1. 19 Sep, 2014 1 commit
    • Abhi Das's avatar
      GFS2: fix bad inode i_goal values during block allocation · 00a158be
      Abhi Das authored
      
      
      This patch checks if i_goal is either zero or if doesn't exist
      within any rgrp (i.e gfs2_blk2rgrpd() returns NULL). If so, it
      assigns the ip->i_no_addr block as the i_goal.
      
      There are two scenarios where a bad i_goal can result in a
      -EBADSLT error.
      
      1. Attempting to allocate to an existing inode:
      Control reaches gfs2_inplace_reserve() and ip->i_goal is bad.
      We need to fix i_goal here.
      
      2. A new inode is created in a directory whose i_goal is hosed:
      In this case, the parent dir's i_goal is copied onto the new
      inode. Since the new inode is not yet created, the ip->i_no_addr
      field is invalid and so, the fix in gfs2_inplace_reserve() as per
      1) won't work in this scenario. We need to catch and fix it sooner
      in the parent dir itself (gfs2_create_inode()), before it is
      copied to the new inode.
      
      Signed-off-by: default avatarAbhi Das <adas@redhat.com>
      Signed-off-by: default avatarSteven Whitehouse <swhiteho@redhat.com>
      00a158be
  2. 16 Sep, 2014 3 commits
  3. 15 Sep, 2014 8 commits
    • Linus Torvalds's avatar
      Merge tag 'regmap-v3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap · 2324067f
      Linus Torvalds authored
      Pull regmap fix from Mark Brown:
       "Fix registers file in debugfs
      
        Ensure that the mode reported for the registers file in debugfs is
        accurate by marking it as read only when the define to enable writes
        has not been set.  This is on the edge of being a bug fix but it's
        debugfs and it makes it much easier for users to spot what's going
        wrong when they forget to enable writeability"
      
      * tag 'regmap-v3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
        regmap: Fix debugfs-file 'registers' mode
      2324067f
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · b9217862
      Linus Torvalds authored
      Pull input updates from Dmitry Torokhov:
       "A few quirks for i8042/AT keyboards and a small device tree doc fix
        for Atmel Touchscreens"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: atmel_mxt_ts - fix merge in DT documentation
        Input: i8042 - also set the firmware id for MUXed ports
        Input: i8042 - add nomux quirk for Avatar AVIU-145A6
        Input: i8042 - add Fujitsu U574 to no_timeout dmi table
        Input: atkbd - do not try 'deactivate' keyboard on any LG laptops
      b9217862
    • Tony Luck's avatar
      ia64: Fix syscall number for memfd_create · f3b59331
      Tony Luck authored
      
      
      Cut & paste typo from the line above.
      
      Reported-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Signed-off-by: default avatarTony Luck <tony.luck@intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f3b59331
    • Linus Torvalds's avatar
      vfs: simplify and shrink stack frame of link_path_walk() · d6bb3e90
      Linus Torvalds authored
      Commit 9226b5b4
      
       ("vfs: avoid non-forwarding large load after small
      store in path lookup") made link_path_walk() always access the
      "hash_len" field as a single 64-bit entity, in order to avoid mixed size
      accesses to the members.
      
      However, what I didn't notice was that that effectively means that the
      whole "struct qstr this" is now basically redundant.  We already
      explicitly track the "const char *name", and if we just use "u64
      hash_len" instead of "long len", there is nothing else left of the
      "struct qstr".
      
      We do end up wanting the "struct qstr" if we have a filesystem with a
      "d_hash()" function, but that's a rare case, and we might as well then
      just squirrell away the name and hash_len at that point.
      
      End result: fewer live variables in the loop, a smaller stack frame, and
      better code generation.  And we don't need to pass in pointers variables
      to helper functions any more, because the return value contains all the
      relevant information.  So this removes more lines than it adds, and the
      source code is clearer too.
      
