| Age | Commit message (Collapse) | Author |
|---|
|
vp_dev->msix_vectors should be initialized before allocating
msix_affinity_masks, otherwise vp_free_vectors will not free these
objects.
unreferenced object 0xffff88010f969d88 (size 512):
comm "systemd-udevd", pid 158, jiffies 4294673645 (age 80.545s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff816e455e>] kmemleak_alloc+0x5e/0xc0
[<ffffffff811aa7f1>] kmem_cache_alloc_node_trace+0x141/0x2c0
[<ffffffff8133ba23>] alloc_cpumask_var_node+0x23/0x80
[<ffffffff8133ba8e>] alloc_cpumask_var+0xe/0x10
[<ffffffff813fdb3d>] vp_try_to_find_vqs+0x25d/0x810
[<ffffffff813fe171>] vp_find_vqs+0x81/0xb0
[<ffffffffa00d2a05>] init_vqs+0x85/0x120 [virtio_balloon]
[<ffffffffa00d2c29>] virtballoon_probe+0xf9/0x1a0 [virtio_balloon]
[<ffffffff813fb61e>] virtio_dev_probe+0xde/0x140
[<ffffffff814452b8>] driver_probe_device+0x98/0x3a0
[<ffffffff8144566b>] __driver_attach+0xab/0xb0
[<ffffffff814432f4>] bus_for_each_dev+0x94/0xb0
[<ffffffff81444f4e>] driver_attach+0x1e/0x20
[<ffffffff81444910>] bus_add_driver+0x200/0x280
[<ffffffff81445c14>] driver_register+0x74/0x160
[<ffffffff813fb7d0>] register_virtio_driver+0x20/0x40
v2: change msix_vectors uncoditionaly in vp_free_vectors
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
All users changed to virtqueue_add_sg() or virtqueue_add_outbuf/inbuf.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Add missing 'static' qualifiers
Signed-off-by: Jonghwan Choi <jhbird.choi@samsung.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management and ACPI fixes from Rafael Wysocki:
- intel_pstate driver fixes and cleanups from Dirk Brandewie and Wei
Yongjun.
- cpufreq fixes related to ARM big.LITTLE support and the cpufreq-cpu0
driver from Viresh Kumar.
- Assorted cpufreq fixes from Srivatsa S Bhat, Borislav Petkov, Wolfram
Sang, Alexander Shiyan, and Nishanth Menon.
- Assorted ACPI fixes from Catalin Marinas, Lan Tianyu, Alex Hung,
Jan-Simon Möller, and Rafael J Wysocki.
- Fix for a kfree() under spinlock in the PM core from Shuah Khan.
- PM documentation updates from Borislav Petkov and Zhang Rui.
* tag 'pm+acpi-3.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (30 commits)
cpufreq: Preserve sysfs files across suspend/resume
ACPI / scan: Fix memory leak on acpi_scan_init_hotplug() error path
PM / hibernate: Correct documentation
PM / Documentation: remove inaccurate suspend/hibernate transition lantency statement
PM: Documentation update for freeze state
cpufreq / intel_pstate: use vzalloc() instead of vmalloc()/memset(0)
cpufreq, ondemand: Remove leftover debug line
PM: Avoid calling kfree() under spinlock in dev_pm_put_subsys_data()
cpufreq / kirkwood: don't check resource with devm_ioremap_resource
cpufreq / intel_pstate: remove #ifdef MODULE compile fence
cpufreq / intel_pstate: Remove idle mode PID
cpufreq / intel_pstate: fix ffmpeg regression
cpufreq / intel_pstate: use lowest requested max performance
cpufreq / intel_pstate: remove idle time and duration from sample and calculations
cpufreq: Fix incorrect dependecies for ARM SA11xx drivers
cpufreq: ARM big LITTLE: Fix Kconfig entries
cpufreq: cpufreq-cpu0: Free parent node for error cases
cpufreq: cpufreq-cpu0: defer probe when regulator is not ready
cpufreq: Issue CPUFREQ_GOV_POLICY_EXIT notifier before dropping policy refcount
cpufreq: governors: Fix CPUFREQ_GOV_POLICY_{INIT|EXIT} notifiers
...
|
|
Pull NTB update from Jon Mason:
"NTB bug fixes to address Smatch/Coverity errors, link toggling bugs,
and a few corner cases in the driver."
This pull request came in during the merge window, but without any
signage etc. So I'm taking it late, because it wasn't _originally_
late.
