From: Greg Kroah-Hartman Date: Wed, 31 Oct 2012 19:05:20 +0000 (-0700) Subject: 3.0-stable patches X-Git-Tag: v3.0.51~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc2e1430ab163d12071e3d61aa354e03ee4dd95e;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: ceph-fix-oops-when-handling-mdsmap-that-decreases-max_mds.patch floppy-do-put_disk-on-current-dr-if-blk_init_queue-fails.patch libceph-check-for-invalid-mapping.patch x86-remove-the-ancient-and-deprecated-disable_hlt-and-enable_hlt-facility.patch --- diff --git a/queue-3.0/ceph-fix-oops-when-handling-mdsmap-that-decreases-max_mds.patch b/queue-3.0/ceph-fix-oops-when-handling-mdsmap-that-decreases-max_mds.patch new file mode 100644 index 00000000000..d32361dbe69 --- /dev/null +++ b/queue-3.0/ceph-fix-oops-when-handling-mdsmap-that-decreases-max_mds.patch @@ -0,0 +1,32 @@ +From 3e8f43a089f06279c5f76a9ccd42578eebf7bfa5 Mon Sep 17 00:00:00 2001 +From: "Yan, Zheng" +Date: Thu, 20 Sep 2012 17:42:25 +0800 +Subject: ceph: Fix oops when handling mdsmap that decreases max_mds + +From: "Yan, Zheng" + +commit 3e8f43a089f06279c5f76a9ccd42578eebf7bfa5 upstream. + +When i >= newmap->m_max_mds, ceph_mdsmap_get_addr(newmap, i) return +NULL. Passing NULL to memcmp() triggers oops. + +Signed-off-by: Yan, Zheng +Signed-off-by: Sage Weil +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ceph/mds_client.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/ceph/mds_client.c ++++ b/fs/ceph/mds_client.c +@@ -2621,7 +2621,8 @@ static void check_new_map(struct ceph_md + ceph_mdsmap_is_laggy(newmap, i) ? " (laggy)" : "", + session_state_name(s->s_state)); + +- if (memcmp(ceph_mdsmap_get_addr(oldmap, i), ++ if (i >= newmap->m_max_mds || ++ memcmp(ceph_mdsmap_get_addr(oldmap, i), + ceph_mdsmap_get_addr(newmap, i), + sizeof(struct ceph_entity_addr))) { + if (s->s_state == CEPH_MDS_SESSION_OPENING) { diff --git a/queue-3.0/floppy-do-put_disk-on-current-dr-if-blk_init_queue-fails.patch b/queue-3.0/floppy-do-put_disk-on-current-dr-if-blk_init_queue-fails.patch new file mode 100644 index 00000000000..51681df4966 --- /dev/null +++ b/queue-3.0/floppy-do-put_disk-on-current-dr-if-blk_init_queue-fails.patch @@ -0,0 +1,32 @@ +From 238ab78469c6ab7845b43d5061cd3c92331b2452 Mon Sep 17 00:00:00 2001 +From: Herton Ronaldo Krzesinski +Date: Mon, 27 Aug 2012 20:56:52 -0300 +Subject: floppy: do put_disk on current dr if blk_init_queue fails + +From: Herton Ronaldo Krzesinski + +commit 238ab78469c6ab7845b43d5061cd3c92331b2452 upstream. + +If blk_init_queue fails, we do not call put_disk on the current dr +(dr is decremented first in the error handling loop). + +Reviewed-by: Ben Hutchings +Signed-off-by: Herton Ronaldo Krzesinski +Signed-off-by: Jiri Kosina +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/floppy.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -4198,6 +4198,7 @@ static int __init floppy_init(void) + + disks[dr]->queue = blk_init_queue(do_fd_request, &floppy_lock); + if (!disks[dr]->queue) { ++ put_disk(disks[dr]); + err = -ENOMEM; + goto out_put_disk; + } diff --git a/queue-3.0/libceph-check-for-invalid-mapping.patch b/queue-3.0/libceph-check-for-invalid-mapping.patch new file mode 100644 index 00000000000..4410e3b86a3 --- /dev/null +++ b/queue-3.0/libceph-check-for-invalid-mapping.patch @@ -0,0 +1,166 @@ +From d63b77f4c552cc3a20506871046ab0fcbc332609 Mon Sep 17 00:00:00 2001 +From: Sage Weil +Date: Mon, 24 Sep 2012 20:59:48 -0700 +Subject: libceph: check for invalid mapping + +From: Sage Weil + +commit d63b77f4c552cc3a20506871046ab0fcbc332609 upstream. + +If we encounter an invalid (e.g., zeroed) mapping, return an error +and avoid a divide by zero. + +Signed-off-by: Sage Weil +Reviewed-by: Alex Elder +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/ceph/osd_client.h | 2 +- + include/linux/ceph/osdmap.h | 6 +++--- + net/ceph/osd_client.c | 32 ++++++++++++++++++++------------ + net/ceph/osdmap.c | 18 ++++++++++++++++-- + 4 files changed, 40 insertions(+), 18 deletions(-) + +--- a/include/linux/ceph/osd_client.h ++++ b/include/linux/ceph/osd_client.h +@@ -202,7 +202,7 @@ extern void ceph_osdc_handle_reply(struc + extern void ceph_osdc_handle_map(struct ceph_osd_client *osdc, + struct ceph_msg *msg); + +-extern void ceph_calc_raw_layout(struct ceph_osd_client *osdc, ++extern int ceph_calc_raw_layout(struct ceph_osd_client *osdc, + struct ceph_file_layout *layout, + u64 snapid, + u64 off, u64 *plen, u64 *bno, +--- a/include/linux/ceph/osdmap.h ++++ b/include/linux/ceph/osdmap.h +@@ -111,9 +111,9 @@ extern struct ceph_osdmap *osdmap_apply_ + extern void ceph_osdmap_destroy(struct ceph_osdmap *map); + + /* calculate mapping of a file extent to an object */ +-extern void ceph_calc_file_object_mapping(struct ceph_file_layout *layout, +- u64 off, u64 *plen, +- u64 *bno, u64 *oxoff, u64 *oxlen); ++extern int ceph_calc_file_object_mapping(struct ceph_file_layout *layout, ++ u64 off, u64 *plen, ++ u64 *bno, u64 *oxoff, u64 *oxlen); + + /* calculate mapping of object to a placement group */ + extern int ceph_calc_object_layout(struct ceph_object_layout *ol, +--- a/net/ceph/osd_client.c ++++ b/net/ceph/osd_client.c +@@ -52,7 +52,7 @@ static int op_has_extent(int op) + op == CEPH_OSD_OP_WRITE); + } + +-void ceph_calc_raw_layout(struct ceph_osd_client *osdc, ++int ceph_calc_raw_layout(struct ceph_osd_client *osdc, + struct ceph_file_layout *layout, + u64 snapid, + u64 off, u64 *plen, u64 *bno, +@@ -62,12 +62,15 @@ void ceph_calc_raw_layout(struct ceph_os + struct ceph_osd_request_head *reqhead = req->r_request->front.iov_base; + u64 orig_len = *plen; + u64 objoff, objlen; /* extent in object */ ++ int r; + + reqhead->snapid = cpu_to_le64(snapid); + + /* object extent? */ +- ceph_calc_file_object_mapping(layout, off, plen, bno, +- &objoff, &objlen); ++ r = ceph_calc_file_object_mapping(layout, off, plen, bno, ++ &objoff, &objlen); ++ if (r < 0) ++ return r; + if (*plen < orig_len) + dout(" skipping last %llu, final file extent %llu~%llu\n", + orig_len - *plen, off, *plen); +@@ -83,7 +86,7 @@ void ceph_calc_raw_layout(struct ceph_os + + dout("calc_layout bno=%llx %llu~%llu (%d pages)\n", + *bno, objoff, objlen, req->r_num_pages); +- ++ return 0; + } + EXPORT_SYMBOL(ceph_calc_raw_layout); + +@@ -112,20 +115,25 @@ EXPORT_SYMBOL(ceph_calc_raw_layout); + * + * fill osd op in request message. + */ +-static void calc_layout(struct ceph_osd_client *osdc, +- struct ceph_vino vino, +- struct ceph_file_layout *layout, +- u64 off, u64 *plen, +- struct ceph_osd_request *req, +- struct ceph_osd_req_op *op) ++static int calc_layout(struct ceph_osd_client *osdc, ++ struct ceph_vino vino, ++ struct ceph_file_layout *layout, ++ u64 off, u64 *plen, ++ struct ceph_osd_request *req, ++ struct ceph_osd_req_op *op) + { + u64 bno; ++ int r; + +- ceph_calc_raw_layout(osdc, layout, vino.snap, off, +- plen, &bno, req, op); ++ r = ceph_calc_raw_layout(osdc, layout, vino.snap, off, ++ plen, &bno, req, op); ++ if (r < 0) ++ return r; + + snprintf(req->r_oid, sizeof(req->r_oid), "%llx.