1. 26 Sep, 2018 2 commits
    • Bob Peterson's avatar
      gfs2: Don't reject a supposedly full bitmap if we have blocks reserved · d074912d
      Bob Peterson authored
      [ Upstream commit e79e0e14 ]
      
      Before this patch, you could get into situations like this:
      
      1. Process 1 searches for X free blocks, finds them, makes a reservation
      2. Process 2 searches for free blocks in the same rgrp, but now the
         bitmap is full because process 1's reservation is skipped over.
         So it marks the bitmap as GBF_FULL.
      3. Process 1 tries to allocate blocks from its own reservation, but
         since the GBF_FULL bit is set, it skips over the rgrp and searches
         elsewhere, thus not using its own reservation.
      
      This patch adds an additional check to allow processes to use their
      own reservations.
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarSasha Levin <alexander.levin@microsoft.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d074912d
    • Andreas Gruenbacher's avatar
      gfs2: Special-case rindex for gfs2_grow · 0fe57094
      Andreas Gruenbacher authored
      [ Upstream commit 77612578 ]
      
      To speed up the common case of appending to a file,
      gfs2_write_alloc_required presumes that writing beyond the end of a file
      will always require additional blocks to be allocated.  This assumption
      is incorrect for preallocates files, but there are no negative
      consequences as long as *some* space is still left on the filesystem.
      
      One special file that always has some space preallocated beyond the end
      of the file is the rindex: when growing a filesystem, gfs2_grow adds one
      or more new resource groups and appends records describing those
      resource groups to the rindex; the preallocated space ensures that this
      is always possible.
      
      However, when a filesystem is completely full, gfs2_write_alloc_required
      will indicate that an additional allocation is required, and appending
      the next record to the rindex will fail even though space for that
      record has already been preallocated.  To fix that, skip the incorrect
      optimization in gfs2_write_alloc_required, but for the rindex only.
      Other writes to preallocated space beyond the end of the file are still
      allowed to fail on completely full filesystems.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Reviewed-by: default avatarBob Peterson <rpeterso@redhat.com>
      Signed-off-by: default avatarSasha Levin <alexander.levin@microsoft.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0fe57094
  2. 30 May, 2018 1 commit
  3. 20 Dec, 2017 1 commit
    • Bob Peterson's avatar
      GFS2: Take inode off order_write list when setting jdata flag · 1678bb97
      Bob Peterson authored
      
      [ Upstream commit cc555b09 ]
      
      This patch fixes a deadlock caused when the jdata flag is set for
      inodes that are already on the ordered write list. Since it is
      on the ordered write list, log_flush calls gfs2_ordered_write which
      calls filemap_fdatawrite. But since the inode had the jdata flag
      set, that calls gfs2_jdata_writepages, which tries to start a new
      transaction. A new transaction cannot be started because it tries
      to acquire the log_flush rwsem which is already locked by the log
      flush operation.
      
      The bottom line is: We cannot switch an inode from ordered to jdata
      until we eliminate any ordered data pages (via log flush) or any
      log_flush operation afterward will create the circular dependency
      above. So we need to flush the log before setting the diskflags to
      switch the file mode, then we need to remove the inode from the
      ordered writes list.
      
      Before this patch, the log flush was done for jdata->ordered, but
      that's wrong. If we're going from jdata to ordered, we don't need
      to call gfs2_log_flush because the call to filemap_fdatawrite will
      do it for us:
      
         filemap_fdatawrite() -> __filemap_fdatawrite_range()
            __filemap_fdatawrite_range() -> do_writepages()
               do_writepages() -> gfs2_jdata_writepages()
                  gfs2_jdata_writepages() -> gfs2_log_flush()
      
      This patch modifies function do_gfs2_set_flags so that if a file
      has its jdata flag set, and it's already on the ordered write list,
      the log will be flushed and it will be removed from the list
      before setting the flag.
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Acked-by: default avatarAbhijith Das <adas@redhat.com>
      Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1678bb97
  4. 02 Nov, 2017 1 commit
    • Greg Kroah-Hartman's avatar
      License cleanup: add SPDX GPL-2.0 license identifier to files with no license · b2441318
      Greg Kroah-Hartman authored
      Many source files in the tree are missing licensing information, which
      makes it harder for compliance tools to determine the correct license.
      
