Permalink
Commits on Jan 21, 2013
  1. Linux 3.4.27

    gregkh committed Jan 21, 2013
  2. staging: vt6656: Fix inconsistent structure packing

    commit 1ee4c55 upstream.
    
    vt6656 has several headers that use the #pragma pack(1) directive to
    enable structure packing, but never disable it.  The layout of
    structures defined in other headers can then depend on which order the
    various headers are included in, breaking the One Definition Rule.
    
    In practice this resulted in crashes on x86_64 until the order of header
    inclusion was changed for some files in commit 11d404c ('staging:
    vt6656: fix headers and add cfg80211.').  But we need a proper fix that
    won't be affected by future changes to the order of inclusion.
    
    This removes the #pragma pack(1) directives and adds __packed to the
    structure definitions for which packing appears to have been intended.
    
    Reported-and-tested-by: Malcolm Priestley <tvboxspy@gmail.com>
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    bwhacks committed with gregkh Jan 14, 2013
  3. staging: wlan-ng: Fix clamping of returned SSID length

    commit 811a37e upstream.
    
    Commit 2e25421 broke listing of available network names, since it
    clamped the length of the returned SSID to WLAN_BSSID_LEN (6) instead of
    WLAN_SSID_MAXLEN (32).
    
    https://bugzilla.kernel.org/show_bug.cgi?id=52501
    
    Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    tormodvolden committed with gregkh Jan 9, 2013
  4. tty: 8250_dw: Fix inverted arguments to serial_out in IRQ handler

    commit 68e56cb upstream.
    
    Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    mripard committed with gregkh Jan 14, 2013
  5. serial:ifx6x60:Delete SPI timer when shut down port

    commit 014b9b4 upstream.
    
    When shut down SPI port, it's possible that MRDY has been asserted and a SPI
    timer was activated waiting for SRDY assert, in the case, it needs to delete
    this timer.
    
    Signed-off-by: Chen Jun <jun.d.chen@intel.com>
    Signed-off-by: channing <chao.bi@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    ChaoBi committed with gregkh Dec 12, 2012
  6. USB: option: blacklist network interface on ONDA MT8205 4G LTE

    Signed-off-by: Bjørn Mork <bjorn@mork.no>
    
    commit 2291dff upstream.
    
    The driver description files gives these names to the vendor specific
    functions on this modem:
    
     Diag   VID_19D2&PID_0265&MI_00
     NMEA   VID_19D2&PID_0265&MI_01
     AT cmd VID_19D2&PID_0265&MI_02
     Modem  VID_19D2&PID_0265&MI_03
     Net    VID_19D2&PID_0265&MI_04
    
    Signed-off-by: Bjørn Mork <bjorn@mork.no>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    bmork committed with gregkh Jan 17, 2013
  7. USB: option: add TP-LINK HSUPA Modem MA180

    commit 99beb2e upstream.
    
    The driver description files gives these names to the vendor specific
    functions on this modem:
    
     Diagnostics VID_2357&PID_0201&MI_00
     NMEA        VID_2357&PID_0201&MI_01
     Modem       VID_2357&PID_0201&MI_03
     Networkcard VID_2357&PID_0201&MI_04
    
    Reported-by: Thomas Schäfer <tschaefer@t-online.de>
    Signed-off-by: Bjørn Mork <bjorn@mork.no>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    bmork committed with gregkh Jan 15, 2013
  8. xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS gu…

    …ests.
    
    commit 9174adb upstream.
    
    This fixes CVE-2013-0190 / XSA-40
    
    There has been an error on the xen_failsafe_callback path for failed
    iret, which causes the stack pointer to be wrong when entering the
    iret_exc error path.  This can result in the kernel crashing.
    
    In the classic kernel case, the relevant code looked a little like:
    
            popl %eax      # Error code from hypervisor
            jz 5f
            addl $16,%esp
            jmp iret_exc   # Hypervisor said iret fault
    5:      addl $16,%esp
                           # Hypervisor said segment selector fault
    
    Here, there are two identical addls on either option of a branch which
    appears to have been optimised by hoisting it above the jz, and
    converting it to an lea, which leaves the flags register unaffected.
    