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d6bb3e90
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 3630056d
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes the newly added drbg generator so that it actually works on
        32-bit machines.  Previously the code was only tested on 64-bit and on
        32-bit it overflowed and simply doesn't work"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: drbg - remove check for uninitialized DRBG handle
        crypto: drbg - backport "fix maximum value checks on 32 bit systems"
      3630056d
    • Linus Torvalds's avatar
      Linux 3.17-rc5 · 9e82bf01
      Linus Torvalds authored
      9e82bf01
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 83373f70
      Linus Torvalds authored
      Pull vfs fixes from Al Viro:
       "double iput() on failure exit in lustre, racy removal of spliced
        dentries from ->s_anon in __d_materialise_dentry() plus a bunch of
        assorted RCU pathwalk fixes"
      
      The RCU pathwalk fixes end up fixing a couple of cases where we
      incorrectly dropped out of RCU walking, due to incorrect initialization
      and testing of the sequence locks in some corner cases.  Since dropping
      out of RCU walk mode forces the slow locked accesses, those corner cases
      slowed down quite dramatically.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        be careful with nd->inode in path_init() and follow_dotdot_rcu()
        don't bugger nd->seq on set_root_rcu() from follow_dotdot_rcu()
        fix bogus read_seqretry() checks introduced in b37199e6
        move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon)
        [fix] lustre: d_make_root() does iput() on dentry allocation failure
      83373f70
    • Linus Torvalds's avatar
      vfs: avoid non-forwarding large load after small store in path lookup · 9226b5b4
      Linus Torvalds authored
      The performance regression that Josef Bacik reported in the pathname
      lookup (see commit 99d263d4
      
       "vfs: fix bad hashing of dentries") made
      me look at performance stability of the dcache code, just to verify that
      the problem was actually fixed.  That turned up a few other problems in
      this area.
      
      There are a few cases where we exit RCU lookup mode and go to the slow
      serializing case when we shouldn't, Al has fixed those and they'll come
      in with the next VFS pull.
      
      But my performance verification also shows that link_path_walk() turns
      out to have a very unfortunate 32-bit store of the length and hash of
      the name we look up, followed by a 64-bit read of the combined hash_len
      field.  That screws up the processor store to load forwarding, causing
      an unnecessary hickup in this critical routine.
      
      It's caused by the ugly calling convention for the "hash_name()"
      function, and easily fixed by just making hash_name() fill in the whole
      'struct qstr' rather than passing it a pointer to just the hash value.
      
      With that, the profile for this function looks much smoother.
      
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9226b5b4
  4. 14 Sep, 2014 12 commits
  5. 13 Sep, 2014 8 commits
    • Linus Torvalds's avatar
      Merge branches 'locking-urgent-for-linus' and 'timers-urgent-for-linus' of... · 1536340e
      Linus Torvalds authored
      Merge branches 'locking-urgent-for-linus' and 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
      
      Pull futex and timer fixes from Thomas Gleixner:
       "A oneliner bugfix for the jinxed futex code:
      
         - Drop hash bucket lock in the error exit path.  I really could slap
           myself for intruducing that bug while fixing all the other horror
           in that code three month ago ...
      
        and the timer department is not too proud about the following fixes:
      
         - Deal with a long standing rounding bug in the timeval to jiffies
           conversion.  It's a real issue and this fix fell through the cracks
           for quite some time.
      
         - Another round of alarmtimer fixes.  Finally this code gets used
           more widely and the subtle issues hidden for quite some time are
           noticed and fixed.  Nothing really exciting, just the itty bitty
           details which bite the serious users here and there"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        futex: Unlock hb->lock in futex_wait_requeue_pi() error path
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        alarmtimer: Lock k_itimer during timer callback
        alarmtimer: Do not signal SIGEV_NONE timers
        alarmtimer: Return relative times in timer_gettime
        jiffies: Fix timeval conversion to jiffies
      1536340e
    • Guy Martin's avatar
      parisc: Implement new LWS CAS supporting 64 bit operations. · 89206491
      Guy Martin authored
      
      
      The current LWS cas only works correctly for 32bit. The new LWS allows
      for CAS operations of variable size.
      
