10 Dec, 2011
40 commits
-
[ Upstream commit 1ee5fa1e9970a16036e37c7b9d5ce81c778252fc ]
Le mercredi 30 novembre 2011 à 14:36 -0800, Stephen Hemminger a écrit :
> (Almost) nobody uses RED because they can't figure it out.
> According to Wikipedia, VJ says that:
> "there are not one, but two bugs in classic RED."RED is useful for high throughput routers, I doubt many linux machines
act as such devices.I was considering adding Adaptative RED (Sally Floyd, Ramakrishna
Gummadi, Scott Shender), August 2001In this version, maxp is dynamic (from 1% to 50%), and user only have to
setup min_th (target average queue size)
(max_th and wq (burst in linux RED) are automatically setup)By the way it seems we have a small bug in red_change()
if (skb_queue_empty(&sch->q))
red_end_of_idle_period(&q->parms);First, if queue is empty, we should call
red_start_of_idle_period(&q->parms);Second, since we dont use anymore sch->q, but q->qdisc, the test is
meaningless.Oh well...
[PATCH] sch_red: fix red_change()
Now RED is classful, we must check q->qdisc->q.qlen, and if queue is empty,
we start an idle period, not end it.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit ea6a5d3b97b768561db6358f15e4c84ced0f4f7e ]
Since commit a4a710c4a7490587 (pkt_sched: Change PSCHED_SHIFT from 10 to
6) it seems RED/GRED are broken.red_calc_qavg_from_idle_time() computes a delay in us units, but this
delay is now 16 times bigger than real delay, so the final qavg result
smaller than expected.Use standard kernel time services since there is no need to obfuscate
them.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit f61759e6b831a55b89e584b198c3da325e2bc379 ]
__mkroute_output fails to work with the original tos
and uses value with stripped RTO_ONLINK bit. Make sure we put
the original TOS bits into rt_key_tos because it used to match
cached route.Signed-off-by: Julian Anastasov
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit efbc368dcc6426d5430b9b8eeda944cf2cb74b8c,
incorporating a follow-on change to prevent an OOPS ]Otherwise we won't notice the peer GENID change.
Reported-by: Steffen Klassert
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit de68dca1816660b0d3ac89fa59ffb410007a143f ]
Now inetpeer is the place where we cache redirect information for ipv4
destinations, we must be able to invalidate informations when a route is
added/removed on host.As inetpeer is not yet namespace aware, this patch adds a shared
redirect_genid, and a per inetpeer redirect_genid. This might be changed
later if inetpeer becomes ns aware.Cache information for one inerpeer is valid as long as its
redirect_genid has the same value than global redirect_genid.Reported-by: Arkadiusz Miśkiewicz
Tested-by: Arkadiusz Miśkiewicz
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 9cc20b268a5a14f5e57b8ad405a83513ab0d78dc ]
commit f39925dbde77 (ipv4: Cache learned redirect information in
inetpeer.) introduced a regression in ICMP redirect handling.It assumed ipv4_dst_check() would be called because all possible routes
were attached to the inetpeer we modify in ip_rt_redirect(), but thats
not true.commit 7cc9150ebe (route: fix ICMP redirect validation) tried to fix
this but solution was not complete. (It fixed only one route)So we must lookup existing routes (including different TOS values) and
call check_peer_redir() on them.Reported-by: Ivan Zahariev
Signed-off-by: Eric Dumazet
CC: Flavio Leitner
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 7cc9150ebe8ec06cafea9f1c10d92ddacf88d8ae ]
The commit f39925dbde7788cfb96419c0f092b086aa325c0f
(ipv4: Cache learned redirect information in inetpeer.)
removed some ICMP packet validations which are required by
RFC 1122, section 3.2.2.2:
...
A Redirect message SHOULD be silently discarded if the new
gateway address it specifies is not on the same connected
(sub-) net through which the Redirect arrived [INTRO:2,
Appendix A], or if the source of the Redirect is not the
current first-hop gateway for the specified destination (see
Section 3.3.1).Signed-off-by: Flavio Leitner
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 59445b6b1f90b97c4e28062b96306bacfa4fb170 ]
In func ipv4_dst_check,check_peer_pmtu should be called only when peer is updated.
