| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
As the documentation for dwfl_frame_pc says, frames that
are no activation frames need to have their program counter
decremented by one to properly find the function of the caller.
This fixes many cases where perf report currently attributes
the cost to the next line. I.e. I have code like this:
~~~~~~~~~~~~~~~
#include <thread>
#include <chrono>
using namespace std;
int main()
{
this_thread::sleep_for(chrono::milliseconds(1000));
this_thread::sleep_for(chrono::milliseconds(100));
this_thread::sleep_for(chrono::milliseconds(10));
return 0;
}
~~~~~~~~~~~~~~~
Now compile and record it:
~~~~~~~~~~~~~~~
g++ -std=c++11 -g -O2 test.cpp
echo 1 | sudo tee /proc/sys/kernel/sched_schedstats
perf record \
--event sched:sched_stat_sleep \
--event sched:sched_process_exit \
--event sched:sched_switch --call-graph=dwarf \
--output perf.data.raw \
./a.out
echo 0 | sudo tee /proc/sys/kernel/sched_schedstats
perf inject --sched-stat --input perf.data.raw --output perf.data
~~~~~~~~~~~~~~~
Before this patch, the report clearly shows the off-by-one issue.
Most notably, the last sleep invocation is incorrectly attributed
to the "return 0;" line:
~~~~~~~~~~~~~~~
Overhead Source:Line
........ ...........
100.00% core.c:0
|
---__schedule core.c:0
schedule
do_nanosleep hrtimer.c:0
hrtimer_nanosleep
sys_nanosleep
entry_SYSCALL_64_fastpath .tmp_entry_64.o:0
__nanosleep_nocancel .:0
std::this_thread::sleep_for<long, std::ratio<1l, 1000l> > thread:323
|
|--90.08%--main test.cpp:9
| __libc_start_main
| _start
|
|--9.01%--main test.cpp:10
| __libc_start_main
| _start
|
--0.91%--main test.cpp:13
__libc_start_main
_start
~~~~~~~~~~~~~~~
With this patch here applied, the issue is fixed. The report becomes
much more usable:
~~~~~~~~~~~~~~~
Overhead Source:Line
........ ...........
100.00% core.c:0
|
---__schedule core.c:0
schedule
do_nanosleep hrtimer.c:0
hrtimer_nanosleep
sys_nanosleep
entry_SYSCALL_64_fastpath .tmp_entry_64.o:0
__nanosleep_nocancel .:0
std::this_thread::sleep_for<long, std::ratio<1l, 1000l> > thread:323
|
|--90.08%--main test.cpp:8
| __libc_start_main
| _start
|
|--9.01%--main test.cpp:9
| __libc_start_main
| _start
|
--0.91%--main test.cpp:10
__libc_start_main
_start
~~~~~~~~~~~~~~~
Similarly it works for signal frames:
~~~~~~~~~~~~~~~
__noinline void bar(void)
{
volatile long cnt = 0;
for (cnt = 0; cnt < 100000000; cnt++);
}
__noinline void foo(void)
{
bar();
}
void sig_handler(int sig)
{
foo();
}
int main(void)
{
signal(SIGUSR1, sig_handler);
raise(SIGUSR1);
foo();
return 0;
}
~~~~~~~~~~~~~~~~
Before, the report wrongly points to `signal.c:29` after raise():
~~~~~~~~~~~~~~~~
$ perf report --stdio --no-children -g srcline -s srcline
...
100.00% signal.c:11
|
---bar signal.c:11
|
|--50.49%--main signal.c:29
| __libc_start_main
| _start
|
--49.51%--0x33a8f
raise .:0
main signal.c:29
__libc_start_main
_start
~~~~~~~~~~~~~~~~
With this patch in, the issue is fixed and we instead get:
~~~~~~~~~~~~~~~~
100.00% signal signal [.] bar
|
---bar signal.c:11
|
|--50.49%--main signal.c:29
| __libc_start_main
| _start
|
--49.51%--0x33a8f
raise .:0
main signal.c:27
__libc_start_main
_start
~~~~~~~~~~~~~~~~
Note how this patch fixes this issue for both unwinding methods, i.e.
both dwfl and libunwind. The former case is straight-forward thanks
to dwfl_frame_pc(). For libunwind, we replace the functionality via
unw_is_signal_frame() for any but the very first frame.
Signed-off-by: Milian Wolff <[email protected]>
Signed-off-by: Namhyung Kim <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: David Ahern <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Yao Jin <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
When a filename was found in addr2line it was duplicated via strdup()
but never freed. Now we pass NULL and handle this gracefully in
addr2line.
