Frank Mayhar [Fri, 12 Sep 2008 16:54:39 +0000 (09:54 -0700)]
timers: fix itimer/many thread hang, v3
- fix UP lockup
- another set of UP/SMP cleanups and simplifications
Signed-off-by: Frank Mayhar <fmayhar@google.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:51 +0000 (14:42 -0700)]
posix-timers: lock_timer: make it readable
Cleanup. Imho makes the code much more understandable. At least this
patch lessens both the source and compiled code.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:51 +0000 (14:42 -0700)]
posix-timers: lock_timer: kill the bogus ->it_id check
lock_timer() checks that the timer found by idr_find(timer_id) has ->it_id
== timer_id. This buys nothing. This check can fail only if
sys_timer_create() unlocked idr_lock after idr_get_new(), but didn't set
->it_id = new_timer_id yet. But in that case ->it_process == NULL so
lock_timer() can't succeed anyway.
Also remove a couple of unneeded typecasts.
Note that with or without this patch we have a small problem.
sys_timer_create() doesn't ensure that the result of setting (say)
->it_sigev_notify must be visible if lock_timer() succeeds.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:50 +0000 (14:42 -0700)]
posix-timers: kill ->it_sigev_signo and ->it_sigev_value
With the recent changes ->it_sigev_signo and ->it_sigev_value are only
used in sys_timer_create(), kill them.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:49 +0000 (14:42 -0700)]
posix-timers: sys_timer_create: cleanup the error handling
Cleanup.
- sys_timer_create() is big and complicated. The code above the "out:"
label relies on the fact that "error" must be == 0. This is not very
robust, make the code more explicit. Remove the unneeded initialization
of error.
- If idr_get_new() succeeds (as it normally should), we check the returned
value twice. Move the "-EAGAIN" check under "if (error)".
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:49 +0000 (14:42 -0700)]
posix-timers: move the initialization of timer->sigq from send to create path
posix_timer_event() always populates timer->sigq with the same numbers,
move this code into sys_timer_create().
Note that with this patch we can kill it_sigev_signo and it_sigev_value.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:48 +0000 (14:42 -0700)]
posix-timers: sys_timer_create: simplify and s/tasklist/rcu/
- Change the code to do rcu_read_lock() instead of taking tasklist_lock,
it is safe to get_task_struct(p) if p was found under RCU.
However, now we must not use process's sighand/signal, they may be NULL.
We can use current->sighand/signal instead, this "process" must belong
to the current's thread-group.
- Factor out the common code for 2 "if (timer_event_spec)" branches, the
!timer_event_spec case can use current too.
- use spin_lock_irq() instead of _irqsave(), kill "flags".
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:47 +0000 (14:42 -0700)]
posix-timers: sys_timer_create: remove the buggy PF_EXITING check
sys_timer_create() return -EINVAL if the target thread has PF_EXITING.
This doesn't really make sense, the sub-thread can die right after unlock.
And in fact, this is just wrong. Without SIGEV_THREAD_ID good_sigevent()
returns ->group_leader, and it is very possible that the leader is already
dead. This is OK, we shouldn't return the error in this case.
Remove this check and the comment. Note that the "process" was found
under tasklist_lock, it must have ->sighand != NULL.
Also, remove a couple of unneeded initializations.
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:46 +0000 (14:42 -0700)]
posix-timers: always do get_task_struct(timer->it_process)
Change the code to get/put timer->it_process regardless of
SIGEV_THREAD_ID. This streamlines the create/destroy paths and allows us
to simplify the usage of exit_itimers() in de_thread().
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Oleg Nesterov [Mon, 22 Sep 2008 21:42:46 +0000 (14:42 -0700)]
posix-timers: don't switch to ->group_leader if ->it_process dies
posix_timer_event() drops SIGEV_THREAD_ID and switches to ->group_leader
if send_sigqueue() fails.
This is not very useful and doesn't work reliably. send_sigqueue() can
only fail if ->it_process is dead. But it can die before it dequeues the
SI_TIMER signal, in that case the timer stops anyway.
Remove this code. I guess it was needed a long ago to ensure that the
timer is not destroyed when when its creator thread dies.
Q: perhaps it makes sense to change sys_timer_settime() to return an error
if ->it_process is dead?
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: mingo@elte.hu
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Frank Mayhar [Fri, 12 Sep 2008 16:54:39 +0000 (09:54 -0700)]
timers: fix itimer/many thread hang, v2
This is the second resubmission of the posix timer rework patch, posted
a few days ago.
This includes the changes from the previous resubmittion, which addressed
Oleg Nesterov's comments, removing the RCU stuff from the patch and
un-inlining the thread_group_cputime() function for SMP.
In addition, per Ingo Molnar it simplifies the UP code, consolidating much
of it with the SMP version and depending on lower-level SMP/UP handling to
take care of the differences.
It also cleans up some UP compile errors, moves the scheduler stats-related
macros into kernel/sched_stats.h, cleans up a merge error in
kernel/fork.c and has a few other minor fixes and cleanups as suggested
by Oleg and Ingo. Thanks for the review, guys.
Signed-off-by: Frank Mayhar <fmayhar@google.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Ingo Molnar [Sun, 14 Sep 2008 15:11:46 +0000 (17:11 +0200)]
timers: fix itimer/many thread hang, cleanups
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Ingo Molnar [Sun, 14 Sep 2008 15:03:52 +0000 (17:03 +0200)]
timers: fix itimer/many thread hang, fix #2
fix the UP build:
In file included from arch/x86/kernel/asm-offsets_32.c:9,
from arch/x86/kernel/asm-offsets.c:3:
include/linux/sched.h: In function ‘thread_group_cputime_clone_thread’:
include/linux/sched.h:2272: warning: no return statement in function returning non-void
include/linux/sched.h: In function ‘thread_group_cputime_account_user’:
include/linux/sched.h:2284: error: invalid type argument of ‘->’ (have ‘struct task_cputime’)
include/linux/sched.h:2284: error: invalid type argument of ‘->’ (have ‘struct task_cputime’)
include/linux/sched.h: In function ‘thread_group_cputime_account_system’:
include/linux/sched.h:2291: error: invalid type argument of ‘->’ (have ‘struct task_cputime’)
include/linux/sched.h:2291: error: invalid type argument of ‘->’ (have ‘struct task_cputime’)
include/linux/sched.h: In function ‘thread_group_cputime_account_exec_runtime’:
include/linux/sched.h:2298: error: invalid type argument of ‘->’ (have ‘struct task_cputime’)
distcc[14501] ERROR: compile arch/x86/kernel/asm-offsets.c on a/30 failed
make[1]: *** [arch/x86/kernel/asm-offsets.s] Error 1
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Ingo Molnar [Sun, 14 Sep 2008 14:33:01 +0000 (16:33 +0200)]
timers: fix itimer/many thread hang, fix
fix:
kernel/fork.c:843: error: ‘struct signal_struct’ has no member named ‘sum_sched_runtime’
kernel/irq/handle.c:117: warning: ‘sparse_irq_lock’ defined but not used
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Frank Mayhar [Fri, 12 Sep 2008 16:54:39 +0000 (09:54 -0700)]
timers: fix itimer/many thread hang
Overview
This patch reworks the handling of POSIX CPU timers, including the
ITIMER_PROF, ITIMER_VIRT timers and rlimit handling. It was put together
with the help of Roland McGrath, the owner and original writer of this code.
The problem we ran into, and the reason for this rework, has to do with using
a profiling timer in a process with a large number of threads. It appears
that the performance of the old implementation of run_posix_cpu_timers() was
at least O(n*3) (where "n" is the number of threads in a process) or worse.
Everything is fine with an increasing number of threads until the time taken
for that routine to run becomes the same as or greater than the tick time, at
which point things degrade rather quickly.
This patch fixes bug 9906, "Weird hang with NPTL and SIGPROF."
Code Changes
This rework corrects the implementation of run_posix_cpu_timers() to make it
run in constant time for a particular machine. (Performance may vary between
one machine and another depending upon whether the kernel is built as single-
or multiprocessor and, in the latter case, depending upon the number of
running processors.) To do this, at each tick we now update fields in
signal_struct as well as task_struct. The run_posix_cpu_timers() function
uses those fields to make its decisions.
We define a new structure, "task_cputime," to contain user, system and
scheduler times and use these in appropriate places:
struct task_cputime {
cputime_t utime;
cputime_t stime;
unsigned long long sum_exec_runtime;
};
This is included in the structure "thread_group_cputime," which is a new
substructure of signal_struct and which varies for uniprocessor versus
multiprocessor kernels. For uniprocessor kernels, it uses "task_cputime" as
a simple substructure, while for multiprocessor kernels it is a pointer:
struct thread_group_cputime {
struct task_cputime totals;
};
struct thread_group_cputime {
struct task_cputime *totals;
};
We also add a new task_cputime substructure directly to signal_struct, to
cache the earliest expiration of process-wide timers, and task_cputime also
replaces the it_*_expires fields of task_struct (used for earliest expiration
of thread timers). The "thread_group_cputime" structure contains process-wide
timers that are updated via account_user_time() and friends. In the non-SMP
case the structure is a simple aggregator; unfortunately in the SMP case that
simplicity was not achievable due to cache-line contention between CPUs (in
one measured case performance was actually _worse_ on a 16-cpu system than
the same test on a 4-cpu system, due to this contention). For SMP, the
thread_group_cputime counters are maintained as a per-cpu structure allocated
using alloc_percpu(). The timer functions update only the timer field in
the structure corresponding to the running CPU, obtained using per_cpu_ptr().
We define a set of inline functions in sched.h that we use to maintain the
thread_group_cputime structure and hide the differences between UP and SMP
implementations from the rest of the kernel. The thread_group_cputime_init()
function initializes the thread_group_cputime structure for the given task.
