update #1
Merged
update #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
futex_atomic_cmpxchg_inatomic exchanged if the values were unequal rather than equal. This caused incorrect behavior of robust futexes. Signed-off-by: Kirk Meyer <[email protected]> Signed-off-by: Michal Simek <[email protected]>
Expire cached connection for new TCP/SCTP connection if real server is down. Otherwise, IPVS uses the dead server for the reused connection, instead of a new working one. Signed-off-by: Grzegorz Lyczba <[email protected]> Acked-by: Hans Schillstrom <[email protected]> Acked-by: Julian Anastasov <[email protected]> Signed-off-by: Simon Horman <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
The GPIO states need to be restored after s2r and this is not currently supported in the pinctrl driver. This patch saves the gpio states before suspend and restores them after resume. Saving and restoring is done very early using syscore_ops and must happen before pins are released from their powerdown state. Patch originally from Prathyush K <[email protected]> but rewritten by Doug Anderson <[email protected]>. Signed-off-by: Prathyush K <[email protected]> Signed-off-by: Doug Anderson <[email protected]> Tested-by: Tomasz Figa <[email protected]> Acked-by: Kukjin Kim <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
This patch adds support of IRQ wake-up ability configuration for wake-up EINTs on Exynos SoCs. Signed-off-by: Tomasz Figa <[email protected]> Signed-off-by: Kyungmin Park <[email protected]> Tested-by: Doug Anderson <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
On DT-enabled systems pinctrl-exynos driver is responsible for handling of wake-up EINT interrupts. This patch adjusts wake-up mask configuration code to take wake-up mask value from pinctrl-exynos driver on DT-enabled systems. Signed-off-by: Tomasz Figa <[email protected]> Signed-off-by: Kyungmin Park <[email protected]> Tested-by: Doug Anderson <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
Otherwise, we return 0 in probe error paths when gpiochip_remove() returns 0. Also show error message if gpiochip_remove() fails. Signed-off-by: Axel Lin <[email protected]> Acked-by: Tony Prisk <[email protected]> Acked-by: Maxime Ripard <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
SoC-specific driver might require additional save and restore of registers. This patch adds pair of SoC-specific callbacks per pinctrl device to account for this. Signed-off-by: Tomasz Figa <[email protected]> Signed-off-by: Kyungmin Park <[email protected]> Tested-by: Doug Anderson <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
This patch extends pin bank descriptor structure with SoC-specific private data field that allows SoC-specific drivers to store their own private data. Signed-off-by: Tomasz Figa <[email protected]> Signed-off-by: Kyungmin Park <[email protected]> Tested-by: Doug Anderson <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
Some GPIO EINT control registers needs to be preserved across suspend/resume cycle. This patch extends the driver to take care of this. Signed-off-by: Tomasz Figa <[email protected]> Signed-off-by: Kyungmin Park <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
Fix to return a negative error code from the devm_clk_get() error handling case instead of 0, as done elsewhere in this function. Introduced by commit 950707c (pinctrl: sunxi: add clock support) Signed-off-by: Wei Yongjun <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
The pinconf_dgb_config_print() takes the per-pincontroller mutex, when what it wants to take is actually the pin maps mutex. Reported-by: James Hogan <[email protected]> Cc: Patrice Chotard <[email protected]> Signed-off-by: Linus Walleij <[email protected]>
…nel/git/kgene/linux-samsung into fixes From Kukjin Kim: Fixes following for v3.10 - to get usb2 working on the Chromebook with adding the usb phy node for usb2 on exynos5250 - supporting exynos4210 rev0 SoC - exynos5440 restart applying only to powered-on domains - drm-exynos probe failure with adding resource names to fimd0 platform device * tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung: ARM: SAMSUNG: Add names to fimd0 IRQ resources ARM: EXYNOS: fix software reset logic for EXYNOS5440 SOC ARM: EXYNOS: Fix support of Exynos4210 rev0 SoC ARM: dts: Enabling samsung-usb2phy driver for exynos5250
…entations The _XFER stack element size was set too small, 8 bytes, when it needs to be 16 bytes. As _XFER is the last stack element used by these implementations, the 16 byte stores with 'movdqa' corrupt the stack where the value of register %r12 is temporarily stored. As these implementations align the stack pointer to 16 bytes, this corruption did not happen every time. Patch corrects this issue. Reported-by: Julian Wollrath <[email protected]> Signed-off-by: Jussi Kivilinna <[email protected]> Tested-by: Julian Wollrath <[email protected]> Acked-by: Tim Chen <[email protected]> Signed-off-by: Herbert Xu <[email protected]>
The phy_init_eee has to exit with an error when the local device and its link partner both do not support EEE. So this patch fixes a problem when verify this. Signed-off-by: Giuseppe Cavallaro <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Unlike ipv4_redirect() and ipv4_sk_redirect(), ip_do_redirect() doesn't call __build_flow_key() directly but via ip_rt_build_flow_key() wrapper. This leads to __build_flow_key() getting pointer to IPv4 header of the ICMP redirect packet rather than pointer to the embedded IPv4 header of the packet initiating the redirect. As a result, handling of ICMP redirects initiated by TCP packets is broken. Issue was introduced by 4895c77 ("ipv4: Add FIB nexthop exceptions.") Signed-off-by: Michal Kubecek <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Andrew Jones <[email protected]> Signed-off-by: Dave Airlie <[email protected]>
Signed-off-by: Geert Uytterhoeven <[email protected]>
'buf[2]' is 2 bytes length, and sprintf() will append '\0' at the end of string "?\n", so original implementation is memory overflow. Need use strncpy() and strnlen() instead of sprintf(). Signed-off-by: Chen Gang <[email protected]> Signed-off-by: Gerald Schaefer <[email protected]> Signed-off-by: Martin Schwidefsky <[email protected]>
pte_present might return true on PAGE_TYPE_NONE, even if the invalid bit is on. Modify the existing check of the pgste functions to avoid crashes. [ Martin Schwidefsky: added ptep_modify_prot_[start|commit] bits ] Reported-by: Martin Schwidefky <[email protected]> Signed-off-by: Christian Borntraeger <[email protected]> CC: [email protected] Signed-off-by: Martin Schwidefsky <[email protected]>
In the (not so useful) kernel configuration where CONFIG_SWAP is undefined and CONFIG_XEN_SELFBALLOONING is defined, xen_tmem_init would use undefined variable 'static bool frontswap'. Added #else to have #define frontswap (0) in the case where CONFIG_FRONTSWAP is not defined. Signed-off-by: Frederico Cadete <[email protected]> Signed-off-by: Konrad Rzeszutek Wilk <[email protected]>
Signed-off-by: Vinod Koul <[email protected]> Signed-off-by: Mark Brown <[email protected]>
During recent refactoring the code to report removal when MICDET reports an absent microphone was removed, causing problems for systems which rely solely on the MICDET for this functionality. Restore it. Signed-off-by: Mark Brown <[email protected]>
The array 'drc_cfg' of size 3 may use index value -22 (EINVAL) The array 'retune_mobile_cfg' of size 3 may use index value -22 (EINVAL) Signed-off-by: Vinod Koul <[email protected]> Signed-off-by: Mark Brown <[email protected]>
The default register value for MASTERA_VOL is 0x00, the same as MASTERB_VOL. Signed-off-by: Nicolas Schichan <[email protected]> Acked-by: Brian Austin <[email protected]> Signed-off-by: Mark Brown <[email protected]> Cc: [email protected]
