Linus Torvalds [Wed, 20 Aug 2014 23:33:21 +0000 (18:33 -0500)]
Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
"Most important fixes in this set include three SMB3 fixes for stable
(including fix for possible kernel oops), and a workaround to allow
writes to Mac servers (only cifs dialect, not more current SMB2.1,
worked to Mac servers). Also fallocate support added, and lease fix
from Jeff"
* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
[SMB3] Enable fallocate -z support for SMB3 mounts
enable fallocate punch hole ("fallocate -p") for SMB3
Incorrect error returned on setting file compressed on SMB2
CIFS: Fix wrong directory attributes after rename
CIFS: Fix SMB2 readdir error handling
[CIFS] Possible null ptr deref in SMB2_tcon
[CIFS] Workaround MacOS server problem with SMB2.1 write response
cifs: handle lease F_UNLCK requests properly
Cleanup sparse file support by creating worker function for it
Add sparse file support to SMB2/SMB3 mounts
Add missing definitions for CIFS File System Attributes
cifs: remove unused function cifs_oplock_break_wait
Linus Torvalds [Wed, 20 Aug 2014 23:32:16 +0000 (18:32 -0500)]
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull filesystem fixes from Jan Kara:
"udf, isofs, and ext3 bug fixes"
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
ext3: Count internal journal as bsddf overhead in ext3_statfs
isofs: Fix unbounded recursion when processing relocated directories
udf: avoid unneeded up_write when fail to add entry in ->symlink
Linus Torvalds [Wed, 20 Aug 2014 23:22:10 +0000 (18:22 -0500)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
"Reverting a 3.16 patch, fixing two bugs in device assignment (one has
a CVE), and fixing some problems introduced during the merge window
(the CMA bug came in via Andrew, the x86 ones via yours truly)"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it
Revert "KVM: x86: Increase the number of fixed MTRR regs to 10"
KVM: x86: do not check CS.DPL against RPL during task switch
KVM: x86: Avoid emulating instructions on #UD mistakenly
PC, KVM, CMA: Fix regression caused by wrong get_order() use
kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
Linus Torvalds [Wed, 20 Aug 2014 23:20:50 +0000 (18:20 -0500)]
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"These are the two bug fixes I mentioned in the final merge window
pull. One is a reversed logic check in the device busy tests which
can cause a nasty hang and another crash seen in the new SCSI pool
support if the use count ever goes to zero"
[ The device busy test already got merged from a patch earlier, so is
now duplicated. ]
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
[SCSI] save command pool address of Scsi_Host
[SCSI] fix qemu boot hang problem
Guenter Roeck [Sun, 10 Aug 2014 12:54:25 +0000 (05:54 -0700)]
scsi: Fix qemu boot hang problem
The latest kernel fails to boot qemu arm images when using scsi
for disk access. Boot gets stuck after the following messages.
brd: module loaded
sym53c8xx 0000:00:0c.0: enabling device (0100 -> 0103)
sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 93
sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking
sym0: SCSI BUS has been reset.
scsi host0: sym-2.2.3
Bisect points to commit 71e75c97f97a ("scsi: convert device_busy to
atomic_t"). Code inspection shows the following suspicious change
in scsi_request_fn.
out_delay:
- if (sdev->device_busy == 0 && !scsi_device_blocked(sdev))
+ if (atomic_read(&sdev->device_busy) && !scsi_device_blocked(sdev))
blk_delay_queue(q, SCSI_QUEUE_DELAY);
}
'sdev->device_busy == 0' was replaced with 'atomic_read(&sdev->device_busy)',
meaning the logic was reversed. Changing this expression to
'!atomic_read(&sdev->device_busy)' fixes the problem.
Jan Kara [Sun, 17 Aug 2014 09:49:57 +0000 (11:49 +0200)]
isofs: Fix unbounded recursion when processing relocated directories
We did not check relocated directory in any way when processing Rock
Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
entry pointing to another CL entry leading to possibly unbounded
recursion in kernel code and thus stack overflow or deadlocks (if there
is a loop created from CL entries).
Fix the problem by not allowing CL entry to point to a directory entry
with CL entry (such use makes no good sense anyway) and by checking
whether CL entry doesn't point to itself.
CC: stable@vger.kernel.org Reported-by: Chris Evans <cevans@google.com> Signed-off-by: Jan Kara <jack@suse.cz>
Linus Torvalds [Tue, 19 Aug 2014 14:47:01 +0000 (09:47 -0500)]
Merge tag 'md/3.17-fixes' of git://neil.brown.name/md
Pull md bugfixes from Neil Brown:
"Here are the bug-fixes I promised :-)
Funny how you start looking for one and other start appearing.
- raid6 data corruption during recovery
- raid6 livelock
- raid10 memory leaks"
* tag 'md/3.17-fixes' of git://neil.brown.name/md:
md/raid10: always initialise ->state on newly allocated r10_bio
md/raid10: avoid memory leak on error path during reshape.
md/raid10: Fix memory leak when raid10 reshape completes.
md/raid10: fix memory leak when reshaping a RAID10.
md/raid6: avoid data corruption during recovery of double-degraded RAID6
md/raid5: avoid livelock caused by non-aligned writes.