      Signed-off-by: default avatarGuy Martin <gmsoft@tuxicoman.be>
      Cc: <stable@vger.kernel.org> # 3.13+
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      89206491
    • Linus Torvalds's avatar
      vfs: fix bad hashing of dentries · 99d263d4
      Linus Torvalds authored
      Josef Bacik found a performance regression between 3.2 and 3.10 and
      narrowed it down to commit bfcfaa77
      
       ("vfs: use 'unsigned long'
      accesses for dcache name comparison and hashing"). He reports:
      
       "The test case is essentially
      
            for (i = 0; i < 1000000; i++)
                    mkdir("a$i");
      
        On xfs on a fio card this goes at about 20k dir/sec with 3.2, and 12k
        dir/sec with 3.10.  This is because we spend waaaaay more time in
        __d_lookup on 3.10 than in 3.2.
      
        The new hashing function for strings is suboptimal for <
        sizeof(unsigned long) string names (and hell even > sizeof(unsigned
        long) string names that I've tested).  I broke out the old hashing
        function and the new one into a userspace helper to get real numbers
        and this is what I'm getting:
      
            Old hash table had 1000000 entries, 0 dupes, 0 max dupes
            New hash table had 12628 entries, 987372 dupes, 900 max dupes
            We had 11400 buckets with a p50 of 30 dupes, p90 of 240 dupes, p99 of 567 dupes for the new hash
      
        My test does the hash, and then does the d_hash into a integer pointer
        array the same size as the dentry hash table on my system, and then
        just increments the value at the address we got to see how many
        entries we overlap with.
      
        As you can see the old hash function ended up with all 1 million
        entries in their own bucket, whereas the new one they are only
        distributed among ~12.5k buckets, which is why we're using so much
        more CPU in __d_lookup".
      
      The reason for this hash regression is two-fold:
      
       - On 64-bit architectures the down-mixing of the original 64-bit
         word-at-a-time hash into the final 32-bit hash value is very
         simplistic and suboptimal, and just adds the two 32-bit parts
         together.
      
         In particular, because there is no bit shuffling and the mixing
         boundary is also a byte boundary, similar character patterns in the
         low and high word easily end up just canceling each other out.
      
       - the old byte-at-a-time hash mixed each byte into the final hash as it
         hashed the path component name, resulting in the low bits of the hash
         generally being a good source of hash data.  That is not true for the
         word-at-a-time case, and the hash data is distributed among all the
         bits.
      
      The fix is the same in both cases: do a better job of mixing the bits up
      and using as much of the hash data as possible.  We already have the
      "hash_32|64()" functions to do that.
      
      Reported-by: default avatarJosef Bacik <jbacik@fb.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Christoph Hellwig <hch@infradead.org>
      Cc: Chris Mason <clm@fb.com>
      Cc: linux-fsdevel@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      99d263d4
    • Linus Torvalds's avatar
      Make hash_64() use a 64-bit multiply when appropriate · 23d0db76
      Linus Torvalds authored
      
      
      The hash_64() function historically does the multiply by the
      GOLDEN_RATIO_PRIME_64 number with explicit shifts and adds, because
      unlike the 32-bit case, gcc seems unable to turn the constant multiply
      into the more appropriate shift and adds when required.
      
      However, that means that we generate those shifts and adds even when the
      architecture has a fast multiplier, and could just do it better in
      hardware.
      
      Use the now-cleaned-up CONFIG_ARCH_HAS_FAST_MULTIPLIER (together with
      "is it a 64-bit architecture") to decide whether to use an integer
      multiply or the explicit sequence of shift/add instructions.
      
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      23d0db76
    • Linus Torvalds's avatar
      Make ARCH_HAS_FAST_MULTIPLIER a real config variable · 72d93104
      Linus Torvalds authored
      
      
      It used to be an ad-hoc hack defined by the x86 version of
      <asm/bitops.h> that enabled a couple of library routines to know whether
      an integer multiply is faster than repeated shifts and additions.
      
      This just makes it use the real Kconfig system instead, and makes x86
      (which was the only architecture that did this) select the option.
      
      NOTE! Even for x86, this really is kind of wrong.  If we cared, we would
      probably not enable this for builds optimized for netburst (P4), where
      shifts-and-adds are generally faster than multiplies.  This patch does
      *not* change that kind of logic, though, it is purely a syntactic change
      with no code changes.
      
