01 May, 2013

11 commits

  • Merge third batch of fixes from Andrew Morton:
    "Most of the rest. I still have two large patchsets against AIO and
    IPC, but they're a bit stuck behind other trees and I'm about to
    vanish for six days.

    - random fixlets
    - inotify
    - more of the MM queue
    - show_stack() cleanups
    - DMI update
    - kthread/workqueue things
    - compat cleanups
    - epoll udpates
    - binfmt updates
    - nilfs2
    - hfs
    - hfsplus
    - ptrace
    - kmod
    - coredump
    - kexec
    - rbtree
    - pids
    - pidns
    - pps
    - semaphore tweaks
    - some w1 patches
    - relay updates
    - core Kconfig changes
    - sysrq tweaks"

    * emailed patches from Andrew Morton : (109 commits)
    Documentation/sysrq: fix inconstistent help message of sysrq key
    ethernet/emac/sysrq: fix inconstistent help message of sysrq key
    sparc/sysrq: fix inconstistent help message of sysrq key
    powerpc/xmon/sysrq: fix inconstistent help message of sysrq key
    ARM/etm/sysrq: fix inconstistent help message of sysrq key
    power/sysrq: fix inconstistent help message of sysrq key
    kgdb/sysrq: fix inconstistent help message of sysrq key
    lib/decompress.c: fix initconst
    notifier-error-inject: fix module names in Kconfig
    kernel/sys.c: make prctl(PR_SET_MM) generally available
    UAPI: remove empty Kbuild files
    menuconfig: print more info for symbol without prompts
    init/Kconfig: re-order CONFIG_EXPERT options to fix menuconfig display
    kconfig menu: move Virtualization drivers near other virtualization options
    Kconfig: consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
    relay: use macro PAGE_ALIGN instead of FIX_SIZE
    kernel/relay.c: move FIX_SIZE macro into relay.c
    kernel/relay.c: remove unused function argument actor
    drivers/w1/slaves/w1_ds2760.c: fix the error handling in w1_ds2760_add_slave()
    drivers/w1/slaves/w1_ds2781.c: fix the error handling in w1_ds2781_add_slave()
    ...

    Linus Torvalds
     
  • Signed-off-by: Andi Kleen
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andi Kleen
     
  • The Kconfig help text for MEMORY_NOTIFIER_ERROR_INJECT and
    OF_RECONFIG_NOTIFIER_ERROR_INJECT has mismatched module names.

    Signed-off-by: Akinobu Mita
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Akinobu Mita
     
  • The help text for this config is duplicated across the x86, parisc, and
    s390 Kconfig.debug files. Arnd Bergman noted that the help text was
    slightly misleading and should be fixed to state that enabling this
    option isn't a problem when using pre 4.4 gcc.

    To simplify the rewording, consolidate the text into lib/Kconfig.debug
    and modify it there to be more explicit about when you should say N to
    this config.

    Also, make the text a bit more generic by stating that this option
    enables compile time checks so we can cover architectures which emit
    warnings vs. ones which emit errors. The details of how an
    architecture decided to implement the checks isn't as important as the
    concept of compile time checking of copy_from_user() calls.

    While we're doing this, remove all the copy_from_user_overflow() code
    that's duplicated many times and place it into lib/ so that any
    architecture supporting this option can get the function for free.

    Signed-off-by: Stephen Boyd
    Acked-by: Arnd Bergmann
    Acked-by: Ingo Molnar
    Acked-by: H. Peter Anvin
    Cc: Arjan van de Ven
    Acked-by: Helge Deller
    Cc: Heiko Carstens
    Cc: Stephen Rothwell
    Cc: Chris Metcalf
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Stephen Boyd
     
  • Signed-off-by: Davidlohr Bueso
    Reviewed-by: Michel Lespinasse
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Davidlohr Bueso
     
  • Account for the rbtree having 2**bh(v)-1 internal nodes.

    While this can be seen as a consequence of other checks, Michel states
    that it nicely sums up what the other properties are for.

    Signed-off-by: Davidlohr Bueso
    Reviewed-by: Michel Lespinasse
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Davidlohr Bueso
     
  • There is kernel function to do the job in generic way. Let's use it.

    Signed-off-by: Andy Shevchenko
    Cc: Jason Baron
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andy Shevchenko
     
  • There are several places in kernel where modules unescapes input to convert
    C-Style Escape Sequences into byte codes.

    The patch provides generic implementation of such approach. Test cases are
    also included into the patch.

    [akpm@linux-foundation.org: clarify comment]
    [akpm@linux-foundation.org: export get_random_int() to modules]
    Signed-off-by: Andy Shevchenko
    Cc: Samuel Thibault
    Cc: Greg Kroah-Hartman
    Cc: Jason Baron
    Cc: Alexander Viro
    Cc: William Hubbs
    Cc: Chris Brannon
    Cc: Kirk Reiser
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andy Shevchenko
     
  • Both dump_stack() and show_stack() are currently implemented by each
    architecture. show_stack(NULL, NULL) dumps the backtrace for the
    current task as does dump_stack(). On some archs, dump_stack() prints
    extra information - pid, utsname and so on - in addition to the
    backtrace while the two are identical on other archs.

