26 Feb, 2011
2 commits
-
With slab poisoning enabled, I see the following oops:
Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6b6b73
...
NIP [c0000000006bc61c] .rxrpc_destroy+0x44/0x104
LR [c0000000006bc618] .rxrpc_destroy+0x40/0x104
Call Trace:
[c0000000feb2bc00] [c0000000006bc618] .rxrpc_destroy+0x40/0x104 (unreliable)
[c0000000feb2bc90] [c000000000349b2c] .key_cleanup+0x1a8/0x20c
[c0000000feb2bd40] [c0000000000a2920] .process_one_work+0x2f4/0x4d0
[c0000000feb2be00] [c0000000000a2d50] .worker_thread+0x254/0x468
[c0000000feb2bec0] [c0000000000a868c] .kthread+0xbc/0xc8
[c0000000feb2bf90] [c000000000020e00] .kernel_thread+0x54/0x70We aren't initialising token->next, but the code in destroy_context relies
on the list being NULL terminated. Use kzalloc to zero out all the fields.Signed-off-by: Anton Blanchard
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds -
I'm seeing the following oops when testing afs:
Unable to handle kernel paging request for data at address 0x00000008
...
NIP [c0000000003393b0] .afs_unlink_writeback+0x38/0xc0
LR [c00000000033987c] .afs_put_writeback+0x98/0xec
Call Trace:
[c00000000345f600] [c00000000033987c] .afs_put_writeback+0x98/0xec
[c00000000345f690] [c00000000033ae80] .afs_write_begin+0x6a4/0x75c
[c00000000345f790] [c00000000012b77c] .generic_file_buffered_write+0x148/0x320
[c00000000345f8d0] [c00000000012e1b8] .__generic_file_aio_write+0x37c/0x3e4
[c00000000345f9d0] [c00000000012e2a8] .generic_file_aio_write+0x88/0xfc
[c00000000345fa90] [c0000000003390a8] .afs_file_write+0x10c/0x178
[c00000000345fb40] [c000000000188788] .do_sync_write+0xc4/0x128
[c00000000345fcc0] [c000000000189658] .vfs_write+0xe8/0x1d8
[c00000000345fd70] [c000000000189884] .SyS_write+0x68/0xb0
[c00000000345fe30] [c000000000008564] syscall_exit+0x0/0x40afs_write_begin hits an error and calls afs_unlink_writeback. In there
we do list_del_init on an uninitialised list.The patch below initialises ->link when creating the afs_writeback struct.
Signed-off-by: Anton Blanchard
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds
25 Feb, 2011
9 commits
-
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/i915: Fix unintended recursion in ironlake_disable_rc6
drm/i915: fix corruptions on i8xx due to relaxed fencing
drm/i915: skip FDI & PCH enabling for DP_A
agp/intel: Experiment with a 855GM GWB bit
drm/i915: don't enable FDI & transcoder interrupts after all
drm/i915: Ignore a hung GPU when flushing the framebuffer prior to a switch -
…ickle/drm-intel into drm-fixes
* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ickle/drm-intel:
drm/i915: Fix unintended recursion in ironlake_disable_rc6 -
* 'kvm-updates/2.6.38' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: SVM: Advance instruction pointer in dr_intercept -
Signed-off-by: Herton Ronaldo Krzesinski
Signed-off-by: Linus Torvalds -
After disabling, we're meant to teardown the bo used for the contexts,
not recurse into ourselves again and preventing module unload.Reported-and-tested-by: Ben Widawsky
Signed-off-by: Chris Wilson -
The new implementation of bd_link_disk_holder() added by 49731baa41d
(block: restore multiple bd_link_disk_holder() support) didn't get an
extra reference for the holder_dir kobject of the slave bdev; however,
bdev kills holder_dir on removal, not release, so if the slave bdev is
removed while there are holder links, the holder_dir will be destroyed
while there still are holder links, which leads to oops later when
bd_unlink_disk_order() tries to remove those links.Make bd_link_disk_holder() grab an extra reference for the slave's
holder_dir and put it in bd_unlink_disk_holder().Signed-off-by: Tejun Heo
Reported-by: "Hawrylewicz Czarnowski, Przemyslaw"
Tested-by: "Hawrylewicz Czarnowski, Przemyslaw"
Cc: Neil Brown
Cc: Jens Axboe
Signed-off-by: Linus Torvalds -
Grab a reference to bdev before calling blkdev_get(), which expects
the refcount to be already incremented and either returns success or
decrements the refcount and returns an error.The bug was introduced by e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().Acked-by: Tejun Heo
Signed-off-by: Miklos Szeredi
Signed-off-by: Linus Torvalds -
Adam Kovari and others reported that disconnecting an USB drive with
an ntfs-3g filesystem would cause "kernel BUG at fs/inode.c:1421!" to
be triggered.The BUG could be traced back to ioctl(BLKBSZSET), which would
erroneously decrement the refcount on the bdev. This is because
blkdev_get() expects the refcount to be already incremented and either
returns success or decrements the refcount and returns an error.The bug was introduced by e525fd89 (block: make blkdev_get/put()
handle exclusive access), which didn't take into account this behavior
of blkdev_get().This fixes
https://bugzilla.kernel.org/show_bug.cgi?id=29202
(and likely 29792 too)Reported-by: Adam Kovari
Acked-by: Tejun Heo
Signed-off-by: Miklos Szeredi
Signed-off-by: Linus Torvalds -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
Unlock vfsmount_lock in do_umount
24 Feb, 2011
21 commits
-
By the commit
b3e19d9 2011-01-07 fs: scale mntget/mntput
vfsmount_lock was introduced around testing mnt_count.