      This was triggered by the fact that we have other places that really
      want to know "do I want to expand multiples by constants by hand or
      not", particularly the hash generation code.
      
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      72d93104
    • Linus Torvalds's avatar
      Merge tag 'dm-3.17-fix2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm · 186cec31
      Linus Torvalds authored
      Pull device mapper fix from Mike Snitzer:
       "Fix a race in the DM cache target that caused dirty blocks to be
        marked as clean.  This could cause no writeback to occur or spurious
        dirty block counts"
      
      * tag 'dm-3.17-fix2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm cache: fix race causing dirty blocks to be marked as clean
      186cec31
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 645cc093
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A small collection of fixes for the current rc series.  This contains:
      
         - Two small blk-mq patches from Rob Elliott, cleaning up error case
           at init time.
      
         - A fix from Ming Lei, fixing SG merging for blk-mq where
           QUEUE_FLAG_SG_NO_MERGE is the default.
      
         - A dev_t minor lifetime fix from Keith, fixing an issue where a
           minor might be reused before all references to it were gone.
      
         - Fix from Alan Stern where an unbalanced queue bypass caused SCSI
           some headaches when it does a series of add/del on devices without
           fully registrering the queue.
      
         - A fix from me for improving the scaling of tag depth in blk-mq if
           we are short on memory"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        blk-mq: scale depth and rq map appropriate if low on memory
        Block: fix unbalanced bypass-disable in blk_register_queue
        block: Fix dev_t minor allocation lifetime
        blk-mq: cleanup after blk_mq_init_rq_map failures
        blk-mq: pass along blk_mq_alloc_tag_set return values
        blk-merge: fix blk_recount_segments
      645cc093
    • Linus Torvalds's avatar
      Merge tag 'stable/for-linus-3.17-b-rc4-arm-tag' of... · fc486b03
      Linus Torvalds authored
      Merge tag 'stable/for-linus-3.17-b-rc4-arm-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
      
      Pull Xen ARM bugfix from Stefano Stabellini:
       "The patches fix the "xen_add_mach_to_phys_entry: cannot add" bug that
        has been affecting xen on arm and arm64 guests since 3.16.  They
        require a few hypervisor side changes that just went in xen-unstable.
      
        A couple of days ago David sent out a pull request with a few other
        Xen fixes (it is already in master).  Sorry we didn't synchronized
        better among us"
      
      * tag 'stable/for-linus-3.17-b-rc4-arm-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/arm: remove mach_to_phys rbtree
        xen/arm: reimplement xen_dma_unmap_page & friends
        xen/arm: introduce XENFEAT_grant_map_identity
      fc486b03
  6. 12 Sep, 2014 8 commits
    • Richard Larocque's avatar
      alarmtimer: Lock k_itimer during timer callback · 474e941b
      Richard Larocque authored
      
      
      Locks the k_itimer's it_lock member when handling the alarm timer's
      expiry callback.
      
      The regular posix timers defined in posix-timers.c have this lock held
      during timout processing because their callbacks are routed through
      posix_timer_fn().  The alarm timers follow a different path, so they
      ought to grab the lock somewhere else.
      
      Cc: stable@vger.kernel.org
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Richard Cochran <richardcochran@gmail.com>
      Cc: Prarit Bhargava <prarit@redhat.com>
      Cc: Sharvil Nanavati <sharvil@google.com>
      Signed-off-by: default avatarRichard Larocque <rlarocque@google.com>
      Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
      474e941b
    • Richard Larocque's avatar
      alarmtimer: Do not signal SIGEV_NONE timers · 265b81d2
      Richard Larocque authored
      
      
      Avoids sending a signal to alarm timers created with sigev_notify set to
      SIGEV_NONE by checking for that special case in the timeout callback.
      
      The regular posix timers avoid sending signals to SIGEV_NONE timers by
      not scheduling any callbacks for them in the first place.  Although it
      would be possible to do something similar for alarm timers, it's simpler
      to handle this as a special case in the timeout.
      