NVIDIA Tegra
- Add debugfs support (Thierry Reding)
Synopsys DesignWare
- Look for configuration space in 'reg', not 'ranges' (Kishon Vijay Abraham I)
- Program ATU with untranslated address (Kishon Vijay Abraham I)
- Add config access-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
- Add MSI-related pcie_host_ops for v3.65 hardware (Murali Karicheri)
TI DRA7xx
- Add TI DR7xx PCIe driver (Kishon Vijay Abraham I)"
* tag 'pci-v3.17-changes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: designware: Add MSI-related pcie_host_ops for v3.65 hardware
PCI: designware: Add config access-related pcie_host_ops for v3.65 hardware
PCI: dra7xx: Add TI DRA7xx PCIe driver
PCI: designware: Program ATU with untranslated address
PCI: designware: Look for configuration space in 'reg', not 'ranges'
PCI: tegra: Add debugfs support
PCI: mvebu: Remove ARCH_KIRKWOOD dependency
Linus Torvalds [Tue, 19 Aug 2014 14:43:48 +0000 (09:43 -0500)]
Merge tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux
Pull devicetree fixes from Grant Likely:
"Three more commits needed for v3.17: A bug fix for reserved regions
based at address zero, a clarification on how to interpret existence
of both interrupts and interrupts-extended properties, and a fix to
allow device tree testcases to run on any platform"
* tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux:
of/irq: Fix lookup to use 'interrupts-extended' property first
Enabling OF selftest to run without machine's devicetree
of: Allow mem_reserve of memory with a base address of zero
Chen Gang [Fri, 8 Aug 2014 15:37:59 +0000 (23:37 +0800)]
virt/kvm/assigned-dev.c: Set 'dev->irq_source_id' to '-1' after free it
As a generic function, deassign_guest_irq() assumes it can be called
even if assign_guest_irq() is not be called successfully (which can be
triggered by ioctl from user mode, indirectly).
So for assign_guest_irq() failure process, need set 'dev->irq_source_id'
to -1 after free 'dev->irq_source_id', or deassign_guest_irq() may free
it again.
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
SeaBIOS has a limit on the number of MTRRs that it can handle,
and this patch exceeded the limit. Better revert it.
Thanks to Nadav Amit for debugging the cause.
Cc: stable@nongnu.org Reported-by: Wanpeng Li <wanpeng.li@linux.intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 18 Aug 2014 11:15:51 +0000 (13:15 +0200)]
KVM: x86: do not check CS.DPL against RPL during task switch
This reverts the check added by commit 5045b468037d (KVM: x86: check CS.DPL
against RPL during task switch, 2014-05-15). Although the CS.DPL=CS.RPL
check is mentioned in table 7-1 of the SDM as causing a #TSS exception,
it is not mentioned in table 6-6 that lists "invalid TSS conditions"
which cause #TSS exceptions. In fact it causes some tests to fail, which
pass on bare-metal.
Keep the rest of the commit, since we will find new uses for it in 3.18.
Reported-by: Nadav Amit <namit@cs.technion.ac.il> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Wed, 13 Aug 2014 13:50:13 +0000 (16:50 +0300)]
KVM: x86: Avoid emulating instructions on #UD mistakenly
Commit d40a6898e5 mistakenly caused instructions which are not marked as
EmulateOnUD to be emulated upon #UD exception. The commit caused the check of
whether the instruction flags include EmulateOnUD to never be evaluated. As a
result instructions whose emulation is broken may be emulated. This fix moves
the evaluation of EmulateOnUD so it would be evaluated.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
[Tweak operand order in &&, remove EmulateOnUD where it's now superfluous.
- Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
PC, KVM, CMA: Fix regression caused by wrong get_order() use
fc95ca7284bc54953165cba76c3228bd2cdb9591 claims that there is no
functional change but this is not true as it calls get_order() (which
takes bytes) where it should have called order_base_2() and the kernel
stops on VM_BUG_ON().
This replaces get_order() with order_base_2() (round-up version of ilog2).
Suggested-by: Paul Mackerras <paulus@samba.org> Cc: Alexander Graf <agraf@suse.de> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.
By making gfn very large, malicious guest or userspace can cause kvm to
go to this error path, and subsequently to pass a huge value as size.
Alternatively if gfn is small, then pages would be pinned but never
unpinned, causing host memory leak and local DOS.
Passing a reasonable but large value could be the most dangerous case,
because it would unpin a page that should have stayed pinned, and thus
allow the device to DMA into arbitrary memory. However, this cannot
happen because of the condition that can trigger the error:
- out of memory (where you can't allocate even a single page)
should not be possible for the attacker to trigger
- when exceeding the iommu's address space, guest pages after gfn
will also exceed the iommu's address space, and inside
kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The
page thus would not be unpinned at all.
Reported-by: Jack Morgenstein <jackm@mellanox.com> Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
NeilBrown [Mon, 18 Aug 2014 04:38:45 +0000 (14:38 +1000)]
md/raid10: always initialise ->state on newly allocated r10_bio
Most places which allocate an r10_bio zero the ->state, some don't.
As the r10_bio comes from a mempool, and the allocation function uses
kzalloc it is often zero anyway. But sometimes it isn't and it is
best to be safe.
I only noticed this because of the bug fixed by an earlier patch
where the r10_bios allocated for a reshape were left around to
be used by a subsequent resync. In that case the R10BIO_IsReshape
flag caused problems.
NeilBrown [Mon, 18 Aug 2014 03:59:50 +0000 (13:59 +1000)]
md/raid10: Fix memory leak when raid10 reshape completes.
When a raid10 commences a resync/recovery/reshape it allocates
some buffer space.
When a resync/recovery completes the buffer space is freed. But not
when the reshape completes.
This can result in a small memory leak.