* tag 'ntb-bugfixes-3.10' of git://github.com/jonmason/ntb:
NTB: Multiple NTB client fix
ntb_netdev: remove from list on exit
NTB: memcpy lockup workaround
NTB: Correctly handle receive buffers of the minimal size
NTB: reset tx_index on link toggle
NTB: Link toggle memory leak
NTB: Handle 64bit BAR sizes
NTB: fix pointer math issues
ntb: off by one sanity checks
NTB: variable dereferenced before check
|
|
Merge ipmi fixes from Corey Minyard:
"Some minor fixes I had queued up. The last one came in recently
(patch 4) and it and patch 2 are candidates for stable-kernel."
* emailed patches from Corey Minyard <cminyard@mvista.com>:
ipmi: ipmi_devintf: compat_ioctl method fails to take ipmi_mutex
ipmi: Improve error messages on failed irq enable
drivers/char/ipmi: memcpy, need additional 2 bytes to avoid memory overflow
drivers: char: ipmi: Replaced kmalloc and strcpy with kstrdup
|
|
When a 32 bit version of ipmitool is used on a 64 bit kernel, the
ipmi_devintf code fails to correctly acquire ipmi_mutex. This results in
incomplete data being retrieved in some cases, or other possible failures.
Add a wrapper around compat_ipmi_ioctl() to take ipmi_mutex to fix this.
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
When the interrupt enable message returns an error, the messages are
not entirely accurate nor helpful. So improve them.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
When calling memcpy, read_data and write_data need additional 2 bytes.
write_data:
for checking: "if (size > IPMI_MAX_MSG_LENGTH)"
for operating: "memcpy(bt->write_data + 3, data + 1, size - 1)"
read_data:
for checking: "if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH)"
for operating: "memcpy(data + 2, bt->read_data + 4, msg_len - 2)"
Signed-off-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Replaced calls to kmalloc followed by strcpy with a sincle call to
kstrdup. Patch found using coccinelle.
Signed-off-by: Alexandru Gheorghiu <gheorghiuandru@gmail.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull target fixes from Nicholas Bellinger:
"A handful of fixes + minor changes this time around, along with one
important >= v3.9 regression fix for IBLOCK backends. The highlights
include:
- Use FD_MAX_SECTORS in FILEIO for block_device as
well as files (agrover)
- Fix processing of out-of-order CmdSNs with
iSBD driver (shlomo)
- Close long-standing target_put_sess_cmd() vs.
core_tmr_abort_task() race with the addition of
kref_put_spinlock_irqsave() (joern + greg-kh)
- Fix IBLOCK WCE=1 + DPOFUA=1 backend WRITE
regression in >= v3.9 (nab + bootc)
Note these four patches are CC'ed to stable.
Also, there is still some work left to be done on the active I/O
shutdown path in target_wait_for_sess_cmds() used by tcm_qla2xxx +
ib_isert fabrics that is still being discussed on the list, and will
hopefully be resolved soon."
* 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
target: close target_put_sess_cmd() vs. core_tmr_abort_task() race
target: removed unused transport_state flag
target/iblock: Fix WCE=1 + DPOFUA=1 backend WRITE regression
MAINTAINERS: Update target git tree URL
iscsi-target: Fix typos in RDMAEXTENSIONS macro usage
target/rd: Add ramdisk bit for NULLIO operation
iscsi-target: Fix processing of OOO commands
iscsi-target: Make buf param of iscsit_do_crypto_hash_buf() const void *
iscsi-target: Fix NULL pointer dereference in iscsit_send_reject
target: Have dev/enable show if TCM device is configured
target: Use FD_MAX_SECTORS/FD_BLOCKSIZE for blockdevs using fileio
target: Remove unused struct members in se_dev_entry
|
|
* acpi-fixes:
ACPI / scan: Fix memory leak on acpi_scan_init_hotplug() error path
|
|
* pm-cpufreq:
cpufreq: Preserve sysfs files across suspend/resume
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fixes from Thomas Gleixner:
- Cure for not using zalloc in the first place, which leads to random
crashes with CPUMASK_OFF_STACK.
- Revert a user space visible change which broke udev
- Add a missing cpu_online early return introduced by the new full
dyntick conversions
- Plug a long standing race in the timer wheel cpu hotplug code.
Sigh...
- Cleanup NOHZ per cpu data on cpu down to prevent stale data on cpu
up.