    The usages in arch-independent code of the two functions indicate
    show_stack(NULL, NULL) should print out bare backtrace while
    dump_stack() is used for debugging purposes when something went wrong,
    so it does make sense to print additional information on the task which
    triggered dump_stack().

    There's no reason to require archs to implement two separate but mostly
    identical functions. It leads to unnecessary subtle information.

    This patch expands the dummy fallback dump_stack() implementation in
    lib/dump_stack.c such that it prints out debug information (taken from
    x86) and invokes show_stack(NULL, NULL) and drops arch-specific
    dump_stack() implementations in all archs except blackfin. Blackfin's
    dump_stack() does something wonky that I don't understand.

    Debug information can be printed separately by calling
    dump_stack_print_info() so that arch-specific dump_stack()
    implementation can still emit the same debug information. This is used
    in blackfin.

    This patch brings the following behavior changes.

    * On some archs, an extra level in backtrace for show_stack() could be
    printed. This is because the top frame was determined in
    dump_stack() on those archs while generic dump_stack() can't do that
    reliably. It can be compensated by inlining dump_stack() but not
    sure whether that'd be necessary.

    * Most archs didn't use to print debug info on dump_stack(). They do
    now.

    An example WARN dump follows.

    WARNING: at kernel/workqueue.c:4841 init_workqueues+0x35/0x505()
    Hardware name: empty
    Modules linked in:
    CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.9.0-rc1-work+ #9
    0000000000000009 ffff88007c861e08 ffffffff81c614dc ffff88007c861e48
    ffffffff8108f50f ffffffff82228240 0000000000000040 ffffffff8234a03c
    0000000000000000 0000000000000000 0000000000000000 ffff88007c861e58
    Call Trace:
    [] dump_stack+0x19/0x1b
    [] warn_slowpath_common+0x7f/0xc0
    [] warn_slowpath_null+0x1a/0x20
    [] init_workqueues+0x35/0x505
    ...

    v2: CPU number added to the generic debug info as requested by s390
    folks and dropped the s390 specific dump_stack(). This loses %ksp
    from the debug message which the maintainers think isn't important
    enough to keep the s390-specific dump_stack() implementation.

    dump_stack_print_info() is moved to kernel/printk.c from
    lib/dump_stack.c. Because linkage is per objecct file,
    dump_stack_print_info() living in the same lib file as generic
    dump_stack() means that archs which implement custom dump_stack()
    - at this point, only blackfin - can't use dump_stack_print_info()
    as that will bring in the generic version of dump_stack() too. v1
    The v1 patch broke build on blackfin due to this issue. The build
    breakage was reported by Fengguang Wu.

    Signed-off-by: Tejun Heo
    Acked-by: David S. Miller
    Acked-by: Vineet Gupta
    Acked-by: Jesper Nilsson
    Acked-by: Vineet Gupta
    Acked-by: Martin Schwidefsky [s390 bits]
    Cc: Heiko Carstens
    Cc: Mike Frysinger
    Cc: Fengguang Wu
    Cc: Bjorn Helgaas
    Cc: Sam Ravnborg
    Acked-by: Richard Kuo [hexagon bits]
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Tejun Heo
     
  • Pull fixup for trivial branch from Jiri Kosina:
    "Unfortunately I made a mistake when merging into for-linus branch, and
    omitted one pre-requisity patch for a few other patches (which have
    been Acked by the appropriate maintainers) in the series. Mea culpa
    maxima, sorry for that."

    The trivial branch added %pSR usage before actually teaching vsnprintf()
    about the 'R' part of %pSR. The 'R' causes the symbol translation to do
    a "__builtin_extract_return_addr()" before symbol lookup.

    That said, on most architectures __builtin_extract_return_addr() isn't
    likely to do anything special, so it probably is not normally
    noticeable.

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial:
    vsprintf: Add extension %pSR - print_symbol replacement

    Linus Torvalds
     
  • print_symbol takes a long and converts it to a function
    name and offset. %pS does something similar, but doesn't
    translate the address via __builtin_extract_return_addr.
    %pSR does the translation.

    This will enable replacing multiple calls like
    printk(...);
    printk_symbol(addr);
    printk("\n");
    with a single non-interleavable in dmesg
    printk("... %pSR\n", (void *)addr);

    Update documentation too.