    In the PVOPS case, the code looks like:
    
            popl_cfi %eax         # Error from the hypervisor
            lea 16(%esp),%esp     # Add $16 before choosing fault path
            CFI_ADJUST_CFA_OFFSET -16
            jz 5f
            addl $16,%esp         # Incorrectly adjust %esp again
            jmp iret_exc
    
    It is possible unprivileged userspace applications to cause this
    behaviour, for example by loading an LDT code selector, then changing
    the code selector to be not-present.  At this point, there is a race
    condition where it is possible for the hypervisor to return back to
    userspace from an interrupt, fault on its own iret, and inject a
    failsafe_callback into the kernel.
    
    This bug has been present since the introduction of Xen PVOPS support
    in commit 5ead97c (xen: Core Xen implementation), in 2.6.23.
    
    Signed-off-by: Frediano Ziglio <frediano.ziglio@citrix.com>
    Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
    Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    freddy77 committed with gregkh Jan 16, 2013
  9. xen/grant-table: correctly initialize grant table version 1

    commit d0b4d64 upstream.
    
    Commit 85ff6ac (xen/granttable: Grant
    tables V2 implementation) changed the GREFS_PER_GRANT_FRAME macro from
    a constant to a conditional expression. The expression depends on
    grant_table_version being appropriately set. Unfortunately, at init
    time grant_table_version will be 0. The GREFS_PER_GRANT_FRAME
    conditional expression checks for "grant_table_version == 1", and
    therefore returns the number of grant references per frame for v2.
    
    This causes gnttab_init() to allocate fewer pages for gnttab_list, as
    a frame can old half the number of v2 entries than v1 entries. After
    gnttab_resume() is called, grant_table_version is appropriately
    set. nr_init_grefs will then be miscalculated and gnttab_free_count
    will hold a value larger than the actual number of free gref entries.
    
    If a guest is heavily utilizing improperly initialized v1 grant
    tables, memory corruption can occur. One common manifestation is
    corruption of the vmalloc list, resulting in a poisoned pointer
    derefrence when accessing /proc/meminfo or /proc/vmallocinfo:
    
    [   40.770064] BUG: unable to handle kernel paging request at 0000200200001407
    [   40.770083] IP: [<ffffffff811a6fb0>] get_vmalloc_info+0x70/0x110
    [   40.770102] PGD 0
    [   40.770107] Oops: 0000 [#1] SMP
    [   40.770114] CPU 10
    
    This patch introduces a static variable, grefs_per_grant_frame, to
    cache the calculated value. gnttab_init() now calls
    gnttab_request_version() early so that grant_table_version and
    grefs_per_grant_frame can be appropriately set. A few BUG_ON()s have
    been added to prevent this type of bug from reoccurring in the future.
    
    Signed-off-by: Matt Wilson <msw@amazon.com>
    Reviewed-and-Tested-by: Steven Noonan <snoonan@amazon.com>
    Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
    Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Cc: Annie Li <annie.li@oracle.com>
    Cc: xen-devel@lists.xen.org
    Cc: linux-kernel@vger.kernel.org
    Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    mswilson committed with gregkh Jan 15, 2013
  10. drbd: add missing part_round_stats to _drbd_start_io_acct

    commit 72585d2 upstream.
    
    Without this, iostat frequently sees bogus svctime and >= 100% "utilization".
    
    Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
    Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
    Cc: Raoul Bhatia <raoul@bhatia.at>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Philipp Reisner committed with gregkh Feb 23, 2012
  11. igb: release already assigned MSI-X interrupts if setup fails

    commit 52285b7 upstream.
    