So,if the peer is not updated in ip_rt_frag_needed,we can not inc __rt_peer_genid.Signed-off-by: Gao feng
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit f7e57044eeb1841847c24aa06766c8290c202583 ]
We need rcu_read_lock() protection before using dst_get_neighbour(), and
we must cache its value (pass it to __teql_resolve())teql_master_xmit() is called under rcu_read_lock_bh() protection, its
not enough.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 1d36cb479f204a0fedc1a3e7ce7b32c0a2c48769 ]
when use dst_get_neighbour to get neighbour, we need
rcu_read_lock to protect, since dst_get_neighbour uses
rcu_dereference.Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 218fa90f072e4aeff9003d57e390857f4f35513e ]
After commit f2c31e32b378 (fix NULL dereferences in check_peer_redir()),
dst_get_neighbour() should be guarded by rcu_read_lock() /
rcu_read_unlock() section.Reported-by: Miles Lane
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit b12f62efb8ec0b9523bdb6c2d412c07193086de9 ]
When opt->srr_is_hit is set skb_rtable(skb) has been updated for
'nexthop' and iph->daddr should always equals to skb_rtable->rt_dst
holds, We need update iph->daddr either.Signed-off-by: Li Wei
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit b7ea81a58adc123a4e980cb0eff9eb5c144b5dc7 ]
The AH4/6 ahash input callbacks read out the nexthdr field from the AH
header *after* they overwrite that header. This is obviously not going
to end well. Fix it up.Signed-off-by: Nick Bowler
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 069294e813ed5f27f82613b027609bcda5f1b914 ]
The AH4/6 ahash output callbacks pass nexthdr to xfrm_output_resume
instead of the error code. This appears to be a copy+paste error from
the input case, where nexthdr is expected. This causes the driver to
continuously add AH headers to the datagram until either an allocation
fails and the packet is dropped or the ahash driver hits a synchronous
fallback and the resulting monstrosity is transmitted.Correct this issue by simply passing the error code unadulterated.
Signed-off-by: Nick Bowler
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
commit de28f25e8244c7353abed8de0c7792f5f883588c upstream.
If a device is shutdown, then there might be a pending interrupt,
which will be processed after we reenable interrupts, which causes the
original handler to be run. If the old handler is the (broadcast)
periodic handler the shutdown state might hang the kernel completely.Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman -
commit b1f919664d04a8d0ba29cb76673c7ca3325a2006 upstream.
In order to leave a margin of 12.5% we should >> 3 not >> 5.
Signed-off-by: Yang Honggang (Joseph)
[jstultz: Modified commit subject]
Signed-off-by: John Stultz
Signed-off-by: Greg Kroah-Hartman -
commit 87121ca504fd1d963a66b3fb0c72054b0fd9a177 upstream.
Oprofile may crash in a KVM guest while unlaoding modules. This
happens if oprofile_arch_init() fails and oprofile switches to the hr
timer mode as a fallback. In this case oprofile_arch_exit() is called,
but it never was initialized properly which causes the crash. This
patch fixes this.oprofile: using timer interrupt.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [] unregister_syscore_ops+0x41/0x58
PGD 41da3f067 PUD 41d80e067 PMD 0
Oops: 0002 [#1] PREEMPT SMP
CPU 5
Modules linked in: oprofile(-)Pid: 2382, comm: modprobe Not tainted 3.1.0-rc7-00018-g709a39d #18 Advanced Micro Device Anaheim/Anaheim
RIP: 0010:[] [] unregister_syscore_ops+0x41/0x58
RSP: 0018:ffff88041de1de98 EFLAGS: 00010296
RAX: 0000000000000000 RBX: ffffffffa00060e0 RCX: dead000000200200
RDX: 0000000000000000 RSI: dead000000100100 RDI: ffffffff8178c620
RBP: ffff88041de1dea8 R08: 0000000000000001 R09: 0000000000000082
R10: 0000000000000000 R11: ffff88041de1dde8 R12: 0000000000000080
R13: fffffffffffffff5 R14: 0000000000000001 R15: 0000000000610210
FS: 00007f9ae5bef700(0000) GS:ffff88042fd40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000008 CR3: 000000041ca44000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process modprobe (pid: 2382, threadinfo ffff88041de1c000, task ffff88042db6d040)
Stack:
ffff88041de1deb8 ffffffffa0006770 ffff88041de1deb8 ffffffffa000251e
ffff88041de1dec8 ffffffffa00022c2 ffff88041de1ded8 ffffffffa0004993
ffff88041de1df78 ffffffff81073115 656c69666f72706f 0000000000610200
Call Trace:
[] op_nmi_exit+0x15/0x17 [oprofile]
[] oprofile_arch_exit+0xe/0x10 [oprofile]
[] oprofile_exit+0x13/0x15 [oprofile]
[] sys_delete_module+0x1c3/0x22f
[] ? trace_hardirqs_on_thunk+0x3a/0x3f
[] system_call_fastpath+0x16/0x1b
Code: 20 c6 78 81 e8 c5 cc 23 00 48 8b 13 48 8b 43 08 48 be 00 01 10 00 00 00 ad de 48 b9 00 02 20 00 00 00 ad de 48 c7 c7 20 c6 78 81
89 42 08 48 89 10 48 89 33 48 89 4b 08 e8 a6 c0 23 00 5a 5b
RIP [] unregister_syscore_ops+0x41/0x58
RSP
CR2: 0000000000000008
---[ end trace 06d4e95b6aa3b437 ]---Signed-off-by: Robert Richter
Signed-off-by: Greg Kroah-Hartman -
commit bbbf7af4bf8fc69bc751818cf30521080fa47dcb upstream.