Fix the mis-typed 'unlock'Signed-off-by: J. R. Okajima
Acked-by: Al Viro
Signed-off-by: Al Viro -
Robert Swiecki reported a BUG_ON(page_mapped) from a fuzzer, punching
a hole with madvise(,, MADV_REMOVE). That path is under mutex, and
cannot be explained by lack of serialization in unmap_mapping_range().Reviewing the code, I found one place where vm_truncate_count handling
should have been updated, when I switched at the last minute from one
way of managing the restart_addr to another: mremap move changes the
virtual addresses, so it ought to adjust the restart_addr.But rather than exporting the notion of restart_addr from memory.c, or
converting to restart_pgoff throughout, simply reset vm_truncate_count
to 0 to force a rescan if mremap move races with preempted truncation.We have no confirmation that this fixes Robert's BUG,
but it is a fix that's worth making anyway.Signed-off-by: Hugh Dickins
Signed-off-by: Linus Torvalds -
Michael Leun reported that running parallel opens on a fuse filesystem
can trigger a "kernel BUG at mm/truncate.c:475"Gurudas Pai reported the same bug on NFS.
The reason is, unmap_mapping_range() is not prepared for more than
one concurrent invocation per inode. For example:thread1: going through a big range, stops in the middle of a vma and
stores the restart address in vm_truncate_count.thread2: comes in with a small (e.g. single page) unmap request on
the same vma, somewhere before restart_address, finds that the
vma was already unmapped up to the restart address and happily
returns without doing anything.Another scenario would be two big unmap requests, both having to
restart the unmapping and each one setting vm_truncate_count to its
own value. This could go on forever without any of them being able to
finish.Truncate and hole punching already serialize with i_mutex. Other
callers of unmap_mapping_range() do not, and it's difficult to get
i_mutex protection for all callers. In particular ->d_revalidate(),
which calls invalidate_inode_pages2_range() in fuse, may be called
with or without i_mutex.This patch adds a new mutex to 'struct address_space' to prevent
running multiple concurrent unmap_mapping_range() on the same mapping.[ We'll hopefully get rid of all this with the upcoming mm
preemptibility series by Peter Zijlstra, the "mm: Remove i_mmap_mutex
lockbreak" patch in particular. But that is for 2.6.39 ]Signed-off-by: Miklos Szeredi
Reported-by: Michael Leun
Reported-by: Gurudas Pai
Tested-by: Gurudas Pai
Acked-by: Hugh Dickins
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds -
This reverts commit 556ea928f78a390fe16ae584e6433dff304d3014.
Jeff Chua reports that it can cause some bluetooth devices (he mentions
an Bluetooth Intermec scanner) to just stop responding after a while
with messages like[ 4533.361959] btusb 8-1:1.0: no reset_resume for driver btusb?
[ 4533.361964] btusb 8-1:1.1: no reset_resume for driver btusb?from the kernel. See also
https://bugzilla.kernel.org/show_bug.cgi?id=26182
for other reports.
