From: Greg Kroah-Hartman Date: Fri, 18 May 2012 19:50:08 +0000 (-0700) Subject: 3.0-stable patches X-Git-Tag: v3.0.32~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0cb2e2b107edafac22515e692dfabe450ae04391;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: acpi-pm-add-sony-vaio-vpccw29fx-to-nonvs-blacklist.patch compat-fix-rt-signal-mask-corruption-via-sigprocmask.patch ext3-fix-error-handling-on-inode-bitmap-corruption.patch ext4-avoid-deadlock-on-sync-mounted-fs-w-o-journal.patch ext4-fix-error-handling-on-inode-bitmap-corruption.patch memcg-free-spare-array-to-avoid-memory-leak.patch nfsv4-revalidate-uid-gid-after-open.patch scsi-hpsa-add-irqf_shared-back-in-for-the-non-msi-x-interrupt-handler.patch --- diff --git a/queue-3.0/acpi-pm-add-sony-vaio-vpccw29fx-to-nonvs-blacklist.patch b/queue-3.0/acpi-pm-add-sony-vaio-vpccw29fx-to-nonvs-blacklist.patch new file mode 100644 index 00000000000..4e9a63974a3 --- /dev/null +++ b/queue-3.0/acpi-pm-add-sony-vaio-vpccw29fx-to-nonvs-blacklist.patch @@ -0,0 +1,39 @@ +From 93f770846e8dedc5d9117bd4ad9d7efd18420627 Mon Sep 17 00:00:00 2001 +From: Lan Tianyu +Date: Sat, 21 Jan 2012 09:23:56 +0800 +Subject: ACPI / PM: Add Sony Vaio VPCCW29FX to nonvs blacklist. + +From: Lan Tianyu + +commit 93f770846e8dedc5d9117bd4ad9d7efd18420627 upstream. + +Sony Vaio VPCCW29FX does not resume correctly without +acpi_sleep=nonvs, so add it to the ACPI sleep blacklist. + +https://bugzilla.kernel.org/show_bug.cgi?id=34722 + +Signed-off-by: Lan Tianyu +Signed-off-by: Len Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/sleep.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/acpi/sleep.c ++++ b/drivers/acpi/sleep.c +@@ -422,6 +422,14 @@ static struct dmi_system_id __initdata a + }, + { + .callback = init_nvs_nosave, ++ .ident = "Sony Vaio VPCCW29FX", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "VPCCW29FX"), ++ }, ++ }, ++ { ++ .callback = init_nvs_nosave, + .ident = "Averatec AV1020-ED2", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "AVERATEC"), diff --git a/queue-3.0/compat-fix-rt-signal-mask-corruption-via-sigprocmask.patch b/queue-3.0/compat-fix-rt-signal-mask-corruption-via-sigprocmask.patch new file mode 100644 index 00000000000..dcd5779731b --- /dev/null +++ b/queue-3.0/compat-fix-rt-signal-mask-corruption-via-sigprocmask.patch @@ -0,0 +1,105 @@ +From b7dafa0ef3145c31d7753be0a08b3cbda51f0209 Mon Sep 17 00:00:00 2001 +From: Jan Kiszka +Date: Thu, 10 May 2012 10:04:36 -0300 +Subject: compat: Fix RT signal mask corruption via sigprocmask + +From: Jan Kiszka + +commit b7dafa0ef3145c31d7753be0a08b3cbda51f0209 upstream. + +compat_sys_sigprocmask reads a smaller signal mask from userspace than +sigprogmask accepts for setting. So the high word of blocked.sig[0] +will be cleared, releasing any potentially blocked RT signal. + +This was discovered via userspace code that relies on get/setcontext. +glibc's i386 versions of those functions use sigprogmask instead of +rt_sigprogmask to save/restore signal mask and caused RT signal +unblocking this way. + +As suggested by Linus, this replaces the sys_sigprocmask based compat +version with one that open-codes the required logic, including the merge +of the existing blocked set with the new one provided on SIG_SETMASK. + +Signed-off-by: Jan Kiszka +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/compat.c | 65 ++++++++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 47 insertions(+), 18 deletions(-) + +--- a/kernel/compat.c ++++ b/kernel/compat.c +@@ -318,25 +318,54 @@ asmlinkage long compat_sys_sigpending(co + + #ifdef __ARCH_WANT_SYS_SIGPROCMASK + +-asmlinkage long compat_sys_sigprocmask(int how, compat_old_sigset_t __user *set, +- compat_old_sigset_t __user *oset) ++/* ++ * sys_sigprocmask SIG_SETMASK sets the first (compat) word of the ++ * blocked set of signals to the supplied signal set ++ */ ++static inline void compat_sig_setmask(sigset_t *blocked, compat_sigset_word set) + { +- old_sigset_t s; +- long ret; +- mm_segment_t old_fs; +- +- if (set && get_user(s, set)) +- return -EFAULT; +- old_fs = get_fs(); +- set_fs(KERNEL_DS); +- ret = sys_sigprocmask(how, +- set ? (old_sigset_t __user *) &s : NULL, +- oset ? (old_sigset_t __user *) &s : NULL); +- set_fs(old_fs); +- if (ret == 0) +- if (oset) +- ret = put_user(s, oset); +- return ret; ++ memcpy(blocked->sig, &set, sizeof(set)); ++} ++ ++asmlinkage long compat_sys_sigprocmask(int how, ++ compat_old_sigset_t __user *nset, ++ compat_old_sigset_t __user *oset) ++{ ++ old_sigset_t old_set, new_set; ++ sigset_t new_blocked; ++ ++ old_set = current->blocked.sig[0]; ++ ++ if (nset) { ++ if (get_user(new_set, nset)) ++ return -EFAULT; ++ new_set &= ~(sigmask(SIGKILL) | sigmask(SIGSTOP)); ++ ++ new_blocked = current->blocked; ++ ++ switch (how) { ++ case SIG_BLOCK: ++ sigaddsetmask(&new_blocked, new_set); ++ break; ++ case SIG_UNBLOCK: ++ sigdelsetmask(&new_blocked, new_set); ++ break; ++ case SIG_SETMASK: ++ compat_sig_setmask(&new_blocked, new_set); ++ break; ++ default: ++ return -EINVAL; ++ } ++ ++ set_current_blocked(&new_blocked); ++ } ++ ++ if (oset) { ++ if (put_user(old_set, oset)) ++ return -EFAULT; ++ } ++ ++ return 0; + } + + #endif diff --git a/queue-3.0/ext3-fix-error-handling-on-inode-bitmap-corruption.patch b/queue-3.0/ext3-fix-error-handling-on-inode-bitmap-corruption.patch new file mode 100644 index 00000000000..5b273628f28 --- /dev/null +++ b/queue-3.0/ext3-fix-error-handling-on-inode-bitmap-corruption.patch @@ -0,0 +1,41 @@ +From 1415dd8705394399d59a3df1ab48d149e1e41e77 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Thu, 8 Dec 2011 21:13:46 +0100 +Subject: ext3: Fix error handling on inode bitmap corruption + +From: Jan Kara + +commit 1415dd8705394399d59a3df1ab48d149e1e41e77 upstream. + +When insert_inode_locked() fails in ext3_new_inode() it most likely +means inode bitmap got corrupted and we allocated again inode which +is already in use. Also doing unlock_new_inode() during error recovery +is wrong since inode does not have I_NEW set. Fix the problem by jumping +to fail: (instead of fail_drop:) which declares filesystem error and +does not call unlock_new_inode(). + +Reviewed-by: Eric Sandeen +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext3/ialloc.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/ext3/ialloc.c ++++ b/fs/ext3/ialloc.c +@@ -561,8 +561,12 @@ got: + if (IS_DIRSYNC(inode)) + handle->h_sync = 1; + if (insert_inode_locked(inode) < 0) { +- err = -EINVAL; +- goto fail_drop; ++ /* ++ * Likely a bitmap corruption causing inode to be allocated ++ * twice. ++ */ ++ err = -EIO; ++ goto fail; + } + spin_lock(&sbi->s_next_gen_lock); + inode->i_generation = sbi->s_next_generation++; diff --git a/queue-3.0/ext4-avoid-deadlock-on-sync-mounted-fs-w-o-journal.patch b/queue-3.0/ext4-avoid-deadlock-on-sync-mounted-fs-w-o-journal.patch new file mode 100644 index 00000000000..008c5e61b0e --- /dev/null +++ b/queue-3.0/ext4-avoid-deadlock-on-sync-mounted-fs-w-o-journal.patch @@ -0,0 +1,62 @@ +From c1bb05a657fb3d8c6179a4ef7980261fae4521d7 Mon Sep 17 00:00:00 2001 +From: Eric Sandeen +Date: Mon, 20 Feb 2012 23:06:18 -0500 +Subject: ext4: avoid deadlock on sync-mounted FS w/o journal + +From: Eric Sandeen + +commit c1bb05a657fb3d8c6179a4ef7980261fae4521d7 upstream. + +Processes hang forever on a sync-mounted ext2 file system that +is mounted with the ext4 module (default in Fedora 16). + +I can reproduce this reliably by mounting an ext2 partition with +"-o sync" and opening a new file an that partition with vim. vim +will hang in "D" state forever. The same happens on ext4 without +a journal. + +I am attaching a small patch here that solves this issue for me. +In the sync mounted case without a journal, +ext4_handle_dirty_metadata() may call sync_dirty_buffer(), which +can't be called with buffer lock held. + +Also move mb_cache_entry_release inside lock to avoid race +fixed previously by 8a2bfdcb ext[34]: EA block reference count racing fix +Note too that ext2 fixed this same problem in 2006 with +b2f49033 [PATCH] fix deadlock in ext2 + +Signed-off-by: Martin.Wilck@ts.fujitsu.com +[sandeen@redhat.com: move mb_cache_entry_release before unlock, edit commit msg] +Signed-off-by: Eric Sandeen +Signed-off-by: "Theodore Ts'o" +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/xattr.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -487,18 +487,19 @@ ext4_xattr_release_block(handle_t *handl + ext4_free_blocks(handle, inode, bh, 0, 1, + EXT4_FREE_BLOCKS_METADATA | + EXT4_FREE_BLOCKS_FORGET); ++ unlock_buffer(bh); + } else { + le32_add_cpu(&BHDR(bh)->h_refcount, -1); ++ if (ce) ++ mb_cache_entry_release(ce); ++ unlock_buffer(bh); + error = ext4_handle_dirty_metadata(handle, inode, bh); + if (IS_SYNC(inode)) + ext4_handle_sync(handle); + dquot_free_block(inode, 1); + ea_bdebug(bh, "refcount now=%d; releasing", + le32_to_cpu(BHDR(bh)->h_refcount)); +- if (ce) +- mb_cache_entry_release(ce); + } +- unlock_buffer(bh); + out: + ext4_std_error(inode->i_sb, error); + return; diff --git a/queue-3.0/ext4-fix-error-handling-on-inode-bitmap-corruption.patch b/queue-3.0/ext4-fix-error-handling-on-inode-bitmap-corruption.patch new file mode 100644 index 00000000000..c7658306af3 --- /dev/null +++ b/queue-3.0/ext4-fix-error-handling-on-inode-bitmap-corruption.patch @@ -0,0 +1,40 @@ +From acd6ad83517639e8f09a8c5525b1dccd81cd2a10 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Sun, 18 Dec 2011 17:37:02 -0500 +Subject: ext4: fix error handling on inode bitmap corruption + +From: Jan Kara + +commit acd6ad83517639e8f09a8c5525b1dccd81cd2a10 upstream. + +When insert_inode_locked() fails in ext4_new_inode() it most likely means inode +bitmap got corrupted and we allocated again inode which is already in use. Also +doing unlock_new_inode() during error recovery is wrong since the inode does +not have I_NEW set. Fix the problem by jumping to fail: (instead of fail_drop:) +which declares filesystem error and does not call unlock_new_inode(). + +Signed-off-by: Jan Kara +Signed-off-by: "Theodore Ts'o" +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ialloc.