From d29af155f774543cac1a45c15c3b93e093e058c3 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 18 Jul 2013 17:56:31 -0700 Subject: [PATCH] 3.9-stable patches added patches: drivers-dma-pl330.c-fix-locking-in-pl330_free_chan_resources.patch handle-big-endianness-in-ntlm-ntlmv2-authentication.patch memcg-kmem-fix-reference-count-handling-on-the-error-path.patch mm-memory-hotplug-fix-lowmem-count-overflow-when-offline-pages.patch --- ...locking-in-pl330_free_chan_resources.patch | 68 ++++++++++++++++ ...anness-in-ntlm-ntlmv2-authentication.patch | 80 +++++++++++++++++++ ...nce-count-handling-on-the-error-path.patch | 60 ++++++++++++++ ...em-count-overflow-when-offline-pages.patch | 79 ++++++++++++++++++ queue-3.9/series | 4 + 5 files changed, 291 insertions(+) create mode 100644 queue-3.9/drivers-dma-pl330.c-fix-locking-in-pl330_free_chan_resources.patch create mode 100644 queue-3.9/handle-big-endianness-in-ntlm-ntlmv2-authentication.patch create mode 100644 queue-3.9/memcg-kmem-fix-reference-count-handling-on-the-error-path.patch create mode 100644 queue-3.9/mm-memory-hotplug-fix-lowmem-count-overflow-when-offline-pages.patch diff --git a/queue-3.9/drivers-dma-pl330.c-fix-locking-in-pl330_free_chan_resources.patch b/queue-3.9/drivers-dma-pl330.c-fix-locking-in-pl330_free_chan_resources.patch new file mode 100644 index 00000000000..adb215068fa --- /dev/null +++ b/queue-3.9/drivers-dma-pl330.c-fix-locking-in-pl330_free_chan_resources.patch @@ -0,0 +1,68 @@ +From da331ba8e9c5de72a27e50f71105395bba6eebe0 Mon Sep 17 00:00:00 2001 +From: Bartlomiej Zolnierkiewicz +Date: Wed, 3 Jul 2013 15:00:43 -0700 +Subject: drivers/dma/pl330.c: fix locking in pl330_free_chan_resources() + +From: Bartlomiej Zolnierkiewicz + +commit da331ba8e9c5de72a27e50f71105395bba6eebe0 upstream. + +tasklet_kill() may sleep so call it before taking pch->lock. + +Fixes following lockup: + + BUG: scheduling while atomic: cat/2383/0x00000002 + Modules linked in: + unwind_backtrace+0x0/0xfc + __schedule_bug+0x4c/0x58 + __schedule+0x690/0x6e0 + sys_sched_yield+0x70/0x78 + tasklet_kill+0x34/0x8c + pl330_free_chan_resources+0x24/0x88 + dma_chan_put+0x4c/0x50 + [...] + BUG: spinlock lockup suspected on CPU#0, swapper/0/0 + lock: 0xe52aa04c, .magic: dead4ead, .owner: cat/2383, .owner_cpu: 1 + unwind_backtrace+0x0/0xfc + do_raw_spin_lock+0x194/0x204 + _raw_spin_lock_irqsave+0x20/0x28 + pl330_tasklet+0x2c/0x5a8 + tasklet_action+0xfc/0x114 + __do_softirq+0xe4/0x19c + irq_exit+0x98/0x9c + handle_IPI+0x124/0x16c + gic_handle_irq+0x64/0x68 + __irq_svc+0x40/0x70 + cpuidle_wrap_enter+0x4c/0xa0 + cpuidle_enter_state+0x18/0x68 + cpuidle_idle_call+0xac/0xe0 + cpu_idle+0xac/0xf0 + +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Kyungmin Park +Acked-by: Jassi Brar +Cc: Vinod Koul +Cc: Tomasz Figa +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/dma/pl330.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/dma/pl330.c ++++ b/drivers/dma/pl330.c +@@ -2485,10 +2485,10 @@ static void pl330_free_chan_resources(st + struct dma_pl330_chan *pch = to_pchan(chan); + unsigned long flags; + +- spin_lock_irqsave(&pch->lock, flags); +- + tasklet_kill(&pch->task); + ++ spin_lock_irqsave(&pch->lock, flags); ++ + pl330_release_channel(pch->pl330_chid); + pch->pl330_chid = NULL; + diff --git a/queue-3.9/handle-big-endianness-in-ntlm-ntlmv2-authentication.patch b/queue-3.9/handle-big-endianness-in-ntlm-ntlmv2-authentication.patch new file mode 100644 index 00000000000..6f69d0315c7 --- /dev/null +++ b/queue-3.9/handle-big-endianness-in-ntlm-ntlmv2-authentication.patch @@ -0,0 +1,80 @@ +From fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Tue, 25 Jun 2013 14:03:16 -0500 +Subject: Handle big endianness in NTLM (ntlmv2) authentication + +From: Steve French + +commit fdf96a907c1fbb93c633e2b7ede3b8df26d6a4c0 upstream. + +This is RH bug 970891 +Uppercasing of username during calculation of ntlmv2 hash fails +because UniStrupr function does not handle big endian wchars. + +Also fix a comment in the same code to reflect its correct usage. + +[To make it easier for stable (rather than require 2nd patch) fixed +this patch of Shirish's to remove endian warning generated +by sparse -- steve f.] + +Reported-by: steve +Signed-off-by: Shirish Pargaonkar +Reviewed-by: Jeff Layton +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifs_unicode.h | 8 ++++---- + fs/cifs/cifsencrypt.c | 6 +++--- + 2 files changed, 7 insertions(+), 7 deletions(-) + +--- a/fs/cifs/cifs_unicode.h ++++ b/fs/cifs/cifs_unicode.h +@@ -327,14 +327,14 @@ UniToupper(register wchar_t uc) + /* + * UniStrupr: Upper case a unicode string + */ +-static inline wchar_t * +-UniStrupr(register wchar_t *upin) ++static inline __le16 * ++UniStrupr(register __le16 *upin) + { +- register wchar_t *up; ++ register __le16 *up; + + up = upin; + while (*up) { /* For all characters */ +- *up = UniToupper(*up); ++ *up = cpu_to_le16(UniToupper(le16_to_cpu(*up))); + up++; + } + return upin; /* Return input pointer */ +--- a/fs/cifs/cifsencrypt.c ++++ b/fs/cifs/cifsencrypt.c +@@ -415,7 +415,7 @@ static int calc_ntlmv2_hash(struct cifs_ + int rc = 0; + int len; + char nt_hash[CIFS_NTHASH_SIZE]; +- wchar_t *user; ++ __le16 *user; + wchar_t *domain; + wchar_t *server; + +@@ -440,7 +440,7 @@ static int calc_ntlmv2_hash(struct cifs_ + return rc; + } + +- /* convert ses->user_name to unicode and uppercase */ ++ /* convert ses->user_name to unicode */ + len = ses->user_name ? strlen(ses->user_name) : 0; + user = kmalloc(2 + (len * 2), GFP_KERNEL); + if (user == NULL) { +@@ -450,7 +450,7 @@ static int calc_ntlmv2_hash(struct cifs_ + } + + if (len) { +- len = cifs_strtoUTF16((__le16 *)user, ses->user_name, len, nls_cp); ++ len = cifs_strtoUTF16(user, ses->user_name, len, nls_cp); + UniStrupr(user); + } else { + memset(user, '\0', 2); diff --git a/queue-3.9/memcg-kmem-fix-reference-count-handling-on-the-error-path.patch b/queue-3.9/memcg-kmem-fix-reference-count-handling-on-the-error-path.patch new file mode 100644 index 00000000000..b8e5893e9f5 --- /dev/null +++ b/queue-3.9/memcg-kmem-fix-reference-count-handling-on-the-error-path.patch @@ -0,0 +1,60 @@ +From f37a96914d1aea10fed8d9af10251f0b9caea31b Mon Sep 17 00:00:00 2001 +From: Michal Hocko +Date: Mon, 8 Jul 2013 16:00:29 -0700 +Subject: memcg, kmem: fix reference count handling on the error path + +From: Michal Hocko + +commit f37a96914d1aea10fed8d9af10251f0b9caea31b upstream. + +mem_cgroup_css_online calls mem_cgroup_put if memcg_init_kmem fails. +This is not correct because only memcg_propagate_kmem takes an +additional reference while mem_cgroup_sockets_init is allowed to fail as +well (although no current implementation fails) but it doesn't take any +reference. This all suggests that it should be memcg_propagate_kmem +that should clean up after itself so this patch moves mem_cgroup_put +over there. + +Unfortunately this is not that easy (as pointed out by Li Zefan) because +memcg_kmem_mark_dead marks the group dead (KMEM_ACCOUNTED_DEAD) if it is +marked active (KMEM_ACCOUNTED_ACTIVE) which is the case even if +memcg_propagate_kmem fails so the additional reference is dropped in +that case in kmem_cgroup_destroy which means that the reference would be +dropped two times. + +The easiest way then would be to simply remove mem_cgrroup_put from +mem_cgroup_css_online and rely on