The thread_group_cputime_alloc() is a no-op for UP; for SMP it calls the
out-of-line function thread_group_cputime_alloc_smp() to allocate and fill
in the per-cpu structures and fields. The thread_group_cputime_free()
function, also a no-op for UP, in SMP frees the per-cpu structures. The
thread_group_cputime_clone_thread() function (also a UP no-op) for SMP calls
thread_group_cputime_alloc() if the per-cpu structures haven't yet been
allocated. The thread_group_cputime() function fills the task_cputime
structure it is passed with the contents of the thread_group_cputime fields;
in UP it's that simple but in SMP it must also safely check that tsk->signal
is non-NULL (if it is it just uses the appropriate fields of task_struct) and,
if so, sums the per-cpu values for each online CPU. Finally, the three
functions account_group_user_time(), account_group_system_time() and
account_group_exec_runtime() are used by timer functions to update the
respective fields of the thread_group_cputime structure.
Non-SMP operation is trivial and will not be mentioned further.
The per-cpu structure is always allocated when a task creates its first new
thread, via a call to thread_group_cputime_clone_thread() from copy_signal().
It is freed at process exit via a call to thread_group_cputime_free() from
cleanup_signal().
All functions that formerly summed utime/stime/sum_sched_runtime values from
from all threads in the thread group now use thread_group_cputime() to
snapshot the values in the thread_group_cputime structure or the values in
the task structure itself if the per-cpu structure hasn't been allocated.
Finally, the code in kernel/posix-cpu-timers.c has changed quite a bit.
The run_posix_cpu_timers() function has been split into a fast path and a
slow path; the former safely checks whether there are any expired thread
timers and, if not, just returns, while the slow path does the heavy lifting.
With the dedicated thread group fields, timers are no longer "rebalanced" and
the process_timer_rebalance() function and related code has gone away. All
summing loops are gone and all code that used them now uses the
thread_group_cputime() inline. When process-wide timers are set, the new
task_cputime structure in signal_struct is used to cache the earliest
expiration; this is checked in the fast path.
Performance
The fix appears not to add significant overhead to existing operations. It
generally performs the same as the current code except in two cases, one in
which it performs slightly worse (Case 5 below) and one in which it performs
very significantly better (Case 2 below). Overall it's a wash except in those
two cases.
I've since done somewhat more involved testing on a dual-core Opteron system.
Case 1: With no itimer running, for a test with 100,000 threads, the fixed
kernel took 1428.5 seconds, 513 seconds more than the unfixed system,
all of which was spent in the system. There were twice as many
voluntary context switches with the fix as without it.
Case 2: With an itimer running at .01 second ticks and 4000 threads (the most
an unmodified kernel can handle), the fixed kernel ran the test in
eight percent of the time (5.8 seconds as opposed to 70 seconds) and
had better tick accuracy (.012 seconds per tick as opposed to .023
seconds per tick).
Case 3: A 4000-thread test with an initial timer tick of .01 second and an
interval of 10,000 seconds (i.e. a timer that ticks only once) had
very nearly the same performance in both cases: 6.3 seconds elapsed
for the fixed kernel versus 5.5 seconds for the unfixed kernel.
With fewer threads (eight in these tests), the Case 1 test ran in essentially
the same time on both the modified and unmodified kernels (5.2 seconds versus
5.8 seconds). The Case 2 test ran in about the same time as well, 5.9 seconds
versus 5.4 seconds but again with much better tick accuracy, .013 seconds per
tick versus .025 seconds per tick for the unmodified kernel.
Since the fix affected the rlimit code, I also tested soft and hard CPU limits.
Case 4: With a hard CPU limit of 20 seconds and eight threads (and an itimer
running), the modified kernel was very slightly favored in that while
it killed the process in 19.997 seconds of CPU time (5.002 seconds of
wall time), only .003 seconds of that was system time, the rest was
user time. The unmodified kernel killed the process in 20.001 seconds
of CPU (5.014 seconds of wall time) of which .016 seconds was system
time. Really, though, the results were too close to call. The results
were essentially the same with no itimer running.
Case 5: With a soft limit of 20 seconds and a hard limit of 2000 seconds
(where the hard limit would never be reached) and an itimer running,
the modified kernel exhibited worse tick accuracy than the unmodified
kernel: .050 seconds/tick versus .028 seconds/tick. Otherwise,
performance was almost indistinguishable. With no itimer running this
test exhibited virtually identical behavior and times in both cases.
In times past I did some limited performance testing. those results are below.
On a four-cpu Opteron system without this fix, a sixteen-thread test executed
in 3569.991 seconds, of which user was 3568.435s and system was 1.556s. On
the same system with the fix, user and elapsed time were about the same, but
system time dropped to 0.007 seconds. Performance with eight, four and one
thread were comparable. Interestingly, the timer ticks with the fix seemed
more accurate: The sixteen-thread test with the fix received 149543 ticks
for 0.024 seconds per tick, while the same test without the fix received 58720
for 0.061 seconds per tick. Both cases were configured for an interval of
0.01 seconds. Again, the other tests were comparable. Each thread in this
test computed the primes up to 25,000,000.
I also did a test with a large number of threads, 100,000 threads, which is
impossible without the fix. In this case each thread computed the primes only
up to 10,000 (to make the runtime manageable). System time dominated, at
1546.968 seconds out of a total 2176.906 seconds (giving a user time of
629.938s). It received 147651 ticks for 0.015 seconds per tick, still quite
accurate. There is obviously no comparable test without the fix.
Signed-off-by: Frank Mayhar <fmayhar@google.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Linus Torvalds [Sat, 13 Sep 2008 21:51:22 +0000 (14:51 -0700)]
Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] Fix PCI_DMA_BUS_IS_PHYS for ARM
[ARM] 5247/1: tosa: SW_EAR_IN support
[ARM] 5246/1: tosa: add proper clock alias for tc6393xb clock
[ARM] 5245/1: Fix warning about unused return value in drivers/pcmcia
[ARM] OMAP: Fix MMC device data
imx serial: fix rts handling for non imx1 based hardware
imx serial: set RXD mux bit on i.MX27 and i.MX31
i.MX serial: fix init failure
pcm037: add rts/cts support for serial port
Linus Torvalds [Sat, 13 Sep 2008 21:48:14 +0000 (14:48 -0700)]
Merge branch 'upstream-linus' of git://git./linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[libata] LBA28/LBA48 off-by-one bug in ata.h
sata_inic162x: enable LED blinking
ata: duplicate variable sparse warning
Linus Torvalds [Sat, 13 Sep 2008 21:47:33 +0000 (14:47 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jbarnes/pci-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
PCI: re-add debug prints for unmodified BARs
PCI: fix pciehp_free_irq()
PCI Hotplug: fakephp: fix deadlock... again
PCI: Fix printk warnings in setup-bus.c
PCI: Fix printk warnings in probe.c
PCI/iommu: blacklist DMAR on Intel G31/G33 chipsets
Linus Torvalds [Sat, 13 Sep 2008 21:46:57 +0000 (14:46 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
niu: panic on reset
netlink: fix overrun in attribute iteration
[Bluetooth] Fix regression from using default link policy
ath9k: Assign seq# when mac80211 requests this
Linus Torvalds [Sat, 13 Sep 2008 21:45:42 +0000 (14:45 -0700)]
Merge git://git./linux/kernel/git/davem/sparc-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc: Fix user_regset 'n' field values.
sparc64: Fix PCI error interrupt registry on PSYCHO.
sparc32: Fix function signature of of_bus_sbus_get_flags().
sparc64: Fix interrupt register calculations on Psycho and Sabre.
Alex Dubov [Sat, 13 Sep 2008 09:33:26 +0000 (02:33 -0700)]
memstick: fix MSProHG 8-bit interface mode support
- 8-bit interface mode never worked properly. The only adapter I have
which supports the 8b mode (the Jmicron) had some problems with its
clock wiring and they discovered it only now. We also discovered that
ProHG media is more sensitive to the ordering of initialization
commands.
- Make the driver fall back to highest supported mode instead of always
falling back to serial. The driver will attempt the switch to 8b mode
for any new MSPro card, but not all of them support it. Previously,
these new cards ended up in serial mode, which is not the best idea
(they work fine with 4b, after all).
- Edit some macros for better conformance to Sony documentation
Signed-off-by: Alex Dubov <oakad@yahoo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Sat, 13 Sep 2008 09:33:25 +0000 (02:33 -0700)]
rescan_partitions(): make device capacity errors non-fatal
Herton Krzesinski reports that the error-checking changes in
04ebd4aee52b06a2c38127d9208546e5b96f3a19 ("block/ioctl.c and
fs/partition/check.c: check value returned by add_partition") cause his
buggy USB camera to no longer mount. "The camera is an Olympus X-840.
The original issue comes from the camera itself: its format program
creates a partition with an off by one error".
Buggy devices happen. It is better for the kernel to warn and to proceed
with the mount.
Reported-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
Cc: Abdel Benamrouche <draconux@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ben Dooks [Sat, 13 Sep 2008 09:33:24 +0000 (02:33 -0700)]
spi_s3c24xx: fix section warning
Fix the section mismatch warning generated by the incorrect naming of
s3c24xx_spidrv which should be s3c24xx_spi_driver:
WARNING: drivers/spi/spi_s3c24xx.o(.data+0x4):
Section mismatch in reference from the variable s3c24xx_spidrv
to the (unknown reference) .exit.text:(unknown)
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Haavard Skinnemoen [Sat, 13 Sep 2008 09:33:23 +0000 (02:33 -0700)]
atmel_lcdfb: disable LCD and DMA engines when suspending
When suspending the system with atmel_lcdfb enabled, I sometimes see
this:
atmel_lcdfb atmel_lcdfb.0: FIFO underflow 0x10
Which can be explained by the fact that we're not stopping the LCD
controller and its DMA engine when suspending, we're just gating the
clocks to them.
