Fix oops triggered during: echo 0 > /proc/sys/kernel/nmi_watchdog
The culprit seems to be 09198e6850:
[PATCH] i386: Clean up NMI watchdog code
In two places, the parameters to release_{evntsel,perfctr}_nmi
got interchanged during the cleanup.
Fix interchanged parameters to release_{evntsel,perfctr}_nmi.
Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Cc: Stephane Eranian <eranian@hpl.hp.com>
Cc: Andi Kleen <ak@suse.de>
Cc: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix oops caused by 'cat /dev/snapshot', reported by Arkadiusz Miskiewicz,
and make it impossible to thaw tasks with the help of the swsusp userland
interface while there is a snapshot image ready to save.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix section error (allyesconfig). The exit function is called from init,
so functions that are called by the exit function cannot be marked __exit.
WARNING: drivers/built-in.o(.text+0xe5bc6): Section mismatch: reference to .exit.
text: (between 'toshiba_acpi_exit' and 'hci_raw')
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Len Brown <len.brown@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The cpuset code to present a list of tasks using a cpuset to user space could
write to an array that it had kmalloc'd, after a kmalloc request of zero size.
The problem was that the code didn't check for writes past the allocated end
of the array until -after- the first write.
This is a race condition that is likely rare -- it would only show up if a
cpuset went from being empty to having a task in it, during the brief time
between the allocation and the first write.
Prior to roughly 2.6.22 kernels, this was also a benign problem, because a
zero kmalloc returned a few usable bytes anyway, and no harm was done with the
bogus write.
With the 2.6.22 kernel changes to make issue a warning if code tries to write
to the location returned from a zero size allocation, this problem is no
longer benign. This cpuset code would occassionally trigger that warning.
The fix is trivial -- check before storing into the array, not after, whether
the array is big enough to hold the store.
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Balbir Singh <balbir@in.ibm.com>
Cc: Dave Hansen <haveblue@us.ibm.com>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Kirill Korotaev <dev@openvz.org>
Cc: Paul Menage <menage@google.com>
Cc: Srivatsa Vaddagiri <vatsa@in.ibm.com>
Cc: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Paul Jackson <pj@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
It is not safe to use pte_update_defer() in ptep_test_and_clear_young():
its only user, /proc/<pid>/clear_refs, drops pte lock before flushing TLB.
Use the safe though less efficient pte_update() paravirtop in its place.
Likewise in ptep_test_and_clear_dirty(), though that has no current use.
These are macros (header file dependency stops them from becoming inline
functions), so be more liberal with the underscores and parentheses.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: Zachary Amsden <zach@vmware.com>
Cc: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
shmid used to be stored as inode# for shared memory segments. Some of
the proc-ps tools use this from /proc/pid/maps. Recent cleanups
to newseg() changed it. This patch sets inode number back to shared
memory id to fix breakage.
Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com>
Cc: "Albert Cahalan" <acahalan@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The data structure to manage the information gathered about functions
allocating and freeing objects is allocated when the list_lock has already
been taken. We need to allocate with GFP_ATOMIC instead of GFP_KERNEL.
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When disabled through /proc/sys/kernel/nmi_watchdog, the NMI watchdog uses the
stop() method directly, which does not decrement the activity counter, leading
to a BUG(). Use the wrapper function instead to fix that.
Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
At system boot time, the NMI watchdog no longer reserved its MSRs, allowing
other subsystems to mess with them. Fix that.
Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Restore tty locked ioctl handler which was replaced with
an unlocked ioctl handler in hung_up_tty_fops by the patch:
commit e10cc1df1d
Author: Paul Fulghum <paulkf@microgate.com>
Date: Thu May 10 22:22:50 2007 -0700
tty: add compat_ioctl
This was reported in:
[Bug 8473] New: Oops: 0010 [1] SMP
The bug is caused by switching to hung_up_tty_fops in do_tty_hangup. An
ioctl call can be waiting on BLK after testing for existence of the locked
ioctl handler in the normal tty fops, but before calling the locked ioctl
handler. If a hangup occurs at that point, the locked ioctl fop is NULL
and an oops occurs.
(akpm: we can remove my debugging code from do_ioctl() now, but it'll be OK to
do that for 2.6.23)
Signed-off-by: Paul Fulghum <paulkf@microgate.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 9b01bd5b28 introduced a
compat_ioctl handler for RADEON_SETPARAM, the sole purpose of which was
to handle the fact that on i386, alignof(uint64_t)==4.