    Signed-off-by: Joe Perches
    Signed-off-by: Jiri Kosina

    Joe Perches
     

30 Apr, 2013

9 commits

  • Pull scheduler changes from Ingo Molnar:
    "The main changes in this development cycle were:

    - full dynticks preparatory work by Frederic Weisbecker

    - factor out the cpu time accounting code better, by Li Zefan

    - multi-CPU load balancer cleanups and improvements by Joonsoo Kim

    - various smaller fixes and cleanups"

    * 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (45 commits)
    sched: Fix init NOHZ_IDLE flag
    sched: Prevent to re-select dst-cpu in load_balance()
    sched: Rename load_balance_tmpmask to load_balance_mask
    sched: Move up affinity check to mitigate useless redoing overhead
    sched: Don't consider other cpus in our group in case of NEWLY_IDLE
    sched: Explicitly cpu_idle_type checking in rebalance_domains()
    sched: Change position of resched_cpu() in load_balance()
    sched: Fix wrong rq's runnable_avg update with rt tasks
    sched: Document task_struct::personality field
    sched/cpuacct/UML: Fix header file dependency bug on the UML build
    cgroup: Kill subsys.active flag
    sched/cpuacct: No need to check subsys active state
    sched/cpuacct: Initialize cpuacct subsystem earlier
    sched/cpuacct: Initialize root cpuacct earlier
    sched/cpuacct: Allocate per_cpu cpuusage for root cpuacct statically
    sched/cpuacct: Clean up cpuacct.h
    sched/cpuacct: Remove redundant NULL checks in cpuacct_acount_field()
    sched/cpuacct: Remove redundant NULL checks in cpuacct_charge()
    sched/cpuacct: Add cpuacct_acount_field()
    sched/cpuacct: Add cpuacct_init()
    ...

    Linus Torvalds
     
  • Use preferable function name which implies using a pseudo-random
    number generator.

    Signed-off-by: Akinobu Mita
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Akinobu Mita
     
  • Use prandom_bytes() to generate 16 bytes of pseudo-random bytes.

    Signed-off-by: Akinobu Mita
    Cc: "Theodore Ts'o"
    Cc: Huang Ying
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Akinobu Mita
     
  • As Tejun points out, there are several users of the IDR facility that
    attempt to use it in a cyclic fashion. These users are likely to see
    -ENOSPC errors after the counter wraps one or more times however.

    This patchset adds a new idr_alloc_cyclic routine and converts several
    of these users to it. Many of these users are in obscure parts of the
    kernel, and I don't have a good way to test some of them. The change is
    pretty straightforward though, so hopefully it won't be an issue.

    There is one other cyclic user of idr_alloc that I didn't touch in
    ipc/util.c. That one is doing some strange stuff that I didn't quite
    understand, but it looks like it should probably be converted later
    somehow.

    This patch:

    Thus spake Tejun Heo:

    Ooh, BTW, the cyclic allocation is broken. It's prone to -ENOSPC
    after the first wraparound. There are several cyclic users in the
    kernel and I think it probably would be best to implement cyclic
    support in idr.

    This patch does that by adding new idr_alloc_cyclic function that such
    users in the kernel can use. With this, there's no need for a caller to
    keep track of the last value used as that's now tracked internally. This
    should prevent the ENOSPC problems that can hit when the "last allocated"
    counter exceeds INT_MAX.

    Later patches will convert existing cyclic users to the new interface.

    Signed-off-by: Jeff Layton
    Reviewed-by: Tejun Heo
    Cc: "David S. Miller"
    Cc: "J. Bruce Fields"
    Cc: Eric Paris
    Cc: Jack Morgenstein
    Cc: John McCutchan
    Cc: Neil Horman
    Cc: Or Gerlitz
    Cc: Robert Love
    Cc: Roland Dreier
    Cc: Sridhar Samudrala
    Cc: Steve Wise
    Cc: Tom Tucker
    Cc: Vlad Yasevich

    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Jeff Layton
     
  • There are at least two users of isodigit(). Let's make it a public
    function of ctype.h.

    Signed-off-by: Andy Shevchenko
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andy Shevchenko
     
  • argv_split() allocates argv[count_argc(str)] array and assumes that it
    will find the same number of arguments later. This is obviously wrong if
    this string can be changed, say, by sysctl.

    With this patch argv_split() kstrndup's the whole string and does not
    split it, we simply replace the spaces with zeroes and keep the allocated
    memory in argv[-1] for argv_free(arg).

    We do not use argv[0] because:

    - str can be all-spaces or empty. In fact this case is fine,
    we could kfree() it before return, but:

    - str can have a space at the start, and we can not rely on
    kstrndup(skip_spaces(str)) because it can equally race if
    this string is mutable.

    Also, simplify count_argc() and kill the no longer used skip_arg().

    Signed-off-by: Oleg Nesterov
    Cc: Andi Kleen
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Oleg Nesterov
     
  • Optimize the current version of the shift-and-subtract (hardware)
    algorithm, described by John von Newmann[1] and Guy L Steele.