MAC addresses assigned by the PF to VFs were not kept in the PF driver admin table. As a result, displaying the VF MACs from the PF interface to user space showed zero address where in fact the VF got non-zero address from the PF, fix that. Signed-off-by: Or Gerlitz <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Marc Kleine-Budde says: ==================== here are there fixes for the v3.10 release cycle: The first patch by Jonas Peterson and Olivier Sobrie fixes the reception of CAN frames on Kvaser's "USBcan Pro" and "USBcan R" type hardware. The last two patches by Olivier Sobrie (for esd_usb2) and me (for peak_usb) change the memory handling for the USB messages from stack to kmalloc(), as memory used for DMA should not be allocated on stack. ==================== Signed-off-by: David S. Miller <[email protected]>
Commit 25fb6ca "net IPv6 : Fix broken IPv6 routing table after loopback down-up" forgot to assign rt6_info to the inet6_ifaddr. When disable the net device, the rt6_info which allocated in init_loopback will not be destroied in __ipv6_ifa_notify. This will trigger the waring message below [23527.916091] unregister_netdevice: waiting for tap0 to become free. Usage count = 1 Reported-by: Arkadiusz Miskiewicz <[email protected]> Signed-off-by: Gao feng <[email protected]> Signed-off-by: David S. Miller <[email protected]>
FW was initialized with data from wrong header, this caused TSO packets have wrong IP csum. Signed-off-by: Dmitry Kravkov <[email protected]> Signed-off-by: Ariel Elior <[email protected]> Signed-off-by: Eilon Greenstein <[email protected]> Signed-off-by: David S. Miller <[email protected]>
If no valid MAC address could be obtained from the hardware, fall back to a randomly generated one. Signed-off-by: Pavel Machek <[email protected]> Signed-off-by: Lucas Stach <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Pull microblaze fixes from Michal Simek: "One is fixing warning reported by sparse and the second warning was reported by Geert in his build regressions/improvements status update for -rc4." * 'next' of git://git.monstr.eu/linux-2.6-microblaze: microblaze: Use static inline functions in cacheflush.h microblaze: Fix sparse warnings
…/git/mszeredi/fuse Pull fuse fixes from Miklos Szeredi: "One patch fixes an Oops introduced in 3.9 with the readdirplus feature. The rest are fixes for async-dio in 3.10" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix alignment in short read optimization for async_dio fuse: return -EIOCBQUEUED from fuse_direct_IO() for all async requests fuse: fix readdirplus Oops in fuse_dentry_revalidate fuse: update inode size and invalidate attributes on fallocate fuse: truncate pagecache range on hole punch fuse: allocate for_background dio requests based on io->async state
Pull gfs2 fixes from Steven Whitehouse: "There are four patches this time. The first fixes a problem where the wrong descriptor type was being written into the log for journaled data blocks. The second fixes a race relating to the deallocation of allocator data. The third provides a fallback if kmalloc is unable to satisfy a request to allocate a directory hash table. The fourth fixes the iopen glock caching so that inodes are deleted in a more timely manner after rmdir/unlink" * git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes: GFS2: Don't cache iopen glocks GFS2: Fall back to vmalloc if kmalloc fails for dir hash tables GFS2: Increase i_writecount during gfs2_setattr_size GFS2: Set log descriptor type for jdata blocks
Pull kvm bugfixes from Gleb Natapov:
"The bulk of the fixes is in MIPS KVM kernel<->userspace ABI. MIPS KVM
is new for 3.10 and some problems were found with current ABI. It is
better to fix them now and do not have a kernel with broken one"
* 'fixes' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: Fix race in apic->pending_events processing
KVM: fix sil/dil/bpl/spl in the mod/rm fields
KVM: Emulate multibyte NOP
ARM: KVM: be more thorough when invalidating TLBs
ARM: KVM: prevent NULL pointer dereferences with KVM VCPU ioctl
mips/kvm: Use ENOIOCTLCMD to indicate unimplemented ioctls.
mips/kvm: Fix ABI by moving manipulation of CP0 registers to KVM_{G,S}ET_ONE_REG
mips/kvm: Use ARRAY_SIZE() instead of hardcoded constants in kvm_arch_vcpu_ioctl_{s,g}et_regs
mips/kvm: Fix name of gpr field in struct kvm_regs.
mips/kvm: Fix ABI for use of 64-bit registers.
mips/kvm: Fix ABI for use of FPU.
…/git/dtor/input Pull input fixes from Dmitry Torokhov: "Just a 2 small driver fixups here" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: wacom - fix a typo for Cintiq 22HDT Input: synaptics - fix sync lost after resume on some laptops
…nux/kernel/git/cjb/mmc Pull MMC fixes from Chris Ball: - sdhci-acpi: Fix initial runtime PM status, add more ACPI IDs - atmel-mci, omap_hsmmc: DT handling fixes - esdhc-imx: Fix SDIO IRQs, fix multiblock reads (both h/w errata) * tag 'mmc-fixes-for-3.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc: mmc: omap_hsmmc: Skip platform_get_resource_byname() for dt case mmc: omap_hsmmc: convert to dma_request_slave_channel_compat mmc: omap_hsmmc: Fix the DT pbias workaround for MMC controllers 2 to 5 mmc: sdhci-pci: add more device ids mmc: sdhci-acpi: add more device ids mmc: sdhci-acpi: fix initial runtime pm status mmc: atmel-mci: convert to dma_request_slave_channel_compat() mmc: sdhci-esdhc-imx: fix multiblock reads on i.MX53 mmc: sdhci-esdhc-imx: Fix SDIO interrupts
It was recently found out that GSO on 57710/57711 was broken, due to packets being sent without a valid IP checksum. Commit 057cf65 "bnx2x: Fix GSO for 57710/57711 chips" partially fixed this issue, but failed to set the correct IP checksum when receiving GSO packets via bridges, as such packets enter bnx2x_tx_split() and the FW flags needed to calculate IP checksum were erroneously set in the incorrect buffer descriptor. This patch re-enables GSO in said scenario for 57710/57711 chips. Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: Ariel Elior <[email protected]> Signed-off-by: Eilon Greenstein <[email protected]> Signed-off-by: David S. Miller <[email protected]>
…ng ANAR This patch sets the protocol selector bits (4:0) of the PHY's MII_ADVERTISE register (ANAR) when writing ADVERTISE_ALL. The protocol selector bits are indicating IEEE 803.3u support and are fixed / read-only on some PHYs. Not setting them correctly on others (like TI DP83630) makes the PHY fall back to 10M HDX mode which should be avoided. Tested for TI DP83630 PHY on Microblaze platform. Signed-off-by: Jens Renner <[email protected]> Tested-by: Michal Simek <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Commit 091f0ea "tg3: Add New 5719 Read DMA workaround" added a workaround for TX DMA stall on the 5719. This workaround needs to be applied to the 5720 as well. Cc: [email protected] Reported-by: Roland Dreier <[email protected]> Tested-by: Roland Dreier <[email protected]> Signed-off-by: Nithin Nayak Sujir <[email protected]> Signed-off-by: Michael Chan <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Eric Dumazet spotted that we have to check skb->head instead of skb->data as skb->head points to the beginning of the data area of the skbuff. Similarly, we have to initialize the skb->head pointer, not skb->data in __alloc_skb_head. After this fix, netlink crashes in the release path of the sk_buff, so let's fix that as well. This bug was introduced in (0ebd0ac net: add function to allocate sk_buff head without data area). Reported-by: Eric Dumazet <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> Signed-off-by: David S. Miller <[email protected]>
commit 56b765b ("htb: improved accuracy at high rates") added another regression for low rates, because it mixes 1ns and 64ns time units. So the maximum delay (mbuffer) was not 60 second, but 937 ms. Lets convert all time fields to 1ns as 64bit arches are becoming the norm. Reported-by: Jesper Dangaard Brouer <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Tested-by: Jesper Dangaard Brouer <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Pull networking fixes from David Miller:
1) Fix timeouts with direct mode authentication in mac80211, from
Stanislaw Gruszka.