Detected by Valgrind:
==16331== 1,680 bytes in 21 blocks are definitely lost in loss record 148 of 220
==16331== at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16331== by 0x672FA69: strdup (in /usr/lib/libc-2.25.so)
==16331== by 0x52769F: addr2line (srcline.c:256)
==16331== by 0x52769F: addr2inlines (srcline.c:294)
==16331== by 0x52769F: dso__parse_addr_inlines (srcline.c:502)
==16331== by 0x574D7A: inline__fprintf (hist.c:41)
==16331== by 0x574D7A: ipchain__fprintf_graph (hist.c:147)
==16331== by 0x57518A: __callchain__fprintf_graph (hist.c:212)
==16331== by 0x5753CF: callchain__fprintf_graph.constprop.6 (hist.c:337)
==16331== by 0x57738E: hist_entry__fprintf (hist.c:628)
==16331== by 0x57738E: hists__fprintf (hist.c:882)
==16331== by 0x44A20F: perf_evlist__tty_browse_hists (builtin-report.c:399)
==16331== by 0x44A20F: report__browse_hists (builtin-report.c:491)
==16331== by 0x44A20F: __cmd_report (builtin-report.c:624)
==16331== by 0x44A20F: cmd_report (builtin-report.c:1054)
==16331== by 0x4A49CE: run_builtin (perf.c:296)
==16331== by 0x4A4CC0: handle_internal_command (perf.c:348)
==16331== by 0x434371: run_argv (perf.c:392)
==16331== by 0x434371: main (perf.c:530)
Signed-off-by: Milian Wolff <[email protected]>
Signed-off-by: Namhyung Kim <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: David Ahern <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Yao Jin <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
I just hit a segfault when doing `perf report -g srcline`.
Valgrind pointed me at this code as the culprit:
==8359== Invalid read of size 8
==8359== at 0x3096D9: map__rip_2objdump (map.c:430)
==8359== by 0x2FC1A3: match_chain_srcline (callchain.c:645)
==8359== by 0x2FC1A3: match_chain (callchain.c:700)
==8359== by 0x2FC1A3: append_chain (callchain.c:895)
==8359== by 0x2FC1A3: append_chain_children (callchain.c:846)
==8359== by 0x2FF719: callchain_append (callchain.c:944)
==8359== by 0x2FF719: hist_entry__append_callchain (callchain.c:1058)
==8359== by 0x32FA06: iter_add_single_cumulative_entry (hist.c:908)
==8359== by 0x33195C: hist_entry_iter__add (hist.c:1050)
==8359== by 0x258F65: process_sample_event (builtin-report.c:204)
==8359== by 0x30D60C: perf_session__deliver_event (session.c:1310)
==8359== by 0x30D60C: ordered_events__deliver_event (session.c:119)
==8359== by 0x310D12: __ordered_events__flush (ordered-events.c:210)
==8359== by 0x310D12: ordered_events__flush.part.3 (ordered-events.c:277)
==8359== by 0x30DD3C: perf_session__process_user_event (session.c:1349)
==8359== by 0x30DD3C: perf_session__process_event (session.c:1475)
==8359== by 0x30FC3C: __perf_session__process_events (session.c:1867)
==8359== by 0x30FC3C: perf_session__process_events (session.c:1921)
==8359== by 0x25A985: __cmd_report (builtin-report.c:575)
==8359== by 0x25A985: cmd_report (builtin-report.c:1054)
==8359== by 0x2B9A80: run_builtin (perf.c:296)
==8359== Address 0x70 is not stack'd, malloc'd or (recently) free'd
This patch fixes the issue.
Signed-off-by: Milian Wolff <[email protected]>
[ Remove dependency from another change ]
Signed-off-by: Namhyung Kim <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: David Ahern <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Yao Jin <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Draining the transfers in terminate_all callback happens with IRQs disabled,
therefore induces huge latency:
irqsoff latency trace v1.1.5 on 4.11.0
--------------------------------------------------------------------
latency: 39770 us, #57/57, CPU#0 | (M:preempt VP:0, KP:0, SP:0 HP:0)
-----------------
| task: process-129 (uid:0 nice:0 policy:2 rt_prio:50)
-----------------
=> started at: _snd_pcm_stream_lock_irqsave
=> ended at: snd_pcm_stream_unlock_irqrestore
_------=> CPU#
/ _-----=> irqs-off
| / _----=> need-resched
|| / _---=> hardirq/softirq
||| / _--=> preempt-depth
|||| / delay
cmd pid ||||| time | caller
\ / ||||| \ | /
process-129 0d.s. 3us : _snd_pcm_stream_lock_irqsave
process-129 0d.s1 9us : snd_pcm_stream_lock <-_snd_pcm_stream_lock_irqsave
process-129 0d.s1 15us : preempt_count_add <-snd_pcm_stream_lock
process-129 0d.s2 22us : preempt_count_add <-snd_pcm_stream_lock
process-129 0d.s3 32us : snd_pcm_update_hw_ptr0 <-snd_pcm_period_elapsed
process-129 0d.s3 41us : soc_pcm_pointer <-snd_pcm_update_hw_ptr0
process-129 0d.s3 50us : dmaengine_pcm_pointer <-soc_pcm_pointer
process-129 0d.s3 58us+: snd_dmaengine_pcm_pointer_no_residue <-dmaengine_pcm_pointer
process-129 0d.s3 96us : update_audio_tstamp <-snd_pcm_update_hw_ptr0
process-129 0d.s3 103us : snd_pcm_update_state <-snd_pcm_update_hw_ptr0
process-129 0d.s3 112us : xrun <-snd_pcm_update_state
process-129 0d.s3 119us : snd_pcm_stop <-xrun
process-129 0d.s3 126us : snd_pcm_action <-snd_pcm_stop
process-129 0d.s3 134us : snd_pcm_action_single <-snd_pcm_action
process-129 0d.s3 141us : snd_pcm_pre_stop <-snd_pcm_action_single
process-129 0d.s3 150us : snd_pcm_do_stop <-snd_pcm_action_single
process-129 0d.s3 157us : soc_pcm_trigger <-snd_pcm_do_stop
process-129 0d.s3 166us : snd_dmaengine_pcm_trigger <-soc_pcm_trigger
process-129 0d.s3 175us : ep93xx_dma_terminate_all <-snd_dmaengine_pcm_trigger
process-129 0d.s3 182us : preempt_count_add <-ep93xx_dma_terminate_all
process-129 0d.s4 189us*: m2p_hw_shutdown <-ep93xx_dma_terminate_all
process-129 0d.s4 39472us : m2p_hw_setup <-ep93xx_dma_terminate_all
... rest skipped...