There is a subtle side-effect of this bug. When a RAID10 is reshaped
to a larger array (more devices), the reshape is immediately followed
by a "resync" of the new space. This "resync" will use the buffer
space which was allocated for "reshape". This can cause problems
including a "BUG" in the SCSI layer. So this is suitable for -stable.
NeilBrown [Mon, 18 Aug 2014 03:56:38 +0000 (13:56 +1000)]
md/raid10: fix memory leak when reshaping a RAID10.
raid10 reshape clears unwanted bits from a bio->bi_flags using
a method which, while clumsy, worked until 3.10 when BIO_OWNS_VEC
was added.
Since then it clears that bit but shouldn't. This results in a
memory leak.
So change to used the approved method of clearing unwanted bits.
As this causes a memory leak which can consume all of memory
the fix is suitable for -stable.
NeilBrown [Tue, 12 Aug 2014 23:57:07 +0000 (09:57 +1000)]
md/raid6: avoid data corruption during recovery of double-degraded RAID6
During recovery of a double-degraded RAID6 it is possible for
some blocks not to be recovered properly, leading to corruption.
If a write happens to one block in a stripe that would be written to a
missing device, and at the same time that stripe is recovering data
to the other missing device, then that recovered data may not be written.
This patch skips, in the double-degraded case, an optimisation that is
only safe for single-degraded arrays.
Bug was introduced in 2.6.32 and fix is suitable for any kernel since
then. In an older kernel with separate handle_stripe5() and
handle_stripe6() functions the patch must change handle_stripe6().
Cc: stable@vger.kernel.org (2.6.32+) Fixes: 6c0069c0ae9659e3a91b68eaed06a5c6c37f45c8 Cc: Yuri Tikhonov <yur@emcraft.com> Cc: Dan Williams <dan.j.williams@intel.com> Reported-by: "Manibalan P" <pmanibalan@amiindia.co.in> Tested-by: "Manibalan P" <pmanibalan@amiindia.co.in>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1090423 Signed-off-by: NeilBrown <neilb@suse.de> Acked-by: Dan Williams <dan.j.williams@intel.com>
NeilBrown [Tue, 12 Aug 2014 23:48:45 +0000 (09:48 +1000)]
md/raid5: avoid livelock caused by non-aligned writes.
If a stripe in a raid6 array received a write to each data block while
the array is degraded, and if any of these writes to a missing device
are not page-aligned, then a live-lock happens.
In this case the P and Q blocks need to be read so that the part of
the missing block which is *not* being updated by the write can be
constructed. Due to a logic error, these blocks are not loaded, so
the update cannot proceed and the stripe is 'handled' repeatedly in an
infinite loop.
This bug is unlikely as most writes are page aligned. However as it
can lead to a livelock it is suitable for -stable. It was introduced
in 3.16.
Steve French [Sun, 17 Aug 2014 23:16:40 +0000 (18:16 -0500)]
[SMB3] Enable fallocate -z support for SMB3 mounts
fallocate -z (FALLOC_FL_ZERO_RANGE) can map to SMB3
FSCTL_SET_ZERO_DATA SMB3 FSCTL but FALLOC_FL_ZERO_RANGE
when called without the FALLOC_FL_KEEPSIZE flag set could want
the file size changed so we can not support that subcase unless
the file is cached (and thus we know the file size).
Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Pavel Shilovsky <pshilovsky@samba.org>
Steve French [Sun, 17 Aug 2014 13:38:47 +0000 (08:38 -0500)]
enable fallocate punch hole ("fallocate -p") for SMB3
Implement FALLOC_FL_PUNCH_HOLE (which does not change the file size
fortunately so this matches the behavior of the equivalent SMB3
fsctl call) for SMB3 mounts. This allows "fallocate -p" to work.
It requires that the server support setting files as sparse
(which Windows allows).
Steve French [Sun, 17 Aug 2014 11:43:58 +0000 (06:43 -0500)]
Incorrect error returned on setting file compressed on SMB2
When the server (for an SMB2 or SMB3 mount) doesn't support
an ioctl (such as setting the compressed flag
on a file) we were incorrectly returning EIO instead
of EOPNOTSUPP, this is confusing e.g. doing chattr +c to a file
on a non-btrfs Samba partition, now the error returned is more
intuitive to the user. Also fixes error mapping on setting
hardlink to servers which don't support that.
Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: David Disseldorp <ddiss@suse.de>
Pavel Shilovsky [Mon, 18 Aug 2014 16:49:58 +0000 (20:49 +0400)]
CIFS: Fix wrong directory attributes after rename
When we requests rename we also need to update attributes
of both source and target parent directories. Not doing it
causes generic/309 xfstest to fail on SMB2 mounts. Fix this
by marking these directories for force revalidating.
Cc: <stable@vger.kernel.org> Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
Pavel Shilovsky [Mon, 18 Aug 2014 16:49:57 +0000 (20:49 +0400)]
CIFS: Fix SMB2 readdir error handling
SMB2 servers indicates the end of a directory search with
STATUS_NO_MORE_FILE error code that is not processed now.
This causes generic/257 xfstest to fail. Fix this by triggering
the end of search by this error code in SMB2_query_directory.
Also when negotiating CIFS protocol we tell the server to close
the search automatically at the end and there is no need to do
it itself. In the case of SMB2 protocol, we need to close it
explicitly - separate close directory checks for different
protocols.
Cc: <stable@vger.kernel.org> Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org> Signed-off-by: Steve French <smfrench@gmail.com>
Linus Torvalds [Sat, 16 Aug 2014 15:32:27 +0000 (09:32 -0600)]
Merge branch 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86
Pull x86 platform driver updates from Matthew Garrett:
"A moderate number of changes, but nothing awfully significant.