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
time: Revert ALWAYS_USE_PERSISTENT_CLOCK compile time optimizaitons
timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE
tick: Don't invoke tick_nohz_stop_sched_tick() if the cpu is offline
tick: Cleanup NOHZ per cpu data on cpu down
tick: Use zalloc_cpumask_var for allocating offstack cpumasks
|
|
Pull ARM fixes from Russell King:
"A small number of fixes for stuff from the last merge window, and in
one case (IRQ time accounting) the previous merge window."
* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
ARM: 7720/1: ARM v6/v7 cmpxchg64 shouldn't clear upper 32 bits of the old/new value
ARM: 7715/1: MCPM: adapt to GIC changes after upstream merge
ARM: 7714/1: mmc: mmci: Ensure return value of regulator_enable() is checked
ARM: 7712/1: Remove trailing whitespace in arch/arm/Makefile
ARM: 7711/1: dove: fix Dove cpu type from V7 to PJ4
ARM: finally enable IRQ time accounting config
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull Ceph fixes from Sage Weil:
"Yes, this is a much larger pull than I would like after -rc1. There
are a few things included:
- a few fixes for leaks and incorrect assertions
- a few patches fixing behavior when mapped images are resized
- handling for cloned/layered images that are flattened out from
underneath the client
The last bit was non-trivial, and there is some code movement and
associated cleanup mixed in. This was ready and was meant to go in
last week but I missed the boat on Friday. My only excuse is that I
was waiting for an all clear from the testing and there were many
other shiny things to distract me.
Strictly speaking, handling the flatten case isn't a regression and
could wait, so if you like we can try to pull the series apart, but
Alex and I would much prefer to have it all in as it is a case real
users will hit with 3.10."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: (33 commits)
rbd: re-submit flattened write request (part 2)
rbd: re-submit write request for flattened clone
rbd: re-submit read request for flattened clone
rbd: detect when clone image is flattened
rbd: reference count parent requests
rbd: define parent image request routines
rbd: define rbd_dev_unparent()
rbd: don't release write request until necessary
rbd: get parent info on refresh
rbd: ignore zero-overlap parent
rbd: support reading parent page data for writes
rbd: fix parent request size assumption
libceph: init sent and completed when starting
rbd: kill rbd_img_request_get()
rbd: only set up watch for mapped images
rbd: set mapping read-only flag in rbd_add()
rbd: support reading parent page data
rbd: fix an incorrect assertion condition
rbd: define rbd_dev_v2_header_info()
rbd: get rid of trivial v1 header wrappers
...
|
|
The file permissions of cpufreq per-cpu sysfs files are not preserved
across suspend/resume because we internally go through the CPU
Hotplug path which reinitializes the file permissions on CPU online.
But the user is not supposed to know that we are using CPU hotplug
internally within suspend/resume (IOW, the kernel should not silently
wreck the user-set file permissions across a suspend cycle).
Therefore, we need to preserve the file permissions as they are
across suspend/resume.
The simplest way to achieve that is to just not touch the sysfs files
at all - ie., just ignore the CPU hotplug notifications in the
suspend/resume path (_FROZEN) in the cpufreq hotplug callback.
Reported-by: Robert Jarzmik <robert.jarzmik@intel.com>
Reported-by: Durgadoss R <durgadoss.r@intel.com>
Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
|
Following commit 6b772e8f9 (ACPI: Update PNPID match handling for
notify), the acpi_scan_init_hotplug() calls acpi_set_pnp_ids() which
allocates acpi_hardware_id and copies a few strings (kstrdup). If the
devices does not have hardware_id set, the function exits without
freeing the previously allocated ids (and kmemleak complains). This
patch calls simply changes 'return' on error to a 'goto out' which
calls acpi_free_pnp_ids().
Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Toshi Kani <toshi.kani@hp.com>
Tested-by: Toshi Kani <toshi.kani@hp.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
|
Fix issue with adding multiple ntb client devices to the ntb virtual
bus. Previously, multiple devices would be added with the same name,
resulting in crashes. To get around this issue, add a unique number to
the device when it is added.
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
The ntb_netdev device is not removed from the global list of devices
upon device removal. If the device is re-added, the removal code would
find the first instance and try to remove an already removed device.
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
The system will appear to lockup for long periods of time due to the NTB
driver spending too much time in memcpy. Avoid this by reducing the
number of packets that can be serviced on a given interrupt.