2) Aggregation sessions can deadlock in ath9k, from Felix Fietkau.
3) Netfilter's xt_addrtype doesn't work with ipv6 due to route lookups
creating undesirable cache entries, from Florian Westphal.
4) Fix netfilter's ipt_ULOG from generating non-NULL terminated
strings.
5) Fix netdev transmit queue crashes in mac80211, from Johannes Berg.
6) Fix copy and paste error in 802.11 stack that broke reporting of
64-bit station tx statistics, from Felix Fietkau.
7) When qlge_probe fails, it leaks the netdev. Fix from Wei Yongjun.
8) SKB control block (where we store the IP options information,
amongst other things) must be cleared properly otherwise ICMP
sending can crash for IP tunnels. Fix from Eric Dumazet.
9) Verification of Energy Efficient Ether support was coded wrongly,
the test was inversed. Fix from Giuseppe CAVALLARO.
10) TCP handles redirects improperly because the wrong flow key is used
for the route lookup. From Michal Kubecek.
11) Don't interpret MSG_CMSG_COMPAT from userspace, fix from Andy
Lutomirski.
12) The new AF_VSOCK was missing from the lockdep string table, fix from
Federico Vaga.
13) be2net doesn't handle checksumming of IP fragments properly, from
Somnath Kotur.
14) Fix several bugs in the device address list code that lead to
crashes and other misbehaviors. From Jay Vosburgh.
15) Fix ipv6 segmentation handling of fragmented GRE tunnel traffic,
from Pravin B Shalr.
16) Fix usage of stale policies in IPSEC layer, from Paul Moore.
17) Fix team driver dump of ports when there are a large number of them,
from Jiri Pirko.
18) Fix softlockups in UDP ipv4 socket lookup causes by and error in the
hlist_nulls_for_each_entry_rcu() macro. From Eric Dumazet.
19) Fix several regressions added by the high rate accuracy changes to
the htb packet scheduler. From Eric Dumazet.
20) Fix DMA'ing onto the stack in esd_usb2 and peak_usb CAN drivers,
from Olivier Sobrie and Marc Kleine-Budde.
21) Fix unremovable network devices due to missing route pointer
installation in the per-device ipv6 address list entries. From Gao
feng.
22) Apply the tg3 5719 DMA workaround on 5720 chips as well, otherwise
we get stalls. From Nithin Sujir.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (68 commits)
net_sched: htb: do not mix 1ns and 64ns time units
net: fix sk_buff head without data area
tg3: Add read dma workaround for 5720
net: ethernet: xilinx_emaclite: set protocol selector bits when writing ANAR
bnx2x: Fix bridged GSO for 57710/57711 chips
net: fec: add fallback to random MAC address
bnx2x: fix TCP offload for tunneling ipv4 over ipv6
ipv6: assign rt6_info to inet6_ifaddr in init_loopback
net/mlx4_core: Keep VF assigned MAC in the PF admin table
net/mlx4_en: Handle unassigned VF MAC address correctly
net/mlx4_core: Return -EPROBE_DEFER when a VF is probed before PF is sufficiently initialized
net/mlx4_en: Fix adaptive moderation cq update
net: can: peak_usb: Do not do dma on the stack
net: can: esd_usb2: Do not do dma on the stack
net: can: kvaser_usb: fix reception on "USBcan Pro" and "USBcan R" type hardware.
net_sched: restore "overhead xxx" handling
net: force a reload of first item in hlist_nulls_for_each_entry_rcu
hyperv: Fix vlan_proto setting in netvsc_recv_callback()
team: fix port list dump for big number of ports
list: introduce list_first_entry_or_null
...
