10 Oct, 2012
4 commits
-
Signed-off-by: Al Viro
Signed-off-by: Richard Weinberger -
never used by userland-side objects
Signed-off-by: Al Viro
Signed-off-by: Richard Weinberger -
Signed-off-by: Al Viro
Signed-off-by: Richard Weinberger -
Signed-off-by: Al Viro
Signed-off-by: Richard Weinberger
01 Oct, 2012
1 commit
30 Sep, 2012
3 commits
-
IBM reported a deadlock in select_parent(). This was found to be caused
by taking rename_lock when already locked when restarting the tree
traversal.There are two cases when the traversal needs to be restarted:
1) concurrent d_move(); this can only happen when not already locked,
since taking rename_lock protects against concurrent d_move().2) racing with final d_put() on child just at the moment of ascending
to parent; rename_lock doesn't protect against this rare race, so it
can happen when already locked.Because of case 2, we need to be able to handle restarting the traversal
when rename_lock is already held. This patch fixes all three callers of
try_to_ascend().IBM reported that the deadlock is gone with this patch.
[ I rewrote the patch to be smaller and just do the "goto again" if the
lock was already held, but credit goes to Miklos for the real work.
- Linus ]Signed-off-by: Miklos Szeredi
Cc: Al Viro
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds -
Pull IOMMU fixes from Joerg Roedel:
"Two small patches:* One patch to fix the function declarations for
!CONFIG_IOMMU_API. This is causing build errors
in linux-next and should be fixed for v3.6.* Another patch to fix an IOMMU group related NULL pointer
dereference."* tag 'iommu-fixes-v3.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/amd: Fix wrong assumption in iommu-group specific code
iommu: static inline iommu group stub functions -
Pull NVMe driver fixes from Matthew Wilcox:
"Now that actual hardware has been released (don't have any yet
myself), people are starting to want some of these fixes merged."Willy doesn't have hardware? Guys...
* git://git.infradead.org/users/willy/linux-nvme:
NVMe: Cancel outstanding IOs on queue deletion
NVMe: Free admin queue memory on initialisation failure
NVMe: Use ida for nvme device instance
NVMe: Fix whitespace damage in nvme_init
NVMe: handle allocation failure in nvme_map_user_pages()
NVMe: Fix uninitialized iod compiler warning
NVMe: Do not set IO queue depth beyond device max
NVMe: Set block queue max sectors
NVMe: use namespace id for nvme_get_features
NVMe: replace nvme_ns with nvme_dev for user admin
NVMe: Fix nvme module init when nvme_major is set
NVMe: Set request queue logical block size
29 Sep, 2012
5 commits
-
Sasha Levin has been running trinity in a KVM tools guest, and was able
to trigger the BUG_ON() at arch/x86/mm/pat.c:279 (verifying the range of
the memory type). The call trace showed that it was mtdchar_mmap() that
created an invalid remap_pfn_range().The problem is that mtdchar_mmap() does various really odd and subtle
things with the vma page offset etc, and uses the wrong types (and the
wrong overflow) detection for it.For example, the page offset may well be 32-bit on a 32-bit
architecture, but after shifting it up by PAGE_SHIFT, we need to use a
potentially 64-bit resource_size_t to correctly hold the full value.Also, we need to check that the vma length plus offset doesn't overflow
before we check that it is smaller than the length of the mtdmap region.This fixes things up and tries to make the code a bit easier to read.
Reported-and-tested-by: Sasha Levin
Acked-by: Suresh Siddha
Acked-by: Artem Bityutskiy
Cc: David Woodhouse
Cc: linux-mtd@lists.infradead.org
Signed-off-by: Linus Torvalds -
Pull networking fixes from David S Miller:
1) Netfilter xt_limit module can use uninitialized rules, from Jan
Engelhardt.2) Wei Yongjun has found several more spots where error pointers were
treated as NULL/non-NULL and vice versa.3) bnx2x was converted to pci_io{,un}map() but one remaining plain
iounmap() got missed. From Neil Horman.4) Due to a fence-post type error in initialization of inetpeer entries
(which is where we store the ICMP rate limiting information), we can
erroneously drop ICMPs if the inetpeer was created right around when
jiffies wraps.Fix from Nicolas Dichtel.
