From: Greg Kroah-Hartman Date: Tue, 26 Nov 2013 23:14:32 +0000 (-0800) Subject: 3.12-stable patches X-Git-Tag: v3.11.10~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ab045a88ac501a44c4121afecc9ff5bde22f29a;p=thirdparty%2Fkernel%2Fstable-queue.git 3.12-stable patches added patches: configfs-fix-race-between-dentry-put-and-lookup.patch cris-media-platform-drivers-fix-build.patch gfs2-d_splice_alias-can-t-return-error.patch gfs2-fix-dentry-leaks.patch s390-time-fix-get_tod_clock_ext-inline-assembly.patch s390-vtime-correct-idle-time-calculation.patch --- diff --git a/queue-3.12/configfs-fix-race-between-dentry-put-and-lookup.patch b/queue-3.12/configfs-fix-race-between-dentry-put-and-lookup.patch new file mode 100644 index 00000000000..c869f8e606c --- /dev/null +++ b/queue-3.12/configfs-fix-race-between-dentry-put-and-lookup.patch @@ -0,0 +1,94 @@ +From 76ae281f6307331aa063288edb6422ae99f435f0 Mon Sep 17 00:00:00 2001 +From: Junxiao Bi +Date: Thu, 21 Nov 2013 14:31:56 -0800 +Subject: configfs: fix race between dentry put and lookup + +From: Junxiao Bi + +commit 76ae281f6307331aa063288edb6422ae99f435f0 upstream. + +A race window in configfs, it starts from one dentry is UNHASHED and end +before configfs_d_iput is called. In this window, if a lookup happen, +since the original dentry was UNHASHED, so a new dentry will be +allocated, and then in configfs_attach_attr(), sd->s_dentry will be +updated to the new dentry. Then in configfs_d_iput(), +BUG_ON(sd->s_dentry != dentry) will be triggered and system panic. + +sys_open: sys_close: + ... fput + dput + dentry_kill + __d_drop <--- dentry unhashed here, + but sd->dentry still point + to this dentry. + + lookup_real + configfs_lookup + configfs_attach_attr---> update sd->s_dentry + to new allocated dentry here. + + d_kill + configfs_d_iput <--- BUG_ON(sd->s_dentry != dentry) + triggered here. + +To fix it, change configfs_d_iput to not update sd->s_dentry if +sd->s_count > 2, that means there are another dentry is using the sd +beside the one that is going to be put. Use configfs_dirent_lock in +configfs_attach_attr to sync with configfs_d_iput. + +With the following steps, you can reproduce the bug. + +1. enable ocfs2, this will mount configfs at /sys/kernel/config and + fill configure in it. + +2. run the following script. + while [ 1 ]; do cat /sys/kernel/config/cluster/$your_cluster_name/idle_timeout_ms > /dev/null; done & + while [ 1 ]; do cat /sys/kernel/config/cluster/$your_cluster_name/idle_timeout_ms > /dev/null; done & + +Signed-off-by: Junxiao Bi +Cc: Joel Becker +Cc: Al Viro +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/configfs/dir.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +--- a/fs/configfs/dir.c ++++ b/fs/configfs/dir.c +@@ -56,10 +56,19 @@ static void configfs_d_iput(struct dentr + struct configfs_dirent *sd = dentry->d_fsdata; + + if (sd) { +- BUG_ON(sd->s_dentry != dentry); + /* Coordinate with configfs_readdir */ + spin_lock(&configfs_dirent_lock); +- sd->s_dentry = NULL; ++ /* Coordinate with configfs_attach_attr where will increase ++ * sd->s_count and update sd->s_dentry to new allocated one. ++ * Only set sd->dentry to null when this dentry is the only ++ * sd owner. ++ * If not do so, configfs_d_iput may run just after ++ * configfs_attach_attr and set sd->s_dentry to null ++ * even it's still in use. ++ */ ++ if (atomic_read(&sd->s_count) <= 2) ++ sd->s_dentry = NULL; ++ + spin_unlock(&configfs_dirent_lock); + configfs_put(sd); + } +@@ -426,8 +435,11 @@ static int configfs_attach_attr(struct c + struct configfs_attribute * attr = sd->s_element; + int error; + ++ spin_lock(&configfs_dirent_lock); + dentry->d_fsdata = configfs_get(sd); + sd->s_dentry = dentry; ++ spin_unlock(&configfs_dirent_lock); ++ + error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG, + configfs_init_file); + if (error) { diff --git a/queue-3.12/cris-media-platform-drivers-fix-build.patch b/queue-3.12/cris-media-platform-drivers-fix-build.patch new file mode 100644 index 00000000000..adf81505bd3 --- /dev/null +++ b/queue-3.12/cris-media-platform-drivers-fix-build.patch @@ -0,0 +1,56 @@ +From 72a0c5571351f5184195754d23db3e14495b2080 Mon Sep 17 00:00:00 2001 +From: Mauro Carvalho Chehab +Date: Tue, 12 Nov 2013 15:06:49 -0800 +Subject: cris: media platform drivers: fix build + +From: Mauro Carvalho Chehab + +commit 72a0c5571351f5184195754d23db3e14495b2080 upstream. + +On cris arch, the functions below aren't defined: + + drivers/media/platform/sh_veu.c: In function 'sh_veu_reg_read': + + drivers/media/platform/sh_veu.c:228:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration] + drivers/media/platform/sh_veu.c: In function 'sh_veu_reg_write': + + drivers/media/platform/sh_veu.c:234:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration] + drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_read': + drivers/media/platform/vsp1/vsp1.h:66:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration] + drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_write': + drivers/media/platform/vsp1/vsp1.h:71:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration] + drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_read': + drivers/media/platform/vsp1/vsp1.h:66:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration] + drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_write': + drivers/media/platform/vsp1/vsp1.h:71:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration] + drivers/media/platform/soc_camera/rcar_vin.c: In function 'rcar_vin_setup': + drivers/media/platform/soc_camera/rcar_vin.c:284:3: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration] + + drivers/media/platform/soc_camera/rcar_vin.c: In function 'rcar_vin_request_capture_stop': + drivers/media/platform/soc_camera/rcar_vin.c:353:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration] + +Yet, they're available, as CONFIG_GENERIC_IOMAP is defined. What happens +is that asm/io.h was not including asm-generic/iomap.h. + +Suggested-by: Ben Hutchings +Signed-off-by: Mauro Carvalho Chehab +Cc: Mikael Starvik +Cc: Jesper Nilsson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/cris/include/asm/io.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/cris/include/asm/io.h ++++ b/arch/cris/include/asm/io.h +@@ -3,6 +3,7 @@ + + #include /* for __va, __pa */ + #include ++#include + #include + + struct cris_io_operations diff --git a/queue-3.12/gfs2-d_splice_alias-can-t-return-error.patch b/queue-3.12/gfs2-d_splice_alias-can-t-return-error.patch new file mode 100644 index 00000000000..af732743852 --- /dev/null +++ b/queue-3.12/gfs2-d_splice_alias-can-t-return-error.patch @@ -0,0 +1,42 @@ +From 0d0d110720d7960b77c03c9f2597faaff4b484ae Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Mon, 16 Sep 2013 14:52:00 +0200 +Subject: GFS2: d_splice_alias() can't return error + +From: Miklos Szeredi + +commit 0d0d110720d7960b77c03c9f2597faaff4b484ae upstream. + +unless it was given an IS_ERR(inode), which isn't the case here. So clean +up the unnecessary error handling in gfs2_create_inode(). + +This paves the way for real fixes (hence the stable Cc). + +Signed-off-by: Miklos Szeredi +Signed-off-by: Steven Whitehouse +Signed-off-by: Greg Kroah-Hartman + +--- + fs/gfs2/inode.