From 177b3169afa3f6adbdc43e7e27919c697cdc0090 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 3 Oct 2014 12:18:23 -0700 Subject: [PATCH] 3.14-stable patches added patches: eventpoll-fix-uninitialized-variable-in-epoll_ctl.patch fs-notify-don-t-show-f_handle-if-exportfs_encode_inode_fh-failed.patch fsnotify-fdinfo-use-named-constants-instead-of-hardcoded-values.patch kcmp-fix-standard-comparison-bug.patch mm-slab-initialize-object-alignment-on-cache-creation.patch mm-softdirty-keep-bit-when-zapping-file-pte.patch nilfs2-fix-data-loss-with-mmap.patch ocfs2-dlm-do-not-get-resource-spinlock-if-lockres-is-new.patch revert-mac80211-disable-uapsd-if-all-acs-are-under-acm.patch --- ...-uninitialized-variable-in-epoll_ctl.patch | 60 ++++++++ ...e-if-exportfs_encode_inode_fh-failed.patch | 34 +++++ ...onstants-instead-of-hardcoded-values.patch | 43 ++++++ .../kcmp-fix-standard-comparison-bug.patch | 137 ++++++++++++++++++ ...e-object-alignment-on-cache-creation.patch | 58 ++++++++ ...dirty-keep-bit-when-zapping-file-pte.patch | 45 ++++++ .../nilfs2-fix-data-loss-with-mmap.patch | 115 +++++++++++++++ ...-resource-spinlock-if-lockres-is-new.patch | 76 ++++++++++ ...sable-uapsd-if-all-acs-are-under-acm.patch | 38 +++++ queue-3.14/series | 9 ++ 10 files changed, 615 insertions(+) create mode 100644 queue-3.14/eventpoll-fix-uninitialized-variable-in-epoll_ctl.patch create mode 100644 queue-3.14/fs-notify-don-t-show-f_handle-if-exportfs_encode_inode_fh-failed.patch create mode 100644 queue-3.14/fsnotify-fdinfo-use-named-constants-instead-of-hardcoded-values.patch create mode 100644 queue-3.14/kcmp-fix-standard-comparison-bug.patch create mode 100644 queue-3.14/mm-slab-initialize-object-alignment-on-cache-creation.patch create mode 100644 queue-3.14/mm-softdirty-keep-bit-when-zapping-file-pte.patch create mode 100644 queue-3.14/nilfs2-fix-data-loss-with-mmap.patch create mode 100644 queue-3.14/ocfs2-dlm-do-not-get-resource-spinlock-if-lockres-is-new.patch create mode 100644 queue-3.14/revert-mac80211-disable-uapsd-if-all-acs-are-under-acm.patch diff --git a/queue-3.14/eventpoll-fix-uninitialized-variable-in-epoll_ctl.patch b/queue-3.14/eventpoll-fix-uninitialized-variable-in-epoll_ctl.patch new file mode 100644 index 00000000000..018797096a4 --- /dev/null +++ b/queue-3.14/eventpoll-fix-uninitialized-variable-in-epoll_ctl.patch @@ -0,0 +1,60 @@ +From c680e41b3a2e944185c74bf60531e3d316d3ecc4 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Tue, 9 Sep 2014 14:50:51 -0700 +Subject: eventpoll: fix uninitialized variable in epoll_ctl +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nicolas Iooss + +commit c680e41b3a2e944185c74bf60531e3d316d3ecc4 upstream. + +When calling epoll_ctl with operation EPOLL_CTL_DEL, structure epds is +not initialized but ep_take_care_of_epollwakeup reads its event field. +When this unintialized field has EPOLLWAKEUP bit set, a capability check +is done for CAP_BLOCK_SUSPEND in ep_take_care_of_epollwakeup. This +produces unexpected messages in the audit log, such as (on a system +running SELinux): + + type=AVC msg=audit(1408212798.866:410): avc: denied + { block_suspend } for pid=7754 comm="dbus-daemon" capability=36 + scontext=unconfined_u:unconfined_r:unconfined_t + tcontext=unconfined_u:unconfined_r:unconfined_t + tclass=capability2 permissive=1 + + type=SYSCALL msg=audit(1408212798.866:410): arch=c000003e syscall=233 + success=yes