    During MSI-X setup the system might run out of vectors. If this happens the
    already assigned vectors for this NIC should be freed before trying the
    disable MSI-X. Failing to do so results in the following oops.
    
    kernel BUG at drivers/pci/msi.c:341!
    [...]
    Call Trace:
     [<ffffffff8128f39d>] pci_disable_msix+0x3d/0x60
     [<ffffffffa037d1ce>] igb_reset_interrupt_capability+0x27/0x5c [igb]
     [<ffffffffa037d229>] igb_clear_interrupt_scheme+0x26/0x2d [igb]
     [<ffffffffa0384268>] igb_request_irq+0x73/0x297 [igb]
     [<ffffffffa0384554>] __igb_open+0xc8/0x223 [igb]
     [<ffffffffa0384815>] igb_open+0x13/0x15 [igb]
     [<ffffffff8144592f>] __dev_open+0xbf/0x120
     [<ffffffff81443e51>] __dev_change_flags+0xa1/0x180
     [<ffffffff81445828>] dev_change_flags+0x28/0x70
     [<ffffffff814af537>] devinet_ioctl+0x5b7/0x620
     [<ffffffff814b01c8>] inet_ioctl+0x88/0xa0
     [<ffffffff8142e8a0>] sock_do_ioctl+0x30/0x70
     [<ffffffff8142ecf2>] sock_ioctl+0x72/0x270
     [<ffffffff8118062c>] do_vfs_ioctl+0x8c/0x340
     [<ffffffff81180981>] sys_ioctl+0xa1/0xb0
     [<ffffffff815161a9>] system_call_fastpath+0x16/0x1b
    Code: 48 89 df e8 1f 40 ed ff 4d 39 e6 49 8b 45 10 75 b6 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f c9 c3 48 8b 7b 20 e8 3e 91 db ff eb ae <0f> 0b eb fe 0f 1f 84 00 00 00 00 00 55 48 89 e5 0f 1f 44 00 00
    RIP  [<ffffffff8128e144>] free_msi_irqs+0x124/0x130
     RSP <ffff880037503bd8>
    
    Signed-off-by: Stefan Assmann <sassmann@kpanic.de>
    Tested-by: Aaron Brown <aaron.f.brown@intel.com>
    Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
    Signed-off-by: Abdallah Chatila <abdallah.chatila@ericsson.com>
    sassmann committed with gregkh Dec 4, 2012
  12. intel-iommu: Prevent devices with RMRRs from being placed into SI Domain

    commit ea2447f upstream.
    
    This patch is to prevent non-USB devices that have RMRRs associated with them from
    being placed into the SI Domain during init. This fixes the issue where the RMRR info
    for devices being placed in and out of the SI Domain gets lost.
    
    Signed-off-by: Thomas Mingarelli <thomas.mingarelli@hp.com>
    Tested-by: Shuah Khan <shuah.khan@hp.com>
    Reviewed-by: Donald Dutile <ddutile@redhat.com>
    Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
    Signed-off-by: Joerg Roedel <joro@8bytes.org>
    Cc: CAI Qian <caiqian@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Tom Mingarelli committed with gregkh Nov 20, 2012
  13. target: Add link_magic for fabric allow_link destination target_items

    commit 0ff8754 upstream.
    
    This patch adds [dev,lun]_link_magic value assignment + checks within generic
    target_fabric_port_link() and target_fabric_mappedlun_link() code to ensure
    destination config_item *target_item sent from configfs_symlink() ->
    config_item_operations->allow_link() is the underlying se_device->dev_group
    and se_lun->lun_group that we expect to symlink.
    
    Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
    Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: CAI Qian <caiqian@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    nablio3000 committed with gregkh Dec 5, 2012
  14. r8169: avoid NAPI scheduling delay.

    commit 7dbb491 upstream.
    
    While reworking the r8169 driver a few months ago to perform the
    smallest amount of work in the irq handler, I took care of avoiding
    any irq mask register operation in the slow work dedicated user
    context thread. The slow work thread scheduled an extra round of NAPI
    work which would ultimately set the irq mask register as required,
    thus keeping such irq mask operations in the NAPI handler.
    It would eventually race with the irq handler and delay NAPI execution
    for - assuming no further irq - a whole ksoftirqd period. Mildly a
    problem for rare link changes or corner case PCI events.
    
    The race was always lost after the last bh disabling lock had been
    removed from the work thread and people started wondering where those
    pesky "NOHZ: local_softirq_pending 08" messages came from.
    
    Actually the irq mask register _can_ be set up directly in the slow
    work thread.
    
    Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
    Reported-by: Dave Jones <davej@redhat.com>
    Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Hayes Wang <hayeswang@realtek.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Francois Romieu committed with gregkh Jun 9, 2012
  15. ext4: init pagevec in ext4_da_block_invalidatepages

    commit 66bea92 upstream.
    
    ext4_da_block_invalidatepages is missing a pagevec_init(),
    which means that pvec->cold contains random garbage.
    
    This affects whether the page goes to the front or
    back of the LRU when ->cold makes it to
    free_hot_cold_page()
    
    Reviewed-by: Lukas Czerner <lczerner@redhat.com>
    Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
    Signed-off-by: Eric Sandeen <sandeen@redhat.com>
    Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
    Signed-off-by: CAI Qian <caiqian@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Eric Sandeen committed with gregkh Nov 15, 2012
  16. ALSA: usb - fix race in creation of M-Audio Fast track pro driver

    commit b98ae27 upstream.
    
    A patch in the 3.2 kernel caused regression with hotplugging the
    M-Audio Fast track pro, or sound after suspend. I don't have the
    device so I haven't done a full analysis, but it seems userspace
    (both udev and pulseaudio) got confused when a card was created,
    immediately destroyed, and then created again.
    
    However, at least one person in the bug report (martin djfun)
    reports that this patch resolves the issue for him. It also leaves
    a message in the log:
    "snd-usb-audio: probe of 1-1.1:1.1 failed with error -5" which is
    a bit misleading. It is better than non-working audio, but maybe
    there's a more elegant solution?
    
    BugLink: https://bugs.launchpad.net/bugs/1095315
    Signed-off-by: David Henningsson <david.henningsson@canonical.com>
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Cc: CAI Qian <caiqian@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    David Henningsson committed with gregkh Jan 4, 2013
  17. x86/Sandy Bridge: reserve pages when integrated graphics is present

    commit a9acc53 upstream.
    
    SNB graphics devices have a bug that prevent them from accessing certain
    memory ranges, namely anything below 1M and in the pages listed in the
    table.  So reserve those at boot if set detect a SNB gfx device on the
    CPU to avoid GPU hangs.
    
    Stephane Marchesin had a similar patch to the page allocator awhile
    back, but rather than reserving pages up front, it leaked them at
    allocation time.
    
    [ hpa: made a number of stylistic changes, marked arrays as static
      const, and made less verbose; use "memblock=debug" for full
      verbosity. ]
    
    Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
    Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
    Cc: CAI Qian <caiqian@redhat.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    jbarnes993 committed with gregkh Nov 14, 2012
  18. s390/time: fix sched_clock() overflow

    commit ed4f209 upstream.
    
    Converting a 64 Bit TOD format value to nanoseconds means that the value
    must be divided by 4.096. In order to achieve that we multiply with 125
    and divide by 512.
    When used within sched_clock() this triggers an overflow after appr.
    417 days. Resulting in a sched_clock() return value that is much smaller
    than previously and therefore may cause all sort of weird things in
    subsystems that rely on a monotonic sched_clock() behaviour.
    
    To fix this implement a tod_to_ns() helper function which converts TOD
    values without overflow and call this function from both places that
    open coded the conversion: sched_clock() and kvm_s390_handle_wait().
    
    Reviewed-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
    Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
    Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Heiko Carstens committed with gregkh Jan 14, 2013
  19. target: Release se_cmd when LUN lookup fails for TMR

    commit 5a3b6fc upstream.
    
    When transport_lookup_tmr_lun() fails and we return a task management
    response from target_complete_tmr_failure(), we need to call
    transport_cmd_check_stop_to_fabric() to release the last ref to the
    cmd after calling se_tfo->queue_tm_rsp(), or else we will never remove
    the failed TMR from the session command list (and we'll end up waiting
    forever when trying to tear down the session).
    
    (nab: Fix minor compile breakage)
    
    Signed-off-by: Roland Dreier <roland@purestorage.com>
    Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    rolandd committed with gregkh Jan 2, 2013
  20. tcm_fc: Do not report target role when target is not defined

    commit edec8df upstream.
    
    Clear the target role when no target is provided for
    the node performing a PRLI.
    
    Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
    Reviewed-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
    Acked by Robert Love <robert.w.love@intel.com>
    Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Mark Rustad committed with gregkh Dec 21, 2012
  21. tcm_fc: Do not indicate retry capability to initiators

    commit f2eeba2 upstream.
    
    When generating a PRLI response to an initiator, clear the
    FCP_SPPF_RETRY bit in the response.
    
    Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
    Reviewed-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
    Acked by Robert Love <robert.w.love@intel.com>
    Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Mark Rustad committed with gregkh Dec 21, 2012
  22. sh: Fix FDPIC binary loader

    commit 4a71997 upstream.
    
    Ensure that the aux table is properly initialized, even when optional features
    are missing.  Without this, the FDPIC loader did not work.  This was meant to
    be included in commit d5ab780.
    
    Signed-off-by: Thomas Schwinge <thomas@codesourcery.com>
    Signed-off-by: Paul Mundt <lethal@linux-sh.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    tschwinge committed with gregkh Nov 16, 2012
Commits on Jan 17, 2013
  1. Linux 3.4.26

    gregkh committed Jan 17, 2013
  2. USB: fix endpoint-disabling for failed config changes

    commit 36caff5 upstream.
    
    This patch (as1631) fixes a bug that shows up when a config change
    fails for a device under an xHCI controller.  The controller needs to
    be told to disable the endpoints that have been enabled for the new
    config.  The existing code does this, but before storing the
    information about which endpoints were enabled!  As a result, any
    second attempt to install the new config is doomed to fail because
    xhci-hcd will refuse to enable an endpoint that is already enabled.
    
    The patch optimistically initializes the new endpoints' device
    structures before asking the device to switch to the new config.  If
    the request fails then the endpoint information is already stored, so
    we can use usb_hcd_alloc_bandwidth() to disable the endpoints with no
    trouble.  The rest of the error path is slightly more complex now; we
    have to disable the new interfaces and call put_device() rather than
    simply deallocating them.
    
    Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
    Reported-and-tested-by: Matthias Schniedermeyer <ms@citd.de>
    CC: Sarah Sharp <sarah.a.sharp@linux.intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    [bwh: Backported to 3.2: adjust context]
    Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Alan Stern committed with gregkh Nov 7, 2012
  3. staging: comedi: Kconfig: COMEDI_NI_AT_A2150 should select COMEDI_FC

    commit 34ffb33 upstream.
    
    The 'ni_at_a2150' module links to `cfc_write_to_buffer` in the
    'comedi_fc' module, so selecting 'COMEDI_NI_AT_A2150' in the kernel config
    needs to also select 'COMEDI_FC'.
    
    Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    ian-abbott committed with gregkh Jan 3, 2013
  4. staging: comedi: don't hijack hardware device private data

    commit c43435d upstream.
    
    comedi_auto_config() associates a Comedi minor device number with an
    auto-configured hardware device and comedi_auto_unconfig() disassociates
    it.  Currently, these use the hardware device's private data pointer to
    point to some allocated storage holding the minor device number.  This
    is a bit of a waste of the hardware device's private data pointer,
    preventing it from being used for something more useful by the low-level
    comedi device drivers.  For example, it would make more sense if
    comedi_usb_auto_config() was passed a pointer to the struct
    usb_interface instead of the struct usb_device, but this cannot be done
    currently because the low-level comedi drivers already use the private
    data pointer in the struct usb_interface for something more useful.
    
    This patch stops the comedi core hijacking the hardware device's private
    data pointer.  Instead, comedi_auto_config() stores a pointer to the
    hardware device's struct device in the struct comedi_device_file_info
    associated with the minor device number, and comedi_auto_unconfig()
    calls new function comedi_find_board_minor() to recover the minor device
    number associated with the hardware device.
    
    Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    ian-abbott committed with gregkh Mar 30, 2012
  5. libceph: Unlock unprocessed pages in start_read() error path

    Function start_read() can get an error before processing all pages.
    It must not only release the remaining pages, but unlock them too.
    
    This fixes http://tracker.newdream.net/issues/3370
    
    Signed-off-by: David Zafman <david.zafman@inktank.com>
    Reviewed-by: Alex Elder <elder@inktank.com>
    (cherry picked from commit 8884d53)
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    David Zafman committed with gregkh Dec 4, 2012
  6. ceph: call handle_cap_grant() for cap import message

    If client sends cap message that requests new max size during
    exporting caps, the exporting MDS will drop the message quietly.
    So the client may wait for the reply that updates the max size
    forever. call handle_cap_grant() for cap import message can
    avoid this issue.
    
    Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
    Signed-off-by: Sage Weil <sage@inktank.com>
    (cherry picked from commit 0e5e177)
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Yan, Zheng committed with gregkh Nov 19, 2012
  7. ceph: Fix __ceph_do_pending_vmtruncate

    we should set i_truncate_pending to 0 after page cache is truncated
    to i_truncate_size
    
    Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
    Signed-off-by: Sage Weil <sage@inktank.com>
    (cherry picked from commit a85f50b)
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Yan, Zheng committed with gregkh Nov 19, 2012
  8. ceph: Don't add dirty inode to dirty list if caps is in migration

    Add dirty inode to cap_dirty_migrating list instead, this can avoid
    ceph_flush_dirty_caps() entering infinite loop.
    
    Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
    Signed-off-by: Sage Weil <sage@inktank.com>
    (cherry picked from commit 0685235)
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Yan, Zheng committed with gregkh Nov 19, 2012
  9. ceph: Fix infinite loop in __wake_requests

    __wake_requests() will enter infinite loop if we use it to wake
    requests in the session->s_waiting list. __wake_requests() deletes
    requests from the list and __do_request() adds requests back to
    the list.
    
    Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
    Signed-off-by: Sage Weil <sage@inktank.com>
    (cherry picked from commit ed75ec2)
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Yan, Zheng committed with gregkh Nov 19, 2012
  10. ceph: Don't update i_max_size when handling non-auth cap

    The cap from non-auth mds doesn't have a meaningful max_size value.
    
    Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
    Signed-off-by: Sage Weil <sage@inktank.com>
    (cherry picked from commit 5e62ad3)
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Yan, Zheng committed with gregkh Nov 19, 2012
  11. rbd: do not allow remove of mounted-on image

    There is no check in rbd_remove() to see if anybody holds open the
    image being removed.  That's not cool.
    
    Add a simple open count that goes up and down with opens and closes
    (releases) of the device, and don't allow an rbd image to be removed
    if the count is non-zero.
    
    Protect the updates of the open count value with ctl_mutex to ensure
    the underlying rbd device doesn't get removed while concurrently
    being opened.
    
    Signed-off-by: Alex Elder <elder@inktank.com>
    Reviewed-by: Sage Weil <sage@inktank.com>
    (based on commit 42382b7)
    Alex Elder committed with gregkh Nov 16, 2012
  12. rbd: fix bug in rbd_dev_id_put()

    In rbd_dev_id_put(), there's a loop that's intended to determine
    the maximum device id in use.  But it isn't doing that at all,
    the effect of how it's written is to simply use the just-put id
    number, which ignores whole purpose of this function.
    
    Fix the bug.
    
    Signed-off-by: Alex Elder <elder@inktank.com>
    Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
    (cherry picked from commit b213e0b)
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Alex Elder committed with gregkh Oct 11, 2012
  13. rbd: BUG on invalid layout

    This shouldn't actually be possible because the layout struct is
    constructed from the RBD header and validated then.
    
    [elder@inktank.com: converted BUG() call to equivalent rbd_assert()]
    
    Signed-off-by: Sage Weil <sage@inktank.com>
    Reviewed-by: Alex Elder <elder@inktank.com>
    (based on commit 6cae371)
    liewegas committed with gregkh Sep 25, 2012