5) smsc75xx resume fix from Steve Glendinnig.
6) LAN87xx smsc chips need an explicit hardware init, from Marek Vasut.
7) qlcnic uses msleep() with locks held, fix from Narendra K.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
netdev: octeon: fix return value check in octeon_mgmt_init_phy()
inetpeer: fix token initialization
qlcnic: Fix scheduling while atomic bug
bnx2: Clean up remaining iounmap
net: phy: smsc: Implement PHY config_init for LAN87xx
smsc75xx: fix resume after device reset
netdev: pasemi: fix return value check in pasemi_mac_phy_init()
team: fix return value check
l2tp: fix return value check
netfilter: xt_limit: have r->cost != 0 case work -
Pull vfs fixes from Al Viro:
"A couple of fixes; one for automount/lazy umount race, another a
classic "we don't protect the refcount transition to zero with the
lock that protects looking for object in hash" kind of crap in lockd."* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
close the race in nlmsvc_free_block()
do_add_mount()/umount -l races -
Pull UML fixes from Richard Weinberger.
* 'for-linus-3.6-rc-final' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
um: Preinclude include/linux/kern_levels.h
um: Fix IPC on um
um: kill thread->forking
um: let signal_delivered() do SIGTRAP on singlestepping into handler
um: don't leak floating point state and segment registers on execve()
um: take cleaning singlestep to start_thread() -
Pull dm fixes from Alasdair G Kergon:
"A few fixes for problems discovered during the 3.6 cycle.Of particular note, are fixes to the thin target's discard support,
which I hope is finally working correctly; and fixes for multipath
ioctls and device limits when there are no paths."* tag 'dm-3.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-dm:
dm verity: fix overflow check
dm thin: fix discard support for data devices
dm thin: tidy discard support
dm: retain table limits when swapping to new table with no devices
dm table: clear add_random unless all devices have it set
dm: handle requests beyond end of device instead of using BUG_ON
dm mpath: only retry ioctl when no paths if queue_if_no_path set
dm thin: do not set discard_zeroes_data
28 Sep, 2012
27 commits
-
Speculative cache pagecache lookups can elevate the refcount from
under us, so avoid the false positive. If the refcount is < 2 we'll be
notified by a VM_BUG_ON in put_page_testzero as there are two
put_page(src_page) in a row before returning from this function.Signed-off-by: Andrea Arcangeli
Reviewed-by: Rik van Riel
Reviewed-by: Johannes Weiner
Cc: Hugh Dickins
Cc: Mel Gorman
Cc: Petr Holasek
Cc: Andrew Morton
Signed-off-by: Linus Torvalds -
The new IOMMU groups code in the AMD IOMMU driver makes the
assumption that there is a pci_dev struct available for all
device-ids listed in the IVRS ACPI table. Unfortunatly this
assumption is not true and so this code causes a NULL
pointer dereference at boot on some systems.Fix it by making sure the given pointer is never NULL when
passed to the group specific code. The real fix is larger
and will be queued for v3.7.Reported-by: Florian Dazinger
Signed-off-by: Joerg Roedel -
In case of error, the function of_phy_connect() returns NULL
pointer not ERR_PTR(). The IS_ERR() test in the return value
check should be replaced with NULL test.dpatch engine is used to auto generate this patch.
(https://github.com/weiyj/dpatch)Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller -
Pull drm fixes from Dave Airlie:
"The three nouveau fixes quiten unneeded dmesg spam that people are
seeing and pondering,The udl fix stops it from trying to driver monitors that are too big,
where we get a black screen.And a vmware memory alloc problem."
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/nvc0/fifo: ignore bits in PFIFO_INTR that aren't set in PFIFO_INTR_EN
drm/udl: limit modes to the sku pixel limits.