      Prior to this patch, the alarm timer would ignore the sigev_notify value
      and try to deliver signals to the process anyway.  Even worse, the
      sanity check for the value of sigev_signo is skipped when SIGEV_NONE was
      specified, so the signal number could be bogus.  If sigev_signo was an
      unitialized value (as it often would be if SIGEV_NONE is used), then
      it's hard to predict which signal will be sent.
      
      Cc: stable@vger.kernel.org
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Richard Cochran <richardcochran@gmail.com>
      Cc: Prarit Bhargava <prarit@redhat.com>
      Cc: Sharvil Nanavati <sharvil@google.com>
      Signed-off-by: default avatarRichard Larocque <rlarocque@google.com>
      Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
      265b81d2
    • Richard Larocque's avatar
      alarmtimer: Return relative times in timer_gettime · e86fea76
      Richard Larocque authored
      
      
      Returns the time remaining for an alarm timer, rather than the time at
      which it is scheduled to expire.  If the timer has already expired or it
      is not currently scheduled, the it_value's members are set to zero.
      
      This new behavior matches that of the other posix-timers and the POSIX
      specifications.
      
      This is a change in user-visible behavior, and may break existing
      applications.  Hopefully, few users rely on the old incorrect behavior.
      
      Cc: stable@vger.kernel.org
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Richard Cochran <richardcochran@gmail.com>
      Cc: Prarit Bhargava <prarit@redhat.com>
      Cc: Sharvil Nanavati <sharvil@google.com>
      Signed-off-by: default avatarRichard Larocque <rlarocque@google.com>
      [jstultz: minor style tweak]
      Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
      e86fea76
    • Andrew Hunter's avatar
      jiffies: Fix timeval conversion to jiffies · d78c9300
      Andrew Hunter authored
      
      
      timeval_to_jiffies tried to round a timeval up to an integral number
      of jiffies, but the logic for doing so was incorrect: intervals
      corresponding to exactly N jiffies would become N+1. This manifested
      itself particularly repeatedly stopping/starting an itimer:
      
      setitimer(ITIMER_PROF, &val, NULL);
      setitimer(ITIMER_PROF, NULL, &val);
      
      would add a full tick to val, _even if it was exactly representable in
      terms of jiffies_ (say, the result of a previous rounding.)  Doing
      this repeatedly would cause unbounded growth in val.  So fix the math.
      
      Here's what was wrong with the conversion: we essentially computed
      (eliding seconds)
      
      jiffies = usec  * (NSEC_PER_USEC/TICK_NSEC)
      
      by using scaling arithmetic, which took the best approximation of
      NSEC_PER_USEC/TICK_NSEC with denominator of 2^USEC_JIFFIE_SC =
      x/(2^USEC_JIFFIE_SC), and computed:
      
      jiffies = (usec * x) >> USEC_JIFFIE_SC
      
      and rounded this calculation up in the intermediate form (since we
      can't necessarily exactly represent TICK_NSEC in usec.) But the
      scaling arithmetic is a (very slight) *over*approximation of the true
      value; that is, instead of dividing by (1 usec/ 1 jiffie), we
      effectively divided by (1 usec/1 jiffie)-epsilon (rounding
      down). This would normally be fine, but we want to round timeouts up,
      and we did so by adding 2^USEC_JIFFIE_SC - 1 before the shift; this
      would be fine if our division was exact, but dividing this by the
      slightly smaller factor was equivalent to adding just _over_ 1 to the
      final result (instead of just _under_ 1, as desired.)
      
      In particular, with HZ=1000, we consistently computed that 10000 usec
      was 11 jiffies; the same was true for any exact multiple of
      TICK_NSEC.
      
      We could possibly still round in the intermediate form, adding
      something less than 2^USEC_JIFFIE_SC - 1, but easier still is to
      convert usec->nsec, round in nanoseconds, and then convert using
      time*spec*_to_jiffies.  This adds one constant multiplication, and is
      not observably slower in microbenchmarks on recent x86 hardware.
      