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
The ring logic of the NTB receive buffer/transmit memory window requires
there to be at least 2 payload sized allotments. For the minimal size
case, split the buffer into two and set the transport_mtu to the
appropriate size.
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
If the NTB link toggles, the driver could stop receiving due to the
tx_index not being set to 0 on the transmitting size on a link-up event.
This is due to the driver expecting the incoming data to start at the
beginning of the receive buffer and not at a random place.
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
Each link-up will allocate a new NTB receive buffer when the NTB
properties are negotiated with the remote system. These allocations did
not check for existing buffers and thus did not free them. Now, the
driver will check for an existing buffer and free it if not of the
correct size, before trying to alloc a new one.
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
64bit BAR sizes are permissible with an NTB device. To support them
various modifications and clean-ups were required, most significantly
using 2 32bit scratch pad registers for each BAR.
Also, modify the driver to allow more than 2 Memory Windows.
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
->remote_rx_info and ->rx_info are struct ntb_rx_info pointers. If we
add sizeof(struct ntb_rx_info) then it goes too far.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
These tests are off by one. If "mw" is equal to NTB_NUM_MW then we
would go beyond the end of the ndev->mw[] array.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
Correct instances of variable dereferencing before checking its value on
the functions exported to the client drivers. Also, add sanity checks
for all exported functions.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jon Mason <jon.mason@intel.com>
|
|
It is possible for one thread to to take se_sess->sess_cmd_lock in
core_tmr_abort_task() before taking a reference count on
se_cmd->cmd_kref, while another thread in target_put_sess_cmd() drops
se_cmd->cmd_kref before taking se_sess->sess_cmd_lock.
This introduces kref_put_spinlock_irqsave() and uses it in
target_put_sess_cmd() to close the race window.
Signed-off-by: Joern Engel <joern@logfs.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
|
This patch fixes a regression bug introduced in v3.9-rc1 where if the
underlying struct block_device for a IBLOCK backend is configured with
WCE=1 + DPOFUA=1 settings, the rw = WRITE assignment no longer occurs
in iblock_execute_rw(), and rw = 0 is passed to iblock_submit_bios()
in effect causing a READ bio operation to occur.
The offending commit is:
commit d0c8b259f8970d39354c1966853363345d401330
Author: Nicholas Bellinger <nab@linux-iscsi.org>
Date: Tue Jan 29 22:10:06 2013 -0800
target/iblock: Use backend REQ_FLUSH hint for WriteCacheEnabled status
Note the WCE=1 + DPOFUA=0, WCE=0 + DPOFUA=1, and WCE=0 + DPOFUA=0 cases
are not affected by this regression bug.
Reported-by: Chris Boot <bootc@bootc.net>
Tested-by: Chris Boot <bootc@bootc.net>
Reported-by: Hannes Reinecke <hare@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
|
|
Kay Sievers noted that the ALWAYS_USE_PERSISTENT_CLOCK config,
which enables some minor compile time optimization to avoid
uncessary code in mostly the suspend/resume path could cause
problems for userland.
In particular, the dependency for RTC_HCTOSYS on
!ALWAYS_USE_PERSISTENT_CLOCK, which avoids setting the time
twice and simplifies suspend/resume, has the side effect
of causing the /sys/class/rtc/rtcN/hctosys flag to always be
zero, and this flag is commonly used by udev to setup the
/dev/rtc symlink to /dev/rtcN, which can cause pain for
older applications.
While the udev rules could use some work to be less fragile,
breaking userland should strongly be avoided. Additionally
the compile time optimizations are fairly minor, and the code
being optimized is likely to be reworked in the future, so
lets revert this change.
Reported-by: Kay Sievers <kay@vrfy.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Cc: stable <stable@vger.kernel.org> #3.9
Cc: Feng Tang <feng.tang@intel.com>
Cc: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Link: http://lkml.kernel.org/r/1366828376-18124-1-git-send-email-john.stultz@linaro.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
* pm-fixes:
PM / hibernate: Correct documentation
PM / Documentation: remove inaccurate suspend/hibernate transition lantency statement
PM: Documentation update for freeze state
PM: Avoid calling kfree() under spinlock in dev_pm_put_subsys_data()
|
|
* acpi-fixes:
ACPI / AC: Add sleep quirk for Thinkpad e530
ACPI / EC: Restart transaction even when the IBF flag set
ACPI video: ignore BIOS initial backlight value for HP 1000
ACPI: Fix section to __init. Align with usage in acpixf.h
ACPI / PM: Move processor suspend/resume to syscore_ops
|
|
Use vzalloc() instead of vmalloc() and memset(0).