    Iterating 1,000,000 times, perf shows for the current version:

    Performance counter stats for './sqrt-curr' (10 runs):

    27.170996 task-clock # 0.979 CPUs utilized ( +- 3.19% )
    3 context-switches # 0.103 K/sec ( +- 4.76% )
    0 cpu-migrations # 0.004 K/sec ( +-100.00% )
    104 page-faults # 0.004 M/sec ( +- 0.16% )
    64,921,199 cycles # 2.389 GHz ( +- 0.03% )
    28,967,789 stalled-cycles-frontend # 44.62% frontend cycles idle ( +- 0.18% )
    stalled-cycles-backend
    104,502,623 instructions # 1.61 insns per cycle
    # 0.28 stalled cycles per insn ( +- 0.00% )
    34,088,368 branches # 1254.587 M/sec ( +- 0.00% )
    4,901 branch-misses # 0.01% of all branches ( +- 1.32% )

    0.027763015 seconds time elapsed ( +- 3.22% )

    And for the new version:

    Performance counter stats for './sqrt-new' (10 runs):

    0.496869 task-clock # 0.519 CPUs utilized ( +- 2.38% )
    0 context-switches # 0.000 K/sec
    0 cpu-migrations # 0.403 K/sec ( +-100.00% )
    104 page-faults # 0.209 M/sec ( +- 0.15% )
    590,760 cycles # 1.189 GHz ( +- 2.35% )
    395,053 stalled-cycles-frontend # 66.87% frontend cycles idle ( +- 3.67% )
    stalled-cycles-backend
    398,963 instructions # 0.68 insns per cycle
    # 0.99 stalled cycles per insn ( +- 0.39% )
    70,228 branches # 141.341 M/sec ( +- 0.36% )
    3,364 branch-misses # 4.79% of all branches ( +- 5.45% )

    0.000957440 seconds time elapsed ( +- 2.42% )

    Furthermore, this saves space in instruction text:

    text data bss dec hex filename
    111 0 0 111 6f lib/int_sqrt-baseline.o
    89 0 0 89 59 lib/int_sqrt.o

    [1] http://en.wikipedia.org/wiki/First_Draft_of_a_Report_on_the_EDVAC

    Signed-off-by: Davidlohr Bueso
    Reviewed-by: Jonathan Gonzalez
    Tested-by: Jonathan Gonzalez
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Davidlohr Bueso
     
  • This patch adds three exported functions to lib/genalloc.c:
    devm_gen_pool_create, dev_get_gen_pool, and of_get_named_gen_pool.

    devm_gen_pool_create is a managed version of gen_pool_create that keeps
    track of the pool via devres and allows the management code to
    automatically destroy it after device removal.

    dev_get_gen_pool retrieves the gen_pool for a given device, if it was
    created with devm_gen_pool_create, using devres_find.

    of_get_named_gen_pool retrieves the gen_pool for a given device node and
    property name, where the property must contain a phandle pointing to a
    platform device node. The corresponding platform device is then fed into
    dev_get_gen_pool and the resulting gen_pool is returned.

    [akpm@linux-foundation.org: make the of_get_named_gen_pool() stub static, fixing a zillion link errors]
    [akpm@linux-foundation.org: squish "struct device declared inside parameter list" warning]
    Signed-off-by: Philipp Zabel
    Acked-by: Grant Likely
    Tested-by: Michal Simek
    Cc: Fabio Estevam
    Cc: Matt Porter
    Cc: Dong Aisheng
    Cc: Greg Kroah-Hartman
    Cc: Rob Herring
    Cc: Paul Gortmaker
    Cc: Javier Martin
    Cc: Huang Shijie
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Philipp Zabel
     
  • On large systems with a lot of memory, walking all RAM to determine page
    types may take a half second or even more.

    In non-blockable contexts, the page allocator will emit a page allocation
    failure warning unless __GFP_NOWARN is specified. In such contexts, irqs
    are typically disabled and such a lengthy delay may even result in NMI
    watchdog timeouts.

    To fix this, suppress the page walk in such contexts when printing the
    page allocation failure warning.

    Signed-off-by: David Rientjes
    Cc: Mel Gorman
    Acked-by: Michal Hocko
    Cc: Dave Hansen
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    David Rientjes
     

21 Apr, 2013

2 commits

  • Pull kdump fixes from Peter Anvin:
    "The kexec/kdump people have found several problems with the support
    for loading over 4 GiB that was introduced in this merge cycle. This
    is partly due to a number of design problems inherent in the way the
    various pieces of kdump fit together (it is pretty horrifically manual
    in many places.)

    After a *lot* of iterations this is the patchset that was agreed upon,
    but of course it is now very late in the cycle. However, because it
    changes both the syntax and semantics of the crashkernel option, it
    would be desirable to avoid a stable release with the broken
    interfaces."

    I'm not happy with the timing, since originally the plan was to release
    the final 3.9 tomorrow. But apparently I'm doing an -rc8 instead...