process-129 0d.s. 40080us : <stack trace>
=> ep93xx_dma_tasklet
=> tasklet_action
=> __do_softirq
=> irq_exit
=> __handle_domain_irq
=> vic_handle_irq
=> __irq_usr
=> 0xb66c6668
Just abort the transfers and warn if the HW state is not what we expect.
Move draining into device_synchronize callback.
Signed-off-by: Alexander Sverdlin <[email protected]>
Cc: [email protected]
Signed-off-by: Vinod Koul <[email protected]>
|
|
The current buffer is being reset to zero on device_free_chan_resources()
but not on device_terminate_all(). It could happen that HW is restarted and
expects BASE0 to be used, but the driver is not synchronized and will start
from BASE1. One solution is to reset the buffer explicitly in
m2p_hw_setup().
Signed-off-by: Alexander Sverdlin <[email protected]>
Cc: [email protected]
Signed-off-by: Vinod Koul <[email protected]>
|
|
Tweak the Kconfig description to mention support for NSP and make the
default on for iProc based platforms.
Signed-off-by: Jon Mason <[email protected]>
Signed-off-by: Eduardo Valentin <[email protected]>
|
|
Add a missing character in this description for a function.
Acked-by: Keerthy <[email protected]>
Tested-by: Keerthy <[email protected]>
Signed-off-by: Markus Elfring <[email protected]>
Signed-off-by: Eduardo Valentin <[email protected]>
|
|
ti_bandgap_build()
The script "checkpatch.pl" pointed information out like the following.
WARNING: Possible unnecessary 'out of memory' message
Thus remove such statements here.
Link: http://events.linuxfoundation.org/sites/events/files/slides/LCJ16-Refactor_Strings-WSang_0.pdf
Acked-by: Keerthy <[email protected]>
Tested-by: Keerthy <[email protected]>
Signed-off-by: Markus Elfring <[email protected]>
Signed-off-by: Eduardo Valentin <[email protected]>
|
|
A multiplication for the size determination of a memory allocation
indicated that an array data structure should be processed.
Thus use the corresponding function "devm_kcalloc".
This issue was detected by using the Coccinelle software.
Acked-by: Keerthy <[email protected]>
Tested-by: Keerthy <[email protected]>
Signed-off-by: Markus Elfring <[email protected]>
Signed-off-by: Eduardo Valentin <[email protected]>
|
|
Making thermal_emergency_poweroff static fixes sparse warning:
drivers/thermal/thermal_core.c:6: warning: symbol
'thermal_emergency_poweroff' was not declared. Should it be static?
Fixes: ef1d87e06ab4 ("thermal: core: Add a back up thermal shutdown mechanism")
Acked-by: Keerthy <[email protected]>
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Eduardo Valentin <[email protected]>
|
|
Building this driver with W=1 reports:
warning: variable 'trip' set but not used [-Wunused-but-set-variable]
The call for of_thermal_get_trip_points() is useless.
Signed-off-by: Masahiro Yamada <[email protected]>
Signed-off-by: Eduardo Valentin <[email protected]>
|
|
We currently do
tcmu_free_device ->tcmu_netlink_event(TCMU_CMD_REMOVED_DEVICE) ->
uio_unregister_device -> kfree(tcmu_dev).
The problem is that the kernel does not wait for userspace to
do the close() on the uio device before freeing the tcmu_dev.
We can then hit a race where the kernel frees the tcmu_dev before
userspace does close() and so when close() -> release -> tcmu_release
is done, we try to access a freed tcmu_dev.
This patch made over the target-pending master branch moves the freeing
of the tcmu_dev to when the last reference has been dropped.
This also fixes a leak where if tcmu_configure_device was not called on a
device we did not free udev->name which was allocated at tcmu_alloc_device time.
Signed-off-by: Mike Christie <[email protected]>
Signed-off-by: Nicholas Bellinger <[email protected]>
|
|
skb->data is assigned to task->hdr in cxgbi_conn_alloc_pdu(),
skb gets freed after tx but task->hdr is still dereferenced in
iscsi_tcp_task_xmit() to avoid this call skb_get() after allocating skb
and free the skb in cxgbi_cleanup_task() or before allocating new skb in
cxgbi_conn_alloc_pdu().
Signed-off-by: Varun Prakash <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
This is to fix a memory leak issue caused by unfreed gvtg workload objects.
Walk through the workload list and free all of the remained workloads
before destroying kmem cache.
[179.885211] INFO: Object 0xffff9cef10003b80 @offset=7040
[179.885657] kmem_cache_destroy gvt-g_vgpu_workload: Slab cache still has objects
[179.886146] CPU: 2 PID: 2318 Comm: win_lucas Tainted: G B W 4.11.0+ #1
[179.887223] Call Trace:
[179.887394] dump_stack+0x63/0x90
[179.887617] kmem_cache_destroy+0x1cf/0x1e0
[179.887960] intel_vgpu_clean_execlist+0x15/0x20 [i915]
[179.888365] intel_gvt_destroy_vgpu+0x4c/0xd0 [i915]
[179.888688] intel_vgpu_remove+0x2a/0x30 [kvmgt]
[179.888988] mdev_device_remove_ops+0x23/0x50 [mdev]
[179.889309] mdev_device_remove+0xe4/0x190 [mdev]
[179.889615] remove_store+0x7d/0xb0 [mdev]
[179.889885] dev_attr_store+0x18/0x30
[179.890129] sysfs_kf_write+0x37/0x40
[179.890371] kernfs_fop_write+0x107/0x180
[179.890632] __vfs_write+0x37/0x160
[179.890865] ? kmem_cache_alloc+0xd7/0x1b0
[179.891116] ? apparmor_file_permission+0x1a/0x20
[179.891372] ? security_file_permission+0x3b/0xc0
[179.891628] vfs_write+0xb8/0x1b0
[179.891812] SyS_write+0x55/0xc0
[179.891992] entry_SYSCALL_64_fastpath+0x1e/0xad
Signed-off-by: Changbin Du <[email protected]>
Signed-off-by: Zhenyu Wang <[email protected]>
|
|
Signed-off-by: Manish Rangankar <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
max_fin_rt is the maximum re-transmission of FIN packets
as part of the termination flow. After reaching this value
the FW will send a single RESET.
Signed-off-by: Nilesh Javali <[email protected]>
Signed-off-by: Manish Rangankar <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Signed-off-by: Manish Rangankar <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
RIP: 0010:qedi_set_path+0x114/0x570 [qedi]
Call Trace:
[<ffffffffa0472923>] iscsi_if_recv_msg+0x623/0x14a0
[<ffffffff81307de6>] ? rhashtable_lookup_compare+0x36/0x70
[<ffffffffa047382e>] iscsi_if_rx+0x8e/0x1f0
[<ffffffff8155983d>] netlink_unicast+0xed/0x1b0
[<ffffffff81559c30>] netlink_sendmsg+0x330/0x770
[<ffffffff81510d60>] sock_sendmsg+0xb0/0xf0
[<ffffffff8101360b>] ? __switch_to+0x17b/0x4b0
[<ffffffff8163a2c8>] ? __schedule+0x2d8/0x900
[<ffffffff81511199>] ___sys_sendmsg+0x3a9/0x3c0
[<ffffffff810e2298>] ? get_futex_key+0x1c8/0x2b0
[<ffffffff810e25a0>] ? futex_wake+0x80/0x160
Signed-off-by: Manish Rangankar <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Signed-off-by: Manish Rangankar <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
Signed-off-by: Manish Rangankar <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
munmap done by iscsiuio during a stop of the service triggers a "bad
pte" warning sometimes. munmap kernel path goes through the mmapped
pages and has a validation check for mapcount (in struct page) to be
zero or above. kzalloc, which we had used to allocate udev->ctrl, uses
slab allocations, which re-uses mapcount (union) for other purposes that
can make the mapcount look negative. Avoid all these trouble by invoking
one of the __get_free_pages wrappers to be used instead of kzalloc for
udev->ctrl.
