- 05 Dec, 2007 1 commit
-
-
Steven Rostedt authored
David Holmes found a bug in the -rt tree with respect to pthread_cond_timedwait. After trying his test program on the latest git from mainline, I found the bug was there too. The bug he was seeing that his test program showed, was that if one were to do a "Ctrl-Z" on a process that was in the pthread_cond_timedwait, and then did a "bg" on that process, it would return with a "-ETIMEDOUT" but early. That is, the timer would go off early. Looking into this, I found the source of the problem. And it is a rather nasty bug at that. Here's the relevant code from kernel/futex.c: (not in order in the file) [...] smlinkage long sys_futex(u32 __user *uaddr, int op, u32 val, struct timespec __user *utime, u32 __user *uaddr2, u32 val3) { struct timespec ts; ktime_t t, *tp = NULL; u32 val2 = 0; int cmd = op & FUTEX_CMD_MASK; if (utime && (cmd == FUTEX_WAIT || cmd == FUTEX_LOCK_PI)) { if (copy_from_user(&ts, utime, sizeof(ts)) != 0) return -EFAULT; if (!timespec_valid(&ts)) return -EINVAL; t = timespec_to_ktime(ts); if (cmd == FUTEX_WAIT) t = ktime_add(ktime_get(), t); tp = &t; } [...] return do_futex(uaddr, op, val, tp, uaddr2, val2, val3); } [...] long do_futex(u32 __user *uaddr, int op, u32 val, ktime_t *timeout, u32 __user *uaddr2, u32 val2, u32 val3) { int ret; int cmd = op & FUTEX_CMD_MASK; struct rw_semaphore *fshared = NULL; if (!(op & FUTEX_PRIVATE_FLAG)) fshared = ¤t->mm->mmap_sem; switch (cmd) { case FUTEX_WAIT: ret = futex_wait(uaddr, fshared, val, timeout); [...] static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared, u32 val, ktime_t *abs_time) { [...] struct restart_block *restart; restart = ¤t_thread_info()->restart_block; restart->fn = futex_wait_restart; restart->arg0 = (unsigned long)uaddr; restart->arg1 = (unsigned long)val; restart->arg2 = (unsigned long)abs_time; restart->arg3 = 0; if (fshared) restart->arg3 |= ARG3_SHARED; return -ERESTART_RESTARTBLOCK; [...] static long futex_wait_restart(struct restart_block *restart) { u32 __user *uaddr = (u32 __user *)restart->arg0; u32 val = (u32)restart->arg1; ktime_t *abs_time = (ktime_t *)restart->arg2; struct rw_semaphore *fshared = NULL; restart->fn = do_no_restart_syscall; if (restart->arg3 & ARG3_SHARED) fshared = ¤t->mm->mmap_sem; return (long)futex_wait(uaddr, fshared, val, abs_time); } So when the futex_wait is interrupt by a signal we break out of the hrtimer code and set up or return from signal. This code does not return back to userspace, so we set up a RESTARTBLOCK. The bug here is that we save the "abs_time" which is a pointer to the stack variable "ktime_t t" from sys_futex. This returns and unwinds the stack before we get to call our signal. On return from the signal we go to futex_wait_restart, where we update all the parameters for futex_wait and call it. But here we have a problem where abs_time is no longer valid. I verified this with print statements, and sure enough, what abs_time was set to ends up being garbage when we get to futex_wait_restart. The solution I did to solve this (with input from Linus Torvalds) was to add unions to the restart_block to allow system calls to use the restart with specific parameters. This way the futex code now saves the time in a 64bit value in the restart block instead of storing it on the stack. Note: I'm a bit nervious to add "linux/types.h" and use u32 and u64 in thread_info.h, when there's a #ifdef __KERNEL__ just below that. Not sure what that is there for. If this turns out to be a problem, I've tested this with using "unsigned int" for u32 and "unsigned long long" for u64 and it worked just the same. I'm using u32 and u64 just to be consistent with what the futex code uses. Signed-off-by: Steven Rostedt <srostedt@redhat.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 04 Dec, 2007 30 commits
-
-
Linus Torvalds authored
* 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: PHY: Add the phy_device_release device method. gianfar: fix compile warning pasemi_mac: Fix reuse of free'd skb SMC911X: Fix using of dereferenced skb after netif_rx sky2: recovery deadlock fix Fix memory corruption in fec_mpc52xx Don't claim to do IPv6 checksum offload cxgb - revert file mode changes.
