From f7a71450676981e3d79e6ea4ebbf6ec92b03a713 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 11 Jul 2013 14:29:27 -0700 Subject: [PATCH] 3.10-stable patches added patches: cpufreq-fix-cpufreq-regression-after-suspend-resume.patch kvm-vmx-mark-unusable-segment-as-nonpresent.patch nfsd4-fix-decoding-of-compounds-across-page-boundaries.patch nfsv4.1-end-back-channel-session-draining.patch revert-memcg-avoid-dangling-reference-count-in-creation-failure.patch scsi-sd-fix-parsing-of-temporary-cache-mode-prefix.patch --- ...freq-regression-after-suspend-resume.patch | 45 +++++++++++++ ...-mark-unusable-segment-as-nonpresent.patch | 52 +++++++++++++++ ...-of-compounds-across-page-boundaries.patch | 37 +++++++++++ ....1-end-back-channel-session-draining.patch | 64 +++++++++++++++++++ ...-reference-count-in-creation-failure.patch | 41 ++++++++++++ ...rsing-of-temporary-cache-mode-prefix.patch | 34 ++++++++++ queue-3.10/series | 6 ++ 7 files changed, 279 insertions(+) create mode 100644 queue-3.10/cpufreq-fix-cpufreq-regression-after-suspend-resume.patch create mode 100644 queue-3.10/kvm-vmx-mark-unusable-segment-as-nonpresent.patch create mode 100644 queue-3.10/nfsd4-fix-decoding-of-compounds-across-page-boundaries.patch create mode 100644 queue-3.10/nfsv4.1-end-back-channel-session-draining.patch create mode 100644 queue-3.10/revert-memcg-avoid-dangling-reference-count-in-creation-failure.patch create mode 100644 queue-3.10/scsi-sd-fix-parsing-of-temporary-cache-mode-prefix.patch diff --git a/queue-3.10/cpufreq-fix-cpufreq-regression-after-suspend-resume.patch b/queue-3.10/cpufreq-fix-cpufreq-regression-after-suspend-resume.patch new file mode 100644 index 00000000000..83b40b067d2 --- /dev/null +++ b/queue-3.10/cpufreq-fix-cpufreq-regression-after-suspend-resume.patch @@ -0,0 +1,45 @@ +From f51e1eb63d9c28cec188337ee656a13be6980cfd Mon Sep 17 00:00:00 2001 +From: "Srivatsa S. Bhat" +Date: Mon, 1 Jul 2013 00:40:55 +0200 +Subject: cpufreq: Fix cpufreq regression after suspend/resume + +From: "Srivatsa S. Bhat" + +commit f51e1eb63d9c28cec188337ee656a13be6980cfd upstream. + +Toralf Förster reported that the cpufreq ondemand governor behaves erratically +(doesn't scale well) after a suspend/resume cycle. The problem was that the +cpufreq subsystem's idea of the cpu frequencies differed from the actual +frequencies set in the hardware after a suspend/resume cycle. Toralf bisected +the problem to commit a66b2e5 (cpufreq: Preserve sysfs files across +suspend/resume). + +Among other (harmless) things, that commit skipped the call to +cpufreq_update_policy() in the resume path. But cpufreq_update_policy() plays +an important role during resume, because it is responsible for checking if +the BIOS changed the cpu frequencies behind our back and resynchronize the +cpufreq subsystem's knowledge of the cpu frequencies, and update them +accordingly. + +So, restore the call to cpufreq_update_policy() in the resume path to fix +the cpufreq regression. + +Reported-and-tested-by: Toralf Förster +Signed-off-by: Srivatsa S. Bhat +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/cpufreq/cpufreq_stats.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/cpufreq/cpufreq_stats.c ++++ b/drivers/cpufreq/cpufreq_stats.c +@@ -349,6 +349,7 @@ static int __cpuinit cpufreq_stat_cpu_ca + + switch (action) { + case CPU_ONLINE: ++ case CPU_ONLINE_FROZEN: + cpufreq_update_policy(cpu); + break; + case CPU_DOWN_PREPARE: diff --git a/queue-3.10/kvm-vmx-mark-unusable-segment-as-nonpresent.patch b/queue-3.10/kvm-vmx-mark-unusable-segment-as-nonpresent.patch new file mode 100644 index 00000000000..3315f91667f --- /dev/null +++ b/queue-3.10/kvm-vmx-mark-unusable-segment-as-nonpresent.patch @@ -0,0 +1,52 @@ +From 03617c188f41eeeb4223c919ee7e66e5a114f2c6 Mon Sep 17 00:00:00 2001 +From: Gleb Natapov +Date: Fri, 28 Jun 2013 13:17:18 +0300 +Subject: KVM: VMX: mark unusable segment as nonpresent + +From: Gleb Natapov + +commit 03617c188f41eeeb4223c919ee7e66e5a114f2c6 upstream. + +Some userspaces do not preserve unusable property. Since usable +segment has to be present according to VMX spec we can use present +property to amend userspace bug by making unusable segment always +nonpresent. vmx_segment_access_rights() already marks nonpresent segment +as unusable. + +Reported-by: Stefan Pietsch +Tested-by: Stefan Pietsch +Signed-off-by: Gleb Natapov +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -3399,15 +3399,22 @@ static void vmx_get_segment(struct kvm_v + var->limit = vmx_read_guest_seg_limit(vmx, seg); + var->selector = vmx_read_guest_seg_selector(vmx, seg); + ar = vmx_read_guest_seg_ar(vmx, seg); ++ var->unusable = (ar >> 16) & 1; + var->type = ar & 15; + var->s = (ar >> 4) & 1; + var->dpl = (ar >> 5) & 3; +- var->present = (ar >> 7) & 1; ++ /* ++ * Some userspaces do not preserve unusable property. Since usable ++ * segment has to be present according to VMX spec we can use present ++ * property to amend userspace bug by making unusable segment always ++ * nonpresent. vmx_segment_access_rights() already marks nonpresent ++ * segment as unusable. ++ */ ++ var->present = !var->unusable; + var->avl = (ar >> 12) & 1; + var->l = (ar >> 13) & 1; + var->db = (ar >> 14) & 1; + var->g = (ar >> 15) & 1; +- var->unusable = (ar >> 16) & 1; + } + + static u64 vmx_get_segment_base(struct kvm_vcpu *vcpu, int seg) diff --git a/queue-3.10/nfsd4-fix-decoding-of-compounds-across-page-boundaries.patch b/queue-3.10/nfsd4-fix-decoding-of-compounds-across-page-boundaries.patch new file mode 100644 index 00000000000..1b279e6e380 --- /dev/null +++ b/queue-3.10/nfsd4-fix-decoding-of-compounds-across-page-boundaries.patch @@ -0,0 +1,37 @@ +From 247500820ebd02ad87525db5d9b199e5b66f6636 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Fri, 21 Jun 2013 11:48:11 -0400 +Subject: nfsd4: fix decoding of compounds across page boundaries + +From: "J. Bruce Fields" + +commit 247500820ebd02ad87525db5d9b199e5b66f6636 upstream. + +A freebsd NFSv4.0 client was getting rare IO errors expanding a tarball. +A network trace showed the server returning BAD_XDR on the final getattr +of a getattr+write+getattr compound. The final getattr started on a +page boundary. + +I believe the Linux client ignores errors on the post-write getattr, and +that that's why we haven't seen this before. + +Reported-by: Rick Macklem +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4xdr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -162,8 +162,8 @@ static __be32 *read_buf(struct nfsd4_com + */ + memcpy(p, argp->p, avail); + /* step to next page */ +- argp->p = page_address(argp->pagelist[0]); + argp->pagelist++; ++ argp->p = page_address(argp->pagelist[0]); + if (argp->pagelen < PAGE_SIZE) { + argp->end = argp->p + (argp->pagelen>>2); + argp->pagelen = 0; diff --git a/queue-3.10/nfsv4.1-end-back-channel-session-draining.patch b/queue-3.10/nfsv4.1-end-back-channel-session-draining.patch new file mode 100644 index 00000000000..c3db2c45df1 --- /dev/null +++ b/queue-3.10/nfsv4.1-end-back-channel-session-draining.patch @@ -0,0 +1,64 @@ +From 62f288a02f97bd9f6b2361a6fff709729fe9e110 Mon Sep 17 00:00:00 2001 +From: Andy Adamson +Date: Wed, 19 Jun 2013 16:39:44 -0400 +Subject: NFSv4.1 end back channel session draining + +From: Andy Adamson + +commit 62f288a02f97bd9f6b2361a6fff709729fe9e110 upstream. + +We need to ensure that we clear NFS4_SLOT_TBL_DRAINING on the back +channel when we're done recovering the session. + +Regression introduced by commit 774d5f14e (NFSv4.1 Fix a pNFS session +draining deadlock) + +Signed-off-by: Andy Adamson +[Trond: Changed order to start back-channel first. Minor code cleanup] +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4state.c | 23 +++++++++++------------ + 1 file changed, 11 insertions(+), 12 deletions(-) + +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -228,19 +228,8 @@ static int nfs41_setup_state_renewal(str + return status; + } + +-/* +- * Back channel returns NFS4ERR_DELAY for new requests when +- * NFS4_SESSION_DRAINING is set so there is no work to be done when draining +- * is ended. +- */ +-static void nfs4_end_drain_session(struct nfs_client *clp) ++static void nfs4_end_drain_slot_table(struct nfs4_slot_table *tbl) + { +- struct nfs4_session *ses = clp->cl_session; +- struct nfs4_slot_table *tbl; +- +- if (ses == NULL) +- return; +- tbl = &ses->fc_slot_table; + if (test_and_clear_bit(NFS4_SLOT_TBL_DRAINING, &tbl->slot_tbl_state)) { + spin_lock(&tbl->slot_tbl_lock); + nfs41_wake_slot_table(tbl); +@@ -248,6 +237,16 @@ static void nfs4_end_drain_session(struc + } + } + ++static void nfs4_end_drain_session(struct nfs_client *clp) ++{ ++ struct nfs4_session *ses = clp->cl_session; ++ ++ if (ses != NULL) { ++ nfs4_end_drain_slot_table(&ses->bc_slot_table); ++ nfs4_end_drain_slot_table(&ses->fc_slot_table); ++ } ++} ++ + /* + * Signal state manager thread if session fore channel is drained + */ diff --git a/queue-3.10/revert-memcg-avoid-dangling-reference-count-in-creation-failure.patch b/queue-3.10/revert-memcg-avoid-dangling-reference-count-in-creation-failure.patch new file mode 100644 index 00000000000..3a4a0f3c37a --- /dev/null +++ b/queue-3.10/revert-memcg-avoid-dangling-reference-count-in-creation-failure.patch @@ -0,0 +1,41 @@ +From fa460c2d37870e0a6f94c70e8b76d05ca11b6db0 Mon Sep 17 00:00:00 2001 +From: Michal Hocko +Date: Mon, 8 Jul 2013 16:00:27 -0700 +Subject: Revert "memcg: avoid dangling reference count in creation failure" + +From: Michal Hocko + +commit fa460c2d37870e0a6f94c70e8b76d05ca11b6db0 upstream. + +This reverts commit e4715f01be697a. + +mem_cgroup_put is hierarchy aware so mem_cgroup_put(memcg) already drops +an additional reference from all parents so the additional +mem_cgrroup_put(parent) potentially causes use-after-free. + +Signed-off-by: Michal Hocko +Signed-off-by: Li Zefan +Acked-by: KAMEZAWA Hiroyuki +Cc: Hugh Dickins +Cc: Tejun Heo +Cc: Glauber Costa +Cc: Johannes Weiner +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memcontrol.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -6303,8 +6303,6 @@ mem_cgroup_css_online(struct cgroup *con + * call __mem_cgroup_free, so return directly + */ + mem_cgroup_put(memcg); +- if (parent->use_hierarchy) +- mem_cgroup_put(parent); + } + return error; + } diff --git a/queue-3.10/scsi-sd-fix-parsing-of-temporary-cache-mode-prefix.patch b/queue-3.10/scsi-sd-fix-parsing-of-temporary-cache-mode-prefix.patch new file mode 100644 index 00000000000..069143df365 --- /dev/null +++ b/queue-3.10/scsi-sd-fix-parsing-of-temporary-cache-mode-prefix.patch @@ -0,0 +1,34 @@ +From 2ee3e26c673e75c05ef8b914f54fadee3d7b9c88 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Mon, 27 May 2013 19:07:19 +0100 +Subject: SCSI: sd: Fix parsing of 'temporary ' cache mode prefix + +From: Ben Hutchings + +commit 2ee3e26c673e75c05ef8b914f54fadee3d7b9c88 upstream. + +Commit 39c60a0948cc '[SCSI] sd: fix array cache flushing bug causing +performance problems' added temp as a pointer to "temporary " and used +sizeof(temp) - 1 as its length. But sizeof(temp) is the size of the +pointer, not the size of the string constant. Change temp to a static +array so that sizeof() does what was intended. + +Signed-off-by: Ben Hutchings +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/sd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -142,7 +142,7 @@ sd_store_cache_type(struct device *dev, + char *buffer_data; + struct scsi_mode_data data; + struct scsi_sense_hdr sshdr; +- const char *temp = "temporary "; ++ static const char temp[] = "temporary "; + int len; + + if (sdp->type != TYPE_DISK) diff --git a/queue-3.10/series b/queue-3.10/series index 30bb22d4632..ab2c6bfdd85 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -11,3 +11,9 @@ maintainers-add-stable_kernel_rules.txt-to-stable-maintainer-information.patch futex-take-hugepages-into-account-when-generating-futex_key.patch tty-reset-itty-for-other-pty.patch revert-serial-8250_pci-add-support-for-another-kind-of-netmos-technology-pci-9835-multi-i-o-controller.patch +nfsv4.1-end-back-channel-session-draining.patch +nfsd4-fix-decoding-of-compounds-across-page-boundaries.patch +kvm-vmx-mark-unusable-segment-as-nonpresent.patch +scsi-sd-fix-parsing-of-temporary-cache-mode-prefix.patch +cpufreq-fix-cpufreq-regression-after-suspend-resume.patch +revert-memcg-avoid-dangling-reference-count-in-creation-failure.patch -- 2.47.3