BUG: Bad page map in process iscsiuio pte:80000000aa624067 pmd:3e6777067
page:ffffea0002a98900 count:2 mapcount:-2143289280
mapping: (null) index:0xffff8800aa624e00
page flags: 0x10075d00000090(dirty|slab)
page dumped because: bad pte
addr:00007fcba70a3000 vm_flags:0c0400fb anon_vma: (null)
mapping:ffff8803edf66e90 index:0
Call Trace:
dump_stack+0x19/0x1b
print_bad_pte+0x1af/0x250
unmap_page_range+0x7a7/0x8a0
unmap_single_vma+0x81/0xf0
unmap_vmas+0x49/0x90
unmap_region+0xbe/0x140
? vma_rb_erase+0x121/0x220
do_munmap+0x245/0x420
vm_munmap+0x41/0x60
SyS_munmap+0x22/0x30
tracesys+0xdd/0xe2
Signed-off-by: Arun Easi <[email protected]>
Signed-off-by: Manish Rangankar <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
rdac_failover_get references struct rdac_controller as
ctlr->ms_sdev->handler_data->ctlr for no apparent reason. Besides being
inefficient this also introduces a null-pointer dereference as
send_mode_select() sets ctlr->ms_sdev to NULL before calling
rdac_failover_get():
[ 18.432550] device-mapper: multipath service-time: version 0.3.0 loaded
[ 18.436124] BUG: unable to handle kernel NULL pointer dereference at 0000000000000790
[ 18.436129] IP: send_mode_select+0xca/0x560
[ 18.436129] PGD 0
[ 18.436130] P4D 0
[ 18.436130]
[ 18.436132] Oops: 0000 [#1] SMP
[ 18.436133] Modules linked in: dm_service_time sd_mod dm_multipath amdkfd amd_iommu_v2 radeon(+) i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm qla2xxx drm serio_raw scsi_transport_fc bnx2 i2c_core dm_mirror dm_region_hash dm_log dm_mod
[ 18.436143] CPU: 4 PID: 443 Comm: kworker/u16:2 Not tainted 4.12.0-rc1.1.el7.test.x86_64 #1
[ 18.436144] Hardware name: IBM BladeCenter LS22 -[79013SG]-/Server Blade, BIOS -[L8E164AUS-1.07]- 05/25/2011
[ 18.436145] Workqueue: kmpath_rdacd send_mode_select
[ 18.436146] task: ffff880225116a40 task.stack: ffffc90002bd8000
[ 18.436148] RIP: 0010:send_mode_select+0xca/0x560
[ 18.436148] RSP: 0018:ffffc90002bdbda8 EFLAGS: 00010246
[ 18.436149] RAX: 0000000000000000 RBX: ffffc90002bdbe08 RCX: ffff88017ef04a80
[ 18.436150] RDX: ffffc90002bdbe08 RSI: ffff88017ef04a80 RDI: ffff8802248e4388
[ 18.436151] RBP: ffffc90002bdbe48 R08: 0000000000000000 R09: ffffffff81c104c0
[ 18.436151] R10: 00000000000001ff R11: 000000000000035a R12: ffffc90002bdbdd8
[ 18.436152] R13: ffff8802248e4390 R14: ffff880225152800 R15: ffff8802248e4400
[ 18.436153] FS: 0000000000000000(0000) GS:ffff880227d00000(0000) knlGS:0000000000000000
[ 18.436154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 18.436154] CR2: 0000000000000790 CR3: 000000042535b000 CR4: 00000000000006e0
[ 18.436155] Call Trace:
[ 18.436159] ? rdac_activate+0x14e/0x150
[ 18.436161] ? refcount_dec_and_test+0x11/0x20
[ 18.436162] ? kobject_put+0x1c/0x50
[ 18.436165] ? scsi_dh_activate+0x6f/0xd0
[ 18.436168] process_one_work+0x149/0x360
[ 18.436170] worker_thread+0x4d/0x3c0
[ 18.436172] kthread+0x109/0x140
[ 18.436173] ? rescuer_thread+0x380/0x380
[ 18.436174] ? kthread_park+0x60/0x60
[ 18.436176] ret_from_fork+0x2c/0x40
[ 18.436177] Code: 49 c7 46 20 00 00 00 00 4c 89 ef c6 07 00 0f 1f 40 00 45 31 ed c7 45 b0 05 00 00 00 44 89 6d b4 4d 89 f5 4c 8b 75 a8 49 8b 45 20 <48> 8b b0 90 07 00 00 48 8b 56 10 8b 42 10 48 8d 7a 28 85 c0 0f
[ 18.436192] RIP: send_mode_select+0xca/0x560 RSP: ffffc90002bdbda8
[ 18.436192] CR2: 0000000000000790
[ 18.436198] ---[ end trace 40f3e4dca1ffabdd ]---
[ 18.436199] Kernel panic - not syncing: Fatal exception
[ 18.436222] Kernel Offset: disabled
[-- MARK -- Thu May 18 11:45:00 2017]
Fixes: 327825574132 scsi_dh_rdac: switch to scsi_execute_req_flags()
Cc: [email protected]
Signed-off-by: Artem Savkov <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
|
|
A recent commit added extra printks for CPU/RT limits. This can result in
excessive spam in dmesg.
Make the printks conditional on print_fatal_signals.
Fixes: e7ea7c9806a2 ("rlimits: Print more information when CPU/RT limits are exceeded")
Reported-by: Dave Jones <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: Arun Raghavan <[email protected]>
|
|
With LVDS we were incorrectly picking the pre-programmed mode instead of
the prefered mode provided by VBT. Make sure we pick the VBT mode if
one is provided. It is likely that the mode read-out code is still wrong
but this patch fixes the immediate problem on most machines.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=78562
Cc: <[email protected]>
Signed-off-by: Patrik Jakobsson <[email protected]>
Link: http://patchwork.freedesktop.org/patch/msgid/[email protected]
|
|
Some drivers - like i915 - may not support the system suspend direct
complete optimization due to differences in their runtime and system
suspend sequence. Add a flag that when set resumes the device before
calling the driver's system suspend handlers which effectively disables
the optimization.