Unfortunately, this handler was installed for _all_ 64-bit
architectures, instead of only x86_64 and ia64. And thus it breaks
32-bit compatibility on every other arch, where 64-bit integers are
aligned to 8 bytes in 32-bit mode just the same as in 64-bit mode.
Arnd has a cunning plan to use 'compat_u64' with appropriate alignment
attributes according to the 32-bit ABI, but for now let's just make the
compat_radeon_cp_setparam routine entirely disappear on 64-bit machines
whose 32-bit compat support isn't for i386. It would be a no-op with
compat_u64 anyway.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Airlie <airlied@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
generic_ide_resume() should check if dev->driver is not NULL before applying
to_ide_driver() to it. Fix that.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[RXRPC] net/rxrpc/ar-connection.c: fix NULL dereference
[TCP]: Fix logic breakage due to DSACK separation
[TCP]: Congestion control API RTT sampling fix
When building with memory hotplug enabled and cpu hotplug disabled, we
end up with the following section mismatch:
WARNING: mm/built-in.o(.text+0x4e58): Section mismatch: reference to
.init.text: (between 'free_area_init_node' and '__build_all_zonelists')
This happens as a result of:
-> free_area_init_node()
-> free_area_init_core()
-> zone_pcp_init() <-- all __meminit up to this point
-> zone_batchsize() <-- marked as __cpuinit fo
This happens because CONFIG_HOTPLUG_CPU=n sets __cpuinit to __init, but
CONFIG_MEMORY_HOTPLUG=y unsets __meminit.
Changing zone_batchsize() to __devinit fixes this.
__devinit is the only thing that is common between CONFIG_HOTPLUG_CPU=y and
CONFIG_MEMORY_HOTPLUG=y. In the long run, perhaps this should be moved to
another section identifier completely. Without this, memory hot-add
of offline nodes (via hotadd_new_pgdat()) will oops if CPU hotplug is
not also enabled.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Acked-by: Yasunori Goto <y-goto@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
--
mm/page_alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/cooloney/blackfin-2.6: (30 commits)
Blackfin SMC91X ethernet supporting driver: SMC91C111 LEDs are note drived in the kernel like in uboot
Blackfin SPI driver: fix bug SPI DMA incomplete transmission
Blackfin SPI driver: tweak spi cleanup function to match newer kernel changes
Blackfin RTC drivers: update MAINTAINERS information
Blackfin serial driver: decouple PARODD and CMSPAR checking from PARENB
Blackfin serial driver: actually implement the break_ctl() function
Blackfin serial driver: ignore framing and parity errors
Blackfin serial driver: hook up our UARTs STP bit with userspaces CMSPAR
Blackfin arch: move HI/LO macros into blackfin.h and punt the rest of macros.h as it includes VDSP macros we never use
Blackfin arch: redo our linker script a bit
Blackfin arch: make sure we initialize our L1 Data B section properly based on the linked kernel
Blackfin arch: fix bug can not wakeup from sleep via push buttons
Blackfin arch: add support for Alon Bar-Lev's dynamic kernel command-line
Blackfin arch: add missing gpio.h header to fix compiling in some pm configurations
Blackfin arch: As Mike pointed out range goes form m..MAX_BLACKFIN_GPIO -1
Blackfin arch: fix spelling typo in output
Blackfin arch: try to split up functions like this into smaller units according to LKML review
Blackfin arch: add proper ENDPROC()
Blackfin arch: move more of our startup code to .init so it can be freed once we are up and running
Blackfin arch: unify differences between our diff head.S files -- no functional changes
...
* 'splice-2.6.22' of git://git.kernel.dk/data/git/linux-2.6-block:
splice: only check do_wakeup in splice_to_pipe() for a real pipe
splice: fix leak of pages on short splice to pipe
splice: adjust balance_dirty_pages_ratelimited() call
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Fix builds where MSC01E_xxx is undefined.