exit=0 a0=3 a1=2 a2=9 a3=7fffd4d66ec0 items=0 ppid=1 + pid=7754 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 + fsgid=0 tty=(none) ses=3 comm="dbus-daemon" + exe="/usr/bin/dbus-daemon" + subj=unconfined_u:unconfined_r:unconfined_t key=(null) + +("arch=c000003e syscall=233 a1=2" means "epoll_ctl(op=EPOLL_CTL_DEL)") + +Remove use of epds in epoll_ctl when op == EPOLL_CTL_DEL. + +Fixes: 4d7e30d98939 ("epoll: Add a flag, EPOLLWAKEUP, to prevent suspend while epoll events are ready") +Signed-off-by: Nicolas Iooss +Cc: Alexander Viro +Cc: Arve Hjønnevåg +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/eventpoll.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/eventpoll.c ++++ b/fs/eventpoll.c +@@ -1852,7 +1852,8 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, in + goto error_tgt_fput; + + /* Check if EPOLLWAKEUP is allowed */ +- ep_take_care_of_epollwakeup(&epds); ++ if (ep_op_has_event(op)) ++ ep_take_care_of_epollwakeup(&epds); + + /* + * We have to check that the file structure underneath the file descriptor diff --git a/queue-3.14/fs-notify-don-t-show-f_handle-if-exportfs_encode_inode_fh-failed.patch b/queue-3.14/fs-notify-don-t-show-f_handle-if-exportfs_encode_inode_fh-failed.patch new file mode 100644 index 00000000000..bb146ecafd2 --- /dev/null +++ b/queue-3.14/fs-notify-don-t-show-f_handle-if-exportfs_encode_inode_fh-failed.patch @@ -0,0 +1,34 @@ +From 7e8824816bda16bb11ff5ff1e1212d642e57b0b3 Mon Sep 17 00:00:00 2001 +From: Andrey Vagin +Date: Tue, 9 Sep 2014 14:51:06 -0700 +Subject: fs/notify: don't show f_handle if exportfs_encode_inode_fh failed + +From: Andrey Vagin + +commit 7e8824816bda16bb11ff5ff1e1212d642e57b0b3 upstream. + +Currently we handle only ENOSPC. In case of other errors the file_handle +variable isn't filled properly and we will show a part of stack. + +Signed-off-by: Andrey Vagin +Acked-by: Cyrill Gorcunov +Cc: Alexander Viro +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/notify/fdinfo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/notify/fdinfo.c ++++ b/fs/notify/fdinfo.c +@@ -50,7 +50,7 @@ static int show_mark_fhandle(struct seq_ + size = f.handle.handle_bytes >> 2; + + ret = exportfs_encode_inode_fh(inode, (struct fid *)f.handle.f_handle, &size, 0); +- if ((ret == FILEID_INVALID) || (ret == -ENOSPC)) { ++ if ((ret == FILEID_INVALID) || (ret < 0)) { + WARN_ONCE(1, "Can't encode file handler for inotify: %d\n", ret); + return 0; + } diff --git a/queue-3.14/fsnotify-fdinfo-use-named-constants-instead-of-hardcoded-values.patch b/queue-3.14/fsnotify-fdinfo-use-named-constants-instead-of-hardcoded-values.patch new file mode 100644 index 00000000000..e259f85f0ac --- /dev/null +++ b/queue-3.14/fsnotify-fdinfo-use-named-constants-instead-of-hardcoded-values.patch @@ -0,0 +1,43 @@ +From 1fc98d11cac6dd66342e5580cb2687e5b1e9a613 Mon Sep 17 00:00:00 2001 +From: Andrey Vagin +Date: Tue, 9 Sep 2014 14:51:04 -0700 +Subject: fsnotify/fdinfo: use named constants instead of hardcoded values + +From: Andrey Vagin + +commit 1fc98d11cac6dd66342e5580cb2687e5b1e9a613 upstream. + +MAX_HANDLE_SZ is equal to 128, but currently the size of pad is only 64 +bytes, so exportfs_encode_inode_fh can return an error. + +Signed-off-by: Andrey Vagin +Acked-by: Cyrill Gorcunov +Cc: Alexander Viro +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/notify/fdinfo.