vmwgfx: corruption in vmw_event_fence_action_create()
drm/nvc0/ltcg: mask off intr 0x10
drm/nouveau: silence a debug message triggered by newer userspace -
Pull USB fixes from Greg Kroah-Hartman:
"Here are two USB bugfixes for your 3.6-rc7 tree.The OHCI fix has been reported a number of times and is a regression
from 3.5, and the patch that causes the regression was on the way to
the -stable trees before I was reminded (again) that this fix needed
to get to your tree soon.The host controller bugfix was reported in older kernels as being
pretty easy to trigger, and has been tested by Red Hat and their
customers.Both have been in the usb-next branch in the -next tree for a while
now, I just cherry-picked them out to get to you in time for the 3.6
release.Signed-off-by: Greg Kroah-Hartman "
* tag 'usb-3.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
USB: Fix race condition when removing host controllers
USB: ohci-at91: fix null pointer in ohci_hcd_at91_overcurrent_irq -
Also fix the calls to next_packet_size() for the pause case. This was
missed in 245baf983 ("ALSA: snd-usb: fix calls to next_packet_size").Signed-off-by: Daniel Mack
Reviewed-by: Takashi Iwai
Reported-and-tested-by: Christian Tefzer
Cc: stable@kernel.org
[ Taking directly because Takashi is on vacation - Linus ]
Signed-off-by: Linus Torvalds -
Pull ASoC update from Mark Brown:
"One small and obvious driver-specific fix.Takashi is on vacation now so he asked me to send directly, it's a
pretty bad bug with low regression risk."* tag 'asoc-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound:
ASoC: wm2000: Correct register size -
When jiffies wraps around (for example, 5 minutes after the boot, see
INITIAL_JIFFIES) and peer has just been created, now - peer->rate_last can be
< XRLIM_BURST_FACTOR * timeout, so token is not set to the maximum value, thus
some icmp packets can be unexpectedly dropped.Fix this case by initializing last_rate to 60 seconds in the past.
Signed-off-by: Nicolas Dichtel
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
In the device close path, 'qlcnic_fw_destroy_ctx' and
'qlcnic_poll_rsp' call msleep. But 'qlcnic_fw_destroy_ctx' and
'qlcnic_poll_rsp' are called with 'adapter->tx_clean_lock' spin lock
held resulting in scheduling while atomic bug causing the following
trace.I observed that the commit 012dc19a45b2b9cc2ebd14aaa401cf782c2abba4
from John Fastabend addresses a similar issue in ixgbevf driver.
Adopting the same approach used in the commit, this patch uses mdelay
to address the issue.[79884.999115] BUG: scheduling while atomic: ip/30846/0x00000002
[79885.005562] INFO: lockdep is turned off.
[79885.009958] Modules linked in: qlcnic fuse nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE bnep bluetooth rfkill ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables iptable_nat nf_nat iptable_mangle ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables dcdbas coretemp kvm_intel kvm iTCO_wdt ixgbe iTCO_vendor_support crc32c_intel ghash_clmulni_intel nfsd microcode sb_edac pcspkr edac_core dca bnx2x shpchp auth_rpcgss nfs_acl lpc_ich mfd_core mdio lockd libcrc32c wmi acpi_pad acpi_power_meter sunrpc uinput sd_mod sr_mod cdrom crc_t10dif ahci libahci libata megaraid_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod [last unloaded: qlcnic]
[79885.083608] Pid: 30846, comm: ip Tainted: G W O 3.6.0-rc7+ #1
[79885.090805] Call Trace:
[79885.093569] [] __schedule_bug+0x68/0x76
[79885.099699] [] __schedule+0x99e/0xa00
[79885.105634] [] schedule+0x29/0x70
[79885.111186] [] schedule_timeout+0x16f/0x350
[79885.117724] [] ? init_object+0x4a/0x90
[79885.123770] [] ? __internal_add_timer+0x140/0x140
[79885.130873] [] schedule_timeout_uninterruptible+0x1e/0x20
[79885.138773] [] msleep+0x20/0x30
[79885.144159] [] qlcnic_issue_cmd+0xef/0x290 [qlcnic]
[79885.151478] [] qlcnic_fw_cmd_destroy_rx_ctx+0x55/0x90 [qlcnic]