There's another potential issue which may be harder to trigger but
much more nasty: If we gate the clocks at _just_ the right moment,
e.g. when the DMA engine is doing a bus transaction, we may cause the
DMA engine to violate the system bus protocol and cause a lockup.
Avoid these issues by shutting down the LCD controller before entering
suspend (and restarting it when resuming). This prevents the underrun
from happening in the first place, and prevents whatever nastiness is
happening when the bus clock stops in the middle of a DMA transfer.
Signed-off-by: Haavard Skinnemoen <haavard.skinnemoen@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Robin Holt [Sat, 13 Sep 2008 09:33:22 +0000 (02:33 -0700)]
ia64: fix panic during `modprobe -r xpc'
If you are on ia64 and you modprobe xpc then modprobe -r xpc, you
immediately get a panic. xpc depends on xp which depends on gru for a
symbol. That symbol is only used when we are running on UV hardware.
Currently, the GRU driver detects we are not on UV hardware and does no
initializing. It does not do the same check when unloading. As a result,
the gru driver attempts to tear down stuff that was not setup.
This is a simple two-line workaround to get us through this release. Once
2.6.28 is opened, we need to rework the symbols that xp is depending on
from gru so the gru driver can properly fail to load when hardware is not
available.
Signed-off-by: Robin Holt <holt@sgi.com>
Cc: "Luck, Tony" <tony.luck@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ming Lei [Sat, 13 Sep 2008 09:33:21 +0000 (02:33 -0700)]
MAINTAINERS: fix USB VIDEO CLASS mail list address
It should be linux-uvc-devel@lists.berlios.de.
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Brownell [Sat, 13 Sep 2008 09:33:20 +0000 (02:33 -0700)]
Documentation/ABI: /sys/class/gpio
Provide summary ABI docs about the /sys/class/gpio files.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Sat, 13 Sep 2008 09:33:19 +0000 (02:33 -0700)]
mm: mark the correct zone as full when scanning zonelists
The iterator for_each_zone_zonelist() uses a struct zoneref *z cursor when
scanning zonelists to keep track of where in the zonelist it is. The
zoneref that is returned corresponds to the the next zone that is to be
scanned, not the current one. It was intended to be treated as an opaque
list.
When the page allocator is scanning a zonelist, it marks elements in the
zonelist corresponding to zones that are temporarily full. As the
zonelist is being updated, it uses the cursor here;
if (NUMA_BUILD)
zlc_mark_zone_full(zonelist, z);
This is intended to prevent rescanning in the near future but the zoneref
cursor does not correspond to the zone that has been found to be full.
This is an easy misunderstanding to make so this patch corrects the
problem by changing zoneref cursor to be the current zone being scanned
instead of the next one.
Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Cc: Andy Whitcroft <apw@shadowen.org>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: <stable@kernel.org> [2.6.26.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ned Forrester [Sat, 13 Sep 2008 09:33:18 +0000 (02:33 -0700)]
pxa2xx_spi: dma bugfixes
Fixes two DMA bugs in the pxa2xx_spi driver. The first bug is in all
versions of this driver; the second was introduced in the 2.6.20 kernel,
and prevents using the driver with chips like m25p16 flash (which can
issue large DMA reads).
1. Zero length transfers are permitted for use to insert timing,
but pxa2xx_spi.c will fail if this is requested in DMA mode.
Fixed by using programmed I/O (PIO) mode for such transfers.
2. Transfers larger than 8191 are not permitted in DMA mode. A
test for length rejects all large transfers regardless of DMA
or PIO mode. Worked around by rejecting only large transfers
with DMA mapped buffers, and forcing all other transfers
larger than 8191 to use PIO mode. A rate limited warning is
issued for DMA transfers forced to PIO mode.
This patch should apply to all kernels back to and including 2.6.20;
it was test patched against 2.6.20. An additional patch would be
required for older kernels, but those versions are very buggy anyway.
Signed-off-by: Ned Forrester <nforrester@whoi.edu>
Cc: Vernon Sauder <vernoninhand@gmail.com>
Cc: Eric Miao <eric.y.miao@gmail.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: <stable@kernel.org> [2.6.25.x, 2.6.26.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ned Forrester [Sat, 13 Sep 2008 09:33:17 +0000 (02:33 -0700)]
pxa2xx_spi: chipselect bugfixes
Fixes several chipselect bugs in the pxa2xx_spi driver. These bugs are in
all versions of this driver and prevent using it with chips like m25p16
flash.
1. The spi_transfer.cs_change flag is handled too early:
before spi_transfer.delay_usecs applies, thus making the
delay ineffective at holding chip select.
2. spi_transfer.delay_usecs is ignored on the last transfer
of a message (likewise not holding chipselect long enough).
3. If spi_transfer.cs_change is set on the last transfer, the
chip select is always disabled, instead of the intended
meaning: optionally holding chip select enabled for the
next message.
Those first three bugs were fixed with a relocation of delays
and chip select de-assertions.
4. If a message has the cs_change flag set on the last transfer,
and had the chip select stayed enabled as requested (see 3,
above), it would not have been disabled if the next message is
for a different chip. Fixed by dropping chip select regardless
of cs_change at end of a message, if there is no next message
or if the next message is for a different chip.
This patch should apply to all kernels back to and including 2.6.20;
it was test patched against 2.6.20. An additional patch would be
required for older kernels, but those versions are very buggy anyway.
Signed-off-by: Ned Forrester <nforrester@whoi.edu>
Cc: Vernon Sauder <vernoninhand@gmail.com>
Cc: Eric Miao <eric.y.miao@gmail.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: <stable@kernel.org> [2.6.25.x, 2.6.26.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Peter Korsgaard [Sat, 13 Sep 2008 09:33:15 +0000 (02:33 -0700)]
spi_mpc83xx: reject invalid transfer sizes
Error out on transfer length != multiple of bytes per word with -EINVAL.
Fixes a buffer overrun crash if length < bytes per word.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Acked-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Peter Korsgaard [Sat, 13 Sep 2008 09:33:14 +0000 (02:33 -0700)]
spi_mpc83xx: fix clockrate calculation for low speed
Commit
a61f5345 (spi_mpc83xx clockrate fixes) broke clockrate calculation
for low speeds. SPMODE_DIV16 should be set if the divider is higher than
64, not only if the divider gets clipped to 1024.
Furthermore, the clipping check was off by a factor 16 as well.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hugh Dickins [Sat, 13 Sep 2008 09:33:13 +0000 (02:33 -0700)]
mm: ifdef Quicklists in /proc/meminfo
A "Quicklists: 0 kB" line has just started appearing in
/proc/meminfo, but most architectures (including x86) don't have
them configured, so #ifdef it, like the highmem lines.
And those architectures which do have quicklists configured are
using them for page tables: so let's place it next to PageTables.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Acked-by: Christoph Lameter <cl@linux-foundation.org>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric Sesterhenn [Sat, 13 Sep 2008 09:33:12 +0000 (02:33 -0700)]
bfs: fix Lockdep warning
This fixes:
=============================================
[ INFO: possible recursive locking detected ]
2.6.27-rc5-00283-g70bb089 #68
---------------------------------------------
touch/6855 is trying to acquire lock:
(&info->bfs_lock){--..}, at: [<
c02262f5>] bfs_delete_inode+0x9e/0x18c
but task is already holding lock:
(&info->bfs_lock){--..}, at: [<
c0226c00>] bfs_create+0x45/0x187
other info that might help us debug this:
2 locks held by touch/6855:
#0: (&type->i_mutex_dir_key#5){--..}, at: [<
c018ad13>] do_filp_open+0x10b/0x62f
#1: (&info->bfs_lock){--..}, at: [<
c0226c00>] bfs_create+0x45/0x187
stack backtrace:
Pid: 6855, comm: touch Not tainted
2.6.27-rc5-00283-g70bb089 #68
[<
c013e769>] validate_chain+0x458/0x9f4
[<
c013bece>] ? trace_hardirqs_off+0xb/0xd
[<
c013f36b>] __lock_acquire+0x666/0x6e0
[<
c013f440>] lock_acquire+0x5b/0x77
[<
c02262f5>] ? bfs_delete_inode+0x9e/0x18c
[<
c06aab74>] mutex_lock_nested+0xbc/0x234
[<
c02262f5>] ? bfs_delete_inode+0x9e/0x18c
[<
c02262f5>] ? bfs_delete_inode+0x9e/0x18c
[<
c02262f5>] bfs_delete_inode+0x9e/0x18c
[<
c0226257>] ? bfs_delete_inode+0x0/0x18c
[<
c01925e1>] generic_delete_inode+0x94/0xfe
[<
c019265d>] generic_drop_inode+0x12/0x12f
[<
c0191b7e>] iput+0x4b/0x4e
[<
c0226d1e>] bfs_create+0x163/0x187
[<
c0188b42>] vfs_create+0xa6/0x114
[<
c018adb5>] do_filp_open+0x1ad/0x62f
[<
c0107cdc>] ? native_sched_clock+0x82/0x96
[<
c06ac309>] ? _spin_unlock+0x27/0x3c
[<
c019379e>] ? alloc_fd+0xbf/0xc9
[<
c06ae2f4>] ? sub_preempt_count+0x9d/0xab
[<
c019379e>] ? alloc_fd+0xbf/0xc9
[<
c0180391>] do_sys_open+0x42/0xb8
[<
c041d564>] ? trace_hardirqs_on_thunk+0xc/0x10
[<
c0180449>] sys_open+0x1e/0x26
[<
c01038bd>] sysenter_do_call+0x12/0x31
=======================
The problem is that we don't unlock the bfs->lock mutex before calling
iput (we do in the other cases).
Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Cc: Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hidehiro Kawai [Sat, 13 Sep 2008 09:33:10 +0000 (02:33 -0700)]
coredump_filter: add description of bit 4
There is no description of bit 4 of coredump_filter in the
documentation. This patch adds it.
Signed-off-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Li Zefan [Sat, 13 Sep 2008 09:33:09 +0000 (02:33 -0700)]
cpuset: hotplug documentation fix
If all the cpus in a cpuset are offlined, the tasks in it will be moved to
the nearest ancestor with non-empty cpus.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Paul Jackson <pj@sgi.com>
Cc: Paul Menage <menage@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Li Zefan [Sat, 13 Sep 2008 09:33:08 +0000 (02:33 -0700)]
cpuset: avoid changing cpuset's cpus when -errno returned
After the patch:
commit
0b2f630a28d53b5a2082a5275bc3334b10373508
Author: Miao Xie <miaox@cn.fujitsu.com>
Date: Fri Jul 25 01:47:21 2008 -0700
cpusets: restructure the function update_cpumask() and update_nodemask()
It might happen that 'echo 0 > /cpuset/sub/cpus' returned failure but 'cpus'
has been changed, because cpus was changed before calling heap_init() which
may return -ENOMEM.
This patch restores the orginal behavior.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Acked-by: Paul Menage <menage@google.com>
Cc: Paul Jackson <pj@sgi.com>
Cc: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hiroshi DOYU [Sat, 13 Sep 2008 09:33:07 +0000 (02:33 -0700)]
include/linux/ioport.h: add missing macro argument for devm_release_* family
akpm: these have no callers at this time, but they shall soon, so let's
get them right.
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Hiroshi DOYU <Hiroshi.DOYU@nokia.com>
Cc: Tony Lindgren <tony@atomide.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alexey Dobriyan [Sat, 13 Sep 2008 09:33:06 +0000 (02:33 -0700)]
proc: more debugging for "already registered" case
Print parent directory name as well.
The aim is to catch non-creation of parent directory when proc_mkdir will
return NULL and all subsequent registrations go directly in /proc instead
of intended directory.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[ Fixed insane printk string while at it. - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Taisuke Yamada [Sat, 13 Sep 2008 20:46:15 +0000 (16:46 -0400)]
[libata] LBA28/LBA48 off-by-one bug in ata.h
I recently bought 3 HGST P7K500-series 500GB SATA drives and
had trouble accessing the block right on the LBA28-LBA48 border.
Here's how it fails (same for all 3 drives):
# dd if=/dev/sdc bs=512 count=1 skip=
268435455 > /dev/null
dd: reading `/dev/sdc': Input/output error
0+0 records in
0+0 records out
0 bytes (0 B) copied, 0.288033 seconds, 0.0 kB/s
# dmesg
ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
ata1.00: BMDMA stat 0x25
ata1.00: cmd c8/00:08:f8:ff:ff/00:00:00:00:00/ef tag 0 dma 4096 in
res 51/04:08:f8:ff:ff/00:00:00:00:00/ef Emask 0x1 (device error)
ata1.00: status: { DRDY ERR }
ata1.00: error: { ABRT }
ata1.00: configured for UDMA/33
ata1: EH complete
...
After some investigations, it turned out this seems to be caused
by misinterpretation of the ATA specification on LBA28 access.
Following part is the code in question:
=== include/linux/ata.h ===
static inline int lba_28_ok(u64 block, u32 n_block)
{
/* check the ending block number */
return ((block + n_block - 1) < ((u64)1 << 28)) && (n_block <= 256);
}
HGST drive (sometimes) fails with LBA28 access of {block = 0xfffffff,
n_block = 1}, and this behavior seems to be comformant. Other drives,
including other HGST drives are not that strict, through.
>From the ATA specification:
(http://www.t13.org/Documents/UploadedDocuments/project/d1410r3b-ATA-ATAPI-6.pdf)
8.15.29 Word (61:60): Total number of user addressable sectors
This field contains a value that is one greater than the total number
of user addressable sectors (see 6.2). The maximum value that shall
be placed in this field is 0FFFFFFFh.
So the driver shouldn't use the value of 0xfffffff for LBA28 request
as this exceeds maximum user addressable sector. The logical maximum
value for LBA28 is 0xffffffe.
The obvious fix is to cut "- 1" part, and the patch attached just do
that. I've been using the patched kernel for about a month now, and
the same fix is also floating on the net for some time. So I believe
this fix works reliably.
Just FYI, many Windows/Intel platform users also seems to be struck
by this, and HGST has issued a note pointing to Intel ICH8/9 driver.
"28-bit LBA command is being used to access LBAs 29-bits in length"
http://www.hitachigst.com/hddt/knowtree.nsf/
cffe836ed7c12018862565b000530c74/
b531b8bce8745fb78825740f00580e23
Also, *BSDs seems to have similar fix included sometime around ~2004,
through I have not checked out exact portion of the code.
Signed-off-by: Taisuke Yamada <tai@rakugaki.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Bob Stewart [Thu, 11 Sep 2008 09:50:03 +0000 (11:50 +0200)]
sata_inic162x: enable LED blinking
Enable LED blinking.
Signed-off-by: Bob Stewart <bob@evoria.net>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Stephen Hemminger [Mon, 8 Sep 2008 16:31:39 +0000 (09:31 -0700)]
ata: duplicate variable sparse warning
drivers/ata/ata_piix.c:1502:7: warning: symbol 'rc' shadows an earlier one
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Russell King [Sat, 13 Sep 2008 20:23:06 +0000 (21:23 +0100)]
[ARM] Fix PCI_DMA_BUS_IS_PHYS for ARM
PCI_DMA_BUS_IS_PHYS was defined to be zero, which meant we ignored
the DMA mask for IDE and SCSI transfers. This is wrong - we have
no DMA translation hardware. We want to obey DMA masks so that the
block layer performs bouncing itself.
Reported-by: Mikael Pettersson <mikpe@it.uu.se>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Sat, 13 Sep 2008 19:10:59 +0000 (20:10 +0100)]
Merge branch 'for-rmk' of git://pasiphae.extern.pengutronix.de/git/imx/linux-2.6.git
Dmitry Baryshkov [Thu, 11 Sep 2008 00:28:51 +0000 (01:28 +0100)]
[ARM] 5247/1: tosa: SW_EAR_IN support
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Acked-by: Eric Miao <eric.miao@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Dmitry Baryshkov [Wed, 10 Sep 2008 09:30:37 +0000 (10:30 +0100)]
[ARM] 5246/1: tosa: add proper clock alias for tc6393xb clock
Add clock alias for clock that is used by tc6393xb device on tosa.
As that chip plays pretty major part in tosa life and is currently
disabled, this is 2.4.27 material.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Jürgen Schindele [Mon, 8 Sep 2008 21:06:29 +0000 (22:06 +0100)]
[ARM] 5245/1: Fix warning about unused return value in drivers/pcmcia
Fix warning when compiling "drivers/pcmcia/soc-common.c"
The return value of the function "device_create_file"
was not used / assigned.
Signed-off-by: Jrgen Schindele <linux@schindele.name>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Yinghai Lu [Tue, 9 Sep 2008 19:27:52 +0000 (12:27 -0700)]
PCI: re-add debug prints for unmodified BARs
Print out for device BAR values before the kernel tries to update them.
Also make related output use KERN_DEBUG.
Signed-off-by: Yinghai Lu <yhlu.kernel@gmail.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Santwona Behera [Fri, 12 Sep 2008 23:04:26 +0000 (16:04 -0700)]
niu: panic on reset
The reset_task function in the niu driver does not reset the tx and rx
buffers properly. This leads to panic on reset. This patch is a
modified implementation of the previously posted fix.
Signed-off-by: Santwona Behera <santwona.behera@sun.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 12 Sep 2008 22:01:31 +0000 (15:01 -0700)]
sparc: Fix user_regset 'n' field values.
As noticed by Russell King, we were not setting this properly
to the number of entries, but rather the total size.
This results in the core dumping code allocating waayyyy too
much memory.
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 12 Sep 2008 22:13:15 +0000 (15:13 -0700)]
sparc64: Fix PCI error interrupt registry on PSYCHO.
We need to pass IRQF_SHARED, otherwise we get things like:
IRQ handler type mismatch for IRQ 33
current handler: PSYCHO_UE
Call Trace:
[
000000000048394c] request_irq+0xac/0x120
[
00000000007c5f6c] psycho_scan_bus+0x98/0x158
[
00000000007c2bc0] pcibios_init+0xdc/0x12c
[
0000000000426a5c] do_one_initcall+0x1c/0x160
[
00000000007c0180] kernel_init+0x9c/0xfc
[
0000000000427050] kernel_thread+0x30/0x60
[
00000000006ae1d0] rest_init+0x10/0x60
on e3500 and similar systems.
On a single board, the UE interrupts of two Psycho nodes
are funneled through the same interrupt, from of_debug=3
dump:
/pci@b,4000: direct translate 2ee --> 21
...
/pci@b,2000: direct translate 2ee --> 21
Decimal "33" mentioned above is the hex "21" mentioned here.
Thanks to Meelis Roos for dumps and testing.