If cpu A calls jump_label_inc() just after atomic_add_return() is
called by cpu B, atomic_inc_not_zero() will return value greater then
zero and jump_label_inc() will return to a caller before jump_label_update()
finishes its job on cpu B.Link: http://lkml.kernel.org/r/20111018175551.GH17571@redhat.com
Cc: Peter Zijlstra
Acked-by: Jason Baron
Signed-off-by: Gleb Natapov
Signed-off-by: Steven Rostedt
Signed-off-by: Greg Kroah-Hartman -
commit d06c27b22aa66e48e32f03f9387328a9af9b0625 upstream.
A update is made to the sched:sched_switch event that adds some
logic to the first parameter of the __print_flags() that shows the
state of tasks. This change cause perf to fail parsing the flags.A simple fix is needed to have the parser be able to process ops
within the argument.Reported-by: Andrew Vagin
Signed-off-by: Steven Rostedt
Signed-off-by: Greg Kroah-Hartman -
commit c1be84309c58b1e7c6d626e28fba41a22b364c3d upstream.
When a better rated broadcast device is installed, then the current
active device is not disabled, which results in two running broadcast
devices.Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman -
commit cb59974742aea24adf6637eb0c4b8e7b48bca6fb upstream.
Fix a bug introduced by e9dbfae5, which prevents event_subsystem from
ever being released.Ref_count was added to keep track of subsystem users, not for counting
events. Subsystem is created with ref_count = 1, so there is no need to
increment it for every event, we have nr_events for that. Fix this by
touching ref_count only when we actually have a new user -
subsystem_open().Signed-off-by: Ilya Dryomov
Link: http://lkml.kernel.org/r/1320052062-7846-1-git-send-email-idryomov@gmail.com
Signed-off-by: Steven Rostedt
Signed-off-by: Greg Kroah-Hartman -
commit 6a8943d9ec2567572fca25cf69ad45844d0141a3 upstream.
The current code checks if abs(delta_delta.tv_sec) is greater or
equal to two before it discards the old delta value, but this can
trigger at close to -1 seconds since -1.000000001 seconds is stored
as tv_sec -2 and tv_nsec 999999999 in a normalized timespec.rtc_resume had an early return check if the rtc value had not changed
since rtc_suspend. This effectivly stops time for the duration of the
short sleep. Check if sleep_time is positive after all the adjustments
have been applied instead since this allows the old_system adjustment
in rtc_suspend to have an effect even for short sleep cycles.Signed-off-by: Arve Hjønnevåg
Signed-off-by: John Stultz
Signed-off-by: Greg Kroah-Hartman -
commit c0afabd3d553c521e003779c127143ffde55a16f upstream.
Currently, the RTC code does not disable the alarm in the hardware.
This means that after a sequence such as the one below (the files are in the
RTC sysfs), the box will boot up after 2 minutes even though we've
asked for the alarm to be turned off.# echo $((`cat since_epoch`)+120) > wakealarm
# echo 0 > wakealarm
# poweroffFix this by disabling the alarm when there are no timers to run.
Cc: John Stultz
Signed-off-by: Rabin Vincent
Signed-off-by: John Stultz
Signed-off-by: Greg Kroah-Hartman -
commit d3d9acf646679c1981032b0985b386d12fccc60c upstream.
ftrace_event_call->filter is sched RCU protected but didn't use
rcu_assign_pointer(). Use it.TODO: Add proper __rcu annotation to call->filter and all its users.