[MIPS] Separate performance counter interrupts
[MIPS] Malta: Fix for SOCitSC based Maltas
* 'for-linus' of git://www.atmel.no/~hskinnemoen/linux/kernel/avr32:
[AVR32] Define ARCH_KMALLOC_MINALIGN to L1_CACHE_BYTES
[AVR32] STK1000: Set SPI_MODE_3 in the ltv350qv board info
[AVR32] gpio_*_cansleep() fix
[AVR32] ratelimit segfault reporting rate
SCSI marks internal commands with REQ_PREEMPT and push it at the front
of the request queue using blk_execute_rq(). When entering suspended
or frozen state, SCSI devices are quiesced using
scsi_device_quiesce(). In quiesced state, only REQ_PREEMPT requests
are processed. This is how SCSI blocks other requests out while
suspending and resuming. As all internal commands are pushed at the
front of the queue, this usually works.
Unfortunately, this interacts badly with ordered requeueing. To
preserve request order on requeueing (due to busy device, active EH or
other failures), requests are sorted according to ordered sequence on
requeue if IO barrier is in progress.
The following sequence deadlocks.
1. IO barrier sequence issues.
2. Suspend requested. Queue is quiesced with part or all of IO
barrier sequence at the front.
3. During suspending or resuming, SCSI issues internal command which
gets deferred and requeued for some reason. As the command is
issued after the IO barrier in #1, ordered requeueing code puts the
request after IO barrier sequence.
4. The device is ready to process requests again but still is in
quiesced state and the first request of the queue isn't
REQ_PREEMPT, so command processing is deadlocked -
suspending/resuming waits for the issued request to complete while
the request can't be processed till device is put back into
running state by resuming.
This can be fixed by always putting !fs requests at the front when
requeueing.
The following thread reports this deadlock.
http://thread.gmane.org/gmane.linux.kernel/537473
Signed-off-by: Tejun Heo <htejun@gmail.com>
Acked-by: David Greaves <david@dgreaves.com>
Acked-by: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch fixes a NULL dereference spotted by the Coverity checker.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 6f74651ae6 is found guilty
of breaking DSACK counting, which should be done only for the
SACK block reported by the DSACK instead of every SACK block
that is received along with DSACK information.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 164891aadf broke RTT
sampling of congestion control modules. Inaccurate timestamps
could be fed to them without providing any way for them to
identify such cases. Previously RTT sampler was called only if
FLAG_RETRANS_DATA_ACKED was not set filtering inaccurate
timestamps nicely. In addition, the new behavior could give an
invalid timestamp (zero) to RTT sampler if only skbs with
TCPCB_RETRANS were ACKed. This solves both problems.
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
We only ever set do_wakeup to non-zero if the pipe has an inode
backing, so it's pointless to check outside the pipe->inode
check.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
If the destination pipe is full and we already transferred
data, we break out instead of waiting for more pipe room.
The exit logic looks at spd->nr_pages to see if we moved
everything inside the spd container, but we decrement that
variable in the loop to decide when spd has emptied.
Instead we want to compare to the original page count in
the spd, so cache that in a local variable.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
As we have potentially dirtied more than 1 page, we should indicate as
such to the dirty page balancing. So call
balance_dirty_pages_ratelimited_nr() and pass in the approximate number
of pages we dirtied.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
The lazy fpu changes did not take into account that some vmexit handlers
can sleep. Move loading the guest state into the inner loop so that it
can be reloaded if necessary, and move loading the host state into
vmx_vcpu_put() so it can be performed whenever we relinquish the vcpu.
Signed-off-by: Avi Kivity <avi@qumranet.com>
* 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: fix radeon setparam on 32/64 bit systems.
drm/i915: Add support for the G33, Q33, and Q35 chipsets.
i915: add new pciids for 945GME, 965GME/GLE
* master.kernel.org:/pub/scm/linux/kernel/git/kyle/parisc-2.6: (30 commits)
[PARISC] remove global_ack_eiem
[PARISC] Fix kernel panic in check_ivt
[PARISC] Fix bug when syscall nr is __NR_Linux_syscalls
[PARISC] be more defensive in process.c::get_wchan
[PARISC] fix "reduce size of task_struct on 64-bit machines" fallout
[PARISC] fix null ptr deref in unwind.c
[PARISC] fix trivial spelling nit in asm/linkage.h
[PARISC] remove remnants of parisc-specific softirq code
[PARISC] fix section mismatch in smp.c
[PARISC] fix "ENTRY" macro redefinition
[PARISC] Wire up utimensat/signalfd/timerfd/eventfd syscalls
[PARISC] fix section mismatch in superio serial drivers
[PARISC] fix section mismatch in parisc eisa driver
[PARISC] fix section mismatches in arch/parisc/kernel
[PARISC] fix section mismatch in ccio-dma
[PARISC] fix section mismatch in parisc STI video drivers
[PARISC] fix section mismatch in parport_gsc
[PARISC] fix lasi_82596 build
[PARISC] Build fixes for power.c
[PARISC] kobject is embedded in subsys, not kset
...