lsmushroom
added a commit
that referenced
this pull request
Jun 5, 2013
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
ibm,validate-flash-image RTAS call output buffer contains 150 - 200 bytes of data on latest system. Presently we have output buffer size as 64 bytes and we use sprintf to copy data from RTAS buffer to local buffer. This causes kernel oops (see below call trace). This patch increases local buffer size to 256 and also uses snprintf instead of sprintf to copy data from RTAS buffer. Kernel call trace : ------------------- Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=1024 NUMA pSeries Modules linked in: nfs fscache lockd auth_rpcgss nfs_acl sunrpc fuse loop dm_mod ipv6 ipv6_lib usb_storage ehea(X) sr_mod qlge ses cdrom enclosure st be2net sg ext3 jbd mbcache usbhid hid ohci_hcd ehci_hcd usbcore qla2xxx usb_common sd_mod crc_t10dif scsi_dh_hp_sw scsi_dh_rdac scsi_dh_alua scsi_dh_emc scsi_dh lpfc scsi_transport_fc scsi_tgt ipr(X) libata scsi_mod Supported: Yes NIP: 4520323031333130 LR: 4520323031333130 CTR: 0000000000000000 REGS: c0000001b91779b0 TRAP: 0400 Tainted: G X (3.0.13-0.27-ppc64) MSR: 8000000040009032 <EE,ME,IR,DR> CR: 44022488 XER: 20000018 TASK = c0000001bca1aba0[4736] 'cat' THREAD: c0000001b9174000 CPU: 36 GPR00: 4520323031333130 c0000001b9177c30 c000000000f87c98 000000000000009b GPR04: c0000001b9177c4a 000000000000000b 3520323031333130 2032303133313031 GPR08: 3133313031350a4d 000000000000009b 0000000000000000 c0000000003664a4 GPR12: 0000000022022448 c000000003ee6c00 0000000000000002 00000000100e8a90 GPR16: 00000000100cb9d8 0000000010093370 000000001001d310 0000000000000000 GPR20: 0000000000008000 00000000100fae60 000000000000005e 0000000000000000 GPR24: 0000000010129350 46573738302e3030 2046573738302e30 300a4d4720323031 GPR28: 333130313520554e 4b4e4f574e0a4d47 2032303133313031 3520323031333130 NIP [4520323031333130] 0x4520323031333130 LR [4520323031333130] 0x4520323031333130 Call Trace: [c0000001b9177c30] [4520323031333130] 0x4520323031333130 (unreliable) Instruction dump: XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX Signed-off-by: Vasant Hegde <[email protected]> Signed-off-by: Benjamin Herrenschmidt <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
Tony Jones reported that the ftrace self tests on s390 do not work: <6>Testing dynamic ftrace ops #1: (0 0 0 0 0) FAILED! <6>Testing tracer irqsoff: <3>failed to start irqsoff tracer <4>.. no entries found ..FAILED! <6>Testing tracer wakeup: <3>failed to start wakeup tracer <4>.. no entries found ..FAILED! <6>Testing tracer function_graph: <4>Failed to init function_graph tracer, init returned -19 <4>FAILED! This happens because we forgot to adjust the instruction pointer that gets passed to the ftrace trace function by MCOUNT_INSN_SIZE. In addition change MCOUNT_INSN_SIZE to the correct value on 31 bit. It only worked so far because the to be patched instruction was identical. Reported-by: Tony Jones <[email protected]> Signed-off-by: Heiko Carstens <[email protected]> Signed-off-by: Martin Schwidefsky <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
…q_numa_init() wq_numa_init() builds per-node cpumasks which are later used to make unbound workqueues NUMA-aware. The cpumasks are allocated using alloc_cpumask_var_node() for all possible nodes. Unfortunately, on machines with off-line nodes, this leads to NUMA-aware allocations on existing bug offline nodes, which in turn triggers BUG in the memory allocation code. Fix it by using NUMA_NO_NODE for cpumask allocations for offline nodes. kernel BUG at include/linux/gfp.h:323! invalid opcode: 0000 [#1] SMP Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.9.0+ #1 Hardware name: ProLiant BL465c G7, BIOS A19 12/10/2011 task: ffff880234608000 ti: ffff880234602000 task.ti: ffff880234602000 RIP: 0010:[<ffffffff8117495d>] [<ffffffff8117495d>] new_slab+0x2ad/0x340 RSP: 0000:ffff880234603bf8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff880237404b40 RCX: 00000000000000d0 RDX: 0000000000000001 RSI: 0000000000000003 RDI: 00000000002052d0 RBP: ffff880234603c28 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000001 R11: ffffffff812e3aa8 R12: 0000000000000001 R13: ffff8802378161c0 R14: 0000000000030027 R15: 00000000000040d0 FS: 0000000000000000(0000) GS:ffff880237800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: ffff88043fdff000 CR3: 00000000018d5000 CR4: 00000000000007f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Stack: ffff880234603c28 0000000000000001 00000000000000d0 ffff8802378161c0 ffff880237404b40 ffff880237404b40 ffff880234603d28 ffffffff815edba1 ffff880237816140 0000000000000000 ffff88023740e1c0 Call Trace: [<ffffffff815edba1>] __slab_alloc+0x330/0x4f2 [<ffffffff81174b25>] kmem_cache_alloc_node_trace+0xa5/0x200 [<ffffffff812e3aa8>] alloc_cpumask_var_node+0x28/0x90 [<ffffffff81a0bdb3>] wq_numa_init+0x10d/0x1be [<ffffffff81a0bec8>] init_workqueues+0x64/0x341 [<ffffffff810002ea>] do_one_initcall+0xea/0x1a0 [<ffffffff819f1f31>] kernel_init_freeable+0xb7/0x1ec [<ffffffff815d50de>] kernel_init+0xe/0xf0 [<ffffffff815ff89c>] ret_from_fork+0x7c/0xb0 Code: 45 84 ac 00 00 00 f0 41 80 4d 00 40 e9 f6 fe ff ff 66 0f 1f 84 00 00 00 00 00 e8 eb 4b ff ff 49 89 c5 e9 05 fe ff ff <0f> 0b 4c 8b 73 38 44 89 ff 81 cf 00 00 20 00 4c 89 f6 48 c1 ee Signed-off-by: Tejun Heo <[email protected]> Reported-and-Tested-by: Lingzhu Xiang <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