Reported-by: Jeff Chua
Reported-by: Andrew Meakovski
Reported-by: Jim Faulkner
Acked-by: Greg KH
Acked-by: Matthew Garrett
Acked-by: Gustavo F. Padovan
Cc: stable@kernel.org (for 2.6.37)
Signed-off-by: Linus Torvalds -
…ickle/drm-intel into drm-fixes
* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ickle/drm-intel:
drm/i915: fix corruptions on i8xx due to relaxed fencing
drm/i915: skip FDI & PCH enabling for DP_A
agp/intel: Experiment with a 855GM GWB bit
drm/i915: don't enable FDI & transcoder interrupts after all
drm/i915: Ignore a hung GPU when flushing the framebuffer prior to a switch -
It looks like gen2 has a peculiar interleaved 2-row inter-tile
layout. Probably inherited from i81x which had 2kb tiles (which
naturally fit an even-number-of-tile-rows scheme to fit onto 4kb
pages). There is no other mention of this in any docs (also not
in the Intel internal documention according to Chris Wilson).Problem manifests itself in corruptions in the second half of the
last tile row (if the bo has an odd number of tiles). Which can
only happen with relaxed tiling (introduced in a00b10c360b35d6431a9).So reject set_tiling calls that don't satisfy this constrain to
prevent broken userspace from causing havoc. While at it, also
check the size for newer chipsets.LKML: https://lkml.org/lkml/2011/2/19/5
Reported-by: Indan Zupancic
Tested-by: Indan Zupancic
Signed-off-by: Daniel Vetter
Signed-off-by: Chris Wilson -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (33 commits)
Added support for usb ethernet (0x0fe6, 0x9700)
r8169: fix RTL8168DP power off issue.
r8169: correct settings of rtl8102e.
r8169: fix incorrect args to oob notify.
DM9000B: Fix PHY power for network down/up
DM9000B: Fix reg_save after spin_lock in dm9000_timeout
net_sched: long word align struct qdisc_skb_cb data
sfc: lower stack usage in efx_ethtool_self_test
bridge: Use IPv6 link-local address for multicast listener queries
bridge: Fix MLD queries' ethernet source address
bridge: Allow mcast snooping for transient link local addresses too
ipv6: Add IPv6 multicast address flag defines
bridge: Add missing ntohs()s for MLDv2 report parsing
bridge: Fix IPv6 multicast snooping by correcting offset in MLDv2 report
bridge: Fix IPv6 multicast snooping by storing correct protocol type
p54pci: update receive dma buffers before and after processing
fix cfg80211_wext_siwfreq lock ordering...
rt2x00: Fix WPA TKIP Michael MIC failures.
ath5k: Fix fast channel switching
tcp: undo_retrans counter fixes
... -
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
amd64-agp: fix crash at second module load
drm/radeon: fix regression with AA resolve checking
drm: drop commented out code and preceding comment
drm/vblank: Enable precise vblank timestamps for interlaced and doublescan modes.
drm/vblank: Use memory barriers optimized for atomic_t instead of generics.
drm/vblank: Use abs64(diff_ns) for s64 diff_ns instead of abs(diff_ns)
drm/radeon/kms: align height of fb allocation.
Revert "drm/radeon/kms: switch back to min->max pll post divider iteration" -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: serio/gameport - use 'long' system workqueue
Input: synaptics - document 0x0c query
Input: tegra-kbc - add function keymap -
* 'for-linus' of git://oss.sgi.com/xfs/xfs:
xfs: check if device support discard in xfs_ioc_trim()
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 -
The device is very similar to (0x0fe6, 0x8101),
And works well with dm9601 driver.Signed-off-by: Shahar Havivi
Acked-by: Peter Korsgaard
Signed-off-by: David S. Miller -
- fix the RTL8111DP turn off the power when DASH is enabled.
- RTL_GIGA_MAC_VER_27 must wait for tx finish before reset.Signed-off-by: Hayes Wang
Acked-by: Francois Romieu -
Adjust and remove certain settings of RTL8102E which are for previous chips.
Signed-off-by: Hayes Wang
Acked-off-by: Francois Romieu -
It results in the wrong point address and influences RTL8168DP.
Signed-off-by: Hayes Wang
Acked-by: Francois Romieu -
DM9000 revision B needs 1 ms delay after PHY power-on.
PHY must be powered on by writing 0 into register DM9000_GPR before
all other settings will change (see Davicom spec and example code).Remember, that register DM9000_GPR was not changed by reset sequence.