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 12 Sep 2008 02:11:50 +0000 (19:11 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/holtmann/bluetooth-2.6
Vegard Nossum [Fri, 12 Sep 2008 02:05:29 +0000 (19:05 -0700)]
netlink: fix overrun in attribute iteration
kmemcheck reported this:
kmemcheck: Caught 16-bit read from uninitialized memory (
f6c1ba30)
0500110001508abf050010000500000002017300140000006f72672e66726565
i i i i i i i i i i i i i u u u u u u u u u u u u u u u u u u u
^
Pid: 3462, comm: wpa_supplicant Not tainted (
2.6.27-rc3-00054-g6397ab9-dirty #13)
EIP: 0060:[<
c05de64a>] EFLAGS:
00010296 CPU: 0
EIP is at nla_parse+0x5a/0xf0
EAX:
00000008 EBX:
fffffffd ECX:
c06f16c0 EDX:
00000005
ESI:
00000010 EDI:
f6c1ba30 EBP:
f6367c6c ESP:
c0a11e88
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
CR0:
8005003b CR2:
f781cc84 CR3:
3632f000 CR4:
000006d0
DR0:
c0ead9bc DR1:
00000000 DR2:
00000000 DR3:
00000000
DR6:
ffff4ff0 DR7:
00000400
[<
c05d4b23>] rtnl_setlink+0x63/0x130
[<
c05d5f75>] rtnetlink_rcv_msg+0x165/0x200
[<
c05ddf66>] netlink_rcv_skb+0x76/0xa0
[<
c05d5dfe>] rtnetlink_rcv+0x1e/0x30
[<
c05dda21>] netlink_unicast+0x281/0x290
[<
c05ddbe9>] netlink_sendmsg+0x1b9/0x2b0
[<
c05beef2>] sock_sendmsg+0xd2/0x100
[<
c05bf945>] sys_sendto+0xa5/0xd0
[<
c05bf9a6>] sys_send+0x36/0x40
[<
c05c03d6>] sys_socketcall+0x1e6/0x2c0
[<
c020353b>] sysenter_do_call+0x12/0x3f
[<
ffffffff>] 0xffffffff
This is the line in nla_ok():
/**
* nla_ok - check if the netlink attribute fits into the remaining bytes
* @nla: netlink attribute
* @remaining: number of bytes remaining in attribute stream
*/
static inline int nla_ok(const struct nlattr *nla, int remaining)
{
return remaining >= sizeof(*nla) &&
nla->nla_len >= sizeof(*nla) &&
nla->nla_len <= remaining;
}
It turns out that remaining can become negative due to alignment in
nla_next(). But GCC promotes "remaining" to unsigned in the test
against sizeof(*nla) above. Therefore the test succeeds, and the
nla_for_each_attr() may access memory outside the received buffer.
A short example illustrating this point is here:
#include <stdio.h>
main(void)
{
printf("%d\n", -1 >= sizeof(int));
}
...which prints "1".
This patch adds a cast in front of the sizeof so that GCC will make
a signed comparison and fix the illegal memory dereference. With the
patch applied, there is no kmemcheck report.
Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Marcel Holtmann [Fri, 12 Sep 2008 01:11:54 +0000 (03:11 +0200)]
[Bluetooth] Fix regression from using default link policy
To speed up the Simple Pairing connection setup, the support for the
default link policy has been enabled. This is in contrast to settings
the link policy on every connection setup. Using the default link policy
is the preferred way since there is no need to dynamically change it for
every connection.
For backward compatibility reason and to support old userspace the
HCISETLINKPOL ioctl has been switched over to using hci_request() to
issue the HCI command for setting the default link policy instead of
just storing it in the HCI device structure.
However the hci_request() can only be issued when the device is
brought up. If used on a device that is registered, but still down
it will timeout and fail. This is problematic since the command is
put on the TX queue and the Bluetooth core tries to submit it to
hardware that is not ready yet. The timeout for these requests is
10 seconds and this causes a significant regression when setting up
a new device.
The userspace can perfectly handle a failure of the HCISETLINKPOL
ioctl and will re-submit it later, but the 10 seconds delay causes
a problem. So in case hci_request() is called on a device that is
still down, just fail it with ENETDOWN to indicate what happens.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Linus Torvalds [Thu, 11 Sep 2008 18:50:15 +0000 (11:50 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
sg: disable interrupts inside sg_copy_buffer
David Howells [Thu, 11 Sep 2008 16:18:56 +0000 (17:18 +0100)]
MN10300: Change the fault handler to check in_atomic() not in_interrupt()
Change the MN10300 fault handler to make it check in_atomic() rather than
in_interrupt() as commit
6edaf68a87d17570790fd55f0c451a29ec1d6703 did for other
architectures:
Author: Peter Zijlstra <a.p.zijlstra@chello.nl>
Date: Wed Dec 6 20:32:18 2006 -0800
[PATCH] mm: arch do_page_fault() vs in_atomic()
In light of the recent pagefault and filemap_copy_from_user work I've
gone through all the arch pagefault handlers to make sure the
inc_preempt_count() 'feature' works as expected.
Several sections of code (including the new filemap_copy_from_user)
rely on the fact that faults do not take locks under increased preempt
count.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
FUJITA Tomonori [Thu, 11 Sep 2008 16:35:39 +0000 (18:35 +0200)]
sg: disable interrupts inside sg_copy_buffer
The callers of sg_copy_buffer must disable interrupts before calling
it (since it uses kmap_atomic). Some callers use it on
interrupt-disabled code but some need to take the trouble to disable
interrupts just for this. No wonder they forget about it and we hit a
bug like:
http://bugzilla.kernel.org/show_bug.cgi?id=11529
James said that it might be better to disable interrupts inside the
function rather than risk the callers getting it wrong.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Linus Torvalds [Thu, 11 Sep 2008 15:42:55 +0000 (08:42 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
block: disable sysfs parts of the disk command filter
Linus Torvalds [Thu, 11 Sep 2008 15:42:14 +0000 (08:42 -0700)]
Merge branch 'kvm-updates/2.6.27' of git://git./linux/kernel/git/avi/kvm
* 'kvm-updates/2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm:
KVM: VMX: Always return old for clear_flush_young() when using EPT
KVM: SVM: fix guest global tlb flushes with NPT
KVM: SVM: fix random segfaults with NPT enabled
Linus Torvalds [Thu, 11 Sep 2008 15:41:17 +0000 (08:41 -0700)]
Merge git://git./linux/kernel/git/jejb/scsi-rc-fixes-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] fix check of PQ and PDT bits for WLUNs
[SCSI] make scsi_check_sense HARDWARE_ERROR return ADD_TO_MLQUEUE on retry
[SCSI] scsi_dh: make check_sense return ADD_TO_MLQUEUE
[SCSI] zfcp: Remove duplicated unlikely() macros.
[SCSI] zfcp: channel cannot be detached due to refcount imbalance
[SCSI] zfcp: Fix reference counter for remote ports
[SCSI] zfcp: Simplify ccw notify handler
[SCSI] zfcp: Correctly query end flag in gpn_ft response
[SCSI] zfcp: Fix request queue locking
[SCSI] sd: select CRC_T10DIF only when necessary
Linus Torvalds [Thu, 11 Sep 2008 15:40:32 +0000 (08:40 -0700)]
Merge branch 'release' of git://git./linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] prevent ia64 from invoking irq handlers on offline CPUs
[IA64] arch/ia64/sn/pci/tioca_provider.c: introduce missing kfree
[IA64] fix up bte.h
[IA64] fix compile failure with non modular builds
Linus Torvalds [Thu, 11 Sep 2008 15:40:11 +0000 (08:40 -0700)]
Merge branch 'for_linus' of git://git./linux/kernel/git/jack/linux-udf-2.6
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-udf-2.6:
udf: add llseek method
udf: Fix error paths in udf_new_inode()
udf: Fix lock inversion between iprune_mutex and alloc_mutex (v2)
Jouni Malinen [Mon, 11 Aug 2008 11:01:50 +0000 (14:01 +0300)]
ath9k: Assign seq# when mac80211 requests this
Use TX control flag IEEE80211_TX_CTL_ASSIGN_SEQ as a request to update
the seq# for the frames. This will likely require some further cleanup
to get seq# correctly for Beacons vs. other frames and also potentially
for multiple BSSes. Anyway, this is better than ending up sending out
most frames with seq# 0.
(This is a backport of patch w/ same title already in net-next-2.6.
It is verified to fix http://bugzilla.kernel.org/show_bug.cgi?id=11394
and it should be acceptable for -rc due to the driver being new
in 2.6.27.)
Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Jens Axboe [Thu, 11 Sep 2008 12:20:23 +0000 (14:20 +0200)]
block: disable sysfs parts of the disk command filter
We still have life time issues with the sysfs command filter kobject,
so disable it for 2.6.27 release. We can revisit this and make it work
properly for 2.6.28, for 2.6.27 release it's too risky.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Russell King [Tue, 9 Sep 2008 09:16:22 +0000 (10:16 +0100)]
[ARM] OMAP: Fix MMC device data
OMAPs MMC device data was passing the wrong structure via the platform
device. Moreover, a missing function means that both sx1_defconfig
and omap_h2_1610_defconfig builds failed with
undefined reference to `omap_set_mmc_info'
errors. Fix this by updating the MMC support from the omapzoom tree.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Sheng Yang [Mon, 8 Sep 2008 07:12:30 +0000 (15:12 +0800)]
KVM: VMX: Always return old for clear_flush_young() when using EPT
As well as discard fake accessed bit and dirty bit of EPT.
Signed-off-by: Sheng Yang <sheng.yang@intel.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>
Joerg Roedel [Tue, 9 Sep 2008 17:11:51 +0000 (19:11 +0200)]
KVM: SVM: fix guest global tlb flushes with NPT
Accesses to CR4 are intercepted even with Nested Paging enabled. But the code
does not check if the guest wants to do a global TLB flush. So this flush gets
lost. This patch adds the check and the flush to svm_set_cr4.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>
Joerg Roedel [Wed, 27 Aug 2008 12:18:43 +0000 (14:18 +0200)]
KVM: SVM: fix random segfaults with NPT enabled
This patch introduces a guest TLB flush on every NPF exit in KVM. This fixes
random segfaults and #UD exceptions in the guest seen under some workloads
(e.g. long running compile workloads or tbench). A kernbench run with and
without that fix showed that it has a slowdown lower than 0.5%
Cc: stable@kernel.org
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Avi Kivity <avi@qumranet.com>
David S. Miller [Thu, 11 Sep 2008 06:38:51 +0000 (23:38 -0700)]
sparc32: Fix function signature of of_bus_sbus_get_flags().