-v2: Use RCU_INIT_POINTER() for %NULL clearing as suggested by Eric.
Link: http://lkml.kernel.org/r/20111123164949.GA29639@google.com
Cc: Eric Dumazet
Cc: Frederic Weisbecker
Cc: Jiri Olsa
Signed-off-by: Tejun Heo
Signed-off-by: Steven Rostedt
Signed-off-by: Greg Kroah-Hartman -
commit c7c6ec8becaf742b223c7b491f4893014be23a07 upstream.
A forced undef of a config value was used for testing and was
accidently left in during the final commit. This causes x86 to
run slower than needed while running function tracing as well
as causes the function graph selftest to fail when DYNMAIC_FTRACE
is not set. This is because the code in MCOUNT expects the ftrace
code to be processed with the config value set that happened to
be forced not set.The forced config option was left in by:
commit 6331c28c962561aee59e5a493b7556a4bb585957
ftrace: Fix dynamic selftest failure on some archsLink: http://lkml.kernel.org/r/20111102150255.GA6973@debian
Reported-by: Rabin Vincent
Signed-off-by: Steven Rostedt
Signed-off-by: Greg Kroah-Hartman -
commit 274b89ca3b006926cb9b45d78ab5906f4c0fc0aa upstream.
Group keys in IBSS or AP mode are not programmed
into the device since we give the key to it with
every TX packet. However, we do need mac80211 to
create the MMIC & PN in all cases. Move the code
around to set the key flags all the time. We set
them even when the key is removed again but that
is obviously harmless.Reported-by: Reinette Chatre
Signed-off-by: Johannes Berg
Signed-off-by: Wey-Yi Guy
Signed-off-by: John W. Linville
Signed-off-by: Greg Kroah-Hartman -
commit 34a5b4b6af104cf18eb50748509528b9bdbc4036 upstream.
The ht40 setting should not change after association unless channel switch
This fix a problem we are seeing which cause uCode assert because driver
sending invalid information and make uCode confuseHere is the firmware assert message:
kernel: iwlagn 0000:03:00.0: Microcode SW error detected. Restarting 0x82000000.
kernel: iwlagn 0000:03:00.0: Loaded firmware version: 17.168.5.3 build 42301
kernel: iwlagn 0000:03:00.0: Start IWL Error Log Dump:
kernel: iwlagn 0000:03:00.0: Status: 0x000512E4, count: 6
kernel: iwlagn 0000:03:00.0: 0x00002078 | ADVANCED_SYSASSERT
kernel: iwlagn 0000:03:00.0: 0x00009514 | uPc
kernel: iwlagn 0000:03:00.0: 0x00009496 | branchlink1
kernel: iwlagn 0000:03:00.0: 0x00009496 | branchlink2
kernel: iwlagn 0000:03:00.0: 0x0000D1F2 | interruptlink1
kernel: iwlagn 0000:03:00.0: 0x00000000 | interruptlink2
kernel: iwlagn 0000:03:00.0: 0x01008035 | data1
kernel: iwlagn 0000:03:00.0: 0x0000C90F | data2
kernel: iwlagn 0000:03:00.0: 0x000005A7 | line
kernel: iwlagn 0000:03:00.0: 0x5080B520 | beacon time
kernel: iwlagn 0000:03:00.0: 0xCC515AE0 | tsf low
kernel: iwlagn 0000:03:00.0: 0x00000003 | tsf hi
kernel: iwlagn 0000:03:00.0: 0x00000000 | time gp1
kernel: iwlagn 0000:03:00.0: 0x29703BF0 | time gp2
kernel: iwlagn 0000:03:00.0: 0x00000000 | time gp3
kernel: iwlagn 0000:03:00.0: 0x000111A8 | uCode version
kernel: iwlagn 0000:03:00.0: 0x000000B0 | hw version
kernel: iwlagn 0000:03:00.0: 0x00480303 | board version
kernel: iwlagn 0000:03:00.0: 0x09E8004E | hcmd