-
Anton Vorontsov authored
Lately I've got this nice badness on mdio bus removal: Device 'e0103120:06' does not have a release() function, it is broken and must be fixed. ------------[ cut here ]------------ Badness at drivers/base/core.c:107 NIP: c015c1a8 LR: c015c1a8 CTR: c0157488 REGS: c34bdcf0 TRAP: 0700 Not tainted (2.6.23-rc5-g9ebadfbb-dirty) MSR: 00029032 <EE,ME,IR,DR> CR: 24088422 XER: 00000000 ... [c34bdda0] [c015c1a8] device_release+0x78/0x80 (unreliable) [c34bddb0] [c01354cc] kobject_cleanup+0x80/0xbc [c34bddd0] [c01365f0] kref_put+0x54/0x6c [c34bdde0] [c013543c] kobject_put+0x24/0x34 [c34bddf0] [c015c384] put_device+0x1c/0x2c [c34bde00] [c0180e84] mdiobus_unregister+0x2c/0x58 ... Though actually there is nothing broken, it just device subsystem core expects another "pattern" of resource managment. This patch implement phy device's release function, thus we're getting rid of this badness. Also small hidden bug fixed, hope none other introduced. ;-) Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com> Acked-by: Andy Fleming <afleming@freescale.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
Grant Likely authored
Eliminate an uninitialized variable warning. The code is correct, but a pointer to the automatic variable 'addr' is passed to dma_alloc_coherent. Since addr has never been initialized, and the compiler doesn't know what dma_alloc_coherent will do with it, it complains. Signed-off-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
Olof Johansson authored
Turns out we're freeing the skb when we detect CRC error, but we're not clearing out info->skb. We could either clear it and have the stack reallocate it, or just leave it and the rx ring refill code will reuse the one that was allocated. Reusing a freed skb obviously caused some nasty crashes of various kind, as reported by Brent Baude and David Woodhouse. Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
Wang Chen authored
Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
Stephen Hemminger authored
Prevent deadlock in sky2 recovery logic. sky2_down calls napi_synchronize which gets stuck if napi was already disabled. Fix by rearranging slightly and not calling napi_disable until after both ports are stopped. The napi_disable probably is being overly paranoid, but it is safe now. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
Jon Smirl authored
The mpc5200 fec driver is corrupting memory. This patch fixes two bugs where the wrong skb was being referenced. Signed-off-by: Jon Smirl <jonsmirl@gmail.com> Acked-by: Domen Puncer <domen.puncer@telargo.com> Signed-off-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
David Woodhouse authored
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
Divy Le Ray authored
revert inavertant file mode changes Signed-off-by: Divy Le Ray <divy@chelsio.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
Bartlomiej Zolnierkiewicz authored
* Don't program UDMA timings when programming PIO or MWDMA modes. This has also a nice side-effect of fixing regression added by commit 681c80b5 ("libata: correct handling of SRST reset sequences") (->set_piomode method for PIO0 is called before ->cable_detect method which checks UDMA timings to get the cable type). * Bump driver version. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Tested-by: "Thomas Lindroth" <thomas.lindroth@gmail.com> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Tejun Heo <htejun@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
peerchen authored
Add the device IDs of legacy mode of MCP79 AHCI controller to ahci.c Signed-off-by: Peer Chen <peerchen@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
Mark Lord authored
The Highpoint RocketRAID boards using Marvell 7042 chips overwrite the 9th sector of attached drives at boot time, when those drives are configured as "Legacy" (the default) in the HighPoint BIOS. This kills GRUB, and probably other stuff. But it all happens *before* Linux is even loaded. So, for now we'll log a WARNING when such boards are detected, and advise users to configure BIOS "JBOD" volumes instead, which don't appear to suffer from this problem. Signed-off-by: Mark Lord <mlord@pobox.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
-
Robert Hancock authored
We need to run any DMA command with result taskfile requested in ADMA mode when the port is in ADMA mode, otherwise it may try to use the legacy DMA engine in ADMA mode which is not allowed. Enforce this with BUG_ON() since data corruption could potentially result if this happened. Also, fail any attempt to try and issue NCQ commands with result taskfile requested, since the hardware doesn't allow this. Signed-off-by: Robert Hancock <hancockr@shaw.ca> Signed-off-by: Jeff Garzik <jeff@garzik.org>
-
git://git390.osdl.marist.edu/pub/scm/linux-2.6Linus Torvalds authored
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: [S390] Make sure the restore psw masks are initialized. [S390] Fix compile error on 31bit without preemption [S390] dcssblk: prevent early access without own make_request function [S390] cio: add missing reprobe loop end statement [S390] cio: Issue SenseID per path.