    * 'x86-kdump-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
    kexec: use Crash kernel for Crash kernel low
    x86, kdump: Change crashkernel_high/low= to crashkernel=,high/low
    x86, kdump: Retore crashkernel= to allocate under 896M
    x86, kdump: Set crashkernel_low automatically

    Linus Torvalds
     
  • Pull x86 fixes from Peter Anvin:
    "Three groups of fixes:

    1. Make sure we don't execute the early microcode patching if family
    < 6, since it would touch MSRs which don't exist on those
    families, causing crashes.

    2. The Xen partial emulation of HyperV can be dealt with more
    gracefully than just disabling the driver.

    3. More EFI variable space magic. In particular, variables hidden
    from runtime code need to be taken into account too."

    * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
    x86, microcode: Verify the family before dispatching microcode patching
    x86, hyperv: Handle Xen emulation of Hyper-V more gracefully
    x86,efi: Implement efi_no_storage_paranoia parameter
    efi: Export efi_query_variable_store() for efivars.ko
    x86/Kconfig: Make EFI select UCS2_STRING
    efi: Distinguish between "remaining space" and actually used space
    efi: Pass boot services variable info to runtime code
    Move utf16 functions to kernel core and rename
    x86,efi: Check max_size only if it is non-zero.
    x86, efivars: firmware bug workarounds should be in platform code

    Linus Torvalds
     

20 Apr, 2013

1 commit

  • Matt Fleming (1):
    x86, efivars: firmware bug workarounds should be in platform
    code

    Matthew Garrett (3):
    Move utf16 functions to kernel core and rename
    efi: Pass boot services variable info to runtime code
    efi: Distinguish between "remaining space" and actually used
    space

    Richard Weinberger (2):
    x86,efi: Check max_size only if it is non-zero.
    x86,efi: Implement efi_no_storage_paranoia parameter

    Sergey Vlasov (2):
    x86/Kconfig: Make EFI select UCS2_STRING
    efi: Export efi_query_variable_store() for efivars.ko

    Signed-off-by: H. Peter Anvin

    H. Peter Anvin
     

18 Apr, 2013

1 commit

  • Chao said that kdump does does work well on his system on 3.8
    without extra parameter, even iommu does not work with kdump.
    And now have to append crashkernel_low=Y in first kernel to make
    kdump work.

    We have now modified crashkernel=X to allocate memory beyong 4G (if
    available) and do not allocate low range for crashkernel if the user
    does not specify that with crashkernel_low=Y. This causes regression
    if iommu is not enabled. Without iommu, swiotlb needs to be setup in
    first 4G and there is no low memory available to second kernel.

    Set crashkernel_low automatically if the user does not specify that.

    For system that does support IOMMU with kdump properly, user could
    specify crashkernel_low=0 to save that 72M low ram.

    -v3: add swiotlb_size() according to Konrad.
    -v4: add comments what 8M is for according to hpa.
    also update more crashkernel_low= in kernel-parameters.txt
    -v5: update changelog according to Vivek.
    -v6: Change description about swiotlb referring according to HATAYAMA.

    Reported-by: WANG Chao
    Tested-by: WANG Chao
    Signed-off-by: Yinghai Lu
    Link: http://lkml.kernel.org/r/1366089828-19692-2-git-send-email-yinghai@kernel.org
    Acked-by: Vivek Goyal
    Signed-off-by: H. Peter Anvin

    Yinghai Lu
     

16 Apr, 2013

1 commit

  • We want to be able to use the utf16 functions that are currently present
    in the EFI variables code in platform-specific code as well. Move them to
    the kernel core, and in the process rename them to accurately describe what
    they do - they don't handle UTF16, only UCS2.

    Signed-off-by: Matthew Garrett
    Signed-off-by: Matt Fleming

    Matthew Garrett
     

14 Apr, 2013

1 commit

  • Anatol Pomozov identified a race condition that hits module unloading
    and re-loading. To quote Anatol:

    "This is a race codition that exists between kset_find_obj() and
    kobject_put(). kset_find_obj() might return kobject that has refcount
    equal to 0 if this kobject is freeing by kobject_put() in other
    thread.

    Here is timeline for the crash in case if kset_find_obj() searches for
    an object tht nobody holds and other thread is doing kobject_put() on
    the same kobject:

    THREAD A (calls kset_find_obj()) THREAD B (calls kobject_put())
    splin_lock()
    atomic_dec_return(kobj->kref), counter gets zero here
    ... starts kobject cleanup ....
    spin_lock() // WAIT thread A in kobj_kset_leave()
    iterate over kset->list
    atomic_inc(kobj->kref) (counter becomes 1)
    spin_unlock()
    spin_lock() // taken
    // it does not know that thread A increased counter so it
    remove obj from list
    spin_unlock()
    vfree(module) // frees module object with containing kobj

    // kobj points to freed memory area!!
    kobject_put(kobj) // OOPS!!!!

    The race above happens because module.c tries to use kset_find_obj()
    when somebody unloads module. The module.c code was introduced in
    commit 6494a93d55fa"

    Anatol supplied a patch specific for module.c that worked around the
    problem by simply not using kset_find_obj() at all, but rather than make
    a local band-aid, this just fixes kset_find_obj() to be thread-safe
    using the proper model of refusing the get a new reference if the
    refcount has already dropped to zero.

    See examples of this proper refcount handling not only in the kref
    documentation, but in various other equivalent uses of this pattern by
    grepping for atomic_inc_not_zero().

    [ Side note: the module race does indicate that module loading and
    unloading is not properly serialized wrt sysfs information using the
    module mutex. That may require further thought, but this is the
    correct fix at the kobject layer regardless. ]

    Reported-analyzed-and-tested-by: Anatol Pomozov
    Cc: Greg Kroah-Hartman
    Cc: Al Viro
    Cc: stable@vger.kernel.org
    Signed-off-by: Linus Torvalds

    Linus Torvalds
     

23 Mar, 2013

3 commits

  • There were reports of the igb driver unmapping buffers without calling
    dma_mapping_error. On closer inspection issues were found in the DMA
    debug API and how it handled multiple mappings of the same buffer.

    The issue I found is the fact that the debug_dma_mapping_error would
    only set the map_err_type to MAP_ERR_CHECKED in the case that the was
    only one match for device and device address. However in the case of
    non-IOMMU, multiple addresses existed and as a result it was not setting
    this field once a second mapping was instantiated. I have resolved this
    by changing the search so that it instead will now set MAP_ERR_CHECKED
    on the first buffer that matches the device and DMA address that is
    currently in the state MAP_ERR_NOT_CHECKED.

    A secondary side effect of this patch is that in the case of multiple
    buffers using the same address only the last mapping will have a valid
    map_err_type. The previous mappings will all end up with map_err_type
    set to MAP_ERR_CHECKED because of the dma_mapping_error call in
    debug_dma_map_page. However this behavior may be preferable as it means
    you will likely only see one real error per multi-mapped buffer, versus
    the current behavior of multiple false errors mer multi-mapped buffer.

    Signed-off-by: Alexander Duyck
    Cc: Joerg Roedel
    Reviewed-by: Shuah Khan
    Tested-by: Shuah Khan
    Cc: Jakub Kicinski
    Cc: Konrad Rzeszutek Wilk
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Alexander Duyck
     
  • In check_unmap() it is possible to get into a dead-locked state if
    dma_mapping_error is called. The problem is that the bucket is locked in
    check_unmap, and locked again by debug_dma_mapping_error which is called
    by dma_mapping_error. To resolve that we must release the lock on the
    bucket before making the call to dma_mapping_error.

    [akpm@linux-foundation.org: restore 80-col trickery to be consistent with the rest of the file]
    Signed-off-by: Alexander Duyck
    Cc: Joerg Roedel
    Reviewed-by: Shuah Khan
    Tested-by: Shuah Khan
    Cc: Jakub Kicinski
    Cc: Konrad Rzeszutek Wilk
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Alexander Duyck
     
  • wake_up_klogd() is useless when CONFIG_PRINTK=n because neither printk()
    nor printk_sched() are in use and there are actually no waiter on
    log_wait waitqueue. It should be a stub in this case for users like
    bust_spinlocks().

    Otherwise this results in this warning when CONFIG_PRINTK=n and
    CONFIG_IRQ_WORK=n:

    kernel/built-in.o In function `wake_up_klogd':
    (.text.wake_up_klogd+0xb4): undefined reference to `irq_work_queue'

    To fix this, provide an off-case for wake_up_klogd() when
    CONFIG_PRINTK=n.

    There is much more from console_unlock() and other console related code
    in printk.c that should be moved under CONFIG_PRINTK. But for now,
    focus on a minimal fix as we passed the merged window already.

    [akpm@linux-foundation.org: include printk.h in bust_spinlocks.c]
    Signed-off-by: Frederic Weisbecker
    Reported-by: James Hogan
    Cc: James Hogan
    Cc: Steven Rostedt
    Cc: Peter Zijlstra
    Cc: Ingo Molnar
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Frederic Weisbecker
     

14 Mar, 2013

4 commits

  • GFP_NOIO is often used for idr_alloc() inside preloaded section as the
    allocation mask doesn't really matter. If the idr tree needs to be
    expanded, idr_alloc() first tries to allocate using the specified
    allocation mask and if it fails falls back to the preloaded buffer. This
    order prevent non-preloading idr_alloc() users from taking advantage of
    preloading ones by using preload buffer without filling it shifting the
    burden of allocation to the preload users.

    Unfortunately, this allowed/expected-to-fail kmem_cache allocation ends up
    generating spurious slab lowmem warning before succeeding the request from
    the preload buffer.

    This patch makes idr_layer_alloc() add __GFP_NOWARN to the first
    kmem_cache attempt and try kmem_cache again w/o __GFP_NOWARN after
    allocation from preload_buffer fails so that lowmem warning is generated
    if not suppressed by the original @gfp_mask.