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -1021,8 +1021,12 @@ got: + if (IS_DIRSYNC(inode)) + ext4_handle_sync(handle); + if (insert_inode_locked(inode) < 0) { +- err = -EINVAL; +- goto fail_drop; ++ /* ++ * Likely a bitmap corruption causing inode to be allocated ++ * twice. ++ */ ++ err = -EIO; ++ goto fail; + } + spin_lock(&sbi->s_next_gen_lock); + inode->i_generation = sbi->s_next_generation++; diff --git a/queue-3.0/memcg-free-spare-array-to-avoid-memory-leak.patch b/queue-3.0/memcg-free-spare-array-to-avoid-memory-leak.patch new file mode 100644 index 00000000000..54874466dcd --- /dev/null +++ b/queue-3.0/memcg-free-spare-array-to-avoid-memory-leak.patch @@ -0,0 +1,38 @@ +From 8c7577637ca31385e92769a77e2ab5b428e8b99c Mon Sep 17 00:00:00 2001 +From: Sha Zhengju +Date: Thu, 10 May 2012 13:01:45 -0700 +Subject: memcg: free spare array to avoid memory leak + +From: Sha Zhengju + +commit 8c7577637ca31385e92769a77e2ab5b428e8b99c upstream. + +When the last event is unregistered, there is no need to keep the spare +array anymore. So free it to avoid memory leak. + +Signed-off-by: Sha Zhengju +Acked-by: KAMEZAWA Hiroyuki +Reviewed-by: Kirill A. Shutemov +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memcontrol.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -4605,6 +4605,12 @@ static void mem_cgroup_usage_unregister_ + swap_buffers: + /* Swap primary and spare array */ + thresholds->spare = thresholds->primary; ++ /* If all events are unregistered, free the spare array */ ++ if (!new) { ++ kfree(thresholds->spare); ++ thresholds->spare = NULL; ++ } ++ + rcu_assign_pointer(thresholds->primary, new); + + /* To be sure that nobody uses thresholds */ diff --git a/queue-3.0/nfsv4-revalidate-uid-gid-after-open.patch b/queue-3.0/nfsv4-revalidate-uid-gid-after-open.patch new file mode 100644 index 00000000000..f7c6c16d496 --- /dev/null +++ b/queue-3.0/nfsv4-revalidate-uid-gid-after-open.patch @@ -0,0 +1,76 @@ +From jrnieder@gmail.com Fri May 18 12:31:07 2012 +From: Jonathan Nieder +Date: Fri, 11 May 2012 04:20:20 -0500 +Subject: NFSv4: Revalidate uid/gid after open +To: stable@vger.kernel.org +Cc: Rik Theys , Trond Myklebust , linux-nfs@vger.kernel.org, David Flyn , Jeff Layton , 659111@bugs.debian.org +Message-ID: <20120511092020.GD5733@burratino> +Content-Disposition: inline + +From: Jonathan Nieder + +This is a shorter (and more appropriate for stable kernels) analog to +the following upstream commit: + +commit 6926afd1925a54a13684ebe05987868890665e2b +Author: Trond Myklebust +Date: Sat Jan 7 13:22:46 2012 -0500 + + NFSv4: Save the owner/group name string when doing open + + ...so that we can do the uid/gid mapping outside the asynchronous RPC + context. + This fixes a bug in the current NFSv4 atomic open code where the client + isn't able to determine what the true uid/gid fields of the file are, + (because the asynchronous nature of the OPEN call denies it the ability + to do an upcall) and so fills them with default values, marking the + inode as needing revalidation. + Unfortunately, in some cases, the VFS will do some additional sanity + checks on the file, and may override the server's decision to allow + the open because it sees the wrong owner/group fields. + + Signed-off-by: Trond Myklebust + +Without this patch, logging into two different machines with home +directories mounted over NFS4 and then running "vim" and typing ":q" +in each reliably produces the following error on the second machine: + + E137: Viminfo file is not writable: /users/system/rtheys/.viminfo + +This regression was introduced by 80e52aced138 ("NFSv4: Don't do +idmapper upcalls for asynchronous RPC calls", merged during the 2.6.32 +cycle) --- after the OPEN call, .viminfo has the default values for +st_uid and st_gid (0xfffffffe) cached because we do not want to let +rpciod wait for an idmapper upcall to fill them in. + +The fix used in mainline is to save the owner and group as strings and +perform the upcall in _nfs4_proc_open outside the rpciod context, +which takes about 600 lines. For stable, we can do something similar +with a one-liner: make open check for the stale fields and make a +(synchronous) GETATTR call to fill them when needed. + +Trond dictated the patch, I typed it in, and Rik tested it. + +Addresses http://bugs.debian.org/659111 and + https://bugzilla.redhat.com/789298 + +Reported-by: Rik Theys +Explained-by: David Flyn +Signed-off-by: Jonathan Nieder +Tested-by: Rik Theys +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1771,6 +1771,7 @@ static int _nfs4_do_open(struct inode *d + nfs_setattr_update_inode(state->inode, sattr); + nfs_post_op_update_inode(state->inode, opendata->o_res.f_attr); + } ++ nfs_revalidate_inode(server, state->inode); + nfs4_opendata_put(opendata); + nfs4_put_state_owner(sp); + *res = state; diff --git a/queue-3.0/scsi-hpsa-add-irqf_shared-back-in-for-the-non-msi-x-interrupt-handler.patch b/queue-3.0/scsi-hpsa-add-irqf_shared-back-in-for-the-non-msi-x-interrupt-handler.patch new file mode 100644 index 00000000000..3bc4634f05c --- /dev/null +++ b/queue-3.0/scsi-hpsa-add-irqf_shared-back-in-for-the-non-msi-x-interrupt-handler.patch @@ -0,0 +1,39 @@ +From 45bcf018d1a4779d592764ef57517c92589d55d7 Mon Sep 17 00:00:00 2001 +From: "Stephen M. Cameron" +Date: Mon, 28 Nov 2011 10:15:20 -0600 +Subject: SCSI: hpsa: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler + +From: "Stephen M. Cameron" + +commit 45bcf018d1a4779d592764ef57517c92589d55d7 upstream. + +IRQF_SHARED is required for older controllers that don't support MSI(X) +and which may end up sharing an interrupt. All the controllers hpsa +normally supports have MSI(X) capability, but older controllers may be +encountered via the hpsa_allow_any=1 module parameter. + +Also remove deprecated IRQF_DISABLED. + +Signed-off-by: Stephen M. Cameron +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/hpsa.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/hpsa.c ++++ b/drivers/scsi/hpsa.c +@@ -4037,10 +4037,10 @@ static int hpsa_request_irq(struct ctlr_ + + if (h->msix_vector || h->msi_vector) + rc = request_irq(h->intr[h->intr_mode], msixhandler, +- IRQF_DISABLED, h->devname, h); ++ 0, h->devname, h); + else + rc = request_irq(h->intr[h->intr_mode], intxhandler, +- IRQF_DISABLED, h->devname, h); ++ IRQF_SHARED, h->devname, h); + if (rc) { + dev_err(&h->pdev->dev, "unable to get irq %d for %s\n", + h->intr[h->intr_mode], h->devname); diff --git a/queue-3.0/series b/queue-3.0/series index 7ab6e42935b..d09f9d44cce 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -37,3 +37,11 @@ crypto-mv_cesa-requires-on-crypto_hash-to-build.patch md-add-del_timer_sync-to-mddev_suspend-fix-nasty-panic.patch tcp-do_tcp_sendpages-must-try-to-push-data-out-on-oom-conditions.patch init-don-t-try-mounting-device-as-nfs-root-unless-type-fully-matches.patch +ext4-avoid-deadlock-on-sync-mounted-fs-w-o-journal.patch +nfsv4-revalidate-uid-gid-after-open.patch +memcg-free-spare-array-to-avoid-memory-leak.patch +compat-fix-rt-signal-mask-corruption-via-sigprocmask.patch +ext3-fix-error-handling-on-inode-bitmap-corruption.patch +ext4-fix-error-handling-on-inode-bitmap-corruption.patch +acpi-pm-add-sony-vaio-vpccw29fx-to-nonvs-blacklist.patch +scsi-hpsa-add-irqf_shared-back-in-for-the-non-msi-x-interrupt-handler.patch