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
|
Pull networking fixes from David Miller:
"Several small bug fixes all over:
1) be2net driver uses wrong payload length when submitting MAC list
get requests to the chip. From Sathya Perla.
2) Fix mwifiex memory leak on driver unload, from Amitkumar Karwar.
3) Prevent random memory access in batman-adv, from Marek Lindner.
4) batman-adv doesn't check for pskb_trim_rcsum() errors, also from
Marek Lindner.
5) Fix fec crashes on rapid link up/down, from Frank Li.
6) Fix inner protocol grovelling in GSO, from Pravin B Shelar.
7) Link event validation fix in qlcnic from Rajesh Borundia.
8) Not all FEC chips can support checksum offload, fix from Shawn
Guo.
9) EXPORT_SYMBOL + inline doesn't make any sense, from Denis Efremov.
10) Fix race in passthru mode during device removal in macvlan, from
Jiri Pirko.
11) Fix RCU hash table lookup socket state race in ipv6, leading to
NULL pointer derefs, from Eric Dumazet.
12) Add several missing HAS_DMA kconfig dependencies, from Geert
Uyttterhoeven.
13) Fix bogus PCI resource management in 3c59x driver, from Sergei
Shtylyov.
14) Fix info leak in ipv6 GRE tunnel driver, from Amerigo Wang.
15) Fix device leak in ipv6 IPSEC policy layer, from Cong Wang.
16) DMA mapping leak fix in qlge from Thadeu Lima de Souza Cascardo.
17) Missing iounmap on probe failure in bna driver, from Wei Yongjun."
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (40 commits)
bna: add missing iounmap() on error in bnad_init()
qlge: fix dma map leak when the last chunk is not allocated
xfrm6: release dev before returning error
ipv6,gre: do not leak info to user-space
virtio_net: use default napi weight by default
emac: Fix EMAC soft reset on 460EX/GT
3c59x: fix PCI resource management
caif: CAIF_VIRTIO should depend on HAS_DMA
net/ethernet: MACB should depend on HAS_DMA
net/ethernet: ARM_AT91_ETHER should depend on HAS_DMA
net/wireless: ATH9K should depend on HAS_DMA
net/ethernet: STMMAC_ETH should depend on HAS_DMA
net/ethernet: NET_CALXEDA_XGMAC should depend on HAS_DMA
ipv6: do not clear pinet6 field
macvlan: fix passthru mode race between dev removal and rx path
ipv4: ip_output: remove inline marking of EXPORT_SYMBOL functions
net/mlx4: Strengthen VLAN tags/priorities enforcement in VST mode
net/mlx4_core: Add missing report on VST and spoof-checking dev caps
net: fec: enable hardware checksum only on imx6q-fec
qlcnic: Fix validation of link event command.
...
|
|
Add code to rbd_img_obj_exists_callback() to detect when a clone's
parent image has disappeared, and re-submit the original write
request in that case.
Kill off some redundant assertions.
This completes the resolution for:
http://tracker.ceph.com/issues/3763
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
Add code to rbd_img_parent_read_full_callback() to detect when a
clone's parent image has disappeared, and re-submit the original
write request in that case. (See the previous commit for more
reasoning about why this is appropriate.)
Rename some variables in rbd_img_obj_parent_read_full_callback()
to match the convention used in the previous patch.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
If a clone image gets flattened while a parent read request is
underway, the original rbd object request needs to be resubmitted.
The reason is that by the time we get the response to the parent
read request, the data read from the parent may be out of date.
In other words, we could see this sequence of events:
rbd client parent image/osd
---------- ----------------
original object ENOENT;
issue parent read
respond to parent read
child image flattened
original image header refresh
<--- original object written independently here
parent read response received
Add code to rbd_img_parent_read_callback() to detect when a clone's
parent image has disappeared (as evidenced by its parent overlap
becoming 0), and re-submit the original read request in that case.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
A format 2 clone image can be the subject of a "flatten" operation,
during which all of its data gets "copied up" from its parent image,
leaving the image fully populated. Once this is complete, the
clone's association with the parent is abolished.