      By default all files without license information are under the default
      license of the kernel, which is GPL version 2.
      
      Update the files which contain no license information with the 'GPL-2.0'
      SPDX license identifier.  The SPDX identifier is a legally binding
      shorthand, which can be used instead of the full boiler plate text.
      
      This patch is based on work done by Thomas Gleixner and Kate Stewart and
      Philippe Ombredanne.
      
      How this work was done:
      
      Patches were generated and checked against linux-4.14-rc6 for a subset of
      the use cases:
       - file had no licensing information it it.
       - file was a */uapi/* one with no licensing information in it,
       - file was a */uapi/* one with existing licensing information,
      
      Further patches will be generated in subsequent months to fix up cases
      where non-standard license headers were used, and references to license
      had to be inferred by heuristics based on keywords.
      
      The analysis to determine which SPDX License Identifier to be applied to
      a file was done in a spreadsheet of side by side results from of the
      output of two independent scanners (ScanCode & Windriver) producing SPDX
      tag:value files created by Philippe Ombredanne.  Philippe prepared the
      base worksheet, and did an initial spot review of a few 1000 files.
      
      The 4.13 kernel was the starting point of the analysis with 60,537 files
      assessed.  Kate Stewart did a file by file comparison of the scanner
      results in the spreadsheet to determine which SPDX license identifier(s)
      to be applied to the file. She confirmed any determination that was not
      immediately clear with lawyers working with the Linux Foundation.
      
      Criteria used to select files for SPDX license identifier tagging was:
       - Files considered eligible had to be source code files.
       - Make and config files were included as candidates if they contained >5
         lines of source
       - File already had some variant of a license header in it (even if <5
         lines).
      
      All documentation files were explicitly excluded.
      
      The following heuristics were used to determine which SPDX license
      identifiers to apply.
      
       - when both scanners couldn't find any license traces, file was
         considered to have no license information in it, and the top level
         COPYING file license applied.
      
         For non */uapi/* files that summary was:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|-------
         GPL-2.0                                              11139
      
         and resulted in the first patch in this series.
      
         If that file was a */uapi/* path one, it was "GPL-2.0 WITH
         Linux-syscall-note" otherwise it was "GPL-2.0".  Results of that was:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|-------
         GPL-2.0 WITH Linux-syscall-note                        930
      
         and resulted in the second patch in this series.
      
       - if a file had some form of licensing information in it, and was one
         of the */uapi/* ones, it was denoted with the Linux-syscall-note if
         any GPL family license was found in the file or had no licensing in
         it (per prior point).  Results summary:
      
         SPDX license identifier                            # files
         ---------------------------------------------------|------
         GPL-2.0 WITH Linux-syscall-note                       270
         GPL-2.0+ WITH Linux-syscall-note                      169
         ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause)    21
         ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)    17
         LGPL-2.1+ WITH Linux-syscall-note                      15
         GPL-1.0+ WITH Linux-syscall-note                       14
         ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause)    5
         LGPL-2.0+ WITH Linux-syscall-note                       4
         LGPL-2.1 WITH Linux-syscall-note                        3
         ((GPL-2.0 WITH Linux-syscall-note) OR MIT)              3
         ((GPL-2.0 WITH Linux-syscall-note) AND MIT)             1
      
         and that resulted in the third patch in this series.
      
       - when the two scanners agreed on the detected license(s), that became
         the concluded license(s).
      
       - when there was disagreement between the two scanners (one detected a
         license but the other didn't, or they both detected different
         licenses) a manual inspection of the file occurred.
      
