1. 10 Jun, 2009 8 commits
    • Chris Mason's avatar
      Btrfs: fix metadata dirty throttling limits · 585ad2c3
      Chris Mason authored
      Once a metadata block has been written, it must be recowed, so the
      btrfs dirty balancing call has a check to make sure a fair amount of metadata
      was actually dirty before it started writing it back to disk.
      
      A previous commit had changed the dirty tracking for metadata without
      updating the btrfs dirty balancing checks.  This commit switches it
      to use the correct counter.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      585ad2c3
    • Chris Mason's avatar
      Btrfs: reduce mount -o ssd CPU usage · 2c943de6
      Chris Mason authored
      The block allocator in SSD mode will try to find groups of free blocks
      that are close together.  This commit makes it loop less on a given
      group size before bumping it.
      
      The end result is that we are less likely to fill small holes in the
      available free space, but we don't waste as much CPU building the
      large cluster used by ssd mode.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      2c943de6
    • Chris Mason's avatar
      Btrfs: balance btree more often · cfbb9308
      Chris Mason authored
      With the new back reference code, the cost of a balance has gone down
      in terms of the number of back reference updates done.  This commit
      makes us more aggressively balance leaves and nodes as they become
      less full.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      cfbb9308
    • Chris Mason's avatar
      Btrfs: stop avoiding balancing at the end of the transaction. · b3612421
      Chris Mason authored
      When the delayed reference code was added, some checks were added
      to avoid extra balancing while the delayed references were being flushed.
      This made for less efficient btrees, but it reduced the chances of
      loops where no forward progress was made because the balances made
      more delayed ref updates.
      
      With the new dead root removal code and the mixed back references,
      the extent allocation tree is no longer using precise back refs, and
      the delayed reference updates don't carry the risk of looping forever
      anymore.  So, the balance avoidance is no longer required.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      b3612421
    • Yan Zheng's avatar
      Btrfs: Mixed back reference (FORWARD ROLLING FORMAT CHANGE) · 5d4f98a2
      Yan Zheng authored
      This commit introduces a new kind of back reference for btrfs metadata.
      Once a filesystem has been mounted with this commit, IT WILL NO LONGER
      BE MOUNTABLE BY OLDER KERNELS.
      
      When a tree block in subvolume tree is cow'd, the reference counts of all
      extents it points to are increased by one.  At transaction commit time,
      the old root of the subvolume is recorded in a "dead root" data structure,
      and the btree it points to is later walked, dropping reference counts
      and freeing any blocks where the reference count goes to 0.
      
      The increments done during cow and decrements done after commit cancel out,
      and the walk is a very expensive way to go about freeing the blocks that
      are no longer referenced by the new btree root.  This commit reduces the
      transaction overhead by avoiding the need for dead root records.
      
      When a non-shared tree block is cow'd, we free the old block at once, and the
      new block inherits old block's references. When a tree block with reference
      count > 1 is cow'd, we increase the reference counts of all extents
      the new block points to by one, and decrease the old block's reference count by
      one.
      
      This dead tree avoidance code removes the need to modify the reference
      counts of lower level extents when a non-shared tree block is cow'd.
      But we still need to update back ref for all pointers in the block.
      This is because the location of the block is recorded in the back ref
      item.
      
      We can solve this by introducing a new type of back ref. The new
      back ref provides information about pointer's key, level and in which
      tree the pointer lives. This information allow us to find the pointer
      by searching the tree. The shortcoming of the new back ref is that it
      only works for pointers in tree blocks referenced by their owner trees.
      
      This is mostly a problem for snapshots, where resolving one of these
      fuzzy back references would be O(number_of_snapshots) and quite slow.
      The solution used here is to use the fuzzy back references in the common
      case where a given tree block is only referenced by one root,
      and use the full back references when multiple roots have a reference
      on a given block.
      
      This commit adds per subvolume red-black tree to keep trace of cached
      inodes. The red-black tree helps the balancing code to find cached
      inodes whose inode numbers within a given range.
      