[79885.159868] [] qlcnic_fw_destroy_ctx+0x2d/0xa0 [qlcnic]
[79885.167576] [] __qlcnic_down+0x11d/0x180 [qlcnic]
[79885.174708] [] qlcnic_close+0x18/0x20 [qlcnic]
[79885.181547] [] __dev_close_many+0x95/0xe0
[79885.187899] [] __dev_close+0x38/0x50
[79885.193761] [] __dev_change_flags+0xa1/0x180
[79885.200419] [] dev_change_flags+0x28/0x70
[79885.206779] [] do_setlink+0x378/0xa00
[79885.212731] [] ? nla_parse+0x31/0xe0
[79885.218612] [] rtnl_newlink+0x37e/0x560
[79885.224768] [] ? selinux_capable+0x39/0x50
[79885.231217] [] ? security_capable+0x18/0x20
[79885.237765] [] rtnetlink_rcv_msg+0x114/0x2f0
[79885.244412] [] ? rtnl_lock+0x17/0x20
[79885.250280] [] ? rtnl_lock+0x17/0x20
[79885.256148] [] ? __rtnl_unlock+0x20/0x20
[79885.262413] [] netlink_rcv_skb+0xa1/0xb0
[79885.268661] [] rtnetlink_rcv+0x25/0x40
[79885.274727] [] netlink_unicast+0x19d/0x220
[79885.281146] [] netlink_sendmsg+0x305/0x3f0
[79885.287595] [] ? sock_update_classid+0x148/0x2e0
[79885.294650] [] sock_sendmsg+0xbc/0xf0
[79885.300600] [] __sys_sendmsg+0x3ac/0x3c0
[79885.306853] [] ? up_read+0x23/0x40
[79885.312510] [] ? do_page_fault+0x2bc/0x570
[79885.318968] [] ? sys_brk+0x44/0x150
[79885.324715] [] ? fget_light+0x24c/0x520
[79885.330875] [] sys_sendmsg+0x49/0x90
[79885.336707] [] system_call_fastpath+0x16/0x1bSigned-off-by: Narendra K
Signed-off-by: David S. Miller -
commit c0357e975afdbbedab5c662d19bef865f02adc17 modified bnx2 to switch from
using ioremap/iounmap to pci_iomap/pci_iounmap. They missed a spot in the error
path of bnx2_init_one though. This patch just cleans that up.Signed-off-by: Neil Horman
CC: Michael Chan
CC: "David S. Miller"
Acked-by: Michael Chan
Signed-off-by: David S. Miller -
Pull one more arm-soc bugfix from Olof Johansson:
"Here's a bugfix for orion5x. Without this, PCI doesn't initialize
properly because of too small coherent pool to cover the allocations
needed.A similar fix has already been done on kirkwood."
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: Orion5x: Fix too small coherent pool. -
Pull ARM dma-mapping fix from Marek Szyprowski:
"This patch fixes a potential memory leak in the ARM dma-mapping code."* 'fixes-for-3.6' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping:
ARM: dma-mapping: Fix potential memory leak in atomic_pool_init() -
Pull GPIO fix from Linus Walleij:
"A late GPIO fix: Roland Stigge found a problem in the LPC32xx driver
where a callback ignores one of its arguments. It needs to go into
stable too so sending this upstream immediately."* tag 'gpio-fixes-v3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio-lpc32xx: Fix value handling of gpio_direction_output() -
Pull two md bugfixes from NeilBrown:
"One (missing spinlock init) was only introduced recently. The other
has been present as long as raid10 has been supported, so is tagged
for -stable."* tag 'md-3.6-fixes' of git://neil.brown.name/md:
md/raid10: fix "enough" function for detecting if array is failed.
md/raid5: add missing spin_lock_init. -
Pull EDAC fixes from Mauro Carvalho Chehab:
"Three edac fixes at the memory enumeration logic:
- i3200_edac: Fixes a regression at the memory rank size, when the
memorias are dual-rank;
- i5000_edac: Fix a longstanding bug when calculating the memory
size: before Kernel 3.6, the memory size were right only
with one specific configuration;
- sb_edac: Fixes a bug since the initial release of the driver:
with 16GB DIMMs, there's an overflow at the memory size,
causing the number of pages per dimm (an unsigned value)
to have the highest bit equal to 1, effectively mangling
the memory size.The third bug can potentially affect the error decoding logic as well."
* git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac:
sb_edac: Avoid overflow errors at memory size calculation
i5000: Fix the memory size calculation with 2R memories
i3200_edac: Fix memory rank size -
"Search list for X" sounds like you're trying to find X on a list.
