| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fixes and cleanups from Thomas Gleixner:
"Commit e5ab012c3271 ("nohz: Make tick_nohz_irq_exit() irq safe") is
the first commit in the series and the minimal necessary bugfix, which
needs to go back into stable.
The remanining commits enforce irq disabling in irq_exit(), sanitize
the hardirq/softirq preempt count transition and remove a bunch of no
longer necessary conditionals."
I personally love getting rid of the very subtle and confusing
IRQ_EXIT_OFFSET thing. Even apart from the whole "more lines removed
than added" thing.
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irq: Don't re-enable interrupts at the end of irq_exit
irq: Remove IRQ_EXIT_OFFSET workaround
Revert "nohz: Make tick_nohz_irq_exit() irq safe"
irq: Sanitize invoke_softirq
irq: Ensure irq_exit() code runs with interrupts disabled
nohz: Make tick_nohz_irq_exit() irq safe
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull smpboot bugfix from Thomas Gleixner:
"A single bugfix for a regression introduced with the conversion of the
stop machine threads to the generic smpboot thread management
facility"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
stop_machine: Mark per cpu stopper enabled early
|
|
Pull second round of GPIO changes from Grant Likely:
"This branch contains a few bug fixes that I missed the first time
around and updates to the gpio_desc series included in the first pull
request. This tag has been retagged to drop the 2 head commits
because the one of them caused a build failure."
* tag 'gpio-for-linus' of git://git.secretlab.ca/git/linux:
gpio/gpio-ich: fix ichx_gpio_check_available() return what callers expect
gpiolib: move comment to right function
gpiolib: use const parameters when possible
gpiolib: check descriptors validity before use
|
|
Pull md updates from NeilBrown:
"Mostly little bugfixes.
Only "feature" is a new RAID10 layout which slightly improves the
number of sets of devices that can concurrently fail, without data
loss."
* tag 'md-3.9' of git://neil.brown.name/md:
md: expedite metadata update when switching read-auto -> active
md: remove CONFIG_MULTICORE_RAID456
md/raid1,raid10: fix deadlock with freeze_array()
md/raid0: improve error message when converting RAID4-with-spares to RAID0
md: raid0: fix error return from create_stripe_zones.
md: fix two bugs when attempting to resize RAID0 array.
DM RAID: Add support for MD's RAID10 "far" and "offset" algorithms
MD RAID10: Improve redundancy for 'far' and 'offset' algorithms (part 2)
MD RAID10: Improve redundancy for 'far' and 'offset' algorithms (part 1)
MD RAID10: Minor non-functional code changes
md: raid1,10: Handle REQ_WRITE_SAME flag in write bios
md: protect against crash upon fsync on ro array
|
|
The cpuinfo_x86 ptr is unused now. Drop it. Got obsolete by 69fb3676df33
("x86 idle: remove mwait_idle() and "idle=mwait" cmdline param")
removing its only user.
[ hpa: fixes gcc warning ]
Signed-off-by: Borislav Petkov <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Cc: Len Brown <[email protected]>
Signed-off-by: H. Peter Anvin <[email protected]>
|
|
From the docs:
"IIR can queue up to two interrupt events. When the IIR is cleared,
it will set itself again after one clock if a second event was
stored."
"Only the rising edge of the PCH Display interrupt will cause the
North Display IIR (DEIIR) PCH Display Interrupt even bit to be set,
so all PCH Display Interrupts, including back to back interrupts,
must be cleared before a new PCH Display interrupt can cause DEIIR
to be set".
The current code works fine because we don't get many interrupts, but
if we enable the PCH FIFO underrun interrupts we'll start getting so
many interrupts that at some point new PCH interrupts won't cause
DEIIR to be set.
The initial implementation I tried was to turn the code that checks
SDEIIR into a loop, but we can still get interrupts even after the
loop is done (and before the irq handler finishes), so we have to
either disable the interrupts or mask them. In the end I concluded
that just disabling the PCH interrupts is enough, you don't even need
the loop, so this is what this patch implements. I've tested it and it
passes the 2 "PCH FIFO underrun interrupt storms" I can reproduce:
the "ironlake_crtc_disable" case and the "wrong watermarks" case.
In other words, here's how to reproduce the problem fixed by this
patch:
1 - Enable PCH FIFO underrun interrupts (SERR_INT on SNB+)
2 - Boot the machine
3 - While booting we'll get tons of PCH FIFO underrun interrupts
4 - Plug a new monitor
5 - Run xrandr, notice it won't detect the new monitor
6 - Read SDEIIR and notice it's not 0 while DEIIR is 0
Q: Can't we just clear DEIIR before SDEIIR?
A: It doesn't work. SDEIIR has to be completely cleared (including the
interrupts stored on its back queue) before it can flip DEIIR's bit to
1 again, and even while you're clearing it you'll be getting more and
more interrupts.
Q: Why does it work by just disabling+enabling the south interrupts?
A: Because when we re-enable them, if there's something on the SDEIIR
register (maybe an interrupt stored on the queue), the re-enabling
will make DEIIR's bit flip to 1, and since we'll already have
interrupts enabled we'll get another interrupt, then run our irq
handler again to process the "back" interrupts.
v2: Even bigger commit message, added code comments.
Note that this fixes missed dp aux irqs which have been reported for
3.9-rc1. This regression has been introduced by switching to
irq-driven dp aux transactions with
commit 9ee32fea5fe810ec06af3a15e4c65478de56d4f5
Author: Daniel Vetter <[email protected]>
Date: Sat Dec 1 13:53:48 2012 +0100
drm/i915: irq-drive the dp aux communication
References: http://www.mail-archive.com/[email protected]/msg18588.html
References: https://lkml.org/lkml/2013/2/26/769
Tested-by: Imre Deak <[email protected]>
Reported-by: Sedat Dilek <[email protected]>
Reported-by: Linus Torvalds <[email protected]>
Signed-off-by: Paulo Zanoni <[email protected]>
[danvet: Pimp commit message with references for the dp aux irq
timeout regression this fixes.]
Signed-off-by: Daniel Vetter <[email protected]>
|
|
Commit 24542bf7ea5e4fdfdb5157ff544c093fa4dcb536 changed preallocation of
extents to cap the max size we try to allocate. It's a valid change,
but the extent reservation code is also used by balance, and that
can't tolerate a smaller extent being allocated.
__btrfs_prealloc_file_range already has a min_size parameter, which is
used by relocation to request a specific extent size. This commit
adds an extra check to enforce that minimum extent size.
Signed-off-by: Chris Mason <[email protected]>
Reported-by: Stefan Behrens <[email protected]>
|
|
When a value of a vmaster slave control is changed, the ctl change
notification is sometimes ignored. This happens when the master
control overrides, e.g. when the corresponding master control is
muted. The reason is that slave_put() returns the value of the actual
slave put callback, and it doesn't reflect the virtual slave value
change.
This patch fixes the function just to return 1 whenever a slave value
is changed.
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
We need it to restore the ilk rc6 context, since the gpu wait no
requires interrupts. But in general having interrupts around should
help in code sanity, since more and more stuff is interrupt driven.
This regression has been introduced in
commit 3e9605018ab3e333d51cc90fccfde2031886763b
Author: Chris Wilson <[email protected]>
Date: Tue Nov 27 16:22:54 2012 +0000
drm/i915: Rearrange code to only have a single method for waiting upon the ring
Like in the driver load code we need to make sure that hotplug
interrupts don't cause havoc with our modeset state, hence block them
with the existing infrastructure. Again we ignore races where we might
loose hotplug interrupts ...
Note that the driver load part of the regression has already been
fixed in
commit 52d7ecedac3f96fb562cb482c139015372728638
Author: Daniel Vetter <[email protected]>
Date: Sat Dec 1 21:03:22 2012 +0100
drm/i915: reorder setup sequence to have irqs for output setup
v2: Add a note to the commit message about which patch fixed the
driver load part of the regression. Stable kernels need to backport
both patches.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=54691
Cc: [email protected] (for 3.8 only, plese backport
52d7ecedac3f96fb5 first)
Cc: Chris Wilson <[email protected]>
Cc: Mika Kuoppala <[email protected]>
Reported-and-Tested-by: Ilya Tumaykin <[email protected]>
Reviewed-by: Chris wilson <[email protected]> (v1)
Signed-off-by: Daniel Vetter <[email protected]>
|
|
This increases GEN6_RC6p_THRESHOLD from 100000 to 150000. For some
reason this avoids the gen6_gt_check_fifodbg.isra warnings and
associated GPU lockups, which makes my ivy bridge machine stable.
Signed-off-by: Stéphane Marchesin <[email protected]>
Acked-by: Jesse Barnes <[email protected]>
Signed-off-by: Daniel Vetter <[email protected]>
|
|
git://anongit.freedesktop.org/git/nouveau/linux-2.6
misc regression fixes from Ben.
* 'drm-nouveau-fixes-3.9' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
drm/nv50-: prevent some races between modesetting and page flipping
drm/nouveau/i2c: drop parent refcount when creating ports
drm/nv84: fix regression in page flipping
drm/nouveau: Fix typo in init_idx_addr_latched().
drm/nouveau: Disable AGP on PowerPC again.
drm/nve0/graph: some random reg moved on kepler
|
|
We support DSCR (Data Stream Control Register) so we should make sure we set it
in the FSCR (Facility Status & Control Register) incase some firmwares don't
set it. If we don't set this, we'll take a facility unavailable exception when
using the DSCR.
Signed-off-by: Michael Neuling <[email protected]>
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
This sets the DSCR (Data Stream Control Register) in the FSCR (Facility Status
& Control Register).
Also harmonise TAR (Target Address Register) FSCR bit definition too.
Signed-off-by: Michael Neuling <[email protected]>
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
Currently we only set the FSCR (Facility Status and Control Register) when HV=1
but this feature is available when HV=0 also. This patch sets FSCR when HV=0.
Also, we currently only set the FSCR on the master CPU. This patch also sets
the FSCR on secondary CPUs.
Signed-off-by: Michael Neuling <[email protected]>
cc: Ian Munsie <[email protected]>
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
Since kmp takes 2 unsigned long args there should be a compat wrapper.
Since one isn't provided I think it's safer just to hook this up to not
implemented. If we need it later we can do it properly then.
Signed-off-by: Tony Breeds <[email protected]>
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
The BITOP_LE_SWIZZLE macro was used in the little-endian bitops functions
for powerpc. But these functions were converted to generic bitops and
the BITOP_LE_SWIZZLE is not used anymore.
Signed-off-by: Akinobu Mita <[email protected]>
Cc: Benjamin Herrenschmidt <[email protected]>
Cc: Paul Mackerras <[email protected]>
Cc: [email protected]
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
Currently we use the link register to branch up high in the early MMU on
syscall entry path. Unfortunately, this trashes the link stack as the
address we are going to is not associated with the earlier mflr.
This patch simply converts us to used the count register (volatile over
syscalls anyway) instead. This is much better at predicting in this
scenario and doesn't trash link stack causing a bunch of additional
branch mispredicts later. Benchmarking this on POWER8 saves a bunch of
cycles on Anton's null syscall benchmark here:
http://ozlabs.org/~anton/junkcode/null_syscall.c
Signed-off-by: Michael Neuling <[email protected]>
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
when strlen pi->location_code is larger than HVCS_CLC_LENGTH + 1,
original implementation can not let hvcsd->p_location_code NUL terminated.
so need fix it (also can simplify the code)
Signed-off-by: Chen Gang <[email protected]>
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
the dest buf len is 80 (HVCS_CLC_LENGTH + 1).
the src buf len is PAGE_SIZE.
if src buf string len is more than 80, it will cause issue.
Signed-off-by: Chen Gang <[email protected]>
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
When building with CRYPTO_SHA1_PPC enabled we fail with:
powerpc/crypto/sha1-powerpc-asm.S: Assembler messages:
powerpc/crypto/sha1-powerpc-asm.S:116: Error: can't resolve `0' {*ABS* section} - `STACKFRAMESIZE' {*UND* section}
powerpc/crypto/sha1-powerpc-asm.S:116: Error: expression too complex
powerpc/crypto/sha1-powerpc-asm.S:178: Error: unsupported relocation against STACKFRAMESIZE
Use INT_FRAME_SIZE instead of STACKFRAMESIZE.
Signed-off-by: Tony Breeds <[email protected]>
Tested-by: Christian Kujau <[email protected]>
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
|
|
This register field is 11 bits wide, not 15 bits wide. Given the way
this value is currently, used, this patch has no practical effect.
However, it's still best if the value is correct.
Signed-off-by: Stephen Warren <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
|
virtio_rng feeds the randomness buffer handed by the core directly
into the scatterlist, since commit bb347d98079a547e80bd4722dee1de61e4dca0e8.
However, if CONFIG_HW_RANDOM=m, the static buffer isn't a linear address
(at least on most archs). We could fix this in virtio_rng, but it's actually
far easier to just do it in the core as virtio_rng would have to allocate
a buffer every time (it doesn't know how much the core will want to read).
Reported-by: Aurelien Jarno <[email protected]>
Tested-by: Aurelien Jarno <[email protected]>
Signed-off-by: Rusty Russell <[email protected]>
Cc: [email protected]
|
|
Commit 5ac00add added a testnset mutex and code that disallows
running administrative tasks in parallel. It is prevented that
the device add/delete/balance/replace/resize operations are
started in parallel. By mistake, the defragmentation operation
was included in the check for mutually exclusiveness as well.
This is fixed with this commit.
Signed-off-by: Stefan Behrens <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
Only let one trans handle to wait for other handles, otherwise we
will get ABBA issues.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
Btrfs balance can easily hit BUG_ON in these places, but we want
to it bail out gracefully after we force the whole filesystem to
readonly. So we use btrfs_std_error hook in place of BUG_ON.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
We can bail out from here gracefully instead of a cold BUG_ON.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
We've missed the 'free blocks' part on ENOMEM error.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
We first use btrfs_std_error hook to replace with BUG_ON, and we
also need to cleanup what is left, including reloc roots rbtree
and reloc roots list.
Here we use a helper function to cleanup both rbtree and list, and
since this function can also be used in the balance recover path,
we also make the change as well to keep code simple.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
Add a check for NULL pointer to avoid invalid reference.
Signed-off-by: Liu Bo <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
commitment fails
If the async transaction commitment failed, we need close the
current transaction handler, or the current transaction will be
blocked to commit because of this orphan handler.
We fix the problem by doing sync transaction commitment, that is
to invoke btrfs_commit_transaction().
Signed-off-by: Miao Xie <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
There are several bugs at error path of create_snapshot() when the
transaction commitment failed.
- access the freed transaction handler. At the end of the
transaction commitment, the transaction handler was freed, so we
should not access it after the transaction commitment.
- we were not aware of the error which happened during the snapshot
creation if we submitted a async transaction commitment.
- pending snapshot access vs pending snapshot free. when something
wrong happened after we submitted a async transaction commitment,
the transaction committer would cleanup the pending snapshots and
free them. But the snapshot creators were not aware of it, they
would access the freed pending snapshots.
This patch fixes the above problems by:
- remove the dangerous code that accessed the freed handler
- assign ->error if the error happens during the snapshot creation
- the transaction committer doesn't free the pending snapshots,
just assigns the error number and evicts them before we unblock
the transaction.
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Miao Xie <[email protected]>
Signed-off-by: Josef Bacik <[email protected]>
|
|
We need to inc the nlink of deleted entries when running replay so we can do the
unlink on the fs_root and get everything cleaned up and then have the orphan
cleanup do the right thing. The problem is inc_nlink complains about this, even
thought it still does the right thing. So use set_nlink() if our i_nlink is 0
to keep users from seeing the warnings during log replay. Thanks,
Signed-off-by: Josef Bacik <[email protected]>
|
|
We should not update ts_recent and call tcp_rcv_rtt_measure_ts() both
before and after going to step5. That wastes CPU and double-counts the
receiver-side RTT sample.
Signed-off-by: Neal Cardwell <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
This fixes the following sparse warning:
net/caif/caif_usb.c:84:16: warning: symbol 'cfusbl_create' was not
declared. Should it be static?
Signed-off-by: Silviu-Mihai Popescu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Cc: David S. Miller <[email protected]>
Cc: Venkat Venkatsubra <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
build error cause by
Commit ff43da86c69d76a726ffe7d1666148960dc1d108
("NET: FEC: dynamtic check DMA desc buff type")
drivers/net/ethernet/freescale/fec.c: In function ‘fec_enet_get_nextdesc’:
drivers/net/ethernet/freescale/fec.c:215:18: error: invalid use of undefined type ‘struct bufdesc_ex’
drivers/net/ethernet/freescale/fec.c: In function ‘fec_enet_get_prevdesc’:
drivers/net/ethernet/freescale/fec.c:224:18: error: invalid use of undefined type ‘struct bufdesc_ex’
drivers/net/ethernet/freescale/fec.c: In function ‘fec_enet_start_xmit’:
drivers/net/ethernet/freescale/fec.c:286:37: error: arithmetic on pointer to an incomplete type
drivers/net/ethernet/freescale/fec.c:287:13: error: arithmetic on pointer to an incomplete type
drivers/net/ethernet/freescale/fec.c:324:7: error: dereferencing pointer to incomplete type etc....
Signed-off-by: Frank Li <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Setting net.ipv6.conf.<interface>.accept_ra=2 causes the kernel
to accept RAs even when forwarding is enabled. However, enabling
forwarding purges all default routes on the system, breaking
connectivity until the next RA is received. Fix this by not
purging default routes on interfaces that have accept_ra=2.
Signed-off-by: Lorenzo Colitti <[email protected]>
Acked-by: YOSHIFUJI Hideaki <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
up stack ndo_start_xmit already hold lock.
fec_enet_start_xmit needn't spin lock.
stat_xmit just update fep->cur_tx
fec_enet_tx just update fep->dirty_tx
Reserve a empty bdb to check full or empty
cur_tx == dirty_tx means full
cur_tx == dirty_tx +1 means empty
So needn't is_full variable.
Fix spin lock deadlock
=================================
[ INFO: inconsistent lock state ]
3.8.0-rc5+ #107 Not tainted
---------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
ptp4l/615 [HC1[1]:SC0[0]:HE0:SE1] takes:
(&(&list->lock)->rlock#3){?.-...}, at: [<8042c3c4>] skb_queue_tail+0x20/0x50
{HARDIRQ-ON-W} state was registered at:
[<80067250>] mark_lock+0x154/0x4e8
[<800676f4>] mark_irqflags+0x110/0x1a4
[<80069208>] __lock_acquire+0x494/0x9c0
[<80069ce8>] lock_acquire+0x90/0xa4
[<80527ad0>] _raw_spin_lock_bh+0x44/0x54
[<804877e0>] first_packet_length+0x38/0x1f0
[<804879e4>] udp_poll+0x4c/0x5c
[<804231f8>] sock_poll+0x24/0x28
[<800d27f0>] do_poll.isra.10+0x120/0x254
[<800d36e4>] do_sys_poll+0x15c/0x1e8
[<800d3828>] sys_poll+0x60/0xc8
[<8000e780>] ret_fast_syscall+0x0/0x3c
*** DEADLOCK ***
1 lock held by ptp4l/615:
#0: (&(&fep->hw_lock)->rlock){-.-...}, at: [<80355f9c>] fec_enet_tx+0x24/0x268
stack backtrace:
Backtrace:
[<800121e0>] (dump_backtrace+0x0/0x10c) from [<80516210>] (dump_stack+0x18/0x1c)
r6:8063b1fc r5:bf38b2f8 r4:bf38b000 r3:bf38b000
[<805161f8>] (dump_stack+0x0/0x1c) from [<805189d0>] (print_usage_bug.part.34+0x164/0x1a4)
[<8051886c>] (print_usage_bug.part.34+0x0/0x1a4) from [<80518a88>] (print_usage_bug+0x78/0x88)
r8:80065664 r7:bf38b2f8 r6:00000002 r5:00000000 r4:bf38b000
[<80518a10>] (print_usage_bug+0x0/0x88) from [<80518b58>] (mark_lock_irq+0xc0/0x270)
r7:bf38b000 r6:00000002 r5:bf38b2f8 r4:00000000
[<80518a98>] (mark_lock_irq+0x0/0x270) from [<80067270>] (mark_lock+0x174/0x4e8)
[<800670fc>] (mark_lock+0x0/0x4e8) from [<80067744>] (mark_irqflags+0x160/0x1a4)
[<800675e4>] (mark_irqflags+0x0/0x1a4) from [<80069208>] (__lock_acquire+0x494/0x9c0)
r5:00000002 r4:bf38b2f8
[<80068d74>] (__lock_acquire+0x0/0x9c0) from [<80069ce8>] (lock_acquire+0x90/0xa4)
[<80069c58>] (lock_acquire+0x0/0xa4) from [<805278d8>] (_raw_spin_lock_irqsave+0x4c/0x60)
[<8052788c>] (_raw_spin_lock_irqsave+0x0/0x60) from [<8042c3c4>] (skb_queue_tail+0x20/0x50)
r6:bfbb2180 r5:bf1d0190 r4:bf1d0184
[<8042c3a4>] (skb_queue_tail+0x0/0x50) from [<8042c4cc>] (sock_queue_err_skb+0xd8/0x188)
r6:00000056 r5:bfbb2180 r4:bf1d0000 r3:00000000
[<8042c3f4>] (sock_queue_err_skb+0x0/0x188) from [<8042d15c>] (skb_tstamp_tx+0x70/0xa0)
r6:bf0dddb0 r5:bf1d0000 r4:bfbb2180 r3:00000004
[<8042d0ec>] (skb_tstamp_tx+0x0/0xa0) from [<803561d0>] (fec_enet_tx+0x258/0x268)
r6:c089d260 r5:00001c00 r4:bfbd0000
[<80355f78>] (fec_enet_tx+0x0/0x268) from [<803562cc>] (fec_enet_interrupt+0xec/0xf8)
[<803561e0>] (fec_enet_interrupt+0x0/0xf8) from [<8007d5b0>] (handle_irq_event_percpu+0x54/0x1a0)
[<8007d55c>] (handle_irq_event_percpu+0x0/0x1a0) from [<8007d740>] (handle_irq_event+0x44/0x64)
[<8007d6fc>] (handle_irq_event+0x0/0x64) from [<80080690>] (handle_fasteoi_irq+0xc4/0x15c)
r6:bf0dc000 r5:bf811290 r4:bf811240 r3:00000000
[<800805cc>] (handle_fasteoi_irq+0x0/0x15c) from [<8007ceec>] (generic_handle_irq+0x28/0x38)
r5:807130c8 r4:00000096
[<8007cec4>] (generic_handle_irq+0x0/0x38) from [<8000f16c>] (handle_IRQ+0x54/0xb4)
r4:8071d280 r3:00000180
[<8000f118>] (handle_IRQ+0x0/0xb4) from [<80008544>] (gic_handle_irq+0x30/0x64)
r8:8000e924 r7:f4000100 r6:bf0ddef8 r5:8071c974 r4:f400010c
r3:00000000
[<80008514>] (gic_handle_irq+0x0/0x64) from [<8000e2e4>] (__irq_svc+0x44/0x5c)
Exception stack(0xbf0ddef8 to 0xbf0ddf40)
Signed-off-by: Frank Li <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Don't definite its own MAX_KMALLOC_SIZE, use the one
defined in mm.
Cc: Vlad Yasevich <[email protected]>
Cc: Sridhar Samudrala <[email protected]>
Cc: Neil Horman <[email protected]>
Cc: David S. Miller <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Acked-by: Neil Horman <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Dave Jones reported the following bug:
"When fed mangled socket data, rds will trust what userspace gives it,
and tries to allocate enormous amounts of memory larger than what
kmalloc can satisfy."
WARNING: at mm/page_alloc.c:2393 __alloc_pages_nodemask+0xa0d/0xbe0()
Hardware name: GA-MA78GM-S2H
Modules linked in: vmw_vsock_vmci_transport vmw_vmci vsock fuse bnep dlci bridge 8021q garp stp mrp binfmt_misc l2tp_ppp l2tp_core rfcomm s
Pid: 24652, comm: trinity-child2 Not tainted 3.8.0+ #65
Call Trace:
[<ffffffff81044155>] warn_slowpath_common+0x75/0xa0
[<ffffffff8104419a>] warn_slowpath_null+0x1a/0x20
[<ffffffff811444ad>] __alloc_pages_nodemask+0xa0d/0xbe0
[<ffffffff8100a196>] ? native_sched_clock+0x26/0x90
[<ffffffff810b2128>] ? trace_hardirqs_off_caller+0x28/0xc0
[<ffffffff810b21cd>] ? trace_hardirqs_off+0xd/0x10
[<ffffffff811861f8>] alloc_pages_current+0xb8/0x180
[<ffffffff8113eaaa>] __get_free_pages+0x2a/0x80
[<ffffffff811934fe>] kmalloc_order_trace+0x3e/0x1a0
[<ffffffff81193955>] __kmalloc+0x2f5/0x3a0
[<ffffffff8104df0c>] ? local_bh_enable_ip+0x7c/0xf0
[<ffffffffa0401ab3>] rds_message_alloc+0x23/0xb0 [rds]
[<ffffffffa04043a1>] rds_sendmsg+0x2b1/0x990 [rds]
[<ffffffff810b21cd>] ? trace_hardirqs_off+0xd/0x10
[<ffffffff81564620>] sock_sendmsg+0xb0/0xe0
[<ffffffff810b2052>] ? get_lock_stats+0x22/0x70
[<ffffffff810b24be>] ? put_lock_stats.isra.23+0xe/0x40
[<ffffffff81567f30>] sys_sendto+0x130/0x180
[<ffffffff810b872d>] ? trace_hardirqs_on+0xd/0x10
[<ffffffff816c547b>] ? _raw_spin_unlock_irq+0x3b/0x60
[<ffffffff816cd767>] ? sysret_check+0x1b/0x56
[<ffffffff810b8695>] ? trace_hardirqs_on_caller+0x115/0x1a0
[<ffffffff81341d8e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff816cd742>] system_call_fastpath+0x16/0x1b
---[ end trace eed6ae990d018c8b ]---
Reported-by: Dave Jones <[email protected]>
Cc: Dave Jones <[email protected]>
Cc: David S. Miller <[email protected]>
Cc: Venkat Venkatsubra <[email protected]>
Signed-off-by: Cong Wang <[email protected]>
Acked-by: Venkat Venkatsubra <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
This was pointed out by Al Viro. Using the correct wrappers
properly does sign extension as necessary on syscall arguments.
Signed-off-by: Chris Metcalf <[email protected]>
|
|
Commit 6133705494bb introduced a circular lock dependency because
posix_cpu_timers_exit() is called by release_task(), which is holding
a writer lock on tasklist_lock, and this can cause a deadlock since
kill_fasync() gets called with nonblocking_pool.lock taken.
There's no reason why kill_fasync() needs to be taken while the random
pool is locked, so move it out to fix this locking dependency.
Signed-off-by: "Theodore Ts'o" <[email protected]>
Reported-by: Russ Dill <[email protected]>
Cc: [email protected]
|
|
On G45 some low res modes (800x600 and 1024x768) produce a blank
screen when the display plane is enabled with with cursor plane
off.
Experiments showed that this issue occurred when the following
conditions were met:
a. a previous mode had the cursor plane enabled (Xserver).
b. this mode or the previous one was using self refresh. (Thus
the problem was only seen with low res modes).
The screens lit up as soon as the cursor plane got enabled.
Therefore the blank screen occurred only in console mode, not
when running an Xserver.
It also seemed to be necessary to disable self refresh while briefly
enabling the cursor plane.
Signed-off-by: Egbert Eich <[email protected]>
Bugzilla: https://bugs.freedesktop.org/attachment.cgi?bugid=61457
Acked-by: Chris Wilson <[email protected]>
[danvet: drop spurious whitespace change.]
Signed-off-by: Daniel Vetter <[email protected]>
|
|
sys_llseek should specify the high and low 32-bit seek values as "unsigned
int" but instead it specifies "unsigned long". Since compat syscall
arguments are always sign-extended on tile, this means that a seek value
of 0xffffffff will be incorrectly interpreted as a value of -1ULL.
To avoid the risk of breaking binary compatibility on architectures
that already use sys_llseek this way, we follow the same path as MIPS
and provide a wrapper override.
Signed-off-by: Chris Metcalf <[email protected]>
Cc: [email protected] [v3.6 onwards]
|
|
The "dev" variable could be out of bounds. Calling
snd_seq_oss_synth_is_valid() checks that it is is a valid device
which has been opened. We check this inside set_note_event() so
this function can't succeed without a valid "dev". But we need to
do the check earlier to prevent invalid dereferences and memory
corruption.
One call tree where "dev" could be out of bounds is:
-> snd_seq_oss_oob_user()
-> snd_seq_oss_process_event()
-> extended_event()
-> note_on_event()
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|