Since this can occur when a clone is mapped, we need to detect when
it has occurred and handle it accordingly. We know an image has
been flattened when we know it at one time had a parent, but we have
learned (via a "get_parent" object class method call) it no longer
has one.
There might be in-flight requests at the point we learn an image has
been flattened, so we can't simply clean up parent data structures
right away. Instead, we'll drop the initial parent reference when
the parent has disappeared (rather than when the image gets
destroyed), which will allow the last in-flight reference to clean
things up when it's complete.
We leverage the fact that a zero parent overlap renders an image
effectively unlayered. We set the overlap to 0 at the point we
detect the clone image has flattened, which allows the unlayered
behavior to take effect immediately, while keeping other parent
structures in place until in-flight requests to complete.
This and the next few patches resolve:
http://tracker.ceph.com/issues/3763
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
Keep a reference count for uses of the parent information for an rbd
device.
An initial reference is set in rbd_img_request_create() if the
target image has a parent (with non-zero overlap). Each image
request for an image with a non-zero parent overlap gets another
reference when it's created, and that reference is dropped when the
request is destroyed.
The initial reference is dropped when the image gets torn down.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
Define rbd_parent_request_create() and rbd_parent_request_destroy()
to handle the creation of parent image requests submitted for
layered image objects. For simplicity, let rbd_img_request_put()
handle dropping the reference to any image request (parent or not),
and call whichever destructor is appropriate on the last put.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
Define rbd_dev_unparent() to encapsulate cleaning up parent data
structures from a layered rbd image.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
Previously when a layered write was going to involve a copyup
request, the original osd request was released before submitting the
parent full-object read. The osd request for the copyup would then
be allocated in rbd_img_obj_parent_read_full_callback().
Shortly we will be handling the event of mapped layered images
getting flattened, and when that occurs we need to resubmit the
original request. We therefore don't want to release the osd
request until we really konw we're going to replace it--in the
callback function.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
Get parent info for format 2 images on every refresh (rather than
just during the initial probe). This will be needed to detect the
disappearance of the parent image in the event a mapped image
becomes unlayered (i.e., flattened). Avoid leaking the previous
parent spec on the second and subsequent times this information is
requested by dropping the previous one (if any) before updating it.
(Also, extract the pool id into a local variable before assigning
it into the parent spec.)
Switch to using a non-zero parent overlap value rather than the
existence of a parent (a non-null parent_spec pointer) to determine
whether to mark a request layered. It will soon be possible for
a layered image to become unlayered while a request is in flight.
This means that the layered flag for an image request indicates that
there was a non-zero parent overlap at the time the image request
was created. The parent overlap can change thereafter, which may
lead to special handling at request submission or completion time.
This and the next several patches are related to:
http://tracker.ceph.com/issues/3763
NOTE:
If an error occurs while refreshing the parent info (i.e.,
requesting it after initial probe), the old parent info will
persist. This is not really correct, and is a scenario that needs
to be addressed. For now we'll assert that the failure mode is
unlikely, but the issue has been documented in tracker issue 5040.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
Add the missing iounmap() before return from bnad_init()
in the error handling case.
Introduced by commit 01b54b1451853593739816a392485c4e2bee7dda
(bna: tx rx cleanup fix).
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
qlge allocates chunks from a page that it maps and unmaps that page when
the last chunk is released. When the driver is unloaded or the card is
removed, all chunks are released and the page is unmapped for the last
chunk.
However, when the last chunk of a page is not allocated and the device
is removed, that page is not unmapped. In fact, its last reference is
not put and there's also a page leak. This bug prevents a device from
being properly hotplugged.
When the DMA API debug option is enabled, the following messages show
the pending DMA allocation after we remove the driver.
This patch fixes the bug by unmapping and putting the page from the ring
if its last chunk has not been allocated.