Signed-off-by: J. Bruce Fields
Signed-off-by: Linus Torvalds -
The LAN8710/LAN8720 chips do have broken the "FlexPWR" smart power-saving
capability. Enabling it leads to the PHY not being able to detect Link when
cold-started without cable connected. Thus, make sure this is disabled.Signed-off-by: Marek Vasut
Cc: Christian Hohnstaedt
Cc: David S. Miller
Cc: Fabio Estevam
Cc: Giuseppe Cavallaro
Cc: Otavio Salvador
Acked-by: Otavio Salvador
Signed-off-by: David S. Miller -
On some systems this device fails to properly resume after suspend,
this patch fixes it by running the usbnet_resume handler.I suspect this also fixes this bug:
http://code.google.com/p/chromium-os/issues/detail?id=31871
Signed-off-by: Steve Glendinning
Signed-off-by: David S. Miller -
The userspace part of UML uses the asm-offsets.h generator mechanism to
create definitions for UM_KERN_ that match the in-kernel
KERN_ constant definitions.As of commit 04d2c8c83d0e3ac5f78aeede51babb3236200112 ("printk: convert
the format for KERN_ to a 2 byte pattern"), KERN_ is no
longer expanded to the literal '""', but to '"\001" "LEVEL"', i.e.
it contains two parts.However, the combo of DEFINE_STR() in
arch/x86/um/shared/sysdep/kernel-offsets.h and sed-y in Kbuild doesn't
support string literals consisting of multiple parts. Hence for all
UM_KERN_ definitions, only the SOH character is retained in the actual
definition, while the remainder ends up in the comment. E.g. in
include/generated/asm-offsets.h we get#define UM_KERN_INFO "\001" /* "6" KERN_INFO */
instead of
#define UM_KERN_INFO "\001" "6" /* KERN_INFO */
This causes spurious '^A' output in some kernel messages:
Calibrating delay loop... 4640.76 BogoMIPS (lpj=23203840)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 256
^AChecking that host ptys support output SIGIO...Yes
^AChecking that host ptys support SIGIO on close...No, enabling workaround
^AUsing 2.6 host AIO
NET: Registered protocol family 16
bio: create slab at 0
Switching to clocksource itimerTo fix this:
- Move the mapping from UM_KERN_ to KERN_ from
arch/um/include/shared/common-offsets.h to
arch/um/include/shared/user.h, which is preincluded for all userspace
parts,
- Preinclude include/linux/kern_levels.h for all userspace parts, to
obtain the in-kernel KERN_ constant definitions. This doesn't
violate the kernel/userspace separation, as include/linux/kern_levels.h
is self-contained and doesn't expose any other kernel internals.
- Remove the now unused STR() and DEFINE_STR() macros.Signed-off-by: Geert Uytterhoeven
Signed-off-by: Richard Weinberger -
commit c1d7e01d (ipc: use Kconfig options for __ARCH_WANT_[COMPAT_]IPC_PARSE_VERSION)
forgot UML and broke IPC on it.
Also UML has to select ARCH_WANT_IPC_PARSE_VERSION usin Kconfig.Reported-and-tested-by:
Signed-off-by: Richard Weinberger -
In case of error, the function of_phy_connect() returns NULL
pointer not ERR_PTR(). The IS_ERR() test in the return value
check should be replaced with NULL test.dpatch engine is used to auto generate this patch.
(https://github.com/weiyj/dpatch)Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller -
In case of error, the function genlmsg_put() returns NULL pointer
not ERR_PTR(). The IS_ERR() test in the return value check should
be replaced with NULL test.dpatch engine is used to auto generate this patch.
(https://github.com/weiyj/dpatch)Signed-off-by: Wei Yongjun
Acked-by: Jiri Pirko
Signed-off-by: David S. Miller -
In case of error, the function genlmsg_put() returns NULL pointer
not ERR_PTR(). The IS_ERR() test in the return value check should
be replaced with NULL test.dpatch engine is used to auto generate this patch.
(https://github.com/weiyj/dpatch)Signed-off-by: Wei Yongjun
Signed-off-by: David S. Miller -
Pablo Neira Ayuso says:
====================
If time allows, I'd appreciate if you can take the following fix
for the xt_limit match.As Jan indicates, random things may occur while using the xt_limit
match due to use of uninitialized memory.