A lot of const cleanups, some reworking and additions to the rfkill
quirks in the asus driver, a new driver for generating falling laptop
events on Toshibas and some misc fixes.
Maybe vendors have stopped inventing things"
* 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86: (41 commits)
platform/x86: Enable build support for toshiba_haps
Documentation: Add file about toshiba_haps module
platform/x86: Toshiba HDD Active Protection Sensor
asus-nb-wmi: Add wapf4 quirk for the U32U
alienware-wmi: make hdmi_mux enabled on case-by-case basis
ideapad-laptop: Constify DMI table and other r/o variables
asus-nb-wmi.c: Rename x401u quirk to wapf4
compal-laptop: correct invalid hwmon name
toshiba_acpi: Add Qosmio X75-A to the alt keymap dmi list
toshiba_acpi: Add extra check to backlight code
Fix log message about future removal of interface
ideapad-laptop: Disable touchpad interface on Yoga models
asus-nb-wmi: Add wapf4 quirk for the X550CC
intel_ips: Make ips_mcp_limits variables static
thinkpad_acpi: Mark volume_alsa_control_{vol,mute} as __initdata
fujitsu-laptop: Mark fujitsu_dmi_table[] DMI table as __initconst
hp-wmi: Add missing __init annotations to initialization code
hp_accel: Constify ACPI and DMI tables
fujitsu-tablet: Mark DMI callbacks as __init code
dell-laptop: Mark dell_quirks[] DMI table as __initconst
...
Linus Torvalds [Sat, 16 Aug 2014 15:25:34 +0000 (09:25 -0600)]
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux
Pull idle update from Len Brown:
"Two Intel-platform-specific updates to intel_idle, and a cosmetic
tweak to the turbostat utility"
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
tools/power turbostat: tweak whitespace in output format
intel_idle: Broadwell support
intel_idle: Disable Baytrail Core and Module C6 auto-demotion
Linus Torvalds [Sat, 16 Aug 2014 15:24:41 +0000 (09:24 -0600)]
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module fix from Rusty Russell:
"Nasty potential bug if someone uses a known module param with an
invalid value (we don't fail unknown module params any more, just
warn)"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
module: Clean up ro/nx after early module load failures
Linus Torvalds [Sat, 16 Aug 2014 15:06:55 +0000 (09:06 -0600)]
Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
Pull btrfs updates from Chris Mason:
"These are all fixes I'd like to get out to a broader audience.
The biggest of the bunch is Mark's quota fix, which is also in the
SUSE kernel, and makes our subvolume quotas dramatically more
accurate.
I've been running xfstests with these against your current git
overnight, but I'm queueing up longer tests as well"
* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
btrfs: disable strict file flushes for renames and truncates
Btrfs: fix csum tree corruption, duplicate and outdated checksums
Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch
Btrfs: fix compressed write corruption on enospc
btrfs: correctly handle return from ulist_add
btrfs: qgroup: account shared subtrees during snapshot delete
Btrfs: read lock extent buffer while walking backrefs
Btrfs: __btrfs_mod_ref should always use no_quota
btrfs: adjust statfs calculations according to raid profiles
Linus Torvalds [Sat, 16 Aug 2014 14:58:47 +0000 (08:58 -0600)]
Merge tag 'locks-v3.17-2' of git://git.samba.org/jlayton/linux
Pull file locking bugfixes from Jeff Layton:
"Most of these patches are to fix a long-standing regression that crept
in when the BKL was removed from the file-locking code. The code was
converted to use a conventional spinlock, but some fl_release_private
ops can block and you can end up sleeping inside the lock.
There's also a patch to make /proc/locks show delegations as 'DELEG'"
* tag 'locks-v3.17-2' of git://git.samba.org/jlayton/linux:
locks: update Locking documentation to clarify fl_release_private behavior
locks: move locks_free_lock calls in do_fcntl_add_lease outside spinlock
locks: defer freeing locks in locks_delete_lock until after i_lock has been dropped
locks: don't reuse file_lock in __posix_lock_file
locks: don't call locks_release_private from locks_copy_lock
locks: show delegations as "DELEG" in /proc/locks
Linus Torvalds [Sat, 16 Aug 2014 14:56:27 +0000 (08:56 -0600)]
Merge git://git.kvack.org/~bcrl/aio-next
Pull aio updates from Ben LaHaise.
* git://git.kvack.org/~bcrl/aio-next:
aio: use iovec array rather than the single one
aio: fix some comments
aio: use the macro rather than the inline magic number
aio: remove the needless registration of ring file's private_data
aio: remove no longer needed preempt_disable()
aio: kill the misleading rcu read locks in ioctx_add_table() and kill_ioctx()
aio: change exit_aio() to load mm->ioctx_table once and avoid rcu_read_lock()
Azael Avalos [Thu, 14 Aug 2014 15:55:38 +0000 (09:55 -0600)]
platform/x86: Toshiba HDD Active Protection Sensor
This driver adds support for the built-in accelereometer found
on recent Toshiba laptops with HID TOS620A.
This driver receives ACPI notify events 0x80 when the sensor
detects a sudden move or a harsh vibration, as well as an
ACPI notify event 0x81 whenever the movement or vibration has
been stabilized.
Also provides sysfs entries to get/set the desired protection
level and reseting the HDD protection interface.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
ideapad-laptop: Constify DMI table and other r/o variables
Constify the rfkill_blacklist[] DMI table, the ideapad_rfk_data[] table
and the ideapad_attribute_group attribute group. There's no need to have
them writeable during runtime.
Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Hans de Goede [Mon, 14 Jul 2014 07:14:34 +0000 (09:14 +0200)]
asus-nb-wmi.c: Rename x401u quirk to wapf4
The actual x401u does not use the so named x401u quirk but the x55u quirk.
All that the x401u quirk does it setting wapf to 4, so rename it to wapf4 to
stop the confusion.
Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Roald Frederickx [Wed, 13 Aug 2014 20:40:14 +0000 (13:40 -0700)]
compal-laptop: correct invalid hwmon name
Change the name of the hwmon interface from "compal-laptop" to "compal".
A dash is an invalid character for a hwmon name and caused the call to
hwmon_device_register_with_groups() to fail.
Signed-off-by: Roald Frederickx <roald.frederickx@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Azael Avalos [Mon, 4 Aug 2014 15:21:01 +0000 (09:21 -0600)]
toshiba_acpi: Add extra check to backlight code
Some Toshiba models (most notably Qosmios) come with an
incomplete backlight method where the AML code doesn't
check for write or read commands and always returns
HCI_SUCCESS and the actual brightness (and in some
cases the max brightness), thus allowing the backlight
interface to be registered without write support.
This patch changes the set_lcd_brightness function,
checking the returned values for values greater than
zero to avoid registering a broken backlight interface.
Signed-off-by: Azael Avalos <coproscefalo@gmail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
thinkpad_acpi: Mark volume_alsa_control_{vol,mute} as __initdata
Mark volume_alsa_control_vol and volume_alsa_control_mute as __initdata,
as snd_ctl_new1() will copy the relevant parts, so there is no need to
keep the master copies around after initialization.
Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Henrique de Moraes Holschuh <ibm-acpi@hmh.eng.br> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
fujitsu-laptop: Mark fujitsu_dmi_table[] DMI table as __initconst
The DMI table is only ever used during initialization. Mark it as
__initconst so its memory can be released afterwards -- roughly 1.5 kB.
In turn, the callback functions can be marked with __init, too.
Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Jonathan Woithe <jwoithe@just42.net> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
dell-laptop: Mark dell_quirks[] DMI table as __initconst
The dell_quirks[] DMI table is only ever used during initialization.
Mark it as __initconst so its memory can be released afterwards --
roughly 5.7 kB. In turn, the callback function can be marked with
__init, too.
Also the touchpad_led_init() function can be marked __init as it's only
referenced from dell_init() -- an __init function.
Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Quite a lot of code and data of acer-wmi.c is only ever used during
initialization. Mark those accordingly -- and constify, where
appropriate -- so the memory can be released afterwards.
All in all those changes move ~10 kB of code and data to the .init
sections, marking them for release after initialization has finished.
The DMI table is only ever used during initialization. Mark it as
__initconst so its memory can be released appropriately. In turn, the
callback function can be marked with __init, too.
Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
acer-wmi: Hide acer_{suspend,resume} for !CONFIG_PM_SLEEP
Encapsulate acer_suspend() and acer_resume with #ifdef CONFIG_PM_SLEEP
to get rid of the following warnings:
../acer-wmi.c:2046:12: warning: ‘acer_suspend’ defined but not used [-Wunused-function]
../acer-wmi.c:2068:12: warning: ‘acer_resume’ defined but not used [-Wunused-function]
This patch removes the null test on block. block is initialized at the
beginning of the function to &wblock->gblock. Since wblock is
dereferenced prior to the null test, wblock must be a valid pointer,
and &wblock->gblock cannot be null.
The following Coccinelle script is used for detecting the change:
AceLan Kao [Wed, 9 Jul 2014 08:18:19 +0000 (16:18 +0800)]
asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA
BIOS won't light on the wifi-led after S3, so asus-wmi driver needs to
control the wifi and wifi-led status.
But, it'll lead to bt status error if asus-wmi driver controls bt as well.
So, for X200CA, asus-wmi driver controls wifi status only and have to set
wapf to 1.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Hans de Goede [Tue, 8 Jul 2014 08:47:22 +0000 (10:47 +0200)]
asus-wmi: backlight_init: Stop treating -ENODEV as if its not an error
When bl_power support got added to asus-wmi, the error handling for it was
written to ignore -ENODEV, to avoid not registering a backlight interface for
models which have no bl_power control, but do have brightness control.
At the same time the error handling for brightness_max was modified to do the
same, this is wrong, when there is no brightness_max asus-wmi should not
register a backlight interface.
Note the caller of asus_wmi_backlight_init already special cases -ENODEV,
and will not cause the wmi driver regristration to fail because of a
-ENODEV return from asus_wmi_backlight_init.
Hans de Goede [Tue, 8 Jul 2014 08:47:21 +0000 (10:47 +0200)]
asus-wmi: Disable acpi-video backlight on desktop machines
Some Asus motherboards for desktop PC-s export an acpi-video interface
advertising backlight support. Test the dmi chassis-type and tell acpi-video
to not register a backlight interface on desktops.
Hans de Goede [Mon, 23 Jun 2014 14:45:51 +0000 (16:45 +0200)]
ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling
It seems that the same problems which lead to adding an rfkill blacklist and
putting the Lenovo Yoga 2 11 on it are also present on the Lenovo Yoga 2 13
and Lenovo Yoga 2 Pro too:
https://bugzilla.redhat.com/show_bug.cgi?id=1021036
https://forums.lenovo.com/t5/Linux-Discussion/Yoga-2-13-not-Pro-Linux-Warning/m-p/1517612
Testing has shown that the firmware rfkill settings are persistent over
reboots. So blacklisting the driver is not good enough, if the wifi is blocked
at the firmware level the wifi needs to be explictly unblocked through the
ideapad-laptop interface.
