From aaaaef5560f57eee9aaa6865d4d06f39666b7ebf Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 26 Nov 2013 15:07:57 -0800 Subject: [PATCH] 3.4-stable patches added patches: configfs-fix-race-between-dentry-put-and-lookup.patch cris-media-platform-drivers-fix-build.patch --- ...x-race-between-dentry-put-and-lookup.patch | 94 +++++++++++++++++++ ...ris-media-platform-drivers-fix-build.patch | 56 +++++++++++ queue-3.4/series | 2 + 3 files changed, 152 insertions(+) create mode 100644 queue-3.4/configfs-fix-race-between-dentry-put-and-lookup.patch create mode 100644 queue-3.4/cris-media-platform-drivers-fix-build.patch diff --git a/queue-3.4/configfs-fix-race-between-dentry-put-and-lookup.patch b/queue-3.4/configfs-fix-race-between-dentry-put-and-lookup.patch new file mode 100644 index 00000000000..c869f8e606c --- /dev/null +++ b/queue-3.4/configfs-fix-race-between-dentry-put-and-lookup.patch @@ -0,0 +1,94 @@ +From 76ae281f6307331aa063288edb6422ae99f435f0 Mon Sep 17 00:00:00 2001 +From: Junxiao Bi +Date: Thu, 21 Nov 2013 14:31:56 -0800 +Subject: configfs: fix race between dentry put and lookup + +From: Junxiao Bi + +commit 76ae281f6307331aa063288edb6422ae99f435f0 upstream. + +A race window in configfs, it starts from one dentry is UNHASHED and end +before configfs_d_iput is called. In this window, if a lookup happen, +since the original dentry was UNHASHED, so a new dentry will be +allocated, and then in configfs_attach_attr(), sd->s_dentry will be +updated to the new dentry. Then in configfs_d_iput(), +BUG_ON(sd->s_dentry != dentry) will be triggered and system panic. + +sys_open: sys_close: + ... fput + dput + dentry_kill + __d_drop <--- dentry unhashed here, + but sd->dentry still point + to this dentry. + + lookup_real + configfs_lookup + configfs_attach_attr---> update sd->s_dentry + to new allocated dentry here. + + d_kill + configfs_d_iput <--- BUG_ON(sd->s_dentry != dentry) + triggered here. + +To fix it, change configfs_d_iput to not update sd->s_dentry if +sd->s_count > 2, that means there are another dentry is using the sd +beside the one that is going to be put. Use configfs_dirent_lock in +configfs_attach_attr to sync with configfs_d_iput. + +With the following steps, you can reproduce the bug. + +1. enable ocfs2, this will mount configfs at /sys/kernel/config and + fill configure in it. + +2. run the following script. + while [ 1 ]; do cat /sys/kernel/config/cluster/$your_cluster_name/idle_timeout_ms > /dev/null; done & + while [ 1 ]; do cat /sys/kernel/config/cluster/$your_cluster_name/idle_timeout_ms > /dev/null; done & + +Signed-off-by: Junxiao Bi +Cc: Joel Becker +Cc: Al Viro +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/configfs/dir.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +--- a/fs/configfs/dir.c ++++ b/fs/configfs/dir.c +@@ -56,10 +56,19 @@ static void configfs_d_iput(struct dentr + struct configfs_dirent *sd = dentry->d_fsdata; + + if (sd) { +- BUG_ON(sd->s_dentry != dentry); + /* Coordinate with configfs_readdir */ + spin_lock(&configfs_dirent_lock); +- sd->s_dentry = NULL; ++ /* Coordinate with configfs_attach_attr where will increase ++ * sd->s_count and update sd->s_dentry to new allocated one. ++ * Only set sd->dentry to null when this dentry is the only ++ * sd owner. ++ * If not do so, configfs_d_iput may run just after ++ * configfs_attach_attr and set sd->s_dentry to null ++ * even it's still in use. ++ */ ++ if (atomic_read(&sd->s_count) <= 2) ++ sd->s_dentry = NULL; ++ + spin_unlock(&configfs_dirent_lock); + configfs_put(sd); + } +@@ -426,8 +435,11 @@ static int configfs_attach_attr(struct c + struct configfs_attribute * attr = sd->s_element; + int error; + ++ spin_lock(&configfs_dirent_lock); + dentry->d_fsdata = configfs_get(sd); + sd->s_dentry = dentry; ++ spin_unlock(&configfs_dirent_lock); ++ + error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG, + configfs_init_file); + if (error) { diff --git a/queue-3.4/cris-media-platform-drivers-fix-build.patch b/queue-3.4/cris-media-platform-drivers-fix-build.patch new file mode 100644 index 00000000000..adf81505bd3 --- /dev/null +++ b/queue-3.4/cris-media-platform-drivers-fix-build.patch @@ -0,0 +1,56 @@ +From 72a0c5571351f5184195754d23db3e14495b2080 Mon Sep 17 00:00:00 2001 +From: Mauro Carvalho Chehab +Date: Tue, 12 Nov 2013 15:06:49 -0800 +Subject: cris: media platform drivers: fix build + +From: Mauro Carvalho Chehab + +commit 72a0c5571351f5184195754d23db3e14495b2080 upstream. + +On cris arch, the functions below aren't defined: + + drivers/media/platform/sh_veu.c: In function 'sh_veu_reg_read': + + drivers/media/platform/sh_veu.c:228:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration] + drivers/media/platform/sh_veu.c: In function 'sh_veu_reg_write': + + drivers/media/platform/sh_veu.c:234:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration] + drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_read': + drivers/media/platform/vsp1/vsp1.h:66:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration] + drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_write': + drivers/media/platform/vsp1/vsp1.h:71:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration] + drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_read': + drivers/media/platform/vsp1/vsp1.h:66:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration] + drivers/media/platform/vsp1/vsp1.h: In function 'vsp1_write': + drivers/media/platform/vsp1/vsp1.h:71:2: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration] + drivers/media/platform/soc_camera/rcar_vin.c: In function 'rcar_vin_setup': + drivers/media/platform/soc_camera/rcar_vin.c:284:3: error: implicit declaration of function 'iowrite32' [-Werror=implicit-function-declaration] + + drivers/media/platform/soc_camera/rcar_vin.c: In function 'rcar_vin_request_capture_stop': + drivers/media/platform/soc_camera/rcar_vin.c:353:2: error: implicit declaration of function 'ioread32' [-Werror=implicit-function-declaration] + +Yet, they're available, as CONFIG_GENERIC_IOMAP is defined. What happens +is that asm/io.h was not including asm-generic/iomap.h. + +Suggested-by: Ben Hutchings +Signed-off-by: Mauro Carvalho Chehab +Cc: Mikael Starvik +Cc: Jesper Nilsson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/cris/include/asm/io.h | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/cris/include/asm/io.h ++++ b/arch/cris/include/asm/io.h +@@ -3,6 +3,7 @@ + + #include /* for __va, __pa */ + #include ++#include + #include + + struct cris_io_operations diff --git a/queue-3.4/series b/queue-3.4/series index 9b73f109f02..157f8b18160 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -35,3 +35,5 @@ powerpc-powernv-add-pe-to-its-own-peltv.patch powerpc-signals-mark-vsx-not-saved-with-small-contexts.patch sunrpc-fix-a-data-corruption-issue-when-retransmitting-rpc-calls.patch rt2800usb-slow-down-tx-status-polling.patch +configfs-fix-race-between-dentry-put-and-lookup.patch +cris-media-platform-drivers-fix-build.patch -- 2.47.3