kernel: iwlagn 0000:03:00.0: CSR values:
kernel: iwlagn 0000:03:00.0: (2nd byte of CSR_INT_COALESCING is CSR_INT_PERIODIC_REG)
kernel: iwlagn 0000:03:00.0: CSR_HW_IF_CONFIG_REG: 0X00480303
kernel: iwlagn 0000:03:00.0: CSR_INT_COALESCING: 0X0000ff40
kernel: iwlagn 0000:03:00.0: CSR_INT: 0X00000000
kernel: iwlagn 0000:03:00.0: CSR_INT_MASK: 0X00000000
kernel: iwlagn 0000:03:00.0: CSR_FH_INT_STATUS: 0X00000000
kernel: iwlagn 0000:03:00.0: CSR_GPIO_IN: 0X00000030
kernel: iwlagn 0000:03:00.0: CSR_RESET: 0X00000000
kernel: iwlagn 0000:03:00.0: CSR_GP_CNTRL: 0X080403c5
kernel: iwlagn 0000:03:00.0: CSR_HW_REV: 0X000000b0
kernel: iwlagn 0000:03:00.0: CSR_EEPROM_REG: 0X07d60ffd
kernel: iwlagn 0000:03:00.0: CSR_EEPROM_GP: 0X90000001
kernel: iwlagn 0000:03:00.0: CSR_OTP_GP_REG: 0X00030001
kernel: iwlagn 0000:03:00.0: CSR_GIO_REG: 0X00080044
kernel: iwlagn 0000:03:00.0: CSR_GP_UCODE_REG: 0X000093bb
kernel: iwlagn 0000:03:00.0: CSR_GP_DRIVER_REG: 0X00000000
kernel: iwlagn 0000:03:00.0: CSR_UCODE_DRV_GP1: 0X00000000
kernel: iwlagn 0000:03:00.0: CSR_UCODE_DRV_GP2: 0X00000000
kernel: iwlagn 0000:03:00.0: CSR_LED_REG: 0X00000078
kernel: iwlagn 0000:03:00.0: CSR_DRAM_INT_TBL_REG: 0X88214dd2
kernel: iwlagn 0000:03:00.0: CSR_GIO_CHICKEN_BITS: 0X27800200
kernel: iwlagn 0000:03:00.0: CSR_ANA_PLL_CFG: 0X00000000
kernel: iwlagn 0000:03:00.0: CSR_HW_REV_WA_REG: 0X0001001a
kernel: iwlagn 0000:03:00.0: CSR_DBG_HPET_MEM_REG: 0Xffff0010
kernel: iwlagn 0000:03:00.0: FH register values:
kernel: iwlagn 0000:03:00.0: FH_RSCSR_CHNL0_STTS_WPTR_REG: 0X21316d00
kernel: iwlagn 0000:03:00.0: FH_RSCSR_CHNL0_RBDCB_BASE_REG: 0X021479c0
kernel: iwlagn 0000:03:00.0: FH_RSCSR_CHNL0_WPTR: 0X00000060
kernel: iwlagn 0000:03:00.0: FH_MEM_RCSR_CHNL0_CONFIG_REG: 0X80819104
kernel: iwlagn 0000:03:00.0: FH_MEM_RSSR_SHARED_CTRL_REG: 0X000000fc
kernel: iwlagn 0000:03:00.0: FH_MEM_RSSR_RX_STATUS_REG: 0X07030000
kernel: iwlagn 0000:03:00.0: FH_MEM_RSSR_RX_ENABLE_ERR_IRQ2DRV: 0X00000000
kernel: iwlagn 0000:03:00.0: FH_TSSR_TX_STATUS_REG: 0X07ff0001
kernel: iwlagn 0000:03:00.0: FH_TSSR_TX_ERROR_REG: 0X00000000
kernel: iwlagn 0000:03:00.0: Start IWL Event Log Dump: display last 20 entries
kernel: ------------[ cut here ]------------
WARNING: at net/mac80211/util.c:1208 ieee80211_reconfig+0x1f1/0x407()
kernel: Hardware name: 4290W4H
kernel: Pid: 1896, comm: kworker/0:0 Not tainted 3.1.0 #2
kernel: Call Trace:
kernel: [] ? warn_slowpath_common+0x73/0x87
kernel: [] ? ieee80211_reconfig+0x1f1/0x407
kernel: [] ? ieee80211_recalc_smps_work+0x32/0x32
kernel: [] ? ieee80211_restart_work+0x7e/0x87
kernel: [] ? process_one_work+0x1c8/0x2e3
kernel: [] ? worker_thread+0x17a/0x23a
kernel: [] ? manage_workers.clone.18+0x15b/0x15b
kernel: [] ? manage_workers.clone.18+0x15b/0x15b
kernel: [] ? kthread+0x7a/0x82
kernel: [] ? kernel_thread_helper+0x4/0x10
kernel: [] ? kthread_flush_work_fn+0x11/0x11
kernel: [] ? gs_change+0xb/0xbReported-by: Udo Steinberg
Signed-off-by: Wey-Yi Guy
Signed-off-by: John W. Linville
Signed-off-by: Greg Kroah-Hartman -
commit 52cef189165d74a5d6030184a8e05595194c69ca upstream.