This doesn't match the function pointer type it gets assigned
to. Luckily, this was harmless.
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 10 Sep 2008 21:16:53 +0000 (14:16 -0700)]
Merge git://git./linux/kernel/git/bart/ide-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6:
add deprecated ide-scsi to feature-removal-schedule.txt
ide: Fix pointer arithmetic in hpt3xx driver code (3rd try)
Geert Uytterhoeven [Wed, 10 Sep 2008 20:15:19 +0000 (22:15 +0200)]
m68k: Update defconfigs for 2.6.27-rc6
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Geert Uytterhoeven [Wed, 10 Sep 2008 20:15:18 +0000 (22:15 +0200)]
VIDEO_SH_MOBILE_CEU should depend on HAS_DMA
commit
0d3244d6439c8c31d2a29efd587c7aca9042c8aa ("V4L/DVB (8342):
sh_mobile_ceu_camera: Add SuperH Mobile CEU driver V3") introduced
VIDEO_SH_MOBILE_CEU, which selects VIDEOBUF_DMA_CONTIG. This circumvents the
dependency on HAS_DMA of VIDEOBUF_DMA_CONTIG.
Add a dependency on HAS_DMA to VIDEO_SH_MOBILE_CEU to fix this.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Paul Mundt <lethal@linux-sh.org>
Acked-by: Magnus Damm <damm@igel.co.jp>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David S. Miller [Wed, 10 Sep 2008 21:08:27 +0000 (14:08 -0700)]
sparc64: Fix interrupt register calculations on Psycho and Sabre.
Use the IMAP offset calculation for OBIO devices as documented in the
programmer's manual. Which is "0x10000 + ((ino & 0x1f) << 3)"
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel J Blueman [Wed, 10 Sep 2008 20:07:55 +0000 (21:07 +0100)]
swiotlb: fix back-off path when memory allocation fails
This fixes a SWIOTLB oops
With SWIOTLB being enabled and straight-forward page allocation
failure [1], the swiotlb_alloc_coherent fall-back path hits an
issue [2], resulting in my webcam failing to work.
At the time of oops, RDI is clearly a pointer to a structure which
has arrived as NULL, leading to the typo in swiotlb_map_single's
callsite arguments.
Correctly passing the device structure [3] addresses the issue and
gets my webcam working again (the allocation failure still occuring).
--- [1]
skype: page allocation failure. order:3, mode:0x1
Pid: 5895, comm: skype Not tainted 2.6.27-rc6-235c-debug #1
Call Trace:
[<
ffffffff802b7cf0>] __alloc_pages_internal+0x4a0/0x5d0
[<
ffffffff802d5ddd>] alloc_pages_current+0xad/0x110
[<
ffffffff802b4ccd>] __get_free_pages+0x1d/0x60
[<
ffffffff8046cd39>] swiotlb_alloc_coherent+0x49/0x180
[<
ffffffff80212731>] dma_alloc_coherent+0x281/0x310
[<
ffffffff805621c0>] hcd_buffer_alloc+0x50/0x90
[<
ffffffff805547fd>] usb_buffer_alloc+0x2d/0x40
[<
ffffffffa0056763>] uvc_alloc_urb_buffers+0x53/0xf0 [uvcvideo]
[<
ffffffffa0056958>] uvc_init_video+0x158/0x3e0 [uvcvideo]
[<
ffffffffa0056c17>] uvc_video_enable+0x37/0x80 [uvcvideo]
[<
ffffffffa0055853>] uvc_v4l2_do_ioctl+0x723/0x1260 [uvcvideo]
[<
ffffffff8026dd61>] ? trace_hardirqs_off_caller+0x21/0xc0
[<
ffffffff8026dd61>] ? trace_hardirqs_off_caller+0x21/0xc0
[<
ffffffffa0032c9f>] video_usercopy+0x19f/0x390 [videodev]
[<
ffffffffa0055130>] ? uvc_v4l2_do_ioctl+0x0/0x1260 [uvcvideo]
[<
ffffffff8026d0ce>] ? put_lock_stats+0xe/0x30
[<
ffffffffa0054dad>] uvc_v4l2_ioctl+0x4d/0x80 [uvcvideo]
[<
ffffffffa0045083>] native_ioctl+0x83/0x90 [compat_ioctl32]
[<
ffffffffa004534e>] v4l_compat_ioctl32+0x2be/0x1da4 [compat_ioctl32]
[<
ffffffff806aad21>] ? do_page_fault+0x3d1/0xae0
[<
ffffffff80270ccd>] ? trace_hardirqs_on+0xd/0x10
[<
ffffffff80270c59>] ? trace_hardirqs_on_caller+0x149/0x1b0
[<
ffffffff80270ccd>] ? trace_hardirqs_on+0xd/0x10
[<
ffffffff80329afa>] compat_sys_ioctl+0x8a/0x3c0
[<
ffffffff806a700d>] ? trace_hardirqs_off_thunk+0x3a/0x3c
[<
ffffffff8022f816>] sysenter_dispatch+0x7/0x2c
[<
ffffffff806a6fce>] ? trace_hardirqs_on_thunk+0x3a/0x3f
Mem-Info:
Node 0 DMA per-cpu:
CPU 0: hi: 0, btch: 1 usd: 0
CPU 1: hi: 0, btch: 1 usd: 0
Node 0 DMA32 per-cpu:
CPU 0: hi: 186, btch: 31 usd: 3
CPU 1: hi: 186, btch: 31 usd: 0
Node 0 Normal per-cpu:
CPU 0: hi: 186, btch: 31 usd: 23
CPU 1: hi: 186, btch: 31 usd: 179
Active:78545 inactive:48683 dirty:31 writeback:0 unstable:2
free:830202 slab:17516 mapped:17473 pagetables:3496 bounce:0
Node 0 DMA free:36kB min:28kB low:32kB high:40kB active:0kB
inactive:0kB present:15156kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 3207 3956 3956
Node 0 DMA32 free:3197192kB min:6512kB low:8140kB high:9768kB
active:0kB inactive:0kB present:3284896kB pages_scanned:0
all_unreclaimable? no
lowmem_reserve[]: 0 0 748 748
Node 0 Normal free:123580kB min:1516kB low:1892kB high:2272kB
active:314180kB inactive:194732kB present:766464kB pages_scanned:0
all_unreclaimable? no
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB 0*8kB 0*16kB 1*32kB 0*64kB 0*128kB 0*256kB 0*512kB
0*1024kB 0*2048kB 0*4096kB = 36kB
Node 0 DMA32: 4*4kB 3*8kB 2*16kB 3*32kB 4*64kB 5*128kB 3*256kB 5*512kB
4*1024kB 5*2048kB 776*4096kB = 3197224kB
Node 0 Normal: 14*4kB 14*8kB 8*16kB 6*32kB 1*64kB 3*128kB 3*256kB
2*512kB 4*1024kB 1*2048kB 28*4096kB = 123560kB
64847 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 502752kB
Total swap = 502752kB
1048576 pages RAM
52120 pages reserved
71967 pages shared
143004 pages non-shared
--- [2]
BUG: unable to handle kernel NULL pointer dereference at
00000000000002c8
IP: [<
ffffffff8046c84c>] map_single+0x1c/0x280
PGD
10e54e067 PUD
10e595067 PMD 0
Oops: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC
CPU 0
Modules linked in: kvm_intel kvm microcode uvcvideo compat_ioctl32
videodev v4l1_compat shpchp pci_hotplug
Pid: 5895, comm: skype Not tainted 2.6.27-rc6-235c-debug #1
RIP: 0010:[<
ffffffff8046c84c>] [<
ffffffff8046c84c>] map_single+0x1c/0x280
RSP: 0018:
ffff88010e78d988 EFLAGS:
00210296
RAX:
0000780000000000 RBX:
0000000000000000 RCX:
0000000000000002
RDX:
0000000000005000 RSI:
0000000000000000 RDI:
0000000000000000
RBP:
ffff88010e78d9e8 R08:
0000000000000000 R09:
0000000000000001
R10:
ffff88010e78d698 R11:
0000000000000001 R12:
0000000000000002
R13:
0000000000000000 R14:
0000000000005000 R15:
ffff88012f1c9968
FS:
0000000000000000(0000) GS:
ffffffff80a6cdc0(0063) knlGS:
00000000f6355b90
CS: 0010 DS: 002b ES: 002b CR0:
0000000080050033
CR2:
00000000000002c8 CR3:
000000010e57d000 CR4:
00000000000026e0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process skype (pid: 5895, threadinfo
ffff88010e78c000, task
ffff88012b9cc460)
Stack:
0000000200000000 0000000000005000 0000000000000000 0000000000000000
00000000000017b8 0000000000000000 ffff88010e78d9c8 0000000000000000
0000000000000002 0000000000000000 0000000000005000 ffff88012f1c9968
Call Trace:
[<
ffffffff8046cbb0>] swiotlb_map_single_attrs+0x60/0xf0
[<
ffffffff8046cc4c>] swiotlb_map_single+0xc/0x10
[<
ffffffff8046cdee>] swiotlb_alloc_coherent+0xfe/0x180
[<
ffffffff80212731>] dma_alloc_coherent+0x281/0x310
[<
ffffffff805621c0>] hcd_buffer_alloc+0x50/0x90
[<
ffffffff805547fd>] usb_buffer_alloc+0x2d/0x40
[<
ffffffffa0056763>] uvc_alloc_urb_buffers+0x53/0xf0 [uvcvideo]
[<
ffffffffa0056958>] uvc_init_video+0x158/0x3e0 [uvcvideo]
[<
ffffffffa0056c17>] uvc_video_enable+0x37/0x80 [uvcvideo]
[<
ffffffffa0055853>] uvc_v4l2_do_ioctl+0x723/0x1260 [uvcvideo]
[<
ffffffff8026dd61>] ? trace_hardirqs_off_caller+0x21/0xc0
[<
ffffffff8026dd61>] ? trace_hardirqs_off_caller+0x21/0xc0
[<
ffffffffa0032c9f>] video_usercopy+0x19f/0x390 [videodev]
[<
ffffffffa0055130>] ? uvc_v4l2_do_ioctl+0x0/0x1260 [uvcvideo]
[<
ffffffff8026d0ce>] ? put_lock_stats+0xe/0x30