And at least on the Lenovo Yoga 2 13 the VPCCMD_RF register which on devices
with hardware kill switch reports the hardware switch state, needs to be
explictly set to 1 (radio enabled / not blocked).
So this patch does 3 things to get proper rfkill handling on these models:
1) Instead of blacklisting the rfkill functionality, which means that people
with a firmware blocked wifi get stuck in that situation, ignore the value
reported by the not present hardware rfkill switch, as this is what is causing
ideapad-laptop to wrongly report all radios as hardware blocks. But do register
the rfkill interfaces so that the user can soft [un]block them.
2) On models without a hardware rfkill switch, explictly set VPCCMD_RF to 1
3) Drop the " 11" postfix from the dmi match string, as the entire Yoga 2
series is affected.
Yoga 2 11: Reported-and-tested-by: Vincent Gerris <vgerris@gmail.com>
Yoga 2 13: Tested-by: madls05 <http://ubuntuforums.org/showthread.php?t=2215044>
Yoga 2 Pro: Reported-and-tested-by: Peter F. Patel-Schneider <pfpschneider@gmail.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Hans de Goede [Mon, 23 Jun 2014 11:38:23 +0000 (13:38 +0200)]
thinkpad_acpi: Update mapping for F12 hotkey on *40 models to KEY_FILE
The new keyboard found on the *40 models is also being sold as a standalone
keyboard (with trackpoint):
http://shop.lenovo.com/us/en/itemdetails/0B47189/460/60AC6A0372B14F5BA7B12F1FF88E33C7
This uses a standard HUT code for the F12 key with the 6 square boxes on it,
which gets mapped to KEY_FILE by the kernel. Change the mapping done of
identical laptop key done by thinkpad_acpi to also send KEY_FILE for
consistency.
Cc: Jamie Lentin <jm@lentin.co.uk> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Jean Delvare [Mon, 16 Jun 2014 09:55:13 +0000 (11:55 +0200)]
fujitsu-laptop: Clear build warnings
When CONFIG_FUJITSU_LAPTOP_DEBUG is disabled and W=1, the
fujitsu-laptop driver builds with the following warnings:
drivers/platform/x86/fujitsu-laptop.c: In function "bl_update_status":
drivers/platform/x86/fujitsu-laptop.c:409:8: warning: suggest braces around empty body in an "if" statement [-Wempty-body]
ret);
^
drivers/platform/x86/fujitsu-laptop.c:418:8: warning: suggest braces around empty body in an "if" statement [-Wempty-body]
ret);
^
Rework the debug printk helper macro to get rid of these. I verified
that this change has no effect on the generated binary, both in the
debug and non-debug case.
Signed-off-by: Jean Delvare <jdelvare@suse.de> Acked-by: Jonathan Woithe <jwoithe@just42.net> Cc: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
of/irq: Fix lookup to use 'interrupts-extended' property first
In case the Device Tree blob passed by the boot agent supplies both an
'interrupts-extended' and an 'interrupts' property in order to allow for
older kernels to be usable, prefer the new-style 'interrupts-extended'
property which conveys a lot more information.
This allows us to have bootloaders willingly maintaining backwards
compatibility with older kernels without entirely deprecating the
'interrupts' property.
Update the bindings documentation to describe a situation where both the
'interrupts-extended' and the 'interrupts' property are present, and
which one takes precedence over the other.
Cc: stable@vger.kernel.org # 3.13+ Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Grant Likely <grant.likely@linaro.org>
Enabling OF selftest to run without machine's devicetree
If there is no devicetree present, this patch adds the selftest
data as a live devicetree. It also removes the same after the
testcase execution is complete.
Tested with and without machine's devicetree.
Signed-off-by: Gaurav Minocha <gaurav.minocha.os@gmail.com> Signed-off-by: Grant Likely <grant.likely@linaro.org>
Al Cooper [Wed, 6 Aug 2014 20:30:04 +0000 (16:30 -0400)]
of: Allow mem_reserve of memory with a base address of zero
__reserved_mem_reserve_reg() won't reserve memory if the base address
is zero. This change removes the check for a base address of zero and
allows it to be reserved.
Allowing the first 4K of memory to be reserved will help solve a
problem on some ARM systems where the the first 16K of memory is
unused and becomes allocable memory. This will prevent this memory
from being used for DMA by drivers like the USB OHCI driver which
consider a physical address of zero to be illegal.
Cc: stable@vger.kernel.org # 3.15+ Signed-off-by: Al Cooper <alcooperx@gmail.com> Signed-off-by: Grant Likely <grant.likely@linaro.org>
Steve French [Sat, 16 Aug 2014 04:49:01 +0000 (23:49 -0500)]
[CIFS] Workaround MacOS server problem with SMB2.1 write
response
Writes fail to Mac servers with SMB2.1 mounts (works with cifs though) due
to them sending an incorrect RFC1001 length for the SMB2.1 Write response.
Workaround this problem. MacOS server sends a write response with 3 bytes
of pad beyond the end of the SMB itself. The RFC1001 length is 3 bytes
more than the sum of the SMB2.1 header length + the write reponse.
Incorporate feedback from Jeff and JRA to allow servers to send
a tcp frame that is even more than three bytes too long
(ie much longer than the SMB2/SMB3 request that it contains) but
we do log it once now. In the earlier version of the patch I had
limited how far off the length field could be before we fail the request.