      Tested: the following program:
      
      int main() {
        struct itimerval zero = {{0, 0}, {0, 0}};
        /* Initially set to 10 ms. */
        struct itimerval initial = zero;
        initial.it_interval.tv_usec = 10000;
        setitimer(ITIMER_PROF, &initial, NULL);
        /* Save and restore several times. */
        for (size_t i = 0; i < 10; ++i) {
          struct itimerval prev;
          setitimer(ITIMER_PROF, &zero, &prev);
          /* on old kernels, this goes up by TICK_USEC every iteration */
          printf("previous value: %ld %ld %ld %ld\n",
                 prev.it_interval.tv_sec, prev.it_interval.tv_usec,
                 prev.it_value.tv_sec, prev.it_value.tv_usec);
          setitimer(ITIMER_PROF, &prev, NULL);
        }
          return 0;
      }
      
      Cc: stable@vger.kernel.org
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Paul Turner <pjt@google.com>
      Cc: Richard Cochran <richardcochran@gmail.com>
      Cc: Prarit Bhargava <prarit@redhat.com>
      Reviewed-by: default avatarPaul Turner <pjt@google.com>
      Reported-by: default avatarAaron Jacobs <jacobsa@google.com>
      Signed-off-by: default avatarAndrew Hunter <ahh@google.com>
      [jstultz: Tweaked to apply to 3.17-rc]
      Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
      d78c9300
    • Thomas Gleixner's avatar
      futex: Unlock hb->lock in futex_wait_requeue_pi() error path · 13c42c2f
      Thomas Gleixner authored
      
      
      futex_wait_requeue_pi() calls futex_wait_setup(). If
      futex_wait_setup() succeeds it returns with hb->lock held and
      preemption disabled. Now the sanity check after this does:
      
              if (match_futex(&q.key, &key2)) {
      	   	ret = -EINVAL;
      		goto out_put_keys;
      	}
      
      which releases the keys but does not release hb->lock.
      
      So we happily return to user space with hb->lock held and therefor
      preemption disabled.
      
      Unlock hb->lock before taking the exit route.
      
      Reported-by: default avatarDave "Trinity" Jones <davej@redhat.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarDarren Hart <dvhart@linux.intel.com>
      Reviewed-by: default avatarDavidlohr Bueso <dave@stgolabs.net>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: stable@vger.kernel.org
      Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1409112318500.4178@nanos
      
      
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      13c42c2f
    • Al Viro's avatar
      GFS2: fix d_splice_alias() misuses · cfb2f9d5
      Al Viro authored
      
      
      Callers of d_splice_alias(dentry, inode) don't need iput(), neither
      on success nor on failure.  Either the reference to inode is stored
      in a previously negative dentry, or it's dropped.  In either case
      inode reference the caller used to hold is consumed.
      
      __gfs2_lookup() does iput() in case when d_splice_alias() has failed.
      Double iput() if we ever hit that.  And gfs2_create_inode() ends up
      not only with double iput(), but with link count dropped to zero - on
      an inode it has just found in directory.
      
      Cc: stable@vger.kernel.org # v3.14+
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarSteven Whitehouse <swhiteho@redhat.com>
      cfb2f9d5
    • Linus Torvalds's avatar
      Merge tag 'char-misc-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 471cff7c
      Linus Torvalds authored
      Pull char/misc driver fix from Greg KH:
       "Here is one misc driver fix for 3.17-rc5.  It resolves a kernel oops
        that can happen in the lattice FPGA driver if the firmware isn't
        present on the system.
      
        It's been in the linux-next tree for a while now"
      
      * tag 'char-misc-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        Lattice ECP3 FPGA: Check firmware pointer
      471cff7c
    • Linus Torvalds's avatar
      Merge tag 'staging-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · a6988b33
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are 3 tiny staging driver fixes for 3.17-rc5.
      
        Two are fixes for the imx-drm driver, resolving issues that have been
        reported.  The other is a memory leak fix for the Android sync driver,
        due to changes that went into 3.17-rc1.
      
        All have been in linux-next for a while"
      
      * tag 'staging-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        android: fix reference leak in sync_fence_create
        imx-drm: imx-ldb: fix NULL pointer in imx_ldb_unbind()
        imx-drm: ipuv3-plane: fix ipu_plane_dpms()
      a6988b33