Commit 30765b92 ("slab, lockdep: Annotate the locks before using
them") moves the init_lock_keys() call from after g_cpucache_up =
FULL, to before it. And overlooks the fact that init_node_lock_keys()
tests for it and ignores everything !FULL.Introduce a LATE stage and change the lockdep test to be
Cc: Pekka Enberg
Signed-off-by: Peter Zijlstra
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit 550acb19269d65f32e9ac4ddb26c2b2070e37f1c upstream.
In irq_wait_for_interrupt(), the should_stop member is verified before
setting the task's state to TASK_INTERRUPTIBLE and calling schedule().
In case kthread_stop sets should_stop and wakes up the process after
should_stop is checked by the irq thread but before the task's state
is changed, the irq thread might never exit:kthread_stop irq_wait_for_interrupt
------------ ----------------------...
... while (!kthread_should_stop()) {
kthread->should_stop = 1;
wake_up_process(k);
wait_for_completion(&kthread->exited);
...
set_current_state(TASK_INTERRUPTIBLE);...
schedule();
}Fix this by checking if the thread should stop after modifying the
task's state.[ tglx: Simplified it a bit ]
Signed-off-by: Ido Yariv
Link: http://lkml.kernel.org/r/1322740508-22640-1-git-send-email-ido@wizery.com
Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman -
commit 0bac71af6e66dc798bf07d0c0dd14ee5503362f9 upstream.
Johannes' patch for "cfg80211: fix regulatory NULL dereference"
broke user regulaotry hints and it did not address the fact that
last_request was left populated even if the previous regulatory
hint was stale due to the wiphy disappearing.Fix user reguluatory hints by only bailing out if for those
regulatory hints where a request_wiphy is expected. The stale last_request
considerations are addressed through the previous fixes on last_request
where we reset the last_request to a static world regdom request upon
reset_regdomains(). In this case though we further enhance the effect
by simply restoring reguluatory settings completely.Cc: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Reviewed-by: Johannes Berg
Signed-off-by: John W. Linville
Signed-off-by: Greg Kroah-Hartman -
commit a042994dd377d86bff9446ee76151ceb6267c9ba upstream.
There is a theoretical race that if hit will trigger
a crash. The race is between when we issue the first
regulatory hint, regulatory_hint_core(), gets processed
by the workqueue and between when the first device
gets registered to the wireless core. This is not easy
to reproduce but it was easy to do so through the
regulatory simulator I have been working on. This
is a port of the fix I implemented there [1].[1] https://github.com/mcgrof/regsim/commit/a246ccf81f059cb662eee288aa13100f631e4cc8
Cc: Johannes Berg
Signed-off-by: Luis R. Rodriguez
Signed-off-by: John W. Linville
Signed-off-by: Greg Kroah-Hartman -
Upstream commit d305a6557b2c4dca0110f05ffe745b1ef94adb80.
If addBA responses comes in just after addba_resp_timer has
expired mac80211 will still accept it and try to open the
aggregation session. This causes drivers to be confused and
in some cases even crash.This patch fixes the race condition and makes sure that if
addba_resp_timer has expired addBA response is not longer
accepted and we do not try to open half-closed session.Signed-off-by: Nikolay Martynov
[some adjustments]
Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
commit c72e8d335e2c6a309b6281f2abcf491f37b8b92b upstream.