[<
ffffffffa0054dad>] uvc_v4l2_ioctl+0x4d/0x80 [uvcvideo]
[<
ffffffffa0045083>] native_ioctl+0x83/0x90 [compat_ioctl32]
[<
ffffffffa004534e>] v4l_compat_ioctl32+0x2be/0x1da4 [compat_ioctl32]
[<
ffffffff806aad21>] ? do_page_fault+0x3d1/0xae0
[<
ffffffff80270ccd>] ? trace_hardirqs_on+0xd/0x10
[<
ffffffff80270c59>] ? trace_hardirqs_on_caller+0x149/0x1b0
[<
ffffffff80270ccd>] ? trace_hardirqs_on+0xd/0x10
[<
ffffffff80329afa>] compat_sys_ioctl+0x8a/0x3c0
[<
ffffffff806a700d>] ? trace_hardirqs_off_thunk+0x3a/0x3c
[<
ffffffff8022f816>] sysenter_dispatch+0x7/0x2c
[<
ffffffff806a6fce>] ? trace_hardirqs_on_thunk+0x3a/0x3f
Code: 45 31 c0 48 89 e5 e8 a4 ff ff ff c9 c3 66 90 55 48 89 e5 41 57
41 56 41 55 41 54 53 48 83 ec 38 48 89 75 b0 48 89 55 a8 89 4d a4 <48>
8b 87 c8 02 00 00 48 85 c0 0f 84 1c 02 00 00 48 8b 58 08 48
RIP [<
ffffffff8046c84c>] map_single+0x1c/0x280
RSP <
ffff88010e78d988>
CR2:
00000000000002c8
---[ end trace
5d15baeeb7025a0e ]---
--- [3]
ffffffff8046c830 <map_single>:
map_single():
/store/kernel/linux/lib/swiotlb.c:291
ffffffff8046c830: 55 push %rbp
ffffffff8046c831: 48 89 e5 mov %rsp,%rbp
ffffffff8046c834: 41 57 push %r15
ffffffff8046c836: 41 56 push %r14
ffffffff8046c838: 41 55 push %r13
ffffffff8046c83a: 41 54 push %r12
ffffffff8046c83c: 53 push %rbx
ffffffff8046c83d: 48 83 ec 38 sub $0x38,%rsp
ffffffff8046c841: 48 89 75 b0 mov %rsi,-0x50(%rbp)
ffffffff8046c845: 48 89 55 a8 mov %rdx,-0x58(%rbp)
ffffffff8046c849: 89 4d a4 mov %ecx,-0x5c(%rbp)
dma_get_seg_boundary():
/store/kernel/linux/include/linux/dma-mapping.h:80
ffffffff8046c84c: 48 8b 87 c8 02 00 00 mov 0x2c8(%rdi),%rax <----
--- [4]
Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
FUJITA Tomonori [Wed, 10 Sep 2008 20:22:34 +0000 (22:22 +0200)]
add deprecated ide-scsi to feature-removal-schedule.txt
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Masoud Sharbiani [Wed, 10 Sep 2008 20:22:34 +0000 (22:22 +0200)]
ide: Fix pointer arithmetic in hpt3xx driver code (3rd try)
git commit
74811f355f4f69a187fa74892dcf2a684b84ce99 causes crash at
module load (or boot) time on my machine with a hpt374 controller.
The reason for this is that for initializing second controller which sets
(hwif->dev == host->dev[1]) to true (1), adds 1 to a void ptr, which
advances it by one byte instead of advancing it by sizeof(hpt_info) bytes.
Because of this, all initialization functions get corrupted data in info
variable which causes a crash at boot time.
This patch fixes that and makes my machine boot again.
The card itself is a HPT374 raid conroller: Here is the lspci -v output:
03:06.0 RAID bus controller: HighPoint Technologies, Inc. HPT374 (rev
07)
Subsystem: HighPoint Technologies, Inc. Unknown device 0001
Flags: bus master, 66MHz, medium devsel, latency 120, IRQ 28
I/O ports at 8000 [size=8]
I/O ports at 7800 [size=4]
I/O ports at 7400 [size=8]
I/O ports at 7000 [size=4]
I/O ports at 6800 [size=256]
Expansion ROM at
fe8e0000 [disabled] [size=128K]
Capabilities: [60] Power Management version 2
03:06.1 RAID bus controller: HighPoint Technologies, Inc. HPT374 (rev
07)
Subsystem: HighPoint Technologies, Inc. Unknown device 0001
Flags: bus master, 66MHz, medium devsel, latency 120, IRQ 28
I/O ports at 9800 [size=8]
I/O ports at 9400 [size=4]
I/O ports at 9000 [size=8]
I/O ports at 8800 [size=4]
I/O ports at 8400 [size=256]
Capabilities: [60] Power Management version 2
Signed-off-by: Masoud Sharbiani <masouds@google.com>
Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
[bart: use dev_get_drvdata() per Sergei's suggestion]
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Paul E. McKenney [Sun, 31 Aug 2008 18:06:30 +0000 (11:06 -0700)]
[IA64] prevent ia64 from invoking irq handlers on offline CPUs
Make ia64 refrain from clearing a given to-be-offlined CPU's bit in the
cpu_online_mask until it has processed pending irqs. This change
prevents other CPUs from being blindsided by an apparently offline CPU
nevertheless changing globally visible state. Also remove the existing
redundant cpu_clear(cpu, cpu_online_map).
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Adrian Bunk [Wed, 27 Aug 2008 22:05:26 +0000 (01:05 +0300)]
PCI: fix pciehp_free_irq()
This patch fixes an obvious bug (loop was never entered) caused by
commit
820943b6fc4781621dee52ba026106758a727dd3
(pciehp: cleanup pcie_poll_cmd).
Reported-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Julia Lawall [Wed, 10 Sep 2008 11:57:19 +0000 (13:57 +0200)]
[IA64] arch/ia64/sn/pci/tioca_provider.c: introduce missing kfree
Error handling code following a kmalloc should free the allocated data.
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Robin Holt [Tue, 9 Sep 2008 15:34:44 +0000 (10:34 -0500)]
[IA64] fix up bte.h
bte.h expects a #define of L1_CACHE_MASK which is currently only
in bte.c. This small patch gets bte.h to include cleanly and makes
BTE_UNALIGNED_COPY not report errors.
Signed-off-by: Robin Holt <holt@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
James Bottomley [Tue, 9 Sep 2008 22:56:47 +0000 (17:56 -0500)]
[IA64] fix compile failure with non modular builds
Broke the non modular builds by moving an essential function into
modules.c. Fix this by moving it out again and into asm/sections.h as
an inline. To do this, the definitions of struct fdesc and struct
got_val have been lifted out of modules.c and put in asm/elf.h where
they belong.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Tao Ma [Tue, 2 Sep 2008 17:57:14 +0000 (01:57 +0800)]
ocfs2: Fix a bug in direct IO read.
ocfs2 will become read-only if we try to read the bytes which pass
the end of i_size. This can be easily reproduced by following steps:
1. mkfs a ocfs2 volume with bs=4k cs=4k and nosparse.
2. create a small file(say less than 100 bytes) and we will create the file
which is allocated 1 cluster.
3. read 8196 bytes from the kernel using O_DIRECT which exceeds the limit.
4. The ocfs2 volume becomes read-only and dmesg shows:
OCFS2: ERROR (device sda13): ocfs2_direct_IO_get_blocks:
Inode 66010 has a hole at block 1
File system is now read-only due to the potential of on-disk corruption.
Please run fsck.ocfs2 once the file system is unmounted.
So suppress the ERROR message.
Signed-off-by: Tao Ma <tao.ma@oracle.com>
Signed-off-by: Mark Fasheh <mfasheh@suse.com>
Linus Torvalds [Tue, 9 Sep 2008 23:27:49 +0000 (16:27 -0700)]
Linux 2.6.27-rc6
Linus Torvalds [Tue, 9 Sep 2008 23:25:58 +0000 (16:25 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
ipv6: Fix OOPS in ip6_dst_lookup_tail().
ipsec: Restore larval states and socket policies in dump
[Bluetooth] Reject L2CAP connections on an insecure ACL link
[Bluetooth] Enforce correct authentication requirements
[Bluetooth] Fix reference counting during ACL config stage
Linus Torvalds [Tue, 9 Sep 2008 23:25:02 +0000 (16:25 -0700)]
Merge git://git./linux/kernel/git/davem/sparc-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: Disable timer interrupts in fixup_irqs().
Neil Horman [Tue, 9 Sep 2008 20:51:35 +0000 (13:51 -0700)]
ipv6: Fix OOPS in ip6_dst_lookup_tail().
This fixes kernel bugzilla 11469: "TUN with 1024 neighbours:
ip6_dst_lookup_tail NULL crash"
dst->neighbour is not necessarily hooked up at this point
in the processing path, so blindly dereferencing it is
the wrong thing to do. This NULL check exists in other
similar paths and this case was just an oversight.