       - In most cases a manual inspection of the information in the file
         resulted in a clear resolution of the license that should apply (and
         which scanner probably needed to revisit its heuristics).
      
       - When it was not immediately clear, the license identifier was
         confirmed with lawyers working with the Linux Foundation.
      
       - If there was any question as to the appropriate license identifier,
         the file was flagged for further research and to be revisited later
         in time.
      
      In total, over 70 hours of logged manual review was done on the
      spreadsheet to determine the SPDX license identifiers to apply to the
      source files by Kate, Philippe, Thomas and, in some cases, confirmation
      by lawyers working with the Linux Foundation.
      
      Kate also obtained a third independent scan of the 4.13 code base from
      FOSSology, and compared selected files where the other two scanners
      disagreed against that SPDX file, to see if there was new insights.  The
      Windriver scanner is based on an older version of FOSSology in part, so
      they are related.
      
      Thomas did random spot checks in about 500 files from the spreadsheets
      for the uapi headers and agreed with SPDX license identifier in the
      files he inspected. For the non-uapi files Thomas did random spot checks
      in about 15000 files.
      
      In initial set of patches against 4.14-rc6, 3 files were found to have
      copy/paste license identifier errors, and have been fixed to reflect the
      correct identifier.
      
      Additionally Philippe spent 10 hours this week doing a detailed manual
      inspection and review of the 12,461 patched files from the initial patch
      version early this week with:
       - a full scancode scan run, collecting the matched texts, detected
         license ids and scores
       - reviewing anything where there was a license detected (about 500+
         files) to ensure that the applied SPDX license was correct
       - reviewing anything where there was no detection but the patch license
         was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
         SPDX license was correct
      
      This produced a worksheet with 20 files needing minor correction.  This
      worksheet was then exported into 3 different .csv files for the
      different types of files to be modified.
      
      These .csv files were then reviewed by Greg.  Thomas wrote a script to
      parse the csv files and add the proper SPDX tag to the file, in the
      format that the file expected.  This script was further refined by Greg
      based on the output to detect more types of files automatically and to
      distinguish between header and source .c files (which need different
      comment types.)  Finally Greg ran the script using the .csv files to
      generate the patches.
      Reviewed-by: default avatarKate Stewart <kstewart@linuxfoundation.org>
      Reviewed-by: default avatarPhilippe Ombredanne <pombredanne@nexb.com>
      Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b2441318
  5. 25 Sep, 2017 1 commit
  6. 31 Aug, 2017 2 commits
  7. 30 Aug, 2017 3 commits
  8. 25 Aug, 2017 3 commits
    • Bob Peterson's avatar
      GFS2: Fix up some sparse warnings · 27c3b415
      Bob Peterson authored
      This patch cleans up various pieces of GFS2 to avoid sparse errors.
      This doesn't fix them all, but it fixes several. The first error,
      in function glock_hash_walk was a genuine bug where the rhashtable
      could be started and not stopped.
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      27c3b415
    • Andreas Gruenbacher's avatar
      gfs2: Silence gcc format-truncation warning · 561b7969
      Andreas Gruenbacher authored
      Enlarge sd_fsname to be big enough for the longest long lock table name
      and an arbitrary journal number.  This silences two -Wformat-truncation
      warnings with gcc 7.1.1.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      561b7969
    • Bob Peterson's avatar
      GFS2: Withdraw for IO errors writing to the journal or statfs · 942b0cdd
      Bob Peterson authored
      Before this patch, if GFS2 encountered IO errors while writing to
      the journal, it would not report the problem, so they would go
      unnoticed, sometimes for many hours. Sometimes this would only be
      noticed later, when recovery tried to do journal replay and failed
      due to invalid metadata at the blocks that resulted in IO errors.
      
      This patch makes GFS2's log daemon check for IO errors. If it
      encounters one, it withdraws from the file system and reports
      why in dmesg. A similar action is taken when IO errors occur when
      writing to the system statfs file.
      