The rates bitmap for internal scan requests shoud be filled,
otherwise there will be probe requests with zero rates supported.Signed-off-by: Simon Wunderlich
Signed-off-by: Mathias Kretschmer
Signed-off-by: John W. Linville
Signed-off-by: Greg Kroah-Hartman -
commit b934069c991355d27a053a932591c77960f4e414 upstream.
The last breaking event address is a read-only value, the regset misses the
.set function. If a PTRACE_SETREGSET is done for NT_S390_LAST_BREAK we
get an oops due to a branch to zero:Kernel BUG at 0000000000000002 verbose debug info unavailable
illegal operation: 0001 #1 SMP
...
Call Trace:
( ptrace_regset+0x184/0x188)
ptrace_request+0x37a/0x4fc
arch_ptrace+0x108/0x1fc
SyS_ptrace+0xaa/0x12c
sysc_noemu+0x16/0x1c
0x3fffd5ec10c
Last Breaking-Event-Address:
ptrace_regset+0x132/0x188Add a nop .set function to prevent the branch to zero.
Signed-off-by: Martin Schwidefsky
Signed-off-by: Greg Kroah-Hartman -
commit 97f7f8189fe54e3cfe324ef9ad35064f3d2d3bff upstream.
If oprofile uses the nmi timer interrupt there is a crash while
unloading the module. The bug can be triggered with oprofile build as
module and kernel parameter nolapic set. This patch fixes this.oprofile: using NMI timer interrupt.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [] unregister_syscore_ops+0x41/0x58
PGD 42dbca067 PUD 41da6a067 PMD 0
Oops: 0002 [#1] PREEMPT SMP
CPU 5
Modules linked in: oprofile(-) [last unloaded: oprofile]Pid: 2518, comm: modprobe Not tainted 3.1.0-rc7-00019-gb2fb49d #19 Advanced Micro Device Anaheim/Anaheim
RIP: 0010:[] [] unregister_syscore_ops+0x41/0x58
RSP: 0018:ffff88041ef71e98 EFLAGS: 00010296
RAX: 0000000000000000 RBX: ffffffffa0017100 RCX: dead000000200200
RDX: 0000000000000000 RSI: dead000000100100 RDI: ffffffff8178c620
RBP: ffff88041ef71ea8 R08: 0000000000000001 R09: 0000000000000082
R10: 0000000000000000 R11: ffff88041ef71de8 R12: 0000000000000080
R13: fffffffffffffff5 R14: 0000000000000001 R15: 0000000000610210
FS: 00007fc902f20700(0000) GS:ffff88042fd40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000008 CR3: 000000041cdb6000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process modprobe (pid: 2518, threadinfo ffff88041ef70000, task ffff88041d348040)
Stack:
ffff88041ef71eb8 ffffffffa0017790 ffff88041ef71eb8 ffffffffa0013532
ffff88041ef71ec8 ffffffffa00132d6 ffff88041ef71ed8 ffffffffa00159b2
ffff88041ef71f78 ffffffff81073115 656c69666f72706f 0000000000610200
Call Trace:
[] op_nmi_exit+0x15/0x17 [oprofile]
[] oprofile_arch_exit+0xe/0x10 [oprofile]
[] oprofile_exit+0x1e/0x20 [oprofile]
[] sys_delete_module+0x1c3/0x22f
[] ? trace_hardirqs_on_thunk+0x3a/0x3f
[] system_call_fastpath+0x16/0x1b
Code: 20 c6 78 81 e8 c5 cc 23 00 48 8b 13 48 8b 43 08 48 be 00 01 10 00 00 00 ad de 48 b9 00 02 20 00 00 00 ad de 48 c7 c7 20 c6 78 81
89 42 08 48 89 10 48 89 33 48 89 4b 08 e8 a6 c0 23 00 5a 5b
RIP [] unregister_syscore_ops+0x41/0x58
RSP
CR2: 0000000000000008
---[ end trace 43a541a52956b7b0 ]---Signed-off-by: Robert Richter
Signed-off-by: Greg Kroah-Hartman -
commit 57d1c0c03c6b48b2b96870d831b9ce6b917f53ac upstream.
Masami spotted that we always try to decode the instruction stream as
64bit instructions when running a 64bit kernel, this doesn't work for
ia32-compat proglets.Use TIF_IA32 to detect if we need to use the 32bit instruction
decoder.Reported-by: Masami Hiramatsu
Signed-off-by: Peter Zijlstra
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit 2cd1c8d4dc7ecca9e9431e2dabe41ae9c7d89e51 upstream.