%08llx", vino.ino, bno); + req->r_oid_len = strlen(req->r_oid); ++ ++ return r; + } + + /* +--- a/net/ceph/osdmap.c ++++ b/net/ceph/osdmap.c +@@ -941,7 +941,7 @@ bad: + * for now, we write only a single su, until we can + * pass a stride back to the caller. + */ +-void ceph_calc_file_object_mapping(struct ceph_file_layout *layout, ++int ceph_calc_file_object_mapping(struct ceph_file_layout *layout, + u64 off, u64 *plen, + u64 *ono, + u64 *oxoff, u64 *oxlen) +@@ -955,11 +955,17 @@ void ceph_calc_file_object_mapping(struc + + dout("mapping %llu~%llu osize %u fl_su %u\n", off, *plen, + osize, su); ++ if (su == 0 || sc == 0) ++ goto invalid; + su_per_object = osize / su; ++ if (su_per_object == 0) ++ goto invalid; + dout("osize %u / su %u = su_per_object %u\n", osize, su, + su_per_object); + +- BUG_ON((su & ~PAGE_MASK) != 0); ++ if ((su & ~PAGE_MASK) != 0) ++ goto invalid; ++ + /* bl = *off / su; */ + t = off; + do_div(t, su); +@@ -987,6 +993,14 @@ void ceph_calc_file_object_mapping(struc + *plen = *oxlen; + + dout(" obj extent %llu~%llu\n", *oxoff, *oxlen); ++ return 0; ++ ++invalid: ++ dout(" invalid layout\n"); ++ *ono = 0; ++ *oxoff = 0; ++ *oxlen = 0; ++ return -EINVAL; + } + EXPORT_SYMBOL(ceph_calc_file_object_mapping); + diff --git a/queue-3.0/series b/queue-3.0/series new file mode 100644 index 00000000000..b4f3abe872f --- /dev/null +++ b/queue-3.0/series @@ -0,0 +1,4 @@ +floppy-do-put_disk-on-current-dr-if-blk_init_queue-fails.patch +x86-remove-the-ancient-and-deprecated-disable_hlt-and-enable_hlt-facility.patch +ceph-fix-oops-when-handling-mdsmap-that-decreases-max_mds.patch +libceph-check-for-invalid-mapping.patch diff --git a/queue-3.0/x86-remove-the-ancient-and-deprecated-disable_hlt-and-enable_hlt-facility.patch b/queue-3.0/x86-remove-the-ancient-and-deprecated-disable_hlt-and-enable_hlt-facility.patch new file mode 100644 index 00000000000..b381af1a39c --- /dev/null +++ b/queue-3.0/x86-remove-the-ancient-and-deprecated-disable_hlt-and-enable_hlt-facility.patch @@ -0,0 +1,214 @@ +From f6365201d8a21fb347260f89d6e9b3e718d63c70 Mon Sep 17 00:00:00 2001 +From: Len Brown +Date: Thu, 29 Mar 2012 14:49:17 -0700 +Subject: x86: Remove the ancient and deprecated disable_hlt() and enable_hlt() facility + +From: Len Brown + +commit f6365201d8a21fb347260f89d6e9b3e718d63c70 upstream. + +The X86_32-only disable_hlt/enable_hlt mechanism was used by the +32-bit floppy driver. Its effect was to replace the use of the +HLT instruction inside default_idle() with cpu_relax() - essentially +it turned off the use of HLT. + +This workaround was commented in the code as: + + "disable hlt during certain critical i/o operations" + + "This halt magic was a workaround for ancient floppy DMA + wreckage. It should be safe to remove." + +H. Peter Anvin additionally adds: + + "To the best of my knowledge, no-hlt only existed because of + flaky power distributions on 386/486 systems which were sold to + run DOS. Since DOS did no power management of any kind, + including HLT, the power draw was fairly uniform; when exposed + to the much hhigher noise levels you got when Linux used HLT + caused some of these systems to fail. + + They were by far in the minority even back then." + +Alan Cox further says: + + "Also for the Cyrix 5510 which tended to go castors up if a HLT + occurred during a DMA cycle and on a few other boxes HLT during + DMA tended to go astray. + + Do we care ? I doubt it. The 5510 was pretty obscure, the 5520 + fixed it, the 5530 is probably the oldest still in any kind of + use." + +So, let's finally drop this. + +Signed-off-by: Len Brown +Signed-off-by: Josh Boyer +Signed-off-by: Andrew Morton +Acked-by: "H. Peter Anvin" +Acked-by: Alan Cox +Cc: Stephen Hemminger +Link: http://lkml.kernel.org/n/tip-3rhk9bzf0x9rljkv488tloib@git.kernel.org +[ If anyone cares then alternative instruction patching could be + used to replace HLT with a one-byte NOP instruction. Much simpler. ] +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/feature-removal-schedule.txt | 8 ------ + arch/x86/include/asm/system.h | 7 ----- + arch/x86/kernel/process.c | 24 ------------------- + drivers/block/floppy.c | 36 ----------------------------- + 4 files changed, 75 deletions(-) + +--- a/Documentation/feature-removal-schedule.txt ++++ b/Documentation/feature-removal-schedule.txt +@@ -6,14 +6,6 @@ be removed from this file. + + --------------------------- + +-What: x86 floppy disable_hlt +-When: 2012 +-Why: ancient workaround of dubious utility clutters the +- code used by everybody else. +-Who: Len Brown +- +---------------------------- +- + What: CONFIG_APM_CPU_IDLE, and its ability to call APM BIOS in idle + When: 2012 + Why: This optional sub-feature of APM is of dubious reliability, +--- a/arch/x86/include/asm/system.h ++++ b/arch/x86/include/asm/system.h +@@ -93,10 +93,6 @@ do { \ + "memory"); \ + } while (0) + +-/* +- * disable hlt during certain critical i/o operations +- */ +-#define HAVE_DISABLE_HLT + #else + + /* frame pointer must be last for get_wchan */ +@@ -392,9 +388,6 @@ static inline void clflush(volatile void + + #define nop() asm volatile ("nop") + +-void disable_hlt(void); +-void enable_hlt(void); +- + void cpu_idle_wait(void); + + extern unsigned long arch_align_stack(unsigned long sp); +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -341,34 +341,10 @@ void (*pm_idle)(void); + EXPORT_SYMBOL(pm_idle); + #endif + +-#ifdef CONFIG_X86_32 +-/* +- * This halt magic was a workaround for ancient floppy DMA +- * wreckage. It should be safe to remove. +- */ +-static int hlt_counter; +-void disable_hlt(void) +-{ +- hlt_counter++; +-} +-EXPORT_SYMBOL(disable_hlt); +- +-void enable_hlt(void) +-{ +- hlt_counter--; +-} +-EXPORT_SYMBOL(enable_hlt); +- +-static inline int hlt_use_halt(void) +-{ +- return (!hlt_counter && boot_cpu_data.hlt_works_ok); +-} +-#else + static inline int hlt_use_halt(void) + { + return 1; + } +-#endif + + /* + * We use this if we don't have any better +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -1032,37 +1032,6 @@ static int fd_wait_for_completion(unsign + return 0; + } + +-static DEFINE_SPINLOCK(floppy_hlt_lock); +-static int hlt_disabled; +-static void floppy_disable_hlt(void) +-{ +- unsigned long flags; +- +- WARN_ONCE(1, "floppy_disable_hlt() scheduled for removal in 2012"); +- spin_lock_irqsave(&floppy_hlt_lock, flags); +- if (!hlt_disabled) { +- hlt_disabled = 1; +-#ifdef HAVE_DISABLE_HLT +- disable_hlt(); +-#endif +- } +- spin_unlock_irqrestore(&floppy_hlt_lock, flags); +-} +- +-static void floppy_enable_hlt(void) +-{ +- unsigned long flags; +- +- spin_lock_irqsave(&floppy_hlt_lock, flags); +- if (hlt_disabled) { +- hlt_disabled = 0; +-#ifdef HAVE_DISABLE_HLT +- enable_hlt(); +-#endif +- } +- spin_unlock_irqrestore(&floppy_hlt_lock, flags); +-} +- + static void setup_DMA(void) + { + unsigned long f; +@@ -1107,7 +1076,6 @@ static void setup_DMA(void) + fd_enable_dma(); + release_dma_lock(f); + #endif +- floppy_disable_hlt(); + } + + static void show_floppy(void); +@@ -1709,7 +1677,6 @@ irqreturn_t floppy_interrupt(int irq, vo + fd_disable_dma(); + release_dma_lock(f); + +- floppy_enable_hlt(); + do_floppy = NULL; + if (fdc >= N_FDC || FDCS->address == -1) { + /* we don't even know which FDC is the culprit */ +@@ -1858,8 +1825,6 @@ static void floppy_shutdown(unsigned lon + show_floppy(); + cancel_activity(); + +- floppy_enable_hlt(); +- + flags = claim_dma_lock(); + fd_disable_dma(); + release_dma_lock(flags); +@@ -4505,7 +4470,6 @@ static void floppy_release_irq_and_dma(v + #if N_FDC > 1 + set_dor(1, ~8, 0); + #endif +- floppy_enable_hlt(); + + if (floppy_track_buffer && max_buffer_sectors) { + tmpsize = max_buffer_sectors * 1024;