It is required to enable respective clock-domain before enabling any clock/module inside that clock-domain. During common-clock migration, .clkdm_name field got missed for "clkdiv32k_ick" clock, which leaves "clk_24mhz_clkdm" unused; so it will be disabled even if childs of this clock-domain is enabled, which keeps child modules in idle mode. This fixes the kernel crash observed on AM335xEVM-SK platform, where clkdiv32_ick clock is being used as a gpio debounce clock and since clkdiv32k_ick is in idle mode it leads to below crash - Crash Log: ========== [ 2.598347] Unhandled fault: external abort on non-linefetch (0x1028) at 0xfa1ac150 [ 2.606434] Internal error: : 1028 [#1] SMP ARM [ 2.611207] Modules linked in: [ 2.614449] CPU: 0 Not tainted (3.8.4-01382-g1f449cd-dirty #4) [ 2.620973] PC is at _set_gpio_debounce+0x60/0x104 [ 2.626025] LR is at clk_enable+0x30/0x3c Cc: [email protected] # v3.9 Signed-off-by: Vaibhav Hiremath <[email protected]> Cc: Rajendra Nayak <[email protected]> Acked-by: Paul Walmsley <[email protected]> Signed-off-by: Tony Lindgren <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
Make sure that any open relayfs files are closed before unregistering with mac80211, otherwise this crash is seen: [ 1331.097846] BUG: unable to handle kernel paging request at 6b6b6b8b [ 1331.098170] IP: [<c063d0d6>] debugfs_remove+0x26/0x80 [ 1331.098170] *pdpt = 000000002f9aa001 *pde = 0000000000000000 [ 1331.098170] Oops: 0000 [#1] PREEMPT SMP [ 1331.098170] Modules linked in: iptable_raw xt_CT nf_conntrack_ipv4 nf_defrag] [ 1331.098170] Pid: 4794, comm: rmmod Tainted: G WC 3.9.1+ #5 To Be Fi. [ 1331.098170] EIP: 0060:[<c063d0d6>] EFLAGS: 00010202 CPU: 0 [ 1331.098170] EIP is at debugfs_remove+0x26/0x80 [ 1331.098170] EAX: f2f3acd0 EBX: f2f3acd0 ECX: 00000006 EDX: f8622348 [ 1331.098170] ESI: 6b6b6b6b EDI: 00000001 EBP: ee251e1 ESP: ee251e0c [ 1331.098170] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 1331.098170] CR0: 8005003b CR2: 6b6b6b8b CR3: 2e7b7000 CR4: 000007e0 [ 1331.098170] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 1331.098170] DR6: ffff0ff0 DR7: 00000400 [ 1331.098170] Process rmmod (pid: 4794, ti=ee250000 task=efaa2560 task.ti=ee25) [ 1331.098170] Stack: [ 1331.098170] f241e170 0000000a ee251e1c f861394d ee251e28 c04e3088 f241e170 4 [ 1331.098170] c04e30f f45482b0 ee251e54 c04e3187 f25e86b0 ee251e54 f8618748 0 [ 1331.098170] 0000000a 00000001 ee251e68 f860065b f2509e20 f25085a0 f5b6e8a4 8 [ 1331.098170] Call Trace: [ 1331.098170] [<f861394d>] remove_buf_file_handler+0xd/0x20 [ath9k] [ 1331.098170] [<c04e3088>] relay_remove_buf+0x18/0x30 [ 1331.098170] [<c04e30fe>] relay_close_buf+0x2e/0x40 [ 1331.098170] [<c04e3187>] relay_close+0x77/0xf0 [ 1331.098170] [<f8618748>] ? dpd_exit+0x38/0x40 [ath9k] [ 1331.098170] [<f860065b>] ath9k_deinit_softc+0x8b/0xa0 [ath9k] [ 1331.098170] [<f86006b8>] ath9k_deinit_device+0x48/0x60 [ath9k] [ 1331.098170] [<f86107f1>] ath_pci_remove+0x31/0x50 [ath9k] [ 1331.098170] [<c06dbff8>] pci_device_remove+0x38/0xc0 [ 1331.098170] [<c079daa4>] __device_release_driver+0x64/0xc0 [ 1331.098170] [<c079db97>] driver_detach+0x97/0xa0 [ 1331.098170] [<c079cacc>] bus_remove_driver+0x6c/0xe0 [ 1331.098170] [<c079c197>] ? bus_put+0x17/0x20 [ 1331.098170] [<c079cae3>] ? bus_remove_driver+0x83/0xe0 [ 1331.098170] [<c079e709>] driver_unregister+0x49/0x80 [ 1331.098170] [<c06dc138>] pci_unregister_driver+0x18/0x80 [ 1331.098170] [<f8610602>] ath_pci_exit+0x12/0x20 [ath9k] [ 1331.098170] [<f8619ce0>] ath9k_exit+0x17/0x337 [ath9k] [ 1331.098170] [<c09e537d>] ? mutex_unlock+0xd/0x10 [ 1331.098170] [<c04bd36c>] sys_delete_module+0x17c/0x250 [ 1331.098170] [<c0540dc4>] ? do_munmap+0x244/0x2d0 [ 1331.098170] [<c0540e96>] ? vm_munmap+0x46/0x60 [ 1331.098170] [<c09e8dc4>] ? restore_all+0xf/0xf [ 1331.098170] [<c09ebf50>] ? __do_page_fault+0x4c0/0x4c0 [ 1331.098170] [<c04b18e4>] ? trace_hardirqs_on_caller+0xf4/0x180 [ 1331.098170] [<c09ef28d>] sysenter_do_call+0x12/0x38 [ 1331.098170] Code: 90 8d 74 26 00 55 89 e5 83 ec 08 89 1c 24 89 74 24 04 3e 82 [ 1331.098170] EIP: [<c063d0d6>] debugfs_remove+0x26/0x80 SS:ESP 0068:ee251e0c [ 1331.098170] CR2: 000000006b6b6b8b [ 1331.727971] ---[ end trace b5bb9f2066cef7f9 ]--- Cc: <[email protected]> Acked-by: Simon Wunderlich <[email protected]> Tested-by: Ben Greear <[email protected]> Signed-off-by: Sujith Manoharan <[email protected]> Signed-off-by: John W. Linville <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
i2c: suppress lockdep warning on delete_device Since commit 846f997 the following lockdep warning is thrown in case i2c device is removed (via delete_device sysfs attribute) which contains subdevices (e.g. i2c multiplexer): ============================================= [ INFO: possible recursive locking detected ] 3.8.7-0-sampleversion-fct torvalds#8 Tainted: G O --------------------------------------------- bash/3743 is trying to acquire lock: (s_active#110){++++.+}, at: [<ffffffff802b3048>] sysfs_hash_and_remove+0x58/0xc8 but task is already holding lock: (s_active#110){++++.+}, at: [<ffffffff802b3cb8>] sysfs_write_file+0xc8/0x208 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(s_active#110); lock(s_active#110); *** DEADLOCK *** May be due to missing lock nesting notation 4 locks held by bash/3743: #0: (&buffer->mutex){+.+.+.}, at: [<ffffffff802b3c3c>] sysfs_write_file+0x4c/0x208 #1: (s_active#110){++++.+}, at: [<ffffffff802b3cb8>] sysfs_write_file+0xc8/0x208 #2: (&adap->userspace_clients_lock/1){+.+.+.}, at: [<ffffffff80454a18>] i2c_sysfs_delete_device+0x90/0x238 #3: (&__lockdep_no_validate__){......}, at: [<ffffffff803dcc24>] device_release_driver+0x24/0x48 stack backtrace: Call Trace: [<ffffffff80575cc8>] dump_stack+0x8/0x34 [<ffffffff801b50fc>] __lock_acquire+0x161c/0x2110 [<ffffffff801b5c3c>] lock_acquire+0x4c/0x70 [<ffffffff802b60cc>] sysfs_addrm_finish+0x19c/0x1e0 [<ffffffff802b3048>] sysfs_hash_and_remove+0x58/0xc8 [<ffffffff802b7d8c>] sysfs_remove_group+0x64/0x148 [<ffffffff803d990c>] device_remove_attrs+0x9c/0x1a8 [<ffffffff803d9b1c>] device_del+0x104/0x1d8 [<ffffffff803d9c18>] device_unregister+0x28/0x70 [<ffffffff8045505c>] i2c_del_adapter+0x1cc/0x328 [<ffffffff8045802c>] i2c_del_mux_adapter+0x14/0x38 [<ffffffffc025c108>] pca954x_remove+0x90/0xe0 [pca954x] [<ffffffff804542f8>] i2c_device_remove+0x80/0xe8 [<ffffffff803dca9c>] __device_release_driver+0x74/0xf8 [<ffffffff803dcc2c>] device_release_driver+0x2c/0x48 [<ffffffff803dbc14>] bus_remove_device+0x13c/0x1d8 [<ffffffff803d9b24>] device_del+0x10c/0x1d8 [<ffffffff803d9c18>] device_unregister+0x28/0x70 [<ffffffff80454b08>] i2c_sysfs_delete_device+0x180/0x238 [<ffffffff802b3cd4>] sysfs_write_file+0xe4/0x208 [<ffffffff8023ddc4>] vfs_write+0xbc/0x160 [<ffffffff8023df6c>] SyS_write+0x54/0xd8 [<ffffffff8013d424>] handle_sys64+0x44/0x64 The problem is already known for USB and PCI subsystems. The reason is that delete_device attribute is defined statically in i2c-core.c and used for all devices in i2c subsystem. Discussion of original USB problem: http://lkml.indiana.edu/hypermail/linux/kernel/1204.3/01160.html Commit 356c05d introduced new macro to suppress lockdep warnings for this special case and included workaround for USB code. LKML discussion of the workaround: http://lkml.indiana.edu/hypermail/linux/kernel/1205.1/03634.html As i2c case is in principle the same, the same workaround could be used here. Signed-off-by: Alexander Sverdlin <[email protected]> Acked-by: Alan Stern <[email protected]> Cc: Eric W. Biederman <[email protected]> Cc: Tejun Heo <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Greg Kroah-Hartman <[email protected]> Signed-off-by: Wolfram Sang <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
Now that the tty port owns the flip buffers and i/o is allowed from the driver even when no tty is attached, the destruction of the tty port (and the flip buffers) must ensure that no outstanding work is pending. Unfortunately, this creates a lock order problem with the console_lock (see attached lockdep report [1] below). For single console deallocation, drop the console_lock prior to port destruction. When multiple console deallocation, defer port destruction until the consoles have been deallocated. tty_port_destroy() is not required if the port has not been used; remove from vc_allocate() failure path. [1] lockdep report from Dave Jones <[email protected]> ====================================================== [ INFO: possible circular locking dependency detected ] 3.9.0+ torvalds#16 Not tainted ------------------------------------------------------- (agetty)/26163 is trying to acquire lock: blocked: ((&buf->work)){+.+...}, instance: ffff88011c8b0020, at: [<ffffffff81062065>] flush_work+0x5/0x2e0 but task is already holding lock: blocked: (console_lock){+.+.+.}, instance: ffffffff81c2fde0, at: [<ffffffff813bc201>] vt_ioctl+0xb61/0x1230 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (console_lock){+.+.+.}: [<ffffffff810b3f74>] lock_acquire+0xa4/0x210 [<ffffffff810416c7>] console_lock+0x77/0x80 [<ffffffff813c3dcd>] con_flush_chars+0x2d/0x50 [<ffffffff813b32b2>] n_tty_receive_buf+0x122/0x14d0 [<ffffffff813b7709>] flush_to_ldisc+0x119/0x170 [<ffffffff81064381>] process_one_work+0x211/0x700 [<ffffffff8106498b>] worker_thread+0x11b/0x3a0 [<ffffffff8106ce5d>] kthread+0xed/0x100 [<ffffffff81601cac>] ret_from_fork+0x7c/0xb0 -> #0 ((&buf->work)){+.+...}: [<ffffffff810b349a>] __lock_acquire+0x193a/0x1c00 [<ffffffff810b3f74>] lock_acquire+0xa4/0x210 [<ffffffff810620ae>] flush_work+0x4e/0x2e0 [<ffffffff81065305>] __cancel_work_timer+0x95/0x130 [<ffffffff810653b0>] cancel_work_sync+0x10/0x20 [<ffffffff813b8212>] tty_port_destroy+0x12/0x20 [<ffffffff813c65e8>] vc_deallocate+0xf8/0x110 [<ffffffff813bc20c>] vt_ioctl+0xb6c/0x1230 [<ffffffff813b01a5>] tty_ioctl+0x285/0xd50 [<ffffffff811ba825>] do_vfs_ioctl+0x305/0x530 [<ffffffff811baad1>] sys_ioctl+0x81/0xa0 [<ffffffff81601d59>] system_call_fastpath+0x16/0x1b other info that might help us debug this: [ 6760.076175] Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(console_lock); lock((&buf->work)); lock(console_lock); lock((&buf->work)); *** DEADLOCK *** 1 lock on stack by (agetty)/26163: #0: blocked: (console_lock){+.+.+.}, instance: ffffffff81c2fde0, at: [<ffffffff813bc201>] vt_ioctl+0xb61/0x1230 stack backtrace: Pid: 26163, comm: (agetty) Not tainted 3.9.0+ torvalds#16 Call Trace: [<ffffffff815edb14>] print_circular_bug+0x200/0x20e [<ffffffff810b349a>] __lock_acquire+0x193a/0x1c00 [<ffffffff8100a269>] ? sched_clock+0x9/0x10 [<ffffffff8100a269>] ? sched_clock+0x9/0x10 [<ffffffff8100a200>] ? native_sched_clock+0x20/0x80 [<ffffffff810b3f74>] lock_acquire+0xa4/0x210 [<ffffffff81062065>] ? flush_work+0x5/0x2e0 [<ffffffff810620ae>] flush_work+0x4e/0x2e0 [<ffffffff81062065>] ? flush_work+0x5/0x2e0 [<ffffffff810b15db>] ? mark_held_locks+0xbb/0x140 [<ffffffff8113c8a3>] ? __free_pages_ok.part.57+0x93/0xc0 [<ffffffff810b15db>] ? mark_held_locks+0xbb/0x140 [<ffffffff810652f2>] ? __cancel_work_timer+0x82/0x130 [<ffffffff81065305>] __cancel_work_timer+0x95/0x130 [<ffffffff810653b0>] cancel_work_sync+0x10/0x20 [<ffffffff813b8212>] tty_port_destroy+0x12/0x20 [<ffffffff813c65e8>] vc_deallocate+0xf8/0x110 [<ffffffff813bc20c>] vt_ioctl+0xb6c/0x1230 [<ffffffff810aec41>] ? lock_release_holdtime.part.30+0xa1/0x170 [<ffffffff813b01a5>] tty_ioctl+0x285/0xd50 [<ffffffff812b00f6>] ? inode_has_perm.isra.46.constprop.61+0x56/0x80 [<ffffffff811ba825>] do_vfs_ioctl+0x305/0x530 [<ffffffff812b04db>] ? selinux_file_ioctl+0x5b/0x110 [<ffffffff811baad1>] sys_ioctl+0x81/0xa0 [<ffffffff81601d59>] system_call_fastpath+0x16/0x1b Cc: Dave Jones <[email protected]> Signed-off-by: Peter Hurley <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