Fix an outstanding issue that has been reported since 2.6.37.
Under a heavy loaded machine processing "fork()" calls could
crash with:BUG: unable to handle kernel paging request at f573fc8c
IP: [] swap_count_continued+0x104/0x180
*pdpt = 000000002a3b9027 *pde = 0000000001bed067 *pte = 0000000000000000 Oops: 0000 [#1] SMP
Modules linked in:
Pid: 1638, comm: apache2 Not tainted 3.0.4-linode37 #1
EIP: 0061:[] EFLAGS: 00210246 CPU: 3
EIP is at swap_count_continued+0x104/0x180
.. snip..
Call Trace:
[] ? __swap_duplicate+0xc2/0x160
[] ? pte_mfn_to_pfn+0x87/0xe0
[] ? swap_duplicate+0x14/0x40
[] ? copy_pte_range+0x45b/0x500
[] ? copy_page_range+0x195/0x200
[] ? dup_mmap+0x1c6/0x2c0
[] ? dup_mm+0xa8/0x130
[] ? copy_process+0x98a/0xb30
[] ? do_fork+0x4f/0x280
[] ? getnstimeofday+0x43/0x100
[] ? sys_clone+0x30/0x40
[] ? ptregs_clone+0x15/0x48
[] ? syscall_call+0x7/0xbThe problem is that in copy_page_range() we turn lazy mode on,
and then in swap_entry_free() we call swap_count_continued()
which ends up in:map = kmap_atomic(page, KM_USER0) + offset;
and then later we touch *map.
Since we are running in batched mode (lazy) we don't actually
set up the PTE mappings and the kmap_atomic is not done
synchronously and ends up trying to dereference a page that has
not been set.Looking at kmap_atomic_prot_pfn(), it uses
'arch_flush_lazy_mmu_mode' and doing the same in
kmap_atomic_prot() and __kunmap_atomic() makes the problem go
away.Interestingly, commit b8bcfe997e4615 ("x86/paravirt: remove lazy
mode in interrupts") removed part of this to fix an interrupt
issue - but it went to far and did not consider this scenario.Signed-off-by: Konrad Rzeszutek Wilk
Cc: Peter Zijlstra
Cc: Jeremy Fitzhardinge
Signed-off-by: Andrew Morton
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit 1ef03890969932e9359b9a4c658f7f87771910ac upstream.
Looks like on some Acer Aspire 1s with older bioses, reboot via bios
fails. It works on my machine, (with BIOS version 0.3310) but
not on some others (BIOS version 0.3309).There's a log of problems at:
https://bbs.archlinux.org/viewtopic.php?id=124136
This patch adds a different callback to the reboot quirk table,
to allow rebooting via keybaord controller.Reported-by: Uroš Vampl
Tested-by: Vasily Khoruzhick
Signed-off-by: Peter Chubb
Cc: Don Zickus
Cc: Peter Zijlstra
Link: http://lkml.kernel.org/r/1323093233-9481-1-git-send-email-anarsoul@gmail.com
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit 9e6866686bdf2dcf3aeb0838076237ede532dcc8 upstream.
In commit f8924e770e04 ("x86: unify mp_bus_info"), the 32-bit
and 64-bit versions of MP_bus_info were rearranged to match each
other better. Unfortunately it introduced a regression: prior
to that change we used to always set the mp_bus_not_pci bit,
then clear it if we found a PCI bus. After it, we set
mp_bus_not_pci for ISA buses, clear it for PCI buses, and leave
it alone otherwise.In the cases of ISA and PCI, there's not much difference. But
ISA is not the only non-PCI bus, so it's better to always set
mp_bus_not_pci and clear it only for PCI.Without this change, Dan's Dell PowerEdge 4200 panics on boot
with a log indicating interrupt routing trouble unless the
"noapic" option is supplied. With this change, the machine
boots reliably without "noapic".Fixes http://bugs.debian.org/586494
Reported-bisected-and-tested-by: Dan McGrath
Signed-off-by: Bjorn Helgaas
Cc: Dan McGrath
Cc: Alexey Starikovskiy
[jrnieder@gmail.com: clarified commit message]
Signed-off-by: Jonathan Nieder
Link: http://lkml.kernel.org/r/20111122215000.GA9151@elie.hsd1.il.comcast.net
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman