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/notify/fdinfo.c ++++ b/fs/notify/fdinfo.c +@@ -42,7 +42,7 @@ static int show_mark_fhandle(struct seq_ + { + struct { + struct file_handle handle; +- u8 pad[64]; ++ u8 pad[MAX_HANDLE_SZ]; + } f; + int size, ret, i; + +@@ -50,7 +50,7 @@ static int show_mark_fhandle(struct seq_ + size = f.handle.handle_bytes >> 2; + + ret = exportfs_encode_inode_fh(inode, (struct fid *)f.handle.f_handle, &size, 0); +- if ((ret == 255) || (ret == -ENOSPC)) { ++ if ((ret == FILEID_INVALID) || (ret == -ENOSPC)) { + WARN_ONCE(1, "Can't encode file handler for inotify: %d\n", ret); + return 0; + } diff --git a/queue-3.14/kcmp-fix-standard-comparison-bug.patch b/queue-3.14/kcmp-fix-standard-comparison-bug.patch new file mode 100644 index 00000000000..7d2cf46ce28 --- /dev/null +++ b/queue-3.14/kcmp-fix-standard-comparison-bug.patch @@ -0,0 +1,137 @@ +From acbbe6fbb240a927ee1f5994f04d31267d422215 Mon Sep 17 00:00:00 2001 +From: Rasmus Villemoes +Date: Tue, 9 Sep 2014 14:51:01 -0700 +Subject: kcmp: fix standard comparison bug + +From: Rasmus Villemoes + +commit acbbe6fbb240a927ee1f5994f04d31267d422215 upstream. + +The C operator <= defines a perfectly fine total ordering on the set of +values representable in a long. However, unlike its namesake in the +integers, it is not translation invariant, meaning that we do not have +"b <= c" iff "a+b <= a+c" for all a,b,c. + +This means that it is always wrong to try to boil down the relationship +between two longs to a question about the sign of their difference, +because the resulting relation [a LEQ b iff a-b <= 0] is neither +anti-symmetric or transitive. The former is due to -LONG_MIN==LONG_MIN +(take any two a,b with a-b = LONG_MIN; then a LEQ b and b LEQ a, but a != +b). The latter can either be seen observing that x LEQ x+1 for all x, +implying x LEQ x+1 LEQ x+2 ... LEQ x-1 LEQ x; or more directly with the +simple example a=LONG_MIN, b=0, c=1, for which a-b < 0, b-c < 0, but a-c > +0. + +Note that it makes absolutely no difference that a transmogrying bijection +has been applied before the comparison is done. In fact, had the +obfuscation not been done, one could probably not observe the bug +(assuming all values being compared always lie in one half of the address +space, the mathematical value of a-b is always representable in a long). +As it stands, one can easily obtain three file descriptors exhibiting the +non-transitivity of kcmp(). + +Side note 1: I can't see that ensuring the MSB of the multiplier is +set serves any purpose other than obfuscating the obfuscating code. + +Side note 2: +#include +#include +#include +#include +#include +#include +#include + +enum kcmp_type { + KCMP_FILE, + KCMP_VM, + KCMP_FILES, + KCMP_FS, + KCMP_SIGHAND, + KCMP_IO, + KCMP_SYSVSEM, + KCMP_TYPES, +}; +pid_t pid; + +int kcmp(pid_t pid1, pid_t pid2, int type, + unsigned long idx1, unsigned long idx2) +{ + return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2); +} +int cmp_fd(int fd1, int fd2) +{ + int c = kcmp(pid, pid, KCMP_FILE, fd1, fd2); + if (c < 0) { + perror("kcmp"); + exit(1); + } + assert(0 <= c && c < 3); + return c; +} +int cmp_fdp(const void *a, const void *b) +{ + static const int normalize[] = {0, -1, 1}; + return normalize[cmp_fd(*(int*)a, *(int*)b)]; +} +#define MAX 100 /* This is plenty; I've seen it trigger for MAX==3 */ +int main(int argc, char *argv[]) +{ + int r, s, count = 0; + int REL[3] = {0,0,0}; + int fd[MAX]; + pid = getpid(); + while (count < MAX) { + r = open("/dev/null", O_RDONLY); + if (r < 0) + break; + fd[count++] = r; + } + printf("opened %d file descriptors\n", count); + for (r = 0; r < count; ++r) { + for (s = r+1; s < count; ++s) { + REL[cmp_fd(fd[r], fd[s])]++; + } + } + printf("== %d\t< %d\t> %d\n", REL[0], REL[1], REL[2]); + qsort(fd, count, sizeof(fd[0]), cmp_fdp); + memset(REL, 0, sizeof(REL)); + + for (r = 0; r < count; ++r) { + for (s = r+1; s < count; ++s) { + REL[cmp_fd(fd[r], fd[s])]++; + } + } + printf("== %d\t< %d\t> %d\n", REL[0], REL[1], REL[2]); + return (REL[0] + REL[2] != 0); +} + +Signed-off-by: Rasmus Villemoes +Reviewed-by: Cyrill Gorcunov +"Eric W. Biederman" +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/kcmp.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/kernel/kcmp.c ++++ b/kernel/kcmp.c +@@ -44,11 +44,12 @@ static long kptr_obfuscate(long v, int t + */ + static int kcmp_ptr(void *v1, void *v2, enum kcmp_type type) + { +- long ret; ++ long t1, t2; + +- ret = kptr_obfuscate((long)v1, type) - kptr_obfuscate((long)v2, type); ++ t1 = kptr_obfuscate((long)v1, type); ++ t2 = kptr_obfuscate((long)v2, type); + +- return (ret < 0) | ((ret > 0) << 1); ++ return (t1 < t2) | ((t1 > t2) << 1); + } + + /* The caller must have pinned the task */ diff --git a/queue-3.14/mm-slab-initialize-object-alignment-on-cache-creation.patch b/queue-3.14/mm-slab-initialize-object-alignment-on-cache-creation.patch new file mode 100644 index 00000000000..5f4dae6c7dd --- /dev/null +++ b/queue-3.14/mm-slab-initialize-object-alignment-on-cache-creation.patch @@ -0,0 +1,58 @@ +From d4a5fca592b9ab52b90bb261a90af3c8f53be011 Mon Sep 17 00:00:00 2001 +From: David Rientjes +Date: Thu, 25 Sep 2014 16:05:20 -0700 +Subject: mm, slab: initialize object alignment on cache creation + +From: David Rientjes + +commit d4a5fca592b9ab52b90bb261a90af3c8f53be011 upstream. + +Since commit 4590685546a3 ("mm/sl[aou]b: Common alignment code"), the +"ralign" automatic variable in __kmem_cache_create() may be used as +uninitialized. + +The proper alignment defaults to BYTES_PER_WORD and can be overridden by +SLAB_RED_ZONE or the alignment specified by the caller. + +This fixes https://bugzilla.kernel.org/show_bug.cgi?id=85031 + +Signed-off-by: David Rientjes +Reported-by: Andrei Elovikov +Acked-by: Christoph Lameter +Cc: Pekka Enberg +Cc: Joonsoo Kim +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/slab.c | 11 ++--------- + 1 file changed, 2 insertions(+), 9 deletions(-) + +--- a/mm/slab.c ++++ b/mm/slab.c +@@ -2189,7 +2189,8 @@ static int __init_refok setup_cpu_cache( + int + __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags) + { +- size_t left_over, freelist_size, ralign; ++ size_t left_over, freelist_size; ++ size_t ralign = BYTES_PER_WORD; + gfp_t gfp; + int err; + size_t size = cachep->size; +@@ -2222,14 +2223,6 @@ __kmem_cache_create (struct kmem_cache * + size &= ~(BYTES_PER_WORD - 1); + } + +- /* +- * Redzoning and user store require word alignment or possibly larger. +- * Note this will be overridden by architecture or caller mandated +- * alignment if either is greater than BYTES_PER_WORD. +- */ +- if (flags & SLAB_STORE_USER) +- ralign = BYTES_PER_WORD; +- + if (flags & SLAB_RED_ZONE) { + ralign = REDZONE_ALIGN; + /* If redzoning, ensure that the second redzone is suitably diff --git a/queue-3.14/mm-softdirty-keep-bit-when-zapping-file-pte.patch b/queue-3.14/mm-softdirty-keep-bit-when-zapping-file-pte.patch new file mode 100644 index 00000000000..85a53ac7e1e --- /dev/null +++ b/queue-3.14/mm-softdirty-keep-bit-when-zapping-file-pte.patch @@ -0,0 +1,45 @@ +From dbab31aa2ceec2d201966fa0b552f151310ba5f4 Mon Sep 17 00:00:00 2001 +From: Peter Feiner +Date: Thu, 25 Sep 2014 16:05:29 -0700 +Subject: mm: softdirty: keep bit when zapping file pte + +From: Peter Feiner + +commit dbab31aa2ceec2d201966fa0b552f151310ba5f4 upstream. + +This fixes the same bug as b43790eedd31 ("mm: softdirty: don't forget to +save file map softdiry bit on unmap") and 9aed8614af5a ("mm/memory.c: +don't forget to set softdirty on file mapped fault") where the return +value of pte_*mksoft_dirty was being ignored. + +To be sure that no other pte/pmd "mk" function return values were being +ignored, I annotated the functions in arch/x86/include/asm/pgtable.h +with __must_check and rebuilt. + +The userspace effect of this bug is that the softdirty mark might be +lost if a file mapped pte get zapped. + +Signed-off-by: Peter Feiner +Acked-by: Cyrill Gorcunov +Cc: Pavel Emelyanov +Cc: Jamie Liu +Cc: Hugh Dickins +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memory.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1120,7 +1120,7 @@ again: + addr) != page->index) { + pte_t ptfile = pgoff_to_pte(page->index); + if (pte_soft_dirty(ptent)) +- pte_file_mksoft_dirty(ptfile); ++ ptfile = pte_file_mksoft_dirty(ptfile); + set_pte_at(mm, addr, pte, ptfile); + } + if (PageAnon(page)) diff --git a/queue-3.14/nilfs2-fix-data-loss-with-mmap.patch b/queue-3.14/nilfs2-fix-data-loss-with-mmap.patch new file mode 100644 index 00000000000..43ecd83790a --- /dev/null +++ b/queue-3.14/nilfs2-fix-data-loss-with-mmap.patch @@ -0,0 +1,115 @@ +From 56d7acc792c0d98f38f22058671ee715ff197023 Mon Sep 17 00:00:00 2001 +From: Andreas Rohner +Date: Thu, 25 Sep 2014 16:05:14 -0700 +Subject: nilfs2: fix data loss with mmap() + +From: Andreas Rohner + +commit 56d7acc792c0d98f38f22058671ee715ff197023 upstream. + +This bug leads to reproducible silent data loss, despite the use of +msync(), sync() and a clean unmount of the file system. It is easily +reproducible with the following script: + + ----------------[BEGIN SCRIPT]-------------------- + mkfs.nilfs2 -f /dev/sdb + mount /dev/sdb /mnt + + dd if=/dev/zero bs=1M count=30 of=/mnt/testfile + + umount /mnt + mount /dev/sdb /mnt + CHECKSUM_BEFORE="$(md5sum /mnt/testfile)" + + /root/mmaptest/mmaptest /mnt/testfile 30 10 5 + + sync + CHECKSUM_AFTER="$(md5sum /mnt/testfile)" + umount /mnt + mount /dev/sdb /mnt + CHECKSUM_AFTER_REMOUNT="$(md5sum /mnt/testfile)" + umount /mnt + + echo "BEFORE MMAP:\t$CHECKSUM_BEFORE" + echo "AFTER MMAP:\t$CHECKSUM_AFTER" + echo "AFTER REMOUNT:\t$CHECKSUM_AFTER_REMOUNT" + ----------------[END SCRIPT]-------------------- + +The mmaptest tool looks something like this (very simplified, with +error checking removed): + + ----------------[BEGIN mmaptest]-------------------- + data = mmap(NULL, file_size - file_offset, PROT_READ | PROT_WRITE, + MAP_SHARED, fd, file_offset); + + for (i = 0; i < write_count; ++i) { + memcpy(data + i * 4096, buf, sizeof(buf)); + msync(data, file_size - file_offset, MS_SYNC)) + } + ----------------[END mmaptest]-------------------- + +The output of the script looks something like this: + + BEFORE MMAP: 281ed1d5ae50e8419f9b978aab16de83 /mnt/testfile + AFTER MMAP: 6604a1c31f10780331a6850371b3a313 /mnt/testfile + AFTER REMOUNT: 281ed1d5ae50e8419f9b978aab16de83 /mnt/testfile + +So it is clear, that the changes done using mmap() do not survive a +remount. This can be reproduced a 100% of the time. The problem was +introduced in commit 136e8770cd5d ("nilfs2: fix issue of +nilfs_set_page_dirty() for page at EOF boundary"). + +If the page was read with mpage_readpage() or mpage_readpages() for +example, then it has no buffers attached to it. In that case +page_has_buffers(page) in nilfs_set_page_dirty() will be false. +Therefore nilfs_set_file_dirty() is never called and the pages are never +collected and never written to disk. + +This patch fixes the problem by also calling nilfs_set_file_dirty() if the +page has no buffers attached to it. + +[akpm@linux-foundation.org: s/PAGE_SHIFT/PAGE_CACHE_SHIFT/] +Signed-off-by: Andreas Rohner +Tested-by: Andreas Rohner +Signed-off-by: Ryusuke Konishi +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nilfs2/inode.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/fs/nilfs2/inode.c ++++ b/fs/nilfs2/inode.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + #include "nilfs.h" +@@ -219,10 +220,10 @@ static int nilfs_writepage(struct page * + + static int nilfs_set_page_dirty(struct page *page) + { ++ struct inode *inode = page->mapping->host; + int ret = __set_page_dirty_nobuffers(page); + + if (page_has_buffers(page)) { +- struct inode *inode = page->mapping->host; + unsigned nr_dirty = 0; + struct buffer_head *bh, *head; + +@@ -245,6 +246,10 @@ static int nilfs_set_page_dirty(struct p + + if (nr_dirty) + nilfs_set_file_dirty(inode, nr_dirty); ++ } else if (ret) { ++ unsigned nr_dirty = 1 << (PAGE_CACHE_SHIFT - inode->i_blkbits); ++ ++ nilfs_set_file_dirty(inode, nr_dirty); + } + return ret; + } diff --git a/queue-3.14/ocfs2-dlm-do-not-get-resource-spinlock-if-lockres-is-new.patch b/queue-3.14/ocfs2-dlm-do-not-get-resource-spinlock-if-lockres-is-new.patch new file mode 100644 index 00000000000..a449f2b7072 --- /dev/null +++ b/queue-3.14/ocfs2-dlm-do-not-get-resource-spinlock-if-lockres-is-new.patch @@ -0,0 +1,76 @@ +From 5760a97c7143c208fa3a8f8cad0ed7dd672ebd28 Mon Sep 17 00:00:00 2001 +From: Joseph Qi +Date: Thu, 25 Sep 2014 16:05:16 -0700 +Subject: ocfs2/dlm: do not get resource spinlock if lockres is new + +From: Joseph Qi + +commit 5760a97c7143c208fa3a8f8cad0ed7dd672ebd28 upstream. + +There is a deadlock case which reported by Guozhonghua: + https://oss.oracle.com/pipermail/ocfs2-devel/2014-September/010079.html + +This case is caused by &res->spinlock and &dlm->master_lock +misordering in different threads. + +It was introduced by commit 8d400b81cc83 ("ocfs2/dlm: Clean up refmap +helpers"). Since lockres is new, it doesn't not require the +&res->spinlock. So remove it. + +Fixes: 8d400b81cc83 ("ocfs2/dlm: Clean up refmap helpers") +Signed-off-by: Joseph Qi +Reviewed-by: joyce.xue +Reported-by: Guozhonghua +Cc: Joel Becker +Cc: Mark Fasheh +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ocfs2/dlm/dlmmaster.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +--- a/fs/ocfs2/dlm/dlmmaster.c ++++ b/fs/ocfs2/dlm/dlmmaster.c +@@ -650,12 +650,9 @@ void dlm_lockres_clear_refmap_bit(struct + clear_bit(bit, res->refmap); + } + +- +-void dlm_lockres_grab_inflight_ref(struct dlm_ctxt *dlm, ++static void __dlm_lockres_grab_inflight_ref(struct dlm_ctxt *dlm, + struct dlm_lock_resource *res) + { +- assert_spin_locked(&res->spinlock); +- + res->inflight_locks++; + + mlog(0, "%s: res %.