pci 0005:98:00.0: DMA-API: device driver has pending DMA allocations while released from device [count=1]
One of leaked entries details: [device address=0x0000000060a80000] [size=65536 bytes] [mapped with DMA_FROM_DEVICE] [mapped as page]
------------[ cut here ]------------
WARNING: at lib/dma-debug.c:746
Modules linked in: qlge(-) rpadlpar_io rpaphp pci_hotplug fuse [last unloaded: qlge]
NIP: c0000000003fc3ec LR: c0000000003fc3e8 CTR: c00000000054de60
REGS: c0000003ee9c74e0 TRAP: 0700 Tainted: G O (3.7.2)
MSR: 8000000000029032 <SF,EE,ME,IR,DR,RI> CR: 28002424 XER: 00000001
SOFTE: 1
CFAR: c0000000007a39c8
TASK = c0000003ee8d5c90[8406] 'rmmod' THREAD: c0000003ee9c4000 CPU: 31
GPR00: c0000000003fc3e8 c0000003ee9c7760 c000000000c789f8 00000000000000ee
GPR04: 0000000000000000 00000000000000ef 0000000000004000 0000000000010000
GPR08: 00000000000000be c000000000b22088 c000000000c4c218 00000000007c0000
GPR12: 0000000028002422 c00000000ff26c80 0000000000000000 000001001b0f1b40
GPR16: 00000000100cb9d8 0000000010093088 c000000000cdf910 0000000000000001
GPR20: 0000000000000000 c000000000dbfc00 0000000000000000 c000000000dbfb80
GPR24: c0000003fafc9d80 0000000000000001 000000000001ff80 c0000003f38f7888
GPR28: c000000000ddfc00 0000000000000400 c000000000bd7790 c000000000ddfb80
NIP [c0000000003fc3ec] .dma_debug_device_change+0x22c/0x2b0
LR [c0000000003fc3e8] .dma_debug_device_change+0x228/0x2b0
Call Trace:
[c0000003ee9c7760] [c0000000003fc3e8] .dma_debug_device_change+0x228/0x2b0 (unreliable)
[c0000003ee9c7840] [c00000000079a098] .notifier_call_chain+0x78/0xf0
[c0000003ee9c78e0] [c0000000000acc20] .__blocking_notifier_call_chain+0x70/0xb0
[c0000003ee9c7990] [c0000000004a9580] .__device_release_driver+0x100/0x140
[c0000003ee9c7a20] [c0000000004a9708] .driver_detach+0x148/0x150
[c0000003ee9c7ac0] [c0000000004a8144] .bus_remove_driver+0xc4/0x150
[c0000003ee9c7b60] [c0000000004aa58c] .driver_unregister+0x8c/0xe0
[c0000003ee9c7bf0] [c0000000004090b4] .pci_unregister_driver+0x34/0xf0
[c0000003ee9c7ca0] [d000000002231194] .qlge_exit+0x1c/0x34 [qlge]
[c0000003ee9c7d20] [c0000000000e36d8] .SyS_delete_module+0x1e8/0x290
[c0000003ee9c7e30] [c0000000000098d4] syscall_exit+0x0/0x94
Instruction dump:
7f26cb78 e818003a e87e81a0 e8f80028 e9180030 796b1f24 78001f24 7d6a5a14
7d2a002a e94b0020 483a7595 60000000 <0fe00000> 2fb80000 40de0048 80120050
---[ end trace 4294f9abdb01031d ]---
Mapped at:
[<d000000002222f54>] .ql_update_lbq+0x384/0x580 [qlge]
[<d000000002227bd0>] .ql_clean_inbound_rx_ring+0x300/0xc60 [qlge]
[<d0000000022288cc>] .ql_napi_poll_msix+0x39c/0x5a0 [qlge]
[<c0000000006b3c50>] .net_rx_action+0x170/0x300
[<c000000000081840>] .__do_softirq+0x170/0x300
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
Acked-by: Jitendra Kalsaria <Jitendra.kalsaria@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
An rbd clone image that has an overlap with its parent of 0 is
effectively not a layered image at all. Detect this case and treat
such an image as non-layered. Issue a warning to be sure the user
knows what's going on.
This resolves:
http://tracker.ceph.com/issues/5028
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
Currently, rbd_img_obj_parent_read_full() assumes the incoming
object request contains bio data. But if a layered image is part of
a multi-layer stack of images it will result in read requests of
page data to parent images.
This is handling the same kind of issue as was resolved by this
commit:
5b2ab72d rbd: support reading parent page data
This resolves:
http://tracker.ceph.com/issues/5027
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
|
The code that reads object data from the parent for a copyup on
write request currently assumes that the size of that request is the
size of a "full" object from the original target image.
That is not necessarily the case. The parent overlap could reduce
the request size below that. To fix that assumption we need to
record the number of pages in the copyup_pages array, for both an
image request and an object request. Rename a local variable in
rbd_img_obj_parent_read_full_callback() to reflect we're recording
the length of the parent read request, not the size of the target
object.
This resolves:
http://tracker.ceph.com/issues/5038
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
|