    Signed-off-by: Tejun Heo
    Reported-by: David Teigland
    Tested-by: David Teigland
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Tejun Heo
     
  • Commit 5dc49c75a26b ("decompressors: make the default XZ_DEC_* config
    match the selected architecture") added

    default y if POWERPC

    to lib/xz/Kconfig. But there is no Kconfig symbol POWERPC. The most
    general Kconfig symbol for the powerpc architecture is PPC. So let's
    use that.

    Signed-off-by: Paul Bolle
    Cc: Florian Fainelli
    Cc: Lasse Collin
    Cc: Benjamin Herrenschmidt
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Paul Bolle
     
  • Now that all in-kernel users are converted to ues the new alloc
    interface, mark the old interface deprecated. We should be able to
    remove these in a few releases.

    Signed-off-by: Tejun Heo
    Cc: Rusty Russell
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Tejun Heo
     
  • Provide an extended version of div64_u64() that
    also returns the remainder of the division.

    We are going to need this to refine the cputime
    scaling code.

    Signed-off-by: Frederic Weisbecker
    Cc: Stanislaw Gruszka
    Cc: Steven Rostedt
    Cc: Peter Zijlstra
    Cc: Ingo Molnar
    Cc: Andrew Morton

    Frederic Weisbecker
     

13 Mar, 2013

1 commit

  • Fix new kernel-doc warnings in idr:

    Warning(include/linux/idr.h:113): No description found for parameter 'idr'
    Warning(include/linux/idr.h:113): Excess function parameter 'idp' description in 'idr_find'
    Warning(lib/idr.c:232): Excess function parameter 'id' description in 'sub_alloc'
    Warning(lib/idr.c:232): Excess function parameter 'id' description in 'sub_alloc'

    Signed-off-by: Randy Dunlap
    Acked-by: Tejun Heo
    Signed-off-by: Linus Torvalds

    Randy Dunlap
     

09 Mar, 2013

1 commit

  • idr_find(), idr_remove() and idr_replace() used to silently ignore the
    sign bit and perform lookup with the rest of the bits. The weird behavior
    has been changed such that negative IDs are treated as invalid. As the
    behavior change was subtle, WARN_ON_ONCE() was added in the hope of
    determining who's calling idr functions with negative IDs so that they can
    be examined for problems.

    Up until now, all two reported cases are ID number coming directly from
    userland and getting fed into idr_find() and the warnings seem to cause
    more problems than being helpful. Drop the WARN_ON_ONCE()s.

    Signed-off-by: Tejun Heo
    Reported-by:
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Tejun Heo
     

04 Mar, 2013

1 commit

  • Pull new ImgTec Meta architecture from James Hogan:
    "This adds core architecture support for Imagination's Meta processor
    cores, followed by some later miscellaneous arch/metag cleanups and
    fixes which I kept separate to ease review:

    - Support for basic Meta 1 (ATP) and Meta 2 (HTP) core architecture
    - A few fixes all over, particularly for symbol prefixes
    - A few privilege protection fixes
    - Several cleanups (setup.c includes, split out a lot of
    metag_ksyms.c)
    - Fix some missing exports
    - Convert hugetlb to use vm_unmapped_area()
    - Copy device tree to non-init memory
    - Provide dma_get_sgtable()"

    * tag 'metag-v3.9-rc1-v4' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag: (61 commits)
    metag: Provide dma_get_sgtable()
    metag: prom.h: remove declaration of metag_dt_memblock_reserve()
    metag: copy devicetree to non-init memory
    metag: cleanup metag_ksyms.c includes
    metag: move mm/init.c exports out of metag_ksyms.c
    metag: move usercopy.c exports out of metag_ksyms.c
    metag: move setup.c exports out of metag_ksyms.c
    metag: move kick.c exports out of metag_ksyms.c
    metag: move traps.c exports out of metag_ksyms.c
    metag: move irq enable out of irqflags.h on SMP
    genksyms: fix metag symbol prefix on crc symbols
    metag: hugetlb: convert to vm_unmapped_area()
    metag: export clear_page and copy_page
    metag: export metag_code_cache_flush_all
    metag: protect more non-MMU memory regions
    metag: make TXPRIVEXT bits explicit
    metag: kernel/setup.c: sort includes
    perf: Enable building perf tools for Meta
    metag: add boot time LNKGET/LNKSET check
    metag: add __init to metag_cache_probe()
    ...

    Linus Torvalds
     

03 Mar, 2013

2 commits

  • Add [!]METAG to a couple of Kconfig dependencies in lib/Kconfig.debug.
    Don't allow stack utilization instrumentation on metag, and allow
    building with frame pointers.