*s, inflight++: now %u, %ps()\n", dlm->name, +@@ -663,6 +660,13 @@ void dlm_lockres_grab_inflight_ref(struc + __builtin_return_address(0)); + } + ++void dlm_lockres_grab_inflight_ref(struct dlm_ctxt *dlm, ++ struct dlm_lock_resource *res) ++{ ++ assert_spin_locked(&res->spinlock); ++ __dlm_lockres_grab_inflight_ref(dlm, res); ++} ++ + void dlm_lockres_drop_inflight_ref(struct dlm_ctxt *dlm, + struct dlm_lock_resource *res) + { +@@ -852,10 +856,8 @@ lookup: + /* finally add the lockres to its hash bucket */ + __dlm_insert_lockres(dlm, res); + +- /* Grab inflight ref to pin the resource */ +- spin_lock(&res->spinlock); +- dlm_lockres_grab_inflight_ref(dlm, res); +- spin_unlock(&res->spinlock); ++ /* since this lockres is new it doesn't not require the spinlock */ ++ __dlm_lockres_grab_inflight_ref(dlm, res); + + /* get an extra ref on the mle in case this is a BLOCK + * if so, the creator of the BLOCK may try to put the last diff --git a/queue-3.14/revert-mac80211-disable-uapsd-if-all-acs-are-under-acm.patch b/queue-3.14/revert-mac80211-disable-uapsd-if-all-acs-are-under-acm.patch new file mode 100644 index 00000000000..369b0a840c2 --- /dev/null +++ b/queue-3.14/revert-mac80211-disable-uapsd-if-all-acs-are-under-acm.patch @@ -0,0 +1,38 @@ +From bb512ad0732232f1d2693bb68f31a76bed8f22ae Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Mon, 25 Aug 2014 12:08:09 +0200 +Subject: Revert "mac80211: disable uAPSD if all ACs are under ACM" + +From: Johannes Berg + +commit bb512ad0732232f1d2693bb68f31a76bed8f22ae upstream. + +This reverts commit 24aa11ab8ae03292d38ec0dbd9bc2ac49fe8a6dd. + +That commit was wrong since it uses data that hasn't even been set +up yet, but might be a hold-over from a previous connection. + +Additionally, it seems like a driver-specific workaround that +shouldn't have been in mac80211 to start with. + +Fixes: 24aa11ab8ae0 ("mac80211: disable uAPSD if all ACs are under ACM") +Reviewed-by: Luciano Coelho +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/mlme.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -4240,8 +4240,7 @@ int ieee80211_mgd_assoc(struct ieee80211 + rcu_read_unlock(); + + if (bss->wmm_used && bss->uapsd_supported && +- (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && +- sdata->wmm_acm != 0xff) { ++ (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { + assoc_data->uapsd = true; + ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; + } else { diff --git a/queue-3.14/series b/queue-3.14/series index f789108aaf1..5d3fdfe8f14 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -177,3 +177,12 @@ genhd-fix-leftover-might_sleep-in-blk_free_devt.patch usb-dwc3-fix-trb-completion-when-multiple-trbs-are-started.patch usb-dwc3-core-fix-order-of-pm-runtime-calls.patch usb-dwc3-core-fix-ordering-for-phy-suspend.patch +revert-mac80211-disable-uapsd-if-all-acs-are-under-acm.patch +eventpoll-fix-uninitialized-variable-in-epoll_ctl.patch +kcmp-fix-standard-comparison-bug.patch +fsnotify-fdinfo-use-named-constants-instead-of-hardcoded-values.patch +fs-notify-don-t-show-f_handle-if-exportfs_encode_inode_fh-failed.patch +nilfs2-fix-data-loss-with-mmap.patch +ocfs2-dlm-do-not-get-resource-spinlock-if-lockres-is-new.patch +mm-slab-initialize-object-alignment-on-cache-creation.patch +mm-softdirty-keep-bit-when-zapping-file-pte.patch -- 2.47.3