Needed by a future patch fixing suspend/resume on i915.
Suggested by Rafael.
Signed-off-by: Imre Deak <[email protected]>
Signed-off-by: Bjorn Helgaas <[email protected]>
Acked-by: Rafael J. Wysocki <[email protected]>
Cc: [email protected]
|
|
If there is not enough space then ceph_decode_32_safe() does a goto bad.
We need to return an error code in that situation. The current code
returns ERR_PTR(0) which is NULL. The callers are not expecting that
and it results in a NULL dereference.
Fixes: f24e9980eb86 ("ceph: OSD client")
Signed-off-by: Dan Carpenter <[email protected]>
Reviewed-by: Ilya Dryomov <[email protected]>
Signed-off-by: Ilya Dryomov <[email protected]>
|
|
Don't leak key internals after new_session_key is populated.
Signed-off-by: Ilya Dryomov <[email protected]>
Reviewed-by: Alex Elder <[email protected]>
|
|
None of these are validated in userspace, but since we do validate
reply_struct_v in ceph_x_proc_ticket_reply(), tkt_struct_v (first) and
CephXServiceTicket struct_v (second) in process_one_ticket(), validate
CephXTicketBlob struct_v as well.
Signed-off-by: Ilya Dryomov <[email protected]>
Reviewed-by: Alex Elder <[email protected]>
|
|
It's set but not used: CEPH_FEATURE_MONNAMES feature bit isn't
advertised, which guarantees a v1 MonMap.
Signed-off-by: Ilya Dryomov <[email protected]>
Reviewed-by: Alex Elder <[email protected]>
|
|
Both callers ignore the returned bool.
Signed-off-by: Ilya Dryomov <[email protected]>
Reviewed-by: Alex Elder <[email protected]>
|
|
Signed-off-by: Ilya Dryomov <[email protected]>
Reviewed-by: Alex Elder <[email protected]>
|
|
if we receive a compound such that:
- the sessionid, slot, and sequence number in the SEQUENCE op
match a cached succesful reply with N ops, and
- the Nth operation of the compound is a PUTFH, PUTPUBFH,
PUTROOTFH, or RESTOREFH,
then nfsd4_sequence will return 0 and set cstate->status to
nfserr_replay_cache. The current filehandle will not be set. This will
cause us to call check_nfsd_access with first argument NULL.
To nfsd4_compound it looks like we just succesfully executed an
operation that set a filehandle, but the current filehandle is not set.
Fix this by moving the nfserr_replay_cache earlier. There was never any
reason to have it after the encode_op label, since the only case where
he hit that is when opdesc->op_func sets it.
Note that there are two ways we could hit this case:
- a client is resending a previously sent compound that ended
with one of the four PUTFH-like operations, or
- a client is sending a *new* compound that (incorrectly) shares
sessionid, slot, and sequence number with a previously sent
compound, and the length of the previously sent compound
happens to match the position of a PUTFH-like operation in the
new compound.
The second is obviously incorrect client behavior. The first is also
very strange--the only purpose of a PUTFH-like operation is to set the
current filehandle to be used by the following operation, so there's no
point in having it as the last in a compound.
So it's likely this requires a buggy or malicious client to reproduce.
Reported-by: Scott Mayhew <[email protected]>
Cc: [email protected]
Signed-off-by: J. Bruce Fields <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"Fix the i2c-designware regression of rc2.
Also, a DMA buffer fix for the tiny-usb driver where the USB core now
loudly complains about the non DMA-capable buffer"
[ I had cherry-picked the designware fix separately because it hit my
laptop, but here is the proper sync with the i2c tree - Linus ]
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: designware: Fix bogus sda_hold_time due to uninitialized vars
i2c: i2c-tiny-usb: fix buffer not being DMA capable
|
|
The code in block/partitions/msdos.c recognizes FreeBSD, OpenBSD
and NetBSD partitions and does a reasonable job picking out OpenBSD
and NetBSD UFS subpartitions.
But for FreeBSD the subpartitions are always "bad".
Kernel: <bsd:bad subpartition - ignored
Though all 3 of these BSD systems use UFS as a file system, only
FreeBSD uses relative start addresses in the subpartition
declarations.
The following patch fixes this for FreeBSD partitions and leaves
the code for OpenBSD and NetBSD intact:
Signed-off-by: Richard Narron <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
|
|
Masks for extracting part of the Completion Queue Entry (CQE)
field rss_hash_type was swapped, namely CQE_RSS_HTYPE_IP and
CQE_RSS_HTYPE_L4.
The bug resulted in setting skb->l4_hash, even-though the
rss_hash_type indicated that hash was NOT computed over the
L4 (UDP or TCP) part of the packet.
Added comments from the datasheet, to make it more clear what
these masks are selecting.