====================Signed-off-by: David S. Miller
-
This patch (as1607) fixes a race that can occur if a USB host
controller is removed while a process is reading the
/sys/kernel/debug/usb/devices file.The usb_device_read() routine uses the bus->root_hub pointer to
determine whether or not the root hub is registered. The is not a
valid test, because the pointer is set before the root hub gets
registered and remains set even after the root hub is unregistered and
deallocated. As a result, usb_device_read() or usb_device_dump() can
access freed memory, causing an oops.The patch changes the test to use the hcd->rh_registered flag, which
does get set and cleared at the appropriate times. It also makes sure
to hold the usb_bus_list_lock mutex while setting the flag, so that
usb_device_read() will become aware of new root hubs as soon as they
are registered.Signed-off-by: Alan Stern
Reported-by: Don Zickus
Cc: stable
Signed-off-by: Greg Kroah-Hartman -
Fixes the following NULL pointer dereference:
[ 7.740000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 7.810000] Unable to handle kernel NULL pointer dereference at virtual address 00000028
[ 7.810000] pgd = c3a38000
[ 7.810000] [00000028] *pgd=23a8c831, *pte=00000000, *ppte=00000000
[ 7.810000] Internal error: Oops: 17 [#1] PREEMPT ARM
[ 7.810000] Modules linked in: ohci_hcd(+) regmap_i2c snd_pcm usbcore snd_page_alloc at91_cf snd_timer pcmcia_rsrc snd soundcore gpio_keys regmap_spi pcmcia_core usb_common nls_base
[ 7.810000] CPU: 0 Not tainted (3.6.0-rc6-mpa+ #264)
[ 7.810000] PC is at __gpio_to_irq+0x18/0x40
[ 7.810000] LR is at ohci_hcd_at91_overcurrent_irq+0x24/0xb4 [ohci_hcd]
[ 7.810000] pc : [] lr : [] psr: 40000093
[ 7.810000] sp : c3a11c40 ip : c3a11c50 fp : c3a11c4c
[ 7.810000] r10: 00000000 r9 : c02dcd6e r8 : fefff400
[ 7.810000] r7 : 00000000 r6 : c02cc928 r5 : 00000030 r4 : c02dd168
[ 7.810000] r3 : c02e7350 r2 : ffffffea r1 : c02cc928 r0 : 00000000
[ 7.810000] Flags: nZcv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 7.810000] Control: c000717f Table: 23a38000 DAC: 00000015
[ 7.810000] Process modprobe (pid: 285, stack limit = 0xc3a10270)
[ 7.810000] Stack: (0xc3a11c40 to 0xc3a12000)
[ 7.810000] 1c40: c3a11c6c c3a11c50 bf08f694 c01392cc c3a11c84 c2c38b00 c3806900 00000030
[ 7.810000] 1c60: c3a11ca4 c3a11c70 c0051264 bf08f680 c3a11cac c3a11c80 c003e764 c3806900
[ 7.810000] 1c80: c2c38b00 c02cb05c c02cb000 fefff400 c3806930 c3a11cf4 c3a11cbc c3a11ca8
[ 7.810000] 1ca0: c005142c c005123c c3806900 c3805a00 c3a11cd4 c3a11cc0 c0053f24 c00513e4
[ 7.810000] 1cc0: c3a11cf4 00000030 c3a11cec c3a11cd8 c005120c c0053e88 00000000 00000000
[ 7.810000] 1ce0: c3a11d1c c3a11cf0 c00124d0 c00511e0 01400000 00000001 00000012 00000000
[ 7.810000] 1d00: ffffffff c3a11d94 00000030 00000000 c3a11d34 c3a11d20 c005120c c0012438
[ 7.810000] 1d20: c001dac4 00000012 c3a11d4c c3a11d38 c0009b08 c00511e0 c00523fc 60000013