    Signed-off-by: James Hogan
    Cc: Andrew Morton
    Cc: "Paul E. McKenney"
    Cc: Akinobu Mita
    Cc: Michel Lespinasse
    Cc: Catalin Marinas

    James Hogan
     
  • Pull KGDB/KDB fixes and cleanups from Jason Wessel:
    "For a change we removed more code than we added. If people aren't
    using it we shouldn't be carrying it. :-)

    Cleanups:
    - Remove kdb ssb command - there is no in kernel disassembler to
    support it

    - Remove kdb ll command - Always caused a kernel oops and there were
    no bug reports so no one was using this command

    - Use kernel ARRAY_SIZE macro instead of array computations

    Fixes:
    - Stop oops in kdb if user executes kdb_defcmd with args

    - kdb help command truncated text

    - ppc64 support for kgdbts

    - Add missing kconfig option from original kdb port for dealing with
    catastrophic kernel crashes such that you can reboot automatically
    on continue from kdb"

    * tag 'for_linux-3.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/kgdb:
    kdb: Remove unhandled ssb command
    kdb: Prevent kernel oops with kdb_defcmd
    kdb: Remove the ll command
    kdb_main: fix help print
    kdb: Fix overlap in buffers with strcpy
    Fixed dead ifdef block by adding missing Kconfig option.
    kdb: Setup basic kdb state before invoking commands via kgdb
    kdb: use ARRAY_SIZE where possible
    kgdb/kgdbts: support ppc64
    kdb: A fix for kdb command table expansion

    Linus Torvalds
     

02 Mar, 2013

2 commits

  • Pull new ARC architecture from Vineet Gupta:
    "Initial ARC Linux port with some fixes on top for 3.9-rc1:

    I would like to introduce the Linux port to ARC Processors (from
    Synopsys) for 3.9-rc1. The patch-set has been discussed on the public
    lists since Nov and has received a fair bit of review, specially from
    Arnd, tglx, Al and other subsystem maintainers for DeviceTree, kgdb...

    The arch bits are in arch/arc, some asm-generic changes (acked by
    Arnd), a minor change to PARISC (acked by Helge).

    The series is a touch bigger for a new port for 2 main reasons:

    1. It enables a basic kernel in first sub-series and adds
    ptrace/kgdb/.. later

    2. Some of the fallout of review (DeviceTree support, multi-platform-
    image support) were added on top of orig series, primarily to
    record the revision history.

    This updated pull request additionally contains

    - fixes due to our GNU tools catching up with the new syscall/ptrace
    ABI

    - some (minor) cross-arch Kconfig updates."

    * tag 'arc-v3.9-rc1-late' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: (82 commits)
    ARC: split elf.h into uapi and export it for userspace
    ARC: Fixup the current ABI version
    ARC: gdbserver using regset interface possibly broken
    ARC: Kconfig cleanup tracking cross-arch Kconfig pruning in merge window
    ARC: make a copy of flat DT
    ARC: [plat-arcfpga] DT arc-uart bindings change: "baud" => "current-speed"
    ARC: Ensure CONFIG_VIRT_TO_BUS is not enabled
    ARC: Fix pt_orig_r8 access
    ARC: [3.9] Fallout of hlist iterator update
    ARC: 64bit RTSC timestamp hardware issue
    ARC: Don't fiddle with non-existent caches
    ARC: Add self to MAINTAINERS
    ARC: Provide a default serial.h for uart drivers needing BASE_BAUD
    ARC: [plat-arcfpga] defconfig for fully loaded ARC Linux
    ARC: [Review] Multi-platform image #8: platform registers SMP callbacks
    ARC: [Review] Multi-platform image #7: SMP common code to use callbacks
    ARC: [Review] Multi-platform image #6: cpu-to-dma-addr optional
    ARC: [Review] Multi-platform image #5: NR_IRQS defined by ARC core
    ARC: [Review] Multi-platform image #4: Isolate platform headers
    ARC: [Review] Multi-platform image #3: switch to board callback
    ...

    Linus Torvalds
     
  • Added missing Kconfig option KDB_CONTINUE_CATASTROPHIC which lead to a dead
    ifdef block in kernel/debug/kdb/kdb_main.c:73-75.

    The code using KDB_CONTINUE_CATASTROPHIC was originally introduced in
    commit '5d5314d6795f3c1c0f415348ff8c51f7de042b77' by Jason Wessel.
    This patchset ("kdb: core for kgdb back end (1 of 2)")
    added platform independent part of kdb to the linux kernel.

    The Kernel option however, even though it had the same options and
    behaviour on all supported architectures, was part of the x86 and
    ia64 patchset of KDB and therefore not pulled into the mainline kernel tree.

    I actually took the originally written Kconfig by
    Keith Owens (2003-06-20 according to KDB changelog)
    and changed it to reflect the correct behaviour,
    as the KDUMP patchset is not part of the kernel and the expected
    functionality is missing from it.

    Signed-off-by: Robert Obermeier
    Signed-off-by: Jason Wessel

    Robert Obermeier