      This commit improves the balancing code by introducing several data
      structures to keep the state of balancing. The most important one
      is the back ref cache. It caches how the upper level tree blocks are
      referenced. This greatly reduce the overhead of checking back ref.
      
      The improved balancing code scales significantly better with a large
      number of snapshots.
      
      This is a very large commit and was written in a number of
      pieces.  But, they depend heavily on the disk format change and were
      squashed together to make sure git bisect didn't end up in a
      bad state wrt space balancing or the format change.
      Signed-off-by: default avatarYan Zheng <zheng.yan@oracle.com>
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      5d4f98a2
    • Yan Zheng's avatar
      btrfs: Fix set/clear_extent_bit for 'end == (u64)-1' · 5c939df5
      Yan Zheng authored
      There are some 'start = state->end + 1;' like code in set_extent_bit
      and clear_extent_bit. They overflow when end == (u64)-1.
      Signed-off-by: default avatarYan Zheng <zheng.yan@oracle.com>
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      5c939df5
    • Linus Torvalds's avatar
      Linux 2.6.30 · 07a2039b
      Linus Torvalds authored
      07a2039b
    • Peter Botha's avatar
      char: mxser, fix ISA board lookup · 96050dfb
      Peter Botha authored
      There's a bug in the mxser kernel module that still appears in the
      2.6.29.4 kernel.
      
      mxser_get_ISA_conf takes a ioaddress as its first argument, by passing the
      not of the ioaddr, you're effectively passing 0 which means it won't be
      able to talk to an ISA card.  I have tested this, and removing the !
      fixes the problem.
      
      Cc: "Peter Botha" <peterb@goldcircle.co.za>
      Signed-off-by: default avatarJiri Slaby <jirislaby@gmail.com>
      Acked-by: default avatarAlan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      96050dfb
  2. 09 Jun, 2009 16 commits
    • Jan Kara's avatar
      jbd: fix race in buffer processing in commit code · a61d90d7
      Jan Kara authored
      In commit code, we scan buffers attached to a transaction.  During this
      scan, we sometimes have to drop j_list_lock and then we recheck whether
      the journal buffer head didn't get freed by journal_try_to_free_buffers().
       But checking for buffer_jbd(bh) isn't enough because a new journal head
      could get attached to our buffer head.  So add a check whether the journal
      head remained the same and whether it's still at the same transaction and
      list.
      
      This is a nasty bug and can cause problems like memory corruption (use after
      free) or trigger various assertions in JBD code (observed).
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Cc: <stable@kernel.org>
      Cc: <linux-ext4@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a61d90d7
    • Ian Kent's avatar
      autofs4: remove hashed check in validate_wait() · 463aea1a
      Ian Kent authored
      The recent ->lookup() deadlock correction required the directory inode
      mutex to be dropped while waiting for expire completion.  We were
      concerned about side effects from this change and one has been identified.
      
      I saw several error messages.
      
      They cause autofs to become quite confused and don't really point to the
      actual problem.
      
      Things like:
      
      handle_packet_missing_direct:1376: can't find map entry for (43,1827932)
      
      which is usually totally fatal (although in this case it wouldn't be
      except that I treat is as such because it normally is).
      
      do_mount_direct: direct trigger not valid or already mounted
      /test/nested/g3c/s1/ss1
      
      which is recoverable, however if this problem is at play it can cause
      autofs to become quite confused as to the dependencies in the mount tree
      because mount triggers end up mounted multiple times.  It's hard to
      accurately check for this over mounting case and automount shouldn't need
      to if the kernel module is doing its job.
      
      There was one other message, similar in consequence of this last one but I
      can't locate a log example just now.
      
      When checking if a mount has already completed prior to adding a new mount
      request to the wait queue we check if the dentry is hashed and, if so, if
      it is a mount point.  But, if a mount successfully completed while we
      slept on the wait queue mutex the dentry must exist for the mount to have
      completed so the test is not really needed.
      