[ 7.810000] 1d40: c3a11d5c c3a11d50 c0008510 c0009ab4 c3a11ddc c3a11d60 c0008eb4 c00084f0
[ 7.810000] 1d60: 00000000 00000030 00000000 00000080 60000013 bf08f670 c3806900 c2c38b00
[ 7.810000] 1d80: 00000030 c3806930 00000000 c3a11ddc c3a11d88 c3a11da8 c0054190 c00523fc
[ 7.810000] 1da0: 60000013 ffffffff c3a11dec c3a11db8 00000000 c2c38b00 bf08f670 c3806900
[ 7.810000] 1dc0: 00000000 00000080 c02cc928 00000030 c3a11e0c c3a11de0 c0052764 c00520d8
[ 7.810000] 1de0: c3a11dfc 00000000 00000000 00000002 bf090f61 00000004 c02cc930 c02cc928
[ 7.810000] 1e00: c3a11e4c c3a11e10 bf090978 c005269c bf090f61 c02cc928 bf093000 c02dd170
[ 7.810000] 1e20: c3a11e3c c02cc930 c02cc930 bf0911d0 bf0911d0 bf093000 c3a10000 00000000
[ 7.810000] 1e40: c3a11e5c c3a11e50 c0155b7c bf090808 c3a11e7c c3a11e60 c0154690 c0155b6c
[ 7.810000] 1e60: c02cc930 c02cc964 bf0911d0 c3a11ea0 c3a11e9c c3a11e80 c015484c c01545e8
[ 7.810000] 1e80: 00000000 00000000 c01547e4 bf0911d0 c3a11ec4 c3a11ea0 c0152e58 c01547f4
[ 7.810000] 1ea0: c381b88c c384ab10 c2c10540 bf0911d0 00000000 c02d7518 c3a11ed4 c3a11ec8
[ 7.810000] 1ec0: c01544c0 c0152e0c c3a11efc c3a11ed8 c01536cc c01544b0 bf091075 c3a11ee8
[ 7.810000] 1ee0: bf049af0 bf09120c bf0911d0 00000000 c3a11f1c c3a11f00 c0154e9c c0153628
[ 7.810000] 1f00: bf049af0 bf09120c 000ae190 00000000 c3a11f2c c3a11f20 c0155f58 c0154e04
[ 7.810000] 1f20: c3a11f44 c3a11f30 bf093054 c0155f1c 00000000 00006a4f c3a11f7c c3a11f48
[ 7.810000] 1f40: c0008638 bf093010 bf09120c 000ae190 00000000 c00093c4 00006a4f bf09120c
[ 7.810000] 1f60: 000ae190 00000000 c00093c4 00000000 c3a11fa4 c3a11f80 c004fdc4 c000859c
[ 7.810000] 1f80: c3a11fa4 000ae190 00006a4f 00016eb8 000ad018 00000080 00000000 c3a11fa8
[ 7.810000] 1fa0: c0009260 c004fd58 00006a4f 00016eb8 000ae190 00006a4f 000ae100 00000000
[ 7.810000] 1fc0: 00006a4f 00016eb8 000ad018 00000080 000adba0 000ad208 00000000 000ad3d8
[ 7.810000] 1fe0: beaf7ae8 beaf7ad8 000172b8 b6e4e940 20000010 000ae190 00000000 00000000
[ 7.810000] Backtrace:
[ 7.810000] [] (__gpio_to_irq+0x0/0x40) from [] (ohci_hcd_at91_overcurrent_irq+0x24/0xb4 [ohci_hcd])
[ 7.810000] [] (ohci_hcd_at91_overcurrent_irq+0x0/0xb4 [ohci_hcd]) from [] (handle_irq_event_percpu+0x38/0x1a8)
[ 7.810000] r6:00000030 r5:c3806900 r4:c2c38b00
[ 7.810000] [] (handle_irq_event_percpu+0x0/0x1a8) from [] (handle_irq_event+0x58/0x7c)
[ 7.810000] [] (handle_irq_event+0x0/0x7c) from [] (handle_simple_irq+0xac/0xd8)
[ 7.810000] r5:c3805a00 r4:c3806900
[ 7.810000] [] (handle_simple_irq+0x0/0xd8) from [] (generic_handle_irq+0x3c/0x48)
[ 7.810000] r4:00000030
[ 7.810000] [] (generic_handle_irq+0x0/0x48) from [] (gpio_irq_handler+0xa8/0xfc)
[ 7.810000] r4:00000000
[ 7.810000] [] (gpio_irq_handler+0x0/0xfc) from [] (generic_handle_irq+0x3c/0x48)
[ 7.810000] [] (generic_handle_irq+0x0/0x48) from [] (handle_IRQ+0x64/0x88)
[ 7.810000] r4:00000012