      These errors are also reported back to any callers of fsync, since
      that requires the journal to be flushed. Therefore, any IO errors
      that would previously go unnoticed are now noticed and the file
      system is withdrawn as early as possible, thus preventing further
      file system damage.
      
      Also note that this reintroduces superblock variable sd_log_error,
      which Christoph removed with commit f729b66f.
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      942b0cdd
  9. 23 Aug, 2017 1 commit
    • Christoph Hellwig's avatar
      block: replace bi_bdev with a gendisk pointer and partitions index · 74d46992
      Christoph Hellwig authored
      This way we don't need a block_device structure to submit I/O.  The
      block_device has different life time rules from the gendisk and
      request_queue and is usually only available when the block device node
      is open.  Other callers need to explicitly create one (e.g. the lightnvm
      passthrough code, or the new nvme multipathing code).
      
      For the actual I/O path all that we need is the gendisk, which exists
      once per block device.  But given that the block layer also does
      partition remapping we additionally need a partition index, which is
      used for said remapping in generic_make_request.
      
      Note that all the block drivers generally want request_queue or
      sometimes the gendisk, so this removes a layer of indirection all
      over the stack.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      74d46992
  10. 15 Aug, 2017 1 commit
    • Thomas Tai's avatar
      gfs2: fix slab corruption during mounting and umounting gfs file system · cc1dfa8b
      Thomas Tai authored
      When using cman-3.0.12.1 and gfs2-utils-3.0.12.1, mounting and
      unmounting GFS2 file system would cause kernel to hang. The slab
      allocator suggests that it is likely a double free memory corruption.
      The issue is traced back to v3.9-rc6 where a patch is submitted to
      use kzalloc() for storing a bitmap instead of using a local variable.
      The intention is to allocate memory during mount and to free memory
      during unmount. The original patch misses a code path which has
      already freed the memory and caused memory corruption. This patch sets
      the memory pointer to NULL after the memory is freed, so that double
      free memory corruption will not happen.
      
      gdlm_mount()
        '-- set_recover_size() which use kzalloc()
        '-- if dlm does not support ops callbacks then
                '--- free_recover_size() which use kfree()
      
      gldm_unmount()
        '-- free_recover_size() which use kfree()
      
      Previous patch which introduced the double free issue is
      commit 57c7310b ("GFS2: use kmalloc for lvb bitmap")
      Signed-off-by: default avatarThomas Tai <thomas.tai@oracle.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@Oracle.com>
      cc1dfa8b
  11. 10 Aug, 2017 6 commits
    • Abhi Das's avatar
      gfs2: forcibly flush ail to relieve memory pressure · b066a4ee
      Abhi Das authored
      On systems with low memory, it is possible for gfs2 to infinitely
      loop in balance_dirty_pages() under heavy IO (creating sparse files).
      
      balance_dirty_pages() attempts to write out the dirty pages via
      gfs2_writepages() but none are found because these dirty pages are
      being used by the journaling code in the ail. Normally, the journal
      has an upper threshold which when hit triggers an automatic flush
      of the ail. But this threshold can be higher than the number of
      allowable dirty pages and result in the ail never being flushed.
      