Signed-off-by: Jesper Dangaard Brouer <[email protected]>
Acked-by: Saeed Mahameed <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Some devices need their multicast filter reset but others are crashed by that.
So the methods need to be separated.
Signed-off-by: Oliver Neukum <[email protected]>
Reported-by: "Ridgway, Keith" <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2017-05-23
1) Fix wrong header offset for esp4 udpencap packets.
2) Fix a stack access out of bounds when creating a bundle
with sub policies. From Sabrina Dubroca.
3) Fix slab-out-of-bounds in pfkey due to an incorrect
sadb_x_sec_len calculation.
4) We checked the wrong feature flags when taking down
an interface with IPsec offload enabled.
Fix from Ilan Tayari.
5) Copy the anti replay sequence numbers when doing a state
migration, otherwise we get out of sync with the sequence
numbers. Fix from Antony Antony.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
We don't set an error code on this path. It means that we return NULL
instead of an error pointer and the caller does a NULL dereference.
Fixes: 6d1d8050b4bc ("block, partition: add partition_meta_info to hd_struct")
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
|
|
Add tolerance to failures of irq_set_affinity_hint().
Its role is to give hints that optimizes performance,
and should not block the driver load.
In non-SMP systems, functionality is not available as
there is a single core, and all these calls definitely
fail. Hence, do not call the function and avoid the
warning prints.
Fixes: db058a186f98 ("net/mlx5_core: Set irq affinity hints")
Signed-off-by: Tariq Toukan <[email protected]>
Cc: [email protected]
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
Currently when firmware command gets stuck or it takes long time to
complete, the driver command will get timeout and the command slot is
freed and can be used for new commands, and if the firmware receive new
command on the old busy slot its behavior is unexpected and this could
be harmful.
To fix this when the driver command gets timeout we return failure,
but we don't free the command slot and we wait for the firmware to
explicitly respond to that command.
Once all the entries are busy we will stop processing new firmware
commands.
Fixes: 9cba4ebcf374 ('net/mlx5: Fix potential deadlock in command mode change')
Signed-off-by: Mohamad Haj Yahia <[email protected]>
Cc: [email protected]
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
IPoIB packet contains the pseudo header area, we need to pull it prior
to reset_mac_header in order to let the GRO work well.
In more details:
GRO checks the mac address of the new coming packet, it does that by
comparing the hard_header_len size of the current packet to the previous
one in that session, the comparison is over hard_header_len size.
Now, the driver prepares that area in the skb by allocating area from the
reserved part and resetting the correct mac header to it.
Fixes: 9d6bd752c63c ("net/mlx5e: IPoIB, RX handler")
Signed-off-by: Erez Shitrit <[email protected]>
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
The sparse tool emits these correct complaints:
drivers/net/ethernet/mellanox/mlx5/core//en_tc.c:1005:25: warning: cast to restricted __be32
drivers/net/ethernet/mellanox/mlx5/core//en_tc.c:1007:25: warning: cast to restricted __be16
The value is provided from user-space in network order, but there's
no way for them to realize that, avoid the warnings by casting to the
appropriate type.
Fixes: d79b6df6b10a ('net/mlx5e: Add parsing of TC pedit actions to HW format')
Signed-off-by: Or Gerlitz <[email protected]>
Reported-by: Leon Romanovsky <[email protected]>
Reviewed-by: Paul Blakey <[email protected]>
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
Currently we don't support partial header re-writes through TC pedit
action offloading. However, the code that enforces that wasn't err-ing
on cases where the first and last bits of the mask are set but there is
some zero bit between them, such as in the below example, fix that!
tc filter add dev enp1s0 protocol ip parent ffff: prio 10 flower
ip_proto udp dst_port 2001 skip_sw
action pedit munge ip src set 1.0.0.1 retain 0xff0000ff
Fixes: d79b6df6b10a ('net/mlx5e: Add parsing of TC pedit actions to HW format')
Signed-off-by: Or Gerlitz <[email protected]>
Reviewed-by: Paul Blakey <[email protected]>
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
When offloading header re-writes, the HW re-calculates the relevant L3/L4
checksums. Hence, when upper layers (as done by OVS) ask for TC checksum action
offload together with pedit offload, don't err. This command now works:
tc filter add dev ens1f0 protocol ip parent ffff: prio 20 flower skip_sw
ip_proto tcp dst_port 9001
action pedit ex munge tcp dport set 0x1234 pipe
action csum tcp
Signed-off-by: Or Gerlitz <[email protected]>
Reported-by: Paul Blakey <[email protected]>
Reviewed-by: Paul Blakey <[email protected]>
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
Add the accessors for realizing if this is a csum action,
and for which fields checksum is needed.
Signed-off-by: Or Gerlitz <[email protected]>
Reviewed-by: Paul Blakey <[email protected]>
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
We wrongly direcly invoke hlist_del_rcu() and not hash_del_rcu() which
does a slightly different call now and may change later, fix that.