Linus Torvalds [Sat, 16 Aug 2014 00:28:58 +0000 (18:28 -0600)]
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull more SCSI changes from James Bottomley:
"This is a small set of updates which missed the first pull. It's more
msix updates, some iscsi and qla4xxx fixes, we also have some string
null termination fixes a return value fix and a couple of pm8001
firmware fixes.
Just a note, we do have a couple of bug fixes coming under separate
cover, but they don't have to be part of the merge window"
* tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
iscsi class: Fix freeing of skb in get host error path
scsi: fix u14-34f printk format warnings
pm8001: fix pm8001_store_update_fw
pm8001: Fix erratic calculation in update_flash
pm8001: Update MAINTAINERS list
libiscsi: return new error code when nop times out
iscsi class: fix get_host_stats return code when not supported
iscsi class: fix get_host_stats error handling
qla4xxx: fix get_host_stats error propagation
qla4xxx: check the return value of dma_alloc_coherent()
scsi: qla4xxx: ql4_mbx.c: Cleaning up missing null-terminate in conjunction with strncpy
scsi: qla4xxx: ql4_os.c: Cleaning up missing null-terminate in conjunction with strncpy
qla4xxx: Use pci_enable_msix_exact() instead of pci_enable_msix()
pm8001: Use pci_enable_msix_exact() instead of pci_enable_msix()
Linus Torvalds [Sat, 16 Aug 2014 00:16:28 +0000 (18:16 -0600)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input layer fixes from Dmitry Torokhov:
"Second round of updates for the input subsystem. Mostly small fixups
to the code merged in the first round (atmel_mxt_ts, wacom) but also a
smallish patch to xbox driver to support Xbox One controllers and a
patch to better handle Synaptics profile sensors found in Cr-48
Chromebooks that should not affect any other devices"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: edt-ft5x06 - remove superfluous assignment
Input: xpad - add support for Xbox One controllers
Input: atmel_mxt_ts - fix a few issues reported by Coverity
Input: atmel_mxt_ts - split config update a bit
Input: atmel_mxt_ts - simplify mxt_initialize a bit
Input: joystick - use get_cycles on ARMv8
Input: wacom - fix compiler warning if !CONFIG_PM
Input: cap1106 - allow changing key mapping from userspace
Input: synaptics - use firmware data for Cr-48
Input: synaptics - properly initialize slots for semi-MT
Input: MT - make slot cleanup callable outside mt_sync_frame()
Input: atmel_mxt_ts - mXT224 DMA quirk was fixed in firmware v2.0.AA
Linus Torvalds [Sat, 16 Aug 2014 00:06:56 +0000 (18:06 -0600)]
Merge tag 'sound-fix-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Here is the additional fix patches that have been queued up since the
previous pull request. A few HD-audio fixes, a USB-audio quirk
addition, and a couple of trivial cleanup for the legacy OSS codes"
* tag 'sound-fix-3.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Set TLV_DB_SCALE_MUTE bit for cx5051 vmaster
ALSA: hda/ca0132 - Don't try loading firmware at resume when already failed
ALSA: hda - Fix pop noises on reboot for Dell XPS 13 9333
ALSA: hda - Set internal mic as default input source on Dell XPS 13 9333
ALSA: usb-audio: fix BOSS ME-25 MIDI regression
ALSA: hda - Fix parsing of CMI8888 codec
ALSA: hda - Fix probing and stuttering on CMI8888 HD-audio controller
ALSA: hda/realtek - Fixed ALC286/ALC288 recording delay for Headset Mic
sound: oss: Remove typedefs wanc_info and wavnc_port_info
sound: oss: uart401: Remove typedef uart401_devc
Linus Torvalds [Fri, 15 Aug 2014 23:57:49 +0000 (17:57 -0600)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes (mostly nouveau) from Dave Airlie:
"One doc buidling fixes for a file that moved, along with a bunch of
nouveau fixes, one a build problem on ARM"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/doc: Refer to proper source file
drm/nouveau/platform: fix compilation error
drm/nouveau/gk20a: add LTC device
drm/nouveau: warn if we fail to re-pin fb on resume
drm/nouveau/nvif: fix dac load detect method definition
drm/gf100-/gr: fix -ENOSPC detection when allocating zbc table entries
drm/nouveau/nvif: return null pointers on failure, in addition to ret != 0
drm/nouveau/ltc: fix tag base address getting truncated if above 4GiB
drm/nvc0-/fb/ram: fix use of non-existant ram if partitions aren't uniform
drm/nouveau/bar: behave better if ioremap failed
drm/nouveau/kms: nouveau_fbcon_accel_fini can be static
drm/nouveau: kill unused variable warning if !__OS_HAS_AGP
drm/nouveau/nvif: fix a number of notify thinkos
Linus Torvalds [Fri, 15 Aug 2014 23:56:45 +0000 (17:56 -0600)]
Merge branch 'linux_next' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac
Pull EDAC updates from Mauro Carvalho Chehab.
* 'linux_next' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac:
sb_edac: add support for Haswell based systems
sb_edac: Fix mix tab/spaces alignments
edac: add DDR4 and RDDR4
sb_edac: remove bogus assumption on mc ordering
sb_edac: make minimal use of channel_mask
sb_edac: fix socket detection on Ivy Bridge controllers
sb_edac: update Kconfig description
sb_edac: search devices using product id
sb_edac: make RIR limit retrieval per model
sb_edac: make node id retrieval per model
sb_edac: make memory type detection per memory controller
Juergen Gross [Mon, 4 Aug 2014 11:30:02 +0000 (13:30 +0200)]
[SCSI] save command pool address of Scsi_Host
If a scsi host driver specifies .cmd_len in it's scsi_host_template, a driver's
private command pool is needed. scsi_find_host_cmd_pool() will locate it, but
scsi_alloc_host_cmd_pool() isn't saving the pool address in the host template.