Also fix the completely wrong and confusing indentation
here while we're at it.
Based upon a patch by Evgeniy Polyakov.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Tue, 9 Sep 2008 20:47:01 +0000 (13:47 -0700)]
Merge branch 'timers-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
clockevents: remove WARN_ON which was used to gather information
Thomas Gleixner [Tue, 9 Sep 2008 19:38:57 +0000 (21:38 +0200)]
clockevents: remove WARN_ON which was used to gather information
The issue of the endless reprogramming loop due to a too small
min_delta_ns was fixed with the previous updates of the clock events
code, but we had no information about the spread of this problem. I
added a WARN_ON to get automated information via kerneloops.org and to
get some direct reports, which allowed me to analyse the affected
machines.
The WARN_ON has served its purpose and would be annoying for a release
kernel. Remove it and just keep the information about the increase of
the min_delta_ns value.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Linus Torvalds [Tue, 9 Sep 2008 19:23:41 +0000 (12:23 -0700)]
Merge branch 'x86-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86: fix memmap=exactmap boot argument
x86: disable static NOPLs on 32 bits
xen: fix 2.6.27-rc5 xen balloon driver warnings
Prarit Bhargava [Tue, 9 Sep 2008 13:56:08 +0000 (09:56 -0400)]
x86: fix memmap=exactmap boot argument
When using kdump modifying the e820 map is yielding strange results.
For example starting with
BIOS-provided physical RAM map:
BIOS-e820:
0000000000000100 -
0000000000093400 (usable)
BIOS-e820:
0000000000093400 -
00000000000a0000 (reserved)
BIOS-e820:
0000000000100000 -
000000003fee0000 (usable)
BIOS-e820:
000000003fee0000 -
000000003fef3000 (ACPI data)
BIOS-e820:
000000003fef3000 -
000000003ff80000 (ACPI NVS)
BIOS-e820:
000000003ff80000 -
0000000040000000 (reserved)
BIOS-e820:
00000000e0000000 -
00000000f0000000 (reserved)
BIOS-e820:
00000000fec00000 -
00000000fec10000 (reserved)
BIOS-e820:
00000000fee00000 -
00000000fee01000 (reserved)
BIOS-e820:
00000000ff000000 -
0000000100000000 (reserved)
and booting with args
memmap=exactmap memmap=640K@0K memmap=5228K@16384K memmap=125188K@22252K memmap=76K#1047424K memmap=564K#1047500K
resulted in:
user-defined physical RAM map:
user:
0000000000000000 -
0000000000093400 (usable)
user:
0000000000093400 -
00000000000a0000 (reserved)
user:
0000000000100000 -
000000003fee0000 (usable)
user:
000000003fee0000 -
000000003fef3000 (ACPI data)
user:
000000003fef3000 -
000000003ff80000 (ACPI NVS)
user:
000000003ff80000 -
0000000040000000 (reserved)
user:
00000000e0000000 -
00000000f0000000 (reserved)
user:
00000000fec00000 -
00000000fec10000 (reserved)
user:
00000000fee00000 -
00000000fee01000 (reserved)
user:
00000000ff000000 -
0000000100000000 (reserved)
But should have resulted in:
user-defined physical RAM map:
user:
0000000000000000 -
00000000000a0000 (usable)
user:
0000000001000000 -
000000000151b000 (usable)
user:
00000000015bb000 -
0000000008ffc000 (usable)
user:
000000003fee0000 -
000000003ff80000 (ACPI data)
This is happening because of an improper usage of strcmp() in the
e820 parsing code. The strcmp() always returns !0 and never resets the
value for e820.nr_map and returns an incorrect user-defined map.
This patch fixes the problem.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Linus Torvalds [Tue, 9 Sep 2008 18:53:05 +0000 (11:53 -0700)]
Merge branch 'for-linus' of git://git390.osdl.marist.edu/linux-2.6
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
[S390] cio: allow offline processing for disconnected devices
[S390] cio: handle ssch() return codes correctly.
[S390] cio: Correct cleanup on error.
[S390] CVE-2008-1514: prevent ptrace padding area read/write in 31-bit mode
Linus Torvalds [Tue, 9 Sep 2008 18:52:34 +0000 (11:52 -0700)]
Merge branch 'upstream' of git://ftp.linux-mips.org/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] IP22: Fix detection of second HPC3 on Challenge S
Linus Torvalds [Tue, 9 Sep 2008 18:52:12 +0000 (11:52 -0700)]
Merge branch 'linux-next' of git://git.infradead.org/~dedekind/ubifs-2.6
* 'linux-next' of git://git.infradead.org/~dedekind/ubifs-2.6:
UBIFS: make minimum fanout 3
UBIFS: fix division by zero
UBIFS: amend f_fsid
UBIFS: fill f_fsid
UBIFS: improve statfs reporting even more
UBIFS: introduce LEB overhead
UBIFS: add forgotten gc_idx_lebs component
UBIFS: fix assertion
UBIFS: improve statfs reporting
UBIFS: remove incorrect index space check
UBIFS: push empty flash hack down
UBIFS: do not update min_idx_lebs in stafs
UBIFS: allow for racing between GC and TNC
UBIFS: always read hashed-key nodes under TNC mutex
UBIFS: fix zero-length truncations
James Bottomley [Thu, 4 Sep 2008 01:43:36 +0000 (20:43 -0500)]
lib: Correct printk %pF to work on all architectures
It was introduced by "vsprintf: add support for '%pS' and '%pF' pointer
formats" in commit
0fe1ef24f7bd0020f29ffe287dfdb9ead33ca0b2. However,
the current way its coded doesn't work on parisc64. For two reasons: 1)
parisc isn't in the #ifdef and 2) parisc has a different format for
function descriptors
Make dereference_function_descriptor() more accommodating by allowing
architecture overrides. I put the three overrides (for parisc64, ppc64
and ia64) in arch/kernel/module.c because that's where the kernel
internal linker which knows how to deal with function descriptors sits.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Tony Luck <tony.luck@intel.com>
Acked-by: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Chris Snook [Tue, 9 Sep 2008 07:26:57 +0000 (03:26 -0400)]
MAINTAINERS: add Atheros maintainer for atlx
Jie Yang at Atheros is getting more directly involved with upstream work
on the atl* drivers. This patch changes the ATL1 entry to ATLX (atl2
support posted to netdev today) and adds him as a maintainer.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Christoph Hellwig [Tue, 9 Sep 2008 18:02:01 +0000 (20:02 +0200)]
update Documentation/filesystems/Locking for 2.6.27 changes
In the 2.6.27 circle ->fasync lost the BKL, and the last remaining
->open variant that takes the BKL is also gone. ->get_sb and ->kill_sb
didn't have BKL forever, so updated the entries while we're at that.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alex Chiang [Fri, 5 Sep 2008 21:05:03 +0000 (14:05 -0700)]
PCI Hotplug: fakephp: fix deadlock... again
Commit
fe99740cac117f208707488c03f3789cf4904957 (construct one
fakephp slot per PCI slot) introduced a regression, causing a
deadlock when removing a PCI device.
We also never actually removed the device from the PCI core.
So we:
- remove the device from the PCI core
- do not directly call remove_slot() to prevent deadlock
Yu Zhao reported and diagnosed this defect.
Signed-off-by: Alex Chiang <achiang@hp.com>
Acked-by: Yu Zhao <yu.zhao@intel.com>
Cc: Matthew Wilcox <matthew@wil.cx>
Cc: Kristen Carlson Accardi <kristen.c.accardi@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Johann Felix Soden [Fri, 22 Aug 2008 18:25:10 +0000 (20:25 +0200)]
PCI: Fix printk warnings in setup-bus.c
Again, the cleaned up code introduced some resource warnings:
drivers/pci/setup-bus.c: In function 'pci_bus_dump_res':
drivers/pci/setup-bus.c:542: warning: format '%llx' expects type 'long long unsigned int', but argument 5 has type 'resource_size_t'
drivers/pci/setup-bus.c:542: warning: format '%llx' expects type 'long long unsigned int', but argument 6 has type 'resource_size_t'
Fix those up too.
Signed-off-by: Johann Felix Soden <johfel@users.sourceforge.net>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Johann Felix Soden [Fri, 22 Aug 2008 18:46:59 +0000 (20:46 +0200)]
PCI: Fix printk warnings in probe.c
The cleaned up resource code in probe.c introduced some warnings:
drivers/pci/probe.c: In function 'pci_read_bridge_bases':
drivers/pci/probe.c:386: warning: format '%llx' expects type 'long long unsigned int', but argument 3 has type 'resource_size_t'
drivers/pci/probe.c:386: warning: format '%llx' expects type 'long long unsigned int', but argument 4 has type 'resource_size_t'
drivers/pci/probe.c:398: warning: format '%llx' expects type 'long long unsigned int', but argument 3 has type 'resource_size_t'
drivers/pci/probe.c:398: warning: format '%llx' expects type 'long long unsigned int', but argument 4 has type 'resource_size_t'
drivers/pci/probe.c:434: warning: format '%llx' expects type 'long long unsigned int', but argument 4 has type 'resource_size_t'
drivers/pci/probe.c:434: warning: format '%llx' expects type 'long long unsigned int', but argument 5 has type 'resource_size_t'
So fix them up.
Signed-off-by: Johann Felix Soden <johfel@users.sourceforge.net>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
David Woodhouse [Sun, 7 Sep 2008 15:35:26 +0000 (16:35 +0100)]
PCI/iommu: blacklist DMAR on Intel G31/G33 chipsets
Some BIOSes (the Intel DG33BU, for example) wrongly claim to have DMAR
when they don't. Avoid the resulting crashes when it doesn't work as
expected.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>