Without this fix the FIFO is out of sync and sends wrong data after
sequence of "ifconfig ethX down ; ifconfig ethX up".Signed-off-by: David S. Miller
-
The spin_lock should hold before reading register.
Signed-off-by: David S. Miller
-
netem_skb_cb() does :
return (struct netem_skb_cb *)qdisc_skb_cb(skb)->data;
Unfortunatly struct qdisc_skb_cb data is not long word aligned, so
access to psched_time_t time_to_send uses a non aligned access.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Commit 8ee294cd9def0004887da7f44b80563493b0a097 converted serio
subsystem event handling from using a dedicated thread to using
common workqueue. Unfortunately, this regressed our boot times,
due to the fact that serio jobs take long time to execute. While
the new concurrency managed workqueue code manages long-playing
works just fine and schedules additional workers as needed, such
works wreck havoc among remaining users of flush_scheduled_work().To solve this problem let's move serio/gameport works from system_wq
to system_long_wq which nobody tries to flush.Reported-and-tested-by: Hernando Torque
Acked-by: Tejun Heo
Signed-off-by: Dmitry Torokhov -
Since Synaptics technical writers department is a bit slow releasing updated
Synaptics interface guide, let's add some new bits (with their blessing)
to the code so that they don't get lost.Signed-off-by: Dmitry Torokhov
-
The __param section is already brought in by RODATA above.
Signed-off-by: Jesper Nilsson
Signed-off-by: Linus Torvalds
23 Feb, 2011
8 commits
-
The module forgot to sometimes unregister some resources.
This fixes Bug #22882.
[Patch updated to 2.6.38-rc3 by Randy Dunlap.]
Tested-by: Randy Dunlap
Signed-off-by: Florian Mickler
Signed-off-by: Dave Airlie -
* 'for-2639-rc4/i2c-fixes' of git://git.fluff.org/bjdooks/linux:
i2c-omap: fixup commit cb527ede1bf6ff2008a025606f25344b8ed7b4ac whitespace
i2c-omap: Double clear of ARDY status in IRQ handler
i2c-omap: fix build for !CONFIG_SUSPEND
i2c-omap: fix static suspend vs. runtime suspend
i2c-stu300: make sure adapter-name is terminated -
* 'usb-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
Revert "USB: Reset USB 3.0 devices on (re)discovery"
USB: musb: omap2430: fix kernel panic on reboot
sierra: add new ID for Airprime/Sierra USB IP modem
USB: serial/usb_wwan, fix tty NULL dereference
USB: Reset USB 3.0 devices on (re)discovery
USB: Add quirk for Samsung Android phone modem
USB: Add Samsung SGH-I500/Android modem ID switch to visor driver
USB: add quirks entry for Keytouch QWERTY Panel
usb: musb: omap2430: fix kernel panic on reboot
usb: musb: fix build breakage -
Fixup the whitespace error noticed in cb527ede1bf6ff2008a025606f25344b8ed7b4ac
Signed-off-by: Ben Dooks
-
This errata occurs when the ARDY interrupt generation is enabled.
At the begining of every new transaction the ARDY interrupt is cleared.On continuous i2c transactions where after clearing the ARDY bit from
I2C_STAT register (clearing the interrupt), the IRQ line is reasserted and the
I2C_STAT[ARDY] bit set again on 1. In fact, the ARDY status bit is not cleared
at the write access to I2C_STAT[ARDY] and only the IRQ line is deasserted and
then reasserted. This is not captured in the usual errata documents.The workaround is to have a double clear of ARDY status in irq handler.
Signed-off-by: Richard woodruff
Signed-off-by: Keerthy
Signed-off-by: Ben Dooks -
fix the build break when !CONFIG_SUSPEND
drivers/i2c/busses/i2c-omap.c:1173: error: lvalue required as unary '&' operand
make[3]: *** [drivers/i2c/busses/i2c-omap.o] Error 1
make[2]: *** [drivers/i2c/busses] Error 2
make[1]: *** [drivers/i2c] Error 2
make: *** [drivers] Error 2Signed-off-by: Balaji T K
Signed-off-by: Ben Dooks -
Some userspaces can emit a whole packet without disabling AA resolve
by the looks of it, so we have to deal with them.Signed-off-by: Dave Airlie
Tested-by: Jorg Otte -
r100_gpu_init() was dropped in 90aca4d ("drm/radeon/kms: simplify &
improve GPU reset V2") but here it was only commented out.Signed-off-by: Paul Bolle
Signed-off-by: Dave Airlie