This will result in an access error when the host is removed.
Avoid the problem by saving the address of a new allocated command pool where
it is expected.
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Christoph Hellwig <hch@lst.de> Fixes: 89d9a567952baec13e26ada3e438f1b642d66b6e Cc: stable@vger.kernel.org Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Guenter Roeck [Sun, 10 Aug 2014 12:54:25 +0000 (05:54 -0700)]
[SCSI] fix qemu boot hang problem
The latest kernel fails to boot qemu arm images when using scsi
for disk access. Boot gets stuck after the following messages.
brd: module loaded
sym53c8xx 0000:00:0c.0: enabling device (0100 -> 0103)
sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 93
sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking
sym0: SCSI BUS has been reset.
scsi host0: sym-2.2.3
Bisect points to commit 71e75c97f97a ("scsi: convert device_busy to
atomic_t"). Code inspection shows the following suspicious change
in scsi_request_fn.
out_delay:
- if (sdev->device_busy == 0 && !scsi_device_blocked(sdev))
+ if (atomic_read(&sdev->device_busy) && !scsi_device_blocked(sdev))
blk_delay_queue(q, SCSI_QUEUE_DELAY);
}
'sdev->device_busy == 0' was replaced with 'atomic_read(&sdev->device_busy)',
meaning the logic was reversed. Changing this expression to
'!atomic_read(&sdev->device_busy)' fixes the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Hannes Reinecke <hare@suse.de> Acked-by: Jens Axboe <axboe@fb.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Fixes: 71e75c97f97a Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Andy Lutomirski [Fri, 15 Aug 2014 18:43:37 +0000 (04:13 +0930)]
module: Clean up ro/nx after early module load failures
The commit
4982223e51e8 module: set nx before marking module MODULE_STATE_COMING.
introduced a regression: if a module fails to parse its arguments or
if mod_sysfs_setup fails, then the module's memory will be freed
while still read-only. Anything that reuses that memory will crash
as soon as it tries to write to it.
Cc: stable@vger.kernel.org # v3.16 Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Chris Mason [Tue, 12 Aug 2014 17:47:42 +0000 (10:47 -0700)]
btrfs: disable strict file flushes for renames and truncates
Truncates and renames are often used to replace old versions of a file
with new versions. Applications often expect this to be an atomic
replacement, even if they haven't done anything to make sure the new
version is fully on disk.
Btrfs has strict flushing in place to make sure that renaming over an
old file with a new file will fully flush out the new file before
allowing the transaction commit with the rename to complete.
This ordering means the commit code needs to be able to lock file pages,
and there are a few paths in the filesystem where we will try to end a
transaction with the page lock held. It's rare, but these things can
deadlock.
This patch removes the ordered flushes and switches to a best effort
filemap_flush like ext4 uses. It's not perfect, but it should fix the
deadlocks.
Filipe Manana [Sat, 9 Aug 2014 20:22:27 +0000 (21:22 +0100)]
Btrfs: fix csum tree corruption, duplicate and outdated checksums
Under rare circumstances we can end up leaving 2 versions of a checksum
for the same file extent range.
The reason for this is that after calling btrfs_next_leaf we process
slot 0 of the leaf it returns, instead of processing the slot set in
path->slots[0]. Most of the time (by far) path->slots[0] is 0, but after
btrfs_next_leaf() releases the path and before it searches for the next
leaf, another task might cause a split of the next leaf, which migrates
some of its keys to the leaf we were processing before calling
btrfs_next_leaf(). In this case btrfs_next_leaf() returns again the
same leaf but with path->slots[0] having a slot number corresponding
to the first new key it got, that is, a slot number that didn't exist
before calling btrfs_next_leaf(), as the leaf now has more keys than
it had before. So we must really process the returned leaf starting at
path->slots[0] always, as it isn't always 0, and the key at slot 0 can
have an offset much lower than our search offset/bytenr.
For example, consider the following scenario, where we have:
Because we are at the last slot of leaf N, we call btrfs_next_leaf() to
find the next highest key, which releases the current path and then searches
for that next key. However after releasing the path and before finding that
next key, the item at slot 0 of leaf N + 1 gets moved to leaf N, due to a call
to ctree.c:push_leaf_left() (via ctree.c:split_leaf()), and therefore
btrfs_next_leaf() will returns us a path again with leaf N but with the slot
pointing to its new last key (CSUM CSUM 40161280). This new version of leaf N
is then:
In other words, we insert a new csum item in the tree with key
(CSUM_OBJECTID CSUM_KEY 40157184 = sums->bytenr) that contains the checksums
for all the data (4 blocks of 4096 bytes each = sums->len). Which is wrong,
because the item with key (CSUM CSUM 40161280) (the one that was moved from
leaf N + 1 to the end of leaf N) contains the old checksums of the last 12288
bytes of our data and won't get those old checksums removed.
So this leaves us 2 different checksums for 3 4kb blocks of data in the tree,
and breaks the logical rule:
An obvious bad effect of this is that a subsequent csum tree lookup to get
the checksum of any of the blocks with logical offset of 40161280, 40165376
or 40169472 (the last 3 4kb blocks of file data), will get the old checksums.
Cc: stable@vger.kernel.org Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: Chris Mason <clm@fb.com>