      Mounts can also be done on top of a global root dentry, so for the above
      case, where a mount request completes and the wait queue entry has already
      been removed, the hashed test returning false can cause an incorrect
      callback to the daemon.  Also, d_mountpoint() is not sufficient to check
      if a mount has completed for the multi-mount case when we don't have a
      real mount at the base of the tree.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      463aea1a
    • Mike Frysinger's avatar
      shm: fix unused warnings on nommu · 586c7e6a
      Mike Frysinger authored
      The massive nommu update (8feae131) resulted in these warnings:
      ipc/shm.c: In function `sys_shmdt':
      ipc/shm.c:974: warning: unused variable `size'
      ipc/shm.c:972: warning: unused variable `next'
      Signed-off-by: default avatarMike Frysinger <vapier@gentoo.org>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      586c7e6a
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus · 13df635f
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
        kvm: fix kvm reboot crash when MAXSMP is used
        cpumask: alloc zeroed cpumask for static cpumask_var_ts
        cpumask: introduce zalloc_cpumask_var
      13df635f
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block · 9cdba302
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.dk/linux-2.6-block:
        bsg: setting rq->bio to NULL
      9cdba302
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 · fd4d3429
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
        cls_cgroup: Fix oops when user send improperly 'tc filter add' request
        r8169: fix crash when large packets are received
      fd4d3429
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://neil.brown.name/md · 4d11eff6
      Linus Torvalds authored
      * 'for-linus' of git://neil.brown.name/md:
        md/raid5: fix bug in reshape code when chunk_size decreases.
        md/raid5 - avoid deadlocks in get_active_stripe during reshape
        md/raid5: use conf->raid_disks in preference to mddev->raid_disk
      4d11eff6
    • FUJITA Tomonori's avatar
      bsg: setting rq->bio to NULL · c1d4c41f
      FUJITA Tomonori authored
      Due to commit 1cd96c24 ("block: WARN
      in __blk_put_request() for potential bio leak"), BSG SMP requests get
      the false warnings:
      
      WARNING: at block/blk-core.c:1068 __blk_put_request+0x52/0xc0()
      
      This sets rq->bio to NULL to avoid that false warnings.
      Signed-off-by: default avatarFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      c1d4c41f
    • Avi Kivity's avatar
      kvm: fix kvm reboot crash when MAXSMP is used · 8437a617
      Avi Kivity authored
      one system was found there is crash during reboot then kvm/MAXSMP
      Sending all processes the KILL signal...                              done
      Please stand by while rebooting the system...
      [ 1721.856538] md: stopping all md devices.
      [ 1722.852139] kvm: exiting hardware virtualization
      [ 1722.854601] BUG: unable to handle kernel NULL pointer dereference at (null)
      [ 1722.872219] IP: [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
      [ 1722.877955] PGD 0
      [ 1722.880042] Oops: 0000 [#1] SMP
      [ 1722.892548] last sysfs file: /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/host0/target0:2:0/0:2:0:0/vendor
      [ 1722.900977] CPU 9
      [ 1722.912606] Modules linked in:
      [ 1722.914226] Pid: 0, comm: swapper Not tainted 2.6.30-rc7-tip-01843-g2305324-dirty #299 ...
      [ 1722.932589] RIP: 0010:[<ffffffff8102c6b6>]  [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
      [ 1722.942709] RSP: 0018:ffffc900010b6ed8  EFLAGS: 00010046
      [ 1722.956121] RAX: 0000000000000000 RBX: ffffc9000e253140 RCX: 0000000000000009
      [ 1722.972202] RDX: 000000000000b020 RSI: ffffc900010c3220 RDI: ffffffffffffd790
      [ 1722.977399] RBP: ffffc900010b6f08 R08: 0000000000000000 R09: 0000000000000000
      [ 1722.995149] R10: 00000000000004b8 R11: 966912b6c78fddbd R12: 0000000000000009
      [ 1723.011551] R13: 000000000000b020 R14: 0000000000000009 R15: 0000000000000000
      [ 1723.019898] FS:  0000000000000000(0000) GS:ffffc900010b3000(0000) knlGS:0000000000000000
      [ 1723.034389] CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
      [ 1723.041164] CR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006e0
      [ 1723.056192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 1723.072546] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      [ 1723.080562] Process swapper (pid: 0, threadinfo ffff88107e464000, task ffff88047e5a2550)
      [ 1723.096144] Stack:
      [ 1723.099071]  0000000000000046 ffffc9000e253168 966912b6c78fddbd ffffc9000e253140
      [ 1723.115471]  ffff880c7d4304d0 ffffc9000e253168 ffffc900010b6f28 ffffffff81011022
      [ 1723.132428]  ffffc900010b6f48 966912b6c78fddbd ffffc900010b6f48 ffffffff8100b83b
      [ 1723.141973] Call Trace:
      [ 1723.142981]  <IRQ> <0> [<ffffffff81011022>] kvm_arch_hardware_disable+0x26/0x3c
      [ 1723.158153]  [<ffffffff8100b83b>] hardware_disable+0x3f/0x55
      [ 1723.172168]  [<ffffffff810b95f6>] generic_smp_call_function_interrupt+0x76/0x13c
      [ 1723.178836]  [<ffffffff8104cbea>] smp_call_function_interrupt+0x3a/0x5e
      [ 1723.194689]  [<ffffffff81035bf3>] call_function_interrupt+0x13/0x20
      [ 1723.199750]  <EOI> <0> [<ffffffff814ad3b4>] ? acpi_idle_enter_c1+0xd3/0xf4
      [ 1723.217508]  [<ffffffff814ad3ae>] ? acpi_idle_enter_c1+0xcd/0xf4
      [ 1723.232172]  [<ffffffff814ad4bc>] ? acpi_idle_enter_bm+0xe7/0x2ce
      [ 1723.235141]  [<ffffffff81a8d93f>] ? __atomic_notifier_call_chain+0x0/0xac
      [ 1723.253381]  [<ffffffff818c3dff>] ? menu_select+0x58/0xd2
      [ 1723.258179]  [<ffffffff818c2c9d>] ? cpuidle_idle_call+0xa4/0xf3
      [ 1723.272828]  [<ffffffff81034085>] ? cpu_idle+0xb8/0x101
      [ 1723.277085]  [<ffffffff81a80163>] ? start_secondary+0x1bc/0x1d7
      [ 1723.293708] Code: b0 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 e0 31 c0 48 8b 04 cd 30 ee 27 82 49 89 cc 49 89 d5 48 8b 04 10 48 8d b8 90 d7 ff ff <48> 8b 87 70 28 00 00 48 8d 98 90 d7 ff ff eb 16 e8 e9 fe ff ff
      [ 1723.335524] RIP  [<ffffffff8102c6b6>] hardware_disable+0x4c/0xb4
      [ 1723.342076]  RSP <ffffc900010b6ed8>
      [ 1723.352021] CR2: 0000000000000000
      [ 1723.354348] ---[ end trace e2aec53dae150aa1 ]---
      
      it turns out that we need clear cpus_hardware_enabled in that case.
      Reported-and-tested-by: default avatarYinghai Lu <yinghai@kernel.org>
      Signed-off-by: default avatarYinghai Lu <yinghai@kernel.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      8437a617
    • Yinghai Lu's avatar
      cpumask: alloc zeroed cpumask for static cpumask_var_ts · eaa95840
      Yinghai Lu authored
      These are defined as static cpumask_var_t so if MAXSMP is not used,
      they are cleared already.  Avoid surprises when MAXSMP is enabled.
      Signed-off-by: default avatarYinghai Lu <yinghai.lu@kernel.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      eaa95840
    • Yinghai Lu's avatar
      cpumask: introduce zalloc_cpumask_var · 0281b5dc
      Yinghai Lu authored
      So can get cpumask_var with cpumask_clear
      Signed-off-by: default avatarYinghai Lu <yinghai@kernel.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      0281b5dc
    • Minoru Usui's avatar
      cls_cgroup: Fix oops when user send improperly 'tc filter add' request · 52ea3a56
      Minoru Usui authored
      I found a bug in cls_cgroup_change() in cls_cgroup.c.
      cls_cgroup_change() expected tca[TCA_OPTIONS] was set from user space properly,
      but tc in iproute2-2.6.29-1 (which I used) didn't set it.
      
      In the current source code of tc in git, it set tca[TCA_OPTIONS].
      
        git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
      
      If we always use a newest iproute2 in git when we use cls_cgroup, 
      we don't face this oops probably.
      But I think, kernel shouldn't panic regardless of use program's behaviour. 
      Signed-off-by: default avatarMinoru Usui <usui@mxm.nes.nec.co.jp>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      52ea3a56
    • Eric Dumazet's avatar
      r8169: fix crash when large packets are received · fdd7b4c3
      Eric Dumazet authored
      Michael Tokarev reported receiving a large packet could crash
      a machine with RTL8169 NIC.
      ( original thread at http://lkml.org/lkml/2009/6/8/192 )
      
      Problem is this driver tells that NIC frames up to 16383 bytes
      can be received but provides skb to rx ring allocated with
      smaller sizes (1536 bytes in case standard 1500 bytes MTU is used)
      
      When a frame larger than what was allocated by driver is received,
      dma transfert can occurs past the end of buffer and corrupt
      kernel memory.
      
      Fix is to tell to NIC what is the maximum size a frame can be.
      
      This bug is very old, (before git introduction, linux-2.6.10), and 
      should be backported to stable versions.
      Reported-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Tested-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fdd7b4c3
    • NeilBrown's avatar
      md/raid5: fix bug in reshape code when chunk_size decreases. · 0e6e0271
      NeilBrown authored
      Now that we support changing the chunksize, we calculate
      "reshape_sectors" to be the max of number of sectors in old
      and new chunk size.
      However there is one please where we still use 'chunksize'
      rather than 'reshape_sectors'.
      This causes a reshape that reduces the size of chunks to freeze.
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      0e6e0271
    • NeilBrown's avatar
      md/raid5 - avoid deadlocks in get_active_stripe during reshape · a8c906ca
      NeilBrown authored
      md has functionality to 'quiesce' and array so that all pending
      IO completed and no new IO starts.  This is used to achieve a
      stable state before making internal changes.
      
      Currently this quiescing applies equally to normal IO, resync
      IO, and reshape IO.
      However there is a problem with applying it to reshape IO.
      Reshape can have multiple 'stripe_heads' that must be active together.
      If the quiesce come between allocating the first and the last of
      such a collection, then we deadlock, as the last will not be allocated
      until the quiesce is lifted, the quiesce will not be lifted until the
      first (which has been allocated) gets used, and that first cannot be
      used until the last is allocated.
      
      It is not necessary to inhibit reshape IO when a quiesce is
      requested.  Those places in the code that require a full quiesce will
      ensure the reshape thread is not running at all.
      
      So allow reshape requests to get access to new stripe_heads without
      being blocked by a 'quiesce'.
      
      This only affects in-place reshapes (i.e. where the array does not
      grow or shrink) and these are only newly supported.  So this patch is
      not needed in earlier kernels.
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      a8c906ca
    • NeilBrown's avatar
      md/raid5: use conf->raid_disks in preference to mddev->raid_disk · f001a70c
      NeilBrown authored
      mddev->raid_disks can be changed and any time by a request from
      user-space.  It is a suggestion as to what number of raid_disks is
      desired.
      
      conf->raid_disks can only be changed by the raid5 module with suitable
      locks in place.  It is a statement as to the current number of
      raid_disks.
      
      There are two places where the latter should be used, but the former
      is used.  This can lead to a crash when reshaping an array.
      
      This patch changes to mddev-> to conf->
      Signed-off-by: default avatarNeilBrown <neilb@suse.de>
      f001a70c
  3. 08 Jun, 2009 14 commits
  4. 07 Jun, 2009 2 commits