This reverts commit a99d76f (leds: leds-gpio: use gpio_request_one) and commit 2d7c22f (leds: leds-gpio: set devm_gpio_request_one() flags param correctly) which was a fix of the first one. The conversion to devm_gpio_request in commit e3b1d44 (leds: leds-gpio: use devm_gpio_request_one) is not reverted. The problem is that gpio_cansleep() and gpio_get_value_cansleep() calls can crash if the gpio is not first reserved. Incidentally this same bug existed earlier and was fixed similarly in commit d95cbe6 (leds: Fix potential leds-gpio oops). But the OOPS is real. It happens when GPIOs are provided by module which is not yet loaded. So this fixes the following BUG during my ALIX boot (3.9.2-vanilla): BUG: unable to handle kernel NULL pointer dereference at 0000004c IP: [<c11287d6>] __gpio_cansleep+0xe/0x1a *pde = 00000000 Oops: 0000 [#1] SMP Modules linked in: leds_gpio(+) via_rhine mii cs5535_mfd mfd_core geode_rng rng_core geode_aes isofs nls_utf8 nls_cp437 vfat fat ata_generic pata_amd pata_cs5536 pata_acpi libata ehci_pci ehci_hcd ohci_hcd usb_storage usbcore usb_common sd_mod scsi_mod squashfs loop Pid: 881, comm: modprobe Not tainted 3.9.2 #1-Alpine EIP: 0060:[<c11287d6>] EFLAGS: 00010282 CPU: 0 EIP is at __gpio_cansleep+0xe/0x1a EAX: 00000000 EBX: cf364018 ECX: c132b8b9 EDX: 00000000 ESI: c13993a4 EDI: c1399370 EBP: cded9dbc ESP: cded9dbc DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 CR0: 8005003b CR2: 0000004c CR3: 0f0c4000 CR4: 00000090 DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 DR6: ffff0ff0 DR7: 00000400 Process modprobe (pid: 881, ti=cded8000 task=cf094aa0 task.ti=cded8000) Stack: cded9de0 d09471cb 00000000 c1399260 cf364014 00000000 c1399260 c1399254 d0949014 cded9df4 c118cd59 c1399260 d0949014 d0949014 cded9e08 c118ba47 c1399260 d0949014 c1399294 cded9e1c c118bb75 cded9e24 d0949014 00000000 Call Trace: [<d09471cb>] gpio_led_probe+0xba/0x203 [leds_gpio] [<c118cd59>] platform_drv_probe+0x26/0x48 [<c118ba47>] driver_probe_device+0x75/0x15c [<c118bb75>] __driver_attach+0x47/0x63 [<c118a727>] bus_for_each_dev+0x3c/0x66 [<c118b6f9>] driver_attach+0x14/0x16 [<c118bb2e>] ? driver_probe_device+0x15c/0x15c [<c118b3d5>] bus_add_driver+0xbd/0x1bc [<d08b4000>] ? 0xd08b3fff [<d08b4000>] ? 0xd08b3fff [<c118bffc>] driver_register+0x74/0xec [<d08b4000>] ? 0xd08b3fff [<c118c8e8>] platform_driver_register+0x38/0x3a [<d08b400d>] gpio_led_driver_init+0xd/0x1000 [leds_gpio] [<c100116c>] do_one_initcall+0x6b/0x10f [<d08b4000>] ? 0xd08b3fff [<c105e918>] load_module+0x1631/0x1907 [<c10975d6>] ? insert_vmalloc_vmlist+0x14/0x43 [<c1098d5b>] ? __vmalloc_node_range+0x13e/0x15f [<c105ec50>] sys_init_module+0x62/0x77 [<c1257888>] syscall_call+0x7/0xb EIP: [<c11287d6>] __gpio_cansleep+0xe/0x1a SS:ESP 0068:cded9dbc CR2: 000000000000004c ---[ end trace 5308fb20d2514822 ]--- Signed-off-by: Timo Teräs <[email protected]> Cc: Sachin Kamat <[email protected]> Cc: Raphael Assenat <[email protected]> Cc: Trent Piepho <[email protected]> Cc: Javier Martinez Canillas <[email protected]> Cc: Arnaud Patard <[email protected]> Cc: Ezequiel Garcia <[email protected]> Acked-by: Jingoo Han <[email protected]> Signed-off-by: Bryan Wu <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
With the rwsem lock around __cpufreq_governor(policy, CPUFREQ_GOV_POLICY_EXIT), we get circular dependency when we call sysfs_remove_group(). ====================================================== [ INFO: possible circular locking dependency detected ] 3.9.0-rc7+ torvalds#15 Not tainted ------------------------------------------------------- cat/2387 is trying to acquire lock: (&per_cpu(cpu_policy_rwsem, cpu)){+++++.}, at: [<c02f6179>] lock_policy_rwsem_read+0x25/0x34 but task is already holding lock: (s_active#41){++++.+}, at: [<c00f9bf7>] sysfs_read_file+0x4f/0xcc which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (s_active#41){++++.+}: [<c0055a79>] lock_acquire+0x61/0xbc [<c00fabf1>] sysfs_addrm_finish+0xc1/0x128 [<c00f9819>] sysfs_hash_and_remove+0x35/0x64 [<c00fbe6f>] remove_files.isra.0+0x1b/0x24 [<c00fbea5>] sysfs_remove_group+0x2d/0xa8 [<c02f9a0b>] cpufreq_governor_interactive+0x13b/0x35c [<c02f61df>] __cpufreq_governor+0x2b/0x8c [<c02f6579>] __cpufreq_set_policy+0xa9/0xf8 [<c02f6b75>] store_scaling_governor+0x61/0x100 [<c02f6f4d>] store+0x39/0x60 [<c00f9b81>] sysfs_write_file+0xed/0x114 [<c00b3fd1>] vfs_write+0x65/0xd8 [<c00b424b>] sys_write+0x2f/0x50 [<c000cdc1>] ret_fast_syscall+0x1/0x52 -> #0 (&per_cpu(cpu_policy_rwsem, cpu)){+++++.}: [<c0055253>] __lock_acquire+0xef3/0x13dc [<c0055a79>] lock_acquire+0x61/0xbc [<c03ee1f5>] down_read+0x25/0x30 [<c02f6179>] lock_policy_rwsem_read+0x25/0x34 [<c02f6edd>] show+0x21/0x58 [<c00f9c0f>] sysfs_read_file+0x67/0xcc [<c00b40a7>] vfs_read+0x63/0xd8 [<c00b41fb>] sys_read+0x2f/0x50 [<c000cdc1>] ret_fast_syscall+0x1/0x52 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(s_active#41); lock(&per_cpu(cpu_policy_rwsem, cpu)); lock(s_active#41); lock(&per_cpu(cpu_policy_rwsem, cpu)); *** DEADLOCK *** 2 locks held by cat/2387: #0: (&buffer->mutex){+.+.+.}, at: [<c00f9bcd>] sysfs_read_file+0x25/0xcc #1: (s_active#41){++++.+}, at: [<c00f9bf7>] sysfs_read_file+0x4f/0xcc stack backtrace: [<c0011d55>] (unwind_backtrace+0x1/0x9c) from [<c03e9a09>] (print_circular_bug+0x19d/0x1e8) [<c03e9a09>] (print_circular_bug+0x19d/0x1e8) from [<c0055253>] (__lock_acquire+0xef3/0x13dc) [<c0055253>] (__lock_acquire+0xef3/0x13dc) from [<c0055a79>] (lock_acquire+0x61/0xbc) [<c0055a79>] (lock_acquire+0x61/0xbc) from [<c03ee1f5>] (down_read+0x25/0x30) [<c03ee1f5>] (down_read+0x25/0x30) from [<c02f6179>] (lock_policy_rwsem_read+0x25/0x34) [<c02f6179>] (lock_policy_rwsem_read+0x25/0x34) from [<c02f6edd>] (show+0x21/0x58) [<c02f6edd>] (show+0x21/0x58) from [<c00f9c0f>] (sysfs_read_file+0x67/0xcc) [<c00f9c0f>] (sysfs_read_file+0x67/0xcc) from [<c00b40a7>] (vfs_read+0x63/0xd8) [<c00b40a7>] (vfs_read+0x63/0xd8) from [<c00b41fb>] (sys_read+0x2f/0x50) [<c00b41fb>] (sys_read+0x2f/0x50) from [<c000cdc1>] (ret_fast_syscall+0x1/0x52) This lock isn't required while calling __cpufreq_governor(policy, CPUFREQ_GOV_POLICY_EXIT). Remove it. Signed-off-by: Viresh Kumar <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
This manifested as grep failing psuedo-randomly:
-------------->8---------------------
[ARCLinux]$ ip address show lo | grep inet
[ARCLinux]$ ip address show lo | grep inet
[ARCLinux]$ ip address show lo | grep inet
[ARCLinux]$
[ARCLinux]$ ip address show lo | grep inet
inet 127.0.0.1/8 scope host lo
-------------->8---------------------
ARC700 MMU provides fully orthogonal permission bits per page:
Ur, Uw, Ux, Kr, Kw, Kx
The user mode page permission templates used to have all Kernel mode
access bits enabled.