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/fs/gfs2/inode.c ++++ b/fs/gfs2/inode.c +@@ -584,7 +584,7 @@ static int gfs2_create_inode(struct inod + if (!IS_ERR(inode)) { + d = d_splice_alias(inode, dentry); + error = 0; +- if (file && !IS_ERR(d)) { ++ if (file) { + if (d == NULL) + d = dentry; + if (S_ISREG(inode->i_mode)) +@@ -593,8 +593,6 @@ static int gfs2_create_inode(struct inod + error = finish_no_open(file, d); + } + gfs2_glock_dq_uninit(ghs); +- if (IS_ERR(d)) +- return PTR_ERR(d); + return error; + } else if (error != -ENOENT) { + goto fail_gunlock; diff --git a/queue-3.12/gfs2-fix-dentry-leaks.patch b/queue-3.12/gfs2-fix-dentry-leaks.patch new file mode 100644 index 00000000000..84085f9ae1f --- /dev/null +++ b/queue-3.12/gfs2-fix-dentry-leaks.patch @@ -0,0 +1,79 @@ +From 5ca1db41ecdeb0358b968265fadb755213558a85 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Mon, 23 Sep 2013 13:21:04 +0100 +Subject: GFS2: fix dentry leaks + +From: Miklos Szeredi + +commit 5ca1db41ecdeb0358b968265fadb755213558a85 upstream. + +We need to dput() the result of d_splice_alias(), unless it is passed to +finish_no_open(). + +Edited by Steven Whitehouse in order to make it apply to the current +GFS2 git tree, and taking account of a prerequisite patch which hasn't +been applied. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Steven Whitehouse +Signed-off-by: Greg Kroah-Hartman + +--- + fs/gfs2/inode.c | 26 ++++++++++++++++---------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +--- a/fs/gfs2/inode.c ++++ b/fs/gfs2/inode.c +@@ -585,12 +585,14 @@ static int gfs2_create_inode(struct inod + d = d_splice_alias(inode, dentry); + error = 0; + if (file) { +- if (d == NULL) +- d = dentry; +- if (S_ISREG(inode->i_mode)) +- error = finish_open(file, d, gfs2_open_common, opened); +- else ++ if (S_ISREG(inode->i_mode)) { ++ WARN_ON(d != NULL); ++ error = finish_open(file, dentry, gfs2_open_common, opened); ++ } else { + error = finish_no_open(file, d); ++ } ++ } else { ++ dput(d); + } + gfs2_glock_dq_uninit(ghs); + return error; +@@ -779,8 +781,10 @@ static struct dentry *__gfs2_lookup(stru + error = finish_open(file, dentry, gfs2_open_common, opened); + + gfs2_glock_dq_uninit(&gh); +- if (error) ++ if (error) { ++ dput(d); + return ERR_PTR(error); ++ } + return d; + } + +@@ -1161,14 +1165,16 @@ static int gfs2_atomic_open(struct inode + d = __gfs2_lookup(dir, dentry, file, opened); + if (IS_ERR(d)) + return PTR_ERR(d); +- if (d == NULL) +- d = dentry; +- if (d->d_inode) { ++ if (d != NULL) ++ dentry = d; ++ if (dentry->d_inode) { + if (!(*opened & FILE_OPENED)) +- return finish_no_open(file, d); ++ return finish_no_open(file, dentry); ++ dput(d); + return 0; + } + ++ BUG_ON(d != NULL); + if (!(flags & O_CREAT)) + return -ENOENT; + diff --git a/queue-3.12/s390-time-fix-get_tod_clock_ext-inline-assembly.patch b/queue-3.12/s390-time-fix-get_tod_clock_ext-inline-assembly.patch new file mode 100644 index 00000000000..b3479acb49d --- /dev/null +++ b/queue-3.12/s390-time-fix-get_tod_clock_ext-inline-assembly.patch @@ -0,0 +1,35 @@ +From 7ab64a85e1a009046f97413a573e83fd85f7804d Mon Sep 17 00:00:00 2001 +From: Martin Schwidefsky +Date: Mon, 28 Oct 2013 11:17:10 +0100 +Subject: s390/time: fix get_tod_clock_ext inline assembly + +From: Martin Schwidefsky + +commit 7ab64a85e1a009046f97413a573e83fd85f7804d upstream. + +The get_tod_clock_ext inline assembly does not specify its output +operands correctly. This can cause incorrect code to be generated. + +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/include/asm/timex.