kmem_cgroup_destroy doing the right +thing. + +Signed-off-by: Michal Hocko +Signed-off-by: Li Zefan +Acked-by: KAMEZAWA Hiroyuki +Cc: Hugh Dickins +Cc: Tejun Heo +Cc: Glauber Costa +Cc: Johannes Weiner +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memcontrol.c | 8 -------- + 1 file changed, 8 deletions(-) + +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -6179,14 +6179,6 @@ mem_cgroup_css_online(struct cgroup *con + + error = memcg_init_kmem(memcg, &mem_cgroup_subsys); + mutex_unlock(&memcg_create_mutex); +- if (error) { +- /* +- * We call put now because our (and parent's) refcnts +- * are already in place. mem_cgroup_put() will internally +- * call __mem_cgroup_free, so return directly +- */ +- mem_cgroup_put(memcg); +- } + return error; + } + diff --git a/queue-3.9/mm-memory-hotplug-fix-lowmem-count-overflow-when-offline-pages.patch b/queue-3.9/mm-memory-hotplug-fix-lowmem-count-overflow-when-offline-pages.patch new file mode 100644 index 00000000000..dfa753e1a96 --- /dev/null +++ b/queue-3.9/mm-memory-hotplug-fix-lowmem-count-overflow-when-offline-pages.patch @@ -0,0 +1,79 @@ +From cea27eb2a202959783f81254c48c250ddd80e129 Mon Sep 17 00:00:00 2001 +From: Wanpeng Li +Date: Wed, 3 Jul 2013 15:02:40 -0700 +Subject: mm/memory-hotplug: fix lowmem count overflow when offline pages + +From: Wanpeng Li + +commit cea27eb2a202959783f81254c48c250ddd80e129 upstream. + +The logic for the memory-remove code fails to correctly account the +Total High Memory when a memory block which contains High Memory is +offlined as shown in the example below. The following patch fixes it. + +Before logic memory remove: + +MemTotal: 7603740 kB +MemFree: 6329612 kB +Buffers: 94352 kB +Cached: 872008 kB +SwapCached: 0 kB +Active: 626932 kB +Inactive: 519216 kB +Active(anon): 180776 kB +Inactive(anon): 222944 kB +Active(file): 446156 kB +Inactive(file): 296272 kB +Unevictable: 0 kB +Mlocked: 0 kB +HighTotal: 7294672 kB +HighFree: 5704696 kB +LowTotal: 309068 kB +LowFree: 624916 kB + +After logic memory remove: + +MemTotal: 7079452 kB +MemFree: 5805976 kB +Buffers: 94372 kB +Cached: 872000 kB +SwapCached: 0 kB +Active: 626936 kB +Inactive: 519236 kB +Active(anon): 180780 kB +Inactive(anon): 222944 kB +Active(file): 446156 kB +Inactive(file): 296292 kB +Unevictable: 0 kB +Mlocked: 0 kB +HighTotal: 7294672 kB +HighFree: 5181024 kB +LowTotal: 4294752076 kB +LowFree: 624952 kB + +[mhocko@suse.cz: fix CONFIG_HIGHMEM=n build] +Signed-off-by: Wanpeng Li +Reviewed-by: Michal Hocko +Cc: KAMEZAWA Hiroyuki +Cc: David Rientjes +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page_alloc.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -6078,6 +6078,10 @@ __offline_isolated_pages(unsigned long s + list_del(&page->lru); + rmv_page_order(page); + zone->free_area[order].nr_free--; ++#ifdef CONFIG_HIGHMEM ++ if (PageHighMem(page)) ++ totalhigh_pages -= 1 << order; ++#endif + for (i = 0; i < (1 << order); i++) + SetPageReserved((page+i)); + pfn += (1 << order); diff --git a/queue-3.9/series b/queue-3.9/series index 6ceccfa0f74..0348db81364 100644 --- a/queue-3.9/series +++ b/queue-3.9/series @@ -32,3 +32,7 @@ ext4-fix-overflows-in-seek_hole-seek_data-implementations.patch ext4-fix-data-offset-overflow-in-ext4_xattr_fiemap-on-32-bit-archs.patch ext4-fix-overflow-when-counting-used-blocks-on-32-bit-architectures.patch ext4-don-t-allow-ext4_free_blocks-to-fail-due-to-enomem.patch +drivers-dma-pl330.c-fix-locking-in-pl330_free_chan_resources.patch +memcg-kmem-fix-reference-count-handling-on-the-error-path.patch +mm-memory-hotplug-fix-lowmem-count-overflow-when-offline-pages.patch +handle-big-endianness-in-ntlm-ntlmv2-authentication.patch -- 2.47.3