      This patch forces an ail flush when gfs2_writepages() fails to write
      anything. This is a good indication that the ail might be holding
      some dirty pages.
      Signed-off-by: default avatarAbhi Das <adas@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      b066a4ee
    • Andreas Gruenbacher's avatar
      gfs2: Clean up waiting on glocks · a91323e2
      Andreas Gruenbacher authored
      The prepare_to_wait_on_glock and finish_wait_on_glock functions introduced in
      commit 56a365be "gfs2: gfs2_glock_get: Wait on freeing glocks" are
      better removed, resulting in cleaner code.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      a91323e2
    • Andreas Gruenbacher's avatar
      gfs2: Defer deleting inodes under memory pressure · 6a1c8f6d
      Andreas Gruenbacher authored
      When under memory pressure and an inode's link count has dropped to
      zero, defer deleting the inode to the delete workqueue.  This avoids
      calling into DLM under memory pressure, which can deadlock.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      6a1c8f6d
    • Andreas Gruenbacher's avatar
      gfs2: gfs2_evict_inode: Put glocks asynchronously · 71c1b213
      Andreas Gruenbacher authored
      gfs2_evict_inode is called to free inodes under memory pressure.  The
      function calls into DLM when an inode's last cluster-wide reference goes
      away (remote unlink) and to release the glock and associated DLM lock
      before finally destroying the inode.  However, if DLM is blocked on
      memory to become available, calling into DLM again will deadlock.
      
      Avoid that by decoupling releasing glocks from destroying inodes in that
      case: with gfs2_glock_queue_put, glocks will be dequeued asynchronously
      in work queue context, when the associated inodes have likely already
      been destroyed.
      
      With this change, inodes can end up being unlinked, remote-unlink can be
      triggered, and then the inode can be reallocated before all
      remote-unlink callbacks are processed.  To detect that, revalidate the
      link count in gfs2_evict_inode to make sure we're not deleting an
      allocated, referenced inode.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      71c1b213
    • Andreas Gruenbacher's avatar
      gfs2: Get rid of gfs2_set_nlink · eebd2e81
      Andreas Gruenbacher authored
      Remove gfs2_set_nlink which prevents the link count of an inode from
      becoming non-zero once it has reached zero.  The next commit reduces the
      amount of waiting on glocks when an inode is evicted from memory.  With
      that, an inode can become reallocated before all the remote-unlink
      callbacks from a previous delete are processed, which causes the link
      count to change from zero to non-zero.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      eebd2e81
    • Andreas Gruenbacher's avatar
      gfs2: gfs2_glock_get: Wait on freeing glocks · 0515480a
      Andreas Gruenbacher authored
      Keep glocks in their hash table until they are freed instead of removing
      them when their last reference is dropped.  This allows to wait for any
      previous instances of a glock to go away in gfs2_glock_get before
      creating a new glocks.
      
      Special thanks to Andy Price for finding and fixing a problem which also
      required us to delete the rcu_read_unlock from the error case in function
      gfs2_glock_get.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      0515480a
  12. 09 Aug, 2017 6 commits
  13. 01 Aug, 2017 1 commit
  14. 21 Jul, 2017 4 commits
    • Bob Peterson's avatar
      GFS2: Set gl_object in inode lookup only after block type check · 4d7c18c7
      Bob Peterson authored
      Before this patch, the inode glock's gl_object was set after a
      reference was acquired, but before the block type was verified.
      In cases where the block was unlinked, then freed and reused on
      another node, a residule delete callback (delete_work) would try
      to look up the inode, eventually failing the block check, but
      only after it overwrites gl_object with a pointer to the wrong
      inode. This patch moves the assignment of gl_object after the
      block check so it won't be improperly overwritten.
      
      Likewise, at the end of the function, gfs2_inode_lookup was
      clearing gl_object after it unlocked the glock, which meant
      another process might free the glock in the meantime. This
      patch guards against that case.
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      Reviewed-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      4d7c18c7
    • Bob Peterson's avatar
      GFS2: Introduce helper for clearing gl_object · df3d87bd
      Bob Peterson authored
      This patch introduces a new helper function in glock.h that
      clears gl_object, with an added integrity check. An additional
      integrity check has been added to glock_set_object, plus comments.
      This is step 1 in a series to ensure gl_object integrity.
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      Reviewed-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      df3d87bd
    • Coly Li's avatar
      gfs2: add flag REQ_PRIO for metadata I/O · e477b24b
      Coly Li authored
      When gfs2 does metadata I/O, only REQ_META is used as a metadata hint of
      the bio. But flag REQ_META is just a hint for block trace, not for block
      layer code to handle a bio as metadata request.
      
      For some of metadata I/Os of gfs2, A REQ_PRIO flag on the metadata bio
      would be very informative to block layer code. For example, if bcache is
      used as a I/O cache for gfs2, it will be possible for bcache code to get
      the hint and cache the pre-fetched metadata blocks on cache device. This
      behavior may be helpful to improve metadata I/O performance if the
      following requests hit the cache.
      
      Here are the locations in gfs2 code where a REQ_PRIO flag should be added,
      - All places where REQ_READAHEAD is used, gfs2 code uses this flag for
        metadata read ahead.
      - In gfs2_meta_rq() where the first metadata block is read in.
      - In gfs2_write_buf_to_page(), read in quota metadata blocks to have them
        up to date.
      These metadata blocks are probably to be accessed again in future, adding
      a REQ_PRIO flag may have bcache to keep such metadata in fast cache
      device. For system without a cache layer, REQ_PRIO can still provide hint
      to block layer to handle metadata requests more properly.
      Signed-off-by: default avatarColy Li <colyli@suse.de>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      e477b24b
    • Wang Xibo's avatar
      GFS2: fix code parameter error in inode_go_lock · e7cb550d
      Wang Xibo authored
      In inode_go_lock() function, the parameter order of list_add() is error.
      According to the define of list_add(), the first parameter is new entry
      and the second is the list head, so ip->i_trunc_list should be the
      first parameter and the sdp->sd_trunc_list should be second.
      
      Signed-off-by: Wang Xibo<wang.xibo@zte.com.cn>
      Signed-off-by: Xiao Likun<xiao.likun@zte.com.cn>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      e7cb550d
  15. 19 Jul, 2017 2 commits
    • Andreas Gruenbacher's avatar
      gfs2: Fixup to "Get rid of flush_delayed_work in gfs2_evict_inode" · 98e5a91a
      Andreas Gruenbacher authored
      When commit 4fd1a579 moved the call to flush_delayed_work from
      gfs2_evict_inode to gfs2_inode_lookup to avoid calling into DLM during
      evict, a similar call should have been added to gfs2_create_inode:
      that's another code path in which glocks of previous inodes may be
      reused.
      
      The flush of the iopen glock work queue added by 4fd1a579, on the
      other hand, is unnecessary and can be removed.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      98e5a91a
    • Jan Kara's avatar
      gfs2: Don't clear SGID when inheriting ACLs · 914cea93
      Jan Kara authored
      When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
      set, DIR1 is expected to have SGID bit set (and owning group equal to
      the owning group of 'DIR0'). However when 'DIR0' also has some default
      ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
      'DIR1' to get cleared if user is not member of the owning group.
      
      Fix the problem by moving posix_acl_update_mode() out of
      __gfs2_set_acl() into gfs2_set_acl(). That way the function will not be
      called when inheriting ACLs which is what we want as it prevents SGID
      bit clearing and the mode has been properly set by posix_acl_create()
      anyway.
      
      Fixes: 07393101Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      914cea93
  16. 17 Jul, 2017 3 commits
    • Andreas Gruenbacher's avatar
      gfs2: Lock holder cleanup (fixup) · 283c9a97
      Andreas Gruenbacher authored
      Function gfs2_holder_initialized should be used in do_flock as well.
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      283c9a97
    • Bob Peterson's avatar
      GFS2: Prevent double brelse in gfs2_meta_indirect_buffer · 61eaadcd
      Bob Peterson authored
      Before this patch, problems reading in indirect buffers would send
      an IO error back to the caller, and release the buffer_head with
      brelse() in function gfs2_meta_indirect_buffer, however, it would
      still return the address of the buffer_head it released. After the
      error was discovered, function gfs2_block_map would call function
      release_metapath to free all buffers. That checked:
      if (mp->mp_bh[i] == NULL) but since the value was set after the
      error, it was non-zero, so brelse was called a second time. This
      resulted in the following error:
      
      kernel: WARNING: at fs/buffer.c:1224 __brelse+0x3a/0x40() (Tainted: G        W  -- ------------   )
      kernel: Hardware name: RHEV Hypervisor
      kernel: VFS: brelse: Trying to free free buffer
      
      This patch changes gfs2_meta_indirect_buffer so it only sets
      the buffer_head pointer in cases where it isn't released.
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      Acked-by: default avatarSteven Whitehouse <swhiteho@redhat.com>
      61eaadcd
    • David Howells's avatar
      VFS: Convert sb->s_flags & MS_RDONLY to sb_rdonly(sb) · bc98a42c
      David Howells authored
      Firstly by applying the following with coccinelle's spatch:
      
      	@@ expression SB; @@
      	-SB->s_flags & MS_RDONLY
      	+sb_rdonly(SB)
      
      to effect the conversion to sb_rdonly(sb), then by applying:
      
      	@@ expression A, SB; @@
      	(
      	-(!sb_rdonly(SB)) && A
      	+!sb_rdonly(SB) && A
      	|
      	-A != (sb_rdonly(SB))
      	+A != sb_rdonly(SB)
      	|
      	-A == (sb_rdonly(SB))
      	+A == sb_rdonly(SB)
      	|
      	-!(sb_rdonly(SB))
      	+!sb_rdonly(SB)
      	|
      	-A && (sb_rdonly(SB))
      	+A && sb_rdonly(SB)
      	|
      	-A || (sb_rdonly(SB))
      	+A || sb_rdonly(SB)
      	|
      	-(sb_rdonly(SB)) != A
      	+sb_rdonly(SB) != A
      	|
      	-(sb_rdonly(SB)) == A
      	+sb_rdonly(SB) == A
      	|
      	-(sb_rdonly(SB)) && A
      	+sb_rdonly(SB) && A
      	|
      	-(sb_rdonly(SB)) || A
      	+sb_rdonly(SB) || A
      	)
      
      	@@ expression A, B, SB; @@
      	(
      	-(sb_rdonly(SB)) ? 1 : 0
      	+sb_rdonly(SB)
      	|
      	-(sb_rdonly(SB)) ? A : B
      	+sb_rdonly(SB) ? A : B
      	)
      
      to remove left over excess bracketage and finally by applying:
      
      	@@ expression A, SB; @@
      	(
      	-(A & MS_RDONLY) != sb_rdonly(SB)
      	+(bool)(A & MS_RDONLY) != sb_rdonly(SB)
      	|
      	-(A & MS_RDONLY) == sb_rdonly(SB)
      	+(bool)(A & MS_RDONLY) == sb_rdonly(SB)
      	)
      
      to make comparisons against the result of sb_rdonly() (which is a bool)
      work correctly.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      bc98a42c
  17. 07 Jul, 2017 1 commit
  18. 06 Jul, 2017 1 commit
    • Jeff Layton's avatar
      buffer: set errors in mapping at the time that the error occurs · 87354e5d
      Jeff Layton authored
      I noticed on xfs that I could still sometimes get back an error on fsync
      on a fd that was opened after the error condition had been cleared.
      
      The problem is that the buffer code sets the write_io_error flag and
      then later checks that flag to set the error in the mapping. That flag
      perisists for quite a while however. If the file is later opened with
      O_TRUNC, the buffers will then be invalidated and the mapping's error
      set such that a subsequent fsync will return error. I think this is
      incorrect, as there was no writeback between the open and fsync.
      
      Add a new mark_buffer_write_io_error operation that sets the flag and
      the error in the mapping at the same time. Replace all calls to
      set_buffer_write_io_error with mark_buffer_write_io_error, and remove
      the places that check this flag in order to set the error in the
      mapping.
      
      This sets the error in the mapping earlier, at the time that it's first
      detected.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarCarlos Maiolino <cmaiolino@redhat.com>
      87354e5d