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/s390/include/asm/timex.h ++++ b/arch/s390/include/asm/timex.h +@@ -71,9 +71,11 @@ static inline void local_tick_enable(uns + + typedef unsigned long long cycles_t; + +-static inline void get_tod_clock_ext(char *clk) ++static inline void get_tod_clock_ext(char clk[16]) + { +- asm volatile("stcke %0" : "=Q" (*clk) : : "cc"); ++ typedef struct { char _[sizeof(clk)]; } addrtype; ++ ++ asm volatile("stcke %0" : "=Q" (*(addrtype *) clk) : : "cc"); + } + + static inline unsigned long long get_tod_clock(void) diff --git a/queue-3.12/s390-vtime-correct-idle-time-calculation.patch b/queue-3.12/s390-vtime-correct-idle-time-calculation.patch new file mode 100644 index 00000000000..30e1a67e26b --- /dev/null +++ b/queue-3.12/s390-vtime-correct-idle-time-calculation.patch @@ -0,0 +1,53 @@ +From 4560e7c3317c7a2b370e36dadd3a3bac2ed70818 Mon Sep 17 00:00:00 2001 +From: Martin Schwidefsky +Date: Mon, 28 Oct 2013 12:15:32 +0100 +Subject: s390/vtime: correct idle time calculation + +From: Martin Schwidefsky + +commit 4560e7c3317c7a2b370e36dadd3a3bac2ed70818 upstream. + +Use the ACCESS_ONCE macro for both accesses to idle->sequence in the +loops to calculate the idle time. If only one access uses the macro, +the compiler is free to cache the value for the second access which +can cause endless loops. + +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/kernel/smp.c | 4 ++-- + arch/s390/kernel/vtime.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/s390/kernel/smp.c ++++ b/arch/s390/kernel/smp.c +@@ -929,7 +929,7 @@ static ssize_t show_idle_count(struct de + idle_count = ACCESS_ONCE(idle->idle_count); + if (ACCESS_ONCE(idle->clock_idle_enter)) + idle_count++; +- } while ((sequence & 1) || (idle->sequence != sequence)); ++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); + return sprintf(buf, "%llu\n", idle_count); + } + static DEVICE_ATTR(idle_count, 0444, show_idle_count, NULL); +@@ -947,7 +947,7 @@ static ssize_t show_idle_time(struct dev + idle_time = ACCESS_ONCE(idle->idle_time); + idle_enter = ACCESS_ONCE(idle->clock_idle_enter); + idle_exit = ACCESS_ONCE(idle->clock_idle_exit); +- } while ((sequence & 1) || (idle->sequence != sequence)); ++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); + idle_time += idle_enter ? ((idle_exit ? : now) - idle_enter) : 0; + return sprintf(buf, "%llu\n", idle_time >> 12); + } +--- a/arch/s390/kernel/vtime.c ++++ b/arch/s390/kernel/vtime.c +@@ -191,7 +191,7 @@ cputime64_t s390_get_idle_time(int cpu) + sequence = ACCESS_ONCE(idle->sequence); + idle_enter = ACCESS_ONCE(idle->clock_idle_enter); + idle_exit = ACCESS_ONCE(idle->clock_idle_exit); +- } while ((sequence & 1) || (idle->sequence != sequence)); ++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); + return idle_enter ? ((idle_exit ?: now) - idle_enter) : 0; + } + diff --git a/queue-3.12/series b/queue-3.12/series index 2e3d7062c93..8e71e28ee0c 100644 --- a/queue-3.12/series +++ b/queue-3.12/series @@ -108,3 +108,9 @@ usb-musb-call-musb_start-only-once-in-otg-mode.patch usb-musb-dsps-move-try_idle-to-start-hook.patch usb-musb-dsps-redo-the-otg-timer.patch usb-musb-core-properly-free-host-device-structs-in-err-path.patch +s390-time-fix-get_tod_clock_ext-inline-assembly.patch +s390-vtime-correct-idle-time-calculation.patch +configfs-fix-race-between-dentry-put-and-lookup.patch +gfs2-d_splice_alias-can-t-return-error.patch +gfs2-fix-dentry-leaks.patch +cris-media-platform-drivers-fix-build.patch