[ 7.810000] [] (handle_IRQ+0x0/0x88) from [] (at91_aic_handle_irq+0x30/0x38)
[ 7.810000] r5:60000013 r4:c00523fc
[ 7.810000] [] (at91_aic_handle_irq+0x0/0x38) from [] (__irq_svc+0x34/0x60)
[ 7.810000] Exception stack(0xc3a11d60 to 0xc3a11da8)
[ 7.810000] 1d60: 00000000 00000030 00000000 00000080 60000013 bf08f670 c3806900 c2c38b00
[ 7.810000] 1d80: 00000030 c3806930 00000000 c3a11ddc c3a11d88 c3a11da8 c0054190 c00523fc
[ 7.810000] 1da0: 60000013 ffffffff
[ 7.810000] [] (__setup_irq+0x0/0x458) from [] (request_threaded_irq+0xd8/0x134)
[ 7.810000] [] (request_threaded_irq+0x0/0x134) from [] (ohci_hcd_at91_drv_probe+0x180/0x41c [ohci_hcd])
[ 7.810000] [] (ohci_hcd_at91_drv_probe+0x0/0x41c [ohci_hcd]) from [] (platform_drv_probe+0x20/0x24)
[ 7.810000] [] (platform_drv_probe+0x0/0x24) from [] (driver_probe_device+0xb8/0x20c)
[ 7.810000] [] (driver_probe_device+0x0/0x20c) from [] (__driver_attach+0x68/0x88)
[ 7.810000] r7:c3a11ea0 r6:bf0911d0 r5:c02cc964 r4:c02cc930
[ 7.810000] [] (__driver_attach+0x0/0x88) from [] (bus_for_each_dev+0x5c/0x9c)
[ 7.810000] r6:bf0911d0 r5:c01547e4 r4:00000000
[ 7.810000] [] (bus_for_each_dev+0x0/0x9c) from [] (driver_attach+0x20/0x28)
[ 7.810000] r7:c02d7518 r6:00000000 r5:bf0911d0 r4:c2c10540
[ 7.810000] [] (driver_attach+0x0/0x28) from [] (bus_add_driver+0xb4/0x22c)
[ 7.810000] [] (bus_add_driver+0x0/0x22c) from [] (driver_register+0xa8/0x144)
[ 7.810000] r7:00000000 r6:bf0911d0 r5:bf09120c r4:bf049af0
[ 7.810000] [] (driver_register+0x0/0x144) from [] (platform_driver_register+0x4c/0x60)
[ 7.810000] r7:00000000 r6:000ae190 r5:bf09120c r4:bf049af0
[ 7.810000] [] (platform_driver_register+0x0/0x60) from [] (ohci_hcd_mod_init+0x54/0x8c [ohci_hcd])
[ 7.810000] [] (ohci_hcd_mod_init+0x0/0x8c [ohci_hcd]) from [] (do_one_initcall+0xac/0x174)
[ 7.810000] r4:00006a4f
[ 7.810000] [] (do_one_initcall+0x0/0x174) from [] (sys_init_module+0x7c/0x1a0)
[ 7.810000] [] (sys_init_module+0x0/0x1a0) from [] (ret_fast_syscall+0x0/0x2c)
[ 7.810000] r7:00000080 r6:000ad018 r5:00016eb8 r4:00006a4f
[ 7.810000] Code: e24cb004 e59f3028 e1a02000 e7930180 (e5903028)
[ 7.810000] ---[ end trace 85aa37ed128143b5 ]---
[ 7.810000] Kernel panic - not syncing: Fatal exception in interruptCommit 6fffb77c (USB: ohci-at91: fix PIO handling in relation with number of
ports) started setting unused pins to EINVAL. But this exposed a bug in the
ohci_hcd_at91_overcurrent_irq function where the gpio was used without being
checked to see if it is valid.This patches fixed the issue by adding the gpio valid check.
Signed-off-by: Joachim Eastwood
Cc: stable # [3.4+] whereever 6fffb77c went
Signed-off-by: Greg Kroah-Hartman -
we only use that to tell copy_thread() done by syscall from that
done by kernel_thread(). However, it's easier to do simply by
checking PF_KTHREAD in thread flags.Merge sys_clone() guts for 32bit and 64bit, while we are at it...
Signed-off-by: Al Viro