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Fix args to sun4v_ldc_revoke().
[SPARC64]: Really fix parport.
[SPARC64]: Fix IO/MEM space sizing for PCI.
[SPARC64]: Wire up cookie based sun4v interrupt registry.
This patch trys to fix device probe in two cases. First we should
correctly detect device if integrated graphics device is not enabled
or exists, like an add-in card is plugged. Second on some type of intel
GMCH, it might have multiple graphic chip models, like 945GME case, so
we should be sure the detect works through the whole table.
Signed-off-by: Wang Zhenyu <zhenyu.z.wang@intel.com>
Signed-off-by: Dave Jones <davej@redhat.com>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[IPV6] addrconf: Fix IPv6 on tuntap tunnels
[TCP]: Add missing break to TCP option parsing code
[SCTP] Don't disable PMTU discovery when mtu is small
[SCTP] Flag a pmtu change request
[SCTP] Update pmtu handling to be similar to tcp
[SCTP] Fix leak in sctp_getsockopt_local_addrs when copy_to_user fails
[SCTP]: Allow unspecified port in sctp_bindx()
[SCTP]: Correctly set daddr for IPv6 sockets during peeloff
[TCP]: Set initial_ssthresh default to zero in Cubic and BIC.
[TCP]: Fix left_out setting during FRTO
[TCP]: Disable TSO if MD5SIG is enabled.
[PPP_MPPE]: Fix "osize too small" check.
[PATCH] mac80211: Don't stop tx queue on master device while scanning.
[PATCH] mac80211: fix debugfs tx power reduction output
[PATCH] cfg80211: fix signed macaddress in sysfs
[IrDA]: f-timer reloading when sending rejected frames.
[IrDA]: Fix Rx/Tx path race.
The recent patch that added ipv6_hwtype is broken on tuntap tunnels.
Indeed, it's broken on any device that does not pass the ipv6_hwtype
test.
The reason is that the original test only applies to autoconfiguration,
not IPv6 support. IPv6 support is allowed on any device. In fact,
even with the ipv6_hwtype patch applied you can still add IPv6 addresses
to any interface that doesn't pass thw ipv6_hwtype test provided that
they have a sufficiently large MTU. This is a serious problem because
come deregistration time these devices won't be cleaned up properly.
I've gone back and looked at the rationale for the patch. It appears
that the real problem is that we were creating IPv6 devices even if the
MTU was too small. So here's a patch which fixes that and reverts the
ipv6_hwtype stuff.
Thanks to Kanru Chen for reporting this issue.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
This flaw does not affect any behavior (currently).
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Support for performance counter overflow interrupt that is on a separate
interrupt from the timer.
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
And an attempt to tidy up the core/controller differences.
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This allows SLUB debugging to be used without fear of messing up DMA
transfers. SPI is one example that easily breaks without this patch.
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
In the latest incarnation of the ltv350qv driver the call to
spi_setup() has been removed. So we need to initialize things more
carefully in the board info struct.
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
The AVR32 <asm/gpio.h> was missing the gpio_*_cansleep() calls,
breaking compilation for some code using them.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
Limit the rate of the kernel logging for the segfaults of user
applications, to avoid potential message floods or denial-of-service
attacks.
Signed-off-by: Andrea Righi <a.righi@cineca.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
Previously, registering this early console would just result
in dropping early buffered printk output until a udbg_putc
was registered.
However, commit 69331af79c
clears the CON_PRINTBUFFER flag on the main console when a
CON_BOOT (early) console has been registered, resulting in
the buffered messages never being displayed to the user.
This fixes the problem by making sure we don't register udbg_console
on platforms that don't implement udbg_putc.
Signed-off-by: Milton Miller <miltonm@bga.com>
Acked-by: Mark A. Greer <mgreer@mvista.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>