Fixes: a54e20b4fcae ('net/mlx5e: Add basic TC tunnel set action for SRIOV offloads')
Signed-off-by: Or Gerlitz <[email protected]>
Reported-by: Paul Blakey <[email protected]>
Reviewed-by: Paul Blakey <[email protected]>
Signed-off-by: Saeed Mahameed <[email protected]>
|
|
When I introduced ptracer_cred I failed to consider the weirdness of
fork where the task_struct copies the old value by default. This
winds up leaving ptracer_cred set even when a process forks and
the child process does not wind up being ptraced.
Because ptracer_cred is not set on non-ptraced processes whose
parents were ptraced this has broken the ability of the enlightenment
window manager to start setuid children.
Fix this by properly initializing ptracer_cred in ptrace_init_task
This must be done with a little bit of care to preserve the current value
of ptracer_cred when ptrace carries through fork. Re-reading the
ptracer_cred from the ptracing process at this point is inconsistent
with how PT_PTRACE_CAP has been maintained all of these years.
Tested-by: Takashi Iwai <[email protected]>
Fixes: 64b875f7ac8a ("ptrace: Capture the ptracer's creds not PT_PTRACE_CAP")
Signed-off-by: "Eric W. Biederman" <[email protected]>
|
|
Drivers should be able to call cfg80211_sched_scan_results() from atomic
context. However, with the introduction of multiple scheduled scan feature
this requirement was not taken into account resulting in regression shown
below.
[ 119.021594] BUG: scheduling while atomic: irq/47-iwlwifi/517/0x00000200
[ 119.021604] Modules linked in: [...]
[ 119.021759] CPU: 1 PID: 517 Comm: irq/47-iwlwifi Not tainted 4.12.0-rc2-t440s-20170522+ #1
[ 119.021763] Hardware name: LENOVO 20AQS03H00/20AQS03H00, BIOS GJET91WW (2.41 ) 09/21/2016
[ 119.021766] Call Trace:
[ 119.021778] ? dump_stack+0x5c/0x84
[ 119.021784] ? __schedule_bug+0x4c/0x70
[ 119.021792] ? __schedule+0x496/0x5c0
[ 119.021798] ? schedule+0x2d/0x80
[ 119.021804] ? schedule_preempt_disabled+0x5/0x10
[ 119.021810] ? __mutex_lock.isra.0+0x18e/0x4c0
[ 119.021817] ? __wake_up+0x2f/0x50
[ 119.021833] ? cfg80211_sched_scan_results+0x19/0x60 [cfg80211]
[ 119.021844] ? cfg80211_sched_scan_results+0x19/0x60 [cfg80211]
[ 119.021859] ? iwl_mvm_rx_lmac_scan_iter_complete_notif+0x17/0x30 [iwlmvm]
[ 119.021869] ? iwl_pcie_rx_handle+0x2a9/0x7e0 [iwlwifi]
[ 119.021878] ? iwl_pcie_irq_handler+0x17c/0x730 [iwlwifi]
[ 119.021884] ? irq_forced_thread_fn+0x60/0x60
[ 119.021887] ? irq_thread_fn+0x16/0x40
[ 119.021892] ? irq_thread+0x109/0x180
[ 119.021896] ? wake_threads_waitq+0x30/0x30
[ 119.021901] ? kthread+0xf2/0x130
[ 119.021905] ? irq_thread_dtor+0x90/0x90
[ 119.021910] ? kthread_create_on_node+0x40/0x40
[ 119.021915] ? ret_from_fork+0x26/0x40
Fixes: b34939b98369 ("cfg80211: add request id to cfg80211_sched_scan_*() api")
Reported-by: Sander Eikelenboom <[email protected]>
Signed-off-by: Arend van Spriel <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
|
|
The description of the connection between the dwmmc (SDIO) controller and
the Wifi chip, which is attached to the SDIO bus is wrong. Currently the
SDIO card can't be detected and thus the Wifi doesn't work.
Let's fix this by assigning the correct vmmc supply, which is the always on
regulator VDD_3V3 and remove the WLAN enable regulator altogether. Then to
properly deal with the power on/off sequence, add a mmc-pwrseq node to
describe the resources needed to detect the SDIO card.
Except for the WLAN enable GPIO and its corresponding assert/de-assert
delays, the mmc-pwrseq node also contains a handle to a clock provided by
the hi655x pmic. This clock is also needed to be able to turn on the WiFi
chip.
Signed-off-by: Ulf Hansson <[email protected]>
Acked-by: Arnd Bergmann <[email protected]>
|
|
Move the board specific descriptions for the dwmmc nodes in the hi6220 SoC
dtsi, into the hikey dts as it's there these belongs.
While changing this, let's take the opportunity to drop the use of the
"ti,non-removable" binding for one of the dwmmc device nodes, as it's not a
valid binding and not used. Drop also the unnecessary use of "num-slots =
<0x1>" for all of the dwmmc nodes, as there is no need to set this since
when default number of slots is one.
Signed-off-by: Ulf Hansson <[email protected]>
Acked-by: Daniel Lezcano <[email protected]>
Acked-by: Arnd Bergmann <[email protected]>
|