This caused a tricky race condition observed with uClibc buffered file
read and UNIX pipes.
1. Read access to an anon mapped page in libc .bss: write-protected
zero_page mapped: TLB Entry installed with Ur + K[rwx]
2. grep calls libc:getc() -> buffered read layer calls read(2) with the
internal read buffer in same .bss page.
The read() call is on STDIN which has been redirected to a pipe.
read(2) => sys_read() => pipe_read() => copy_to_user()
3. Since page has Kernel-write permission (despite being user-mode
write-protected), copy_to_user() suceeds w/o taking a MMU TLB-Miss
Exception (page-fault for ARC). core-MM is unaware that kernel
erroneously wrote to the reserved read-only zero-page (BUG #1)
4. Control returns to userspace which now does a write to same .bss page
Since Linux MM is not aware that page has been modified by kernel, it
simply reassigns a new writable zero-init page to mapping, loosing the
prior write by kernel - effectively zero'ing out the libc read buffer
under the hood - hence grep doesn't see right data (BUG #2)
The fix is to make all kernel-mode access permissions mirror the
user-mode ones. Note that the kernel still has full access to pages,
when accessed directly (w/o MMU) - this fix ensures that kernel-mode
access in copy_to_from() path uses the same faulting access model as for
pure user accesses to keep MM fully aware of page state.
The issue is peudo-random because it only shows up if the TLB entry
installed in #1 is present at the time of #3. If it is evicted out, due
to TLB pressure or some-such, then copy_to_user() does take a TLB Miss
Exception, with a routine write-to-anon COW processing installing a
fresh page for kernel writes and also usable as it is in userspace.
Further the issue was dormant for so long as it depends on where the
libc internal read buffer (in .bss) is mapped at runtime.
If it happens to reside in file-backed data mapping of libc (in the
page-aligned slack space trailing the file backed data), loader zero
padding the slack space, does the early cow page replacement, setting
things up at the very beginning itself.
With gcc 4.8 based builds, the libc buffer got pushed out to a real
anon mapping which triggers the issue.
Reported-by: Anton Kolesov <[email protected]>
Cc: <[email protected]> # 3.9
Signed-off-by: Vineet Gupta <[email protected]>
lsmushroom
pushed a commit
that referenced
this pull request
Jun 5, 2013
nilfs2: fix issue of nilfs_set_page_dirty for page at EOF boundary DESCRIPTION: There are use-cases when NILFS2 file system (formatted with block size lesser than 4 KB) can be remounted in RO mode because of encountering of "broken bmap" issue. The issue was reported by Anthony Doggett <[email protected]>: "The machine I've been trialling nilfs on is running Debian Testing, Linux version 3.2.0-4-686-pae ([email protected]) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.35-2), but I've also reproduced it (identically) with Debian Unstable amd64 and Debian Experimental (using the 3.8-trunk kernel). The problematic partitions were formatted with "mkfs.nilfs2 -b 1024 -B 8192"." SYMPTOMS: (1) System log contains error messages likewise: [63102.496756] nilfs_direct_assign: invalid pointer: 0 [63102.496786] NILFS error (device dm-17): nilfs_bmap_assign: broken bmap (inode number=28) [63102.496798] [63102.524403] Remounting filesystem read-only (2) The NILFS2 file system is remounted in RO mode. REPRODUSING PATH: (1) Create volume group with name "unencrypted" by means of vgcreate utility. (2) Run script (prepared by Anthony Doggett <[email protected]>): ----------------[BEGIN SCRIPT]-------------------- VG=unencrypted lvcreate --size 2G --name ntest $VG mkfs.nilfs2 -b 1024 -B 8192 /dev/mapper/$VG-ntest mkdir /var/tmp/n mkdir /var/tmp/n/ntest mount /dev/mapper/$VG-ntest /var/tmp/n/ntest mkdir /var/tmp/n/ntest/thedir cd /var/tmp/n/ntest/thedir sleep 2 date darcs init sleep 2 dmesg|tail -n 5 date darcs whatsnew || true date sleep 2 dmesg|tail -n 5 ----------------[END SCRIPT]-------------------- REPRODUCIBILITY: 100% INVESTIGATION: As it was discovered, the issue takes place during segment construction after executing such sequence of user-space operations: open("_darcs/index", O_RDWR|O_CREAT|O_NOCTTY, 0666) = 7 fstat(7, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 ftruncate(7, 60) The error message "NILFS error (device dm-17): nilfs_bmap_assign: broken bmap (inode number=28)" takes place because of trying to get block number for third block of the file with logical offset #3072 bytes. As it is possible to see from above output, the file has 60 bytes of the whole size. So, it is enough one block (1 KB in size) allocation for the whole file. Trying to operate with several blocks instead of one takes place because of discovering several dirty buffers for this file in nilfs_segctor_scan_file() method. The root cause of this issue is in nilfs_set_page_dirty function which is called just before writing to an mmapped page. When nilfs_page_mkwrite function handles a page at EOF boundary, it fills hole blocks only inside EOF through __block_page_mkwrite(). The __block_page_mkwrite() function calls set_page_dirty() after filling hole blocks, thus nilfs_set_page_dirty function (= a_ops->set_page_dirty) is called. However, the current implementation of nilfs_set_page_dirty() wrongly marks all buffers dirty even for page at EOF boundary. As a result, buffers outside EOF are inconsistently marked dirty and queued for write even though they are not mapped with nilfs_get_block function. FIX: This modifies nilfs_set_page_dirty() not to mark hole blocks dirty. Thanks to Vyacheslav Dubeyko for his effort on analysis and proposals for this issue. Signed-off-by: Ryusuke Konishi <[email protected]> Reported-by: Anthony Doggett <[email protected]> Reported-by: Vyacheslav Dubeyko <[email protected]> Cc: Vyacheslav Dubeyko <[email protected]> Tested-by: Ryusuke Konishi <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
update to the latest code