_RCR_ACF] = ACF, + .maps[MAC_RCR_AAP] = AAP, ++ .maps[MAC_HIMR] = REG_HIMR, ++ .maps[MAC_HIMRE] = REG_HIMRE, + + .maps[EFUSE_TEST] = REG_EFUSE_TEST, + .maps[EFUSE_CTRL] = REG_EFUSE_CTRL, +--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.c +@@ -739,6 +739,23 @@ u32 rtl92ce_get_desc(u8 *p_desc, bool is + return ret; + } + ++bool rtl92ce_is_tx_desc_closed(struct ieee80211_hw *hw, ++ u8 hw_queue, u16 index) ++{ ++ struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); ++ struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[hw_queue]; ++ u8 *entry = (u8 *)(&ring->desc[ring->idx]); ++ u8 own = (u8)rtl92ce_get_desc(entry, true, HW_DESC_OWN); ++ ++ /*beacon packet will only use the first ++ *descriptor defautly,and the own may not ++ *be cleared by the hardware ++ */ ++ if (own) ++ return false; ++ return true; ++} ++ + void rtl92ce_tx_polling(struct ieee80211_hw *hw, u8 hw_queue) + { + struct rtl_priv *rtlpriv = rtl_priv(hw); +--- a/drivers/net/wireless/rtlwifi/rtl8192ce/trx.h ++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/trx.h +@@ -723,6 +723,8 @@ bool rtl92ce_rx_query_desc(struct ieee80 + void rtl92ce_set_desc(struct ieee80211_hw *hw, u8 *pdesc, bool istx, + u8 desc_name, u8 *val); + u32 rtl92ce_get_desc(u8 *pdesc, bool istx, u8 desc_name); ++bool rtl92ce_is_tx_desc_closed(struct ieee80211_hw *hw, ++ u8 hw_queue, u16 index); + void rtl92ce_tx_polling(struct ieee80211_hw *hw, u8 hw_queue); + void rtl92ce_tx_fill_cmddesc(struct ieee80211_hw *hw, u8 *pdesc, + bool b_firstseg, bool b_lastseg, diff --git a/queue-3.18/rtlwifi-rtl8192ce-fix-missing-interrupt-ready-flag.patch b/queue-3.18/rtlwifi-rtl8192ce-fix-missing-interrupt-ready-flag.patch new file mode 100644 index 00000000000..9d925d6ed1b --- /dev/null +++ b/queue-3.18/rtlwifi-rtl8192ce-fix-missing-interrupt-ready-flag.patch @@ -0,0 +1,43 @@ +From 87141db0848aa20c43d453f5545efc8f390d4372 Mon Sep 17 00:00:00 2001 +From: Larry Finger +Date: Fri, 28 Nov 2014 10:41:16 -0600 +Subject: rtlwifi: rtl8192ce: Fix missing interrupt ready flag + +From: Larry Finger + +commit 87141db0848aa20c43d453f5545efc8f390d4372 upstream. + +Proper operation with the rewritten PCI mini driver requires that a flag be set +when interrupts are enabled. This flag was missed. This patch is one of three needed to +fix the kernel regression reported at https://bugzilla.kernel.org/show_bug.cgi?id=88951. + +Signed-off-by: Larry Finger +Reported-by: Catalin Iacob +Tested-by: Catalin Iacob +Cc: Catalin Iacob +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtlwifi/rtl8192ce/hw.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192ce/hw.c +@@ -1287,6 +1287,7 @@ void rtl92ce_enable_interrupt(struct iee + + rtl_write_dword(rtlpriv, REG_HIMR, rtlpci->irq_mask[0] & 0xFFFFFFFF); + rtl_write_dword(rtlpriv, REG_HIMRE, rtlpci->irq_mask[1] & 0xFFFFFFFF); ++ rtlpci->irq_enabled = true; + } + + void rtl92ce_disable_interrupt(struct ieee80211_hw *hw) +@@ -1296,7 +1297,7 @@ void rtl92ce_disable_interrupt(struct ie + + rtl_write_dword(rtlpriv, REG_HIMR, IMR8190_DISABLED); + rtl_write_dword(rtlpriv, REG_HIMRE, IMR8190_DISABLED); +- synchronize_irq(rtlpci->pdev->irq); ++ rtlpci->irq_enabled = false; + } + + static void _rtl92ce_poweroff_adapter(struct ieee80211_hw *hw) diff --git a/queue-3.18/series b/queue-3.18/series index f0d2d9e0268..13862e4cf38 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -9,3 +9,8 @@ tcp-fix-more-null-deref-after-prequeue-changes.patch xen-netfront-use-correct-linear-area-after-linearizing-an-skb.patch net-fix-suspicious-rcu_dereference_check-in-net-sched-sch_fq_codel.c.patch netlink-use-jhash-as-hashfn-for-rhashtable.patch +rtlwifi-rtl8192ce-fix-editing-error-that-causes-silent-memory-corruption.patch +rtlwifi-rtl8192ce-fix-kernel-crashes-due-to-missing-callback-entry.patch +rtlwifi-rtl8192ce-fix-missing-interrupt-ready-flag.patch +move-d_rcu-from-overlapping-d_child-to-overlapping-d_alias.patch +deal-with-deadlock-in-d_walk.patch