-
git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86: x86: arch_register_cpu() section fix x86: free_cache_attributes() section fix x86: add the word 'WARNING' in check_nmi_watchdog() output x86: revert CONFIG_X86_HT semantics change
-
git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-schedLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched: sched: default to more agressive yield for SCHED_BATCH tasks sched: fix crash in sys_sched_rr_get_interval()
-
Adrian Bunk authored
I haven't seen Richard doing MTRR related work for quite some time, and the "X86 ARCHITECTURE" entry in MAINTAINERS already covers the people currently responsible for this code. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ingo Molnar authored
SET_MODULE_OWNER() is obsolete. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Andrew Morton authored
fix this on i386 allnoconfig: WARNING: vmlinux.o(.text+0x6f2e): Section mismatch: reference to .init.text:register_cpu (between 'arch_register_cpu' and 'text_poke') Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-
Adrian Bunk authored
free_cache_attributes() must be __cpuinit since it calls the __cpuinit cache_remove_shared_cpu_map(). This patch fixes the following section mismatch reported by Chris Clayton: ... WARNING: vmlinux.o(.text+0x90b6): Section mismatch: reference to .init.text:cache_remove_shared_cpu_map (between 'free_cache_attributes' and 'show_level') ... Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-
Don Zickus authored
Our automated test suite looks for keywords like error, fail, warning in the boot log. In the case when the nmi watchdog is determined to be stuck in check_nmi_watchdog(), none of those keywords are displayed. This patch adds a keyword, "WARNING:", so it makes it easier to notice when the nmi watchdog isn't working correctly. Also add a proper KERN_WARNING mark to this printout. Signed-off-by: Don Zickus <dzickus@redhat.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-
Adrian Bunk authored
The recent Kconfig changes in x86 resulted in CONFIG_X86_HT no longer being set if (X86_32 && MK8). After grep'ing through the tree I think the problem is that different places have different assumptions about the semantics of CONFIG_X86_HT, either: - hyperthreading or - multicore This should be sorted out properly, but until then we should keep the 2.6.23 status quo. Signed-off-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-
Ingo Molnar authored
do more agressive yield for SCHED_BATCH tuned tasks: they are all about throughput anyway. This allows a gentler migration path for any apps that relied on stronger yield. Signed-off-by: Ingo Molnar <mingo@elte.hu>
-
Ingo Molnar authored
Luiz Fernando N. Capitulino reported that sched_rr_get_interval() crashes for SCHED_OTHER tasks that are on an idle runqueue. The fix is to return a 0 timeslice for tasks that are on an idle runqueue. (and which are not running, obviously) this also shrinks the code a bit: text data bss dec hex filename 47903 3934 336 52173 cbcd sched.o.before 47885 3934 336 52155 cbbb sched.o.after Reported-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: Ingo Molnar <mingo@elte.hu>
-
Heiko Carstens authored
In case of TRACE_IRQFLAGS the restore psw masks will not be initialized if noexec is turned on. This will lead to an immediate system crash. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-
Christian Borntraeger authored
Commit b8e7a54c introduced a compile error if CONFIG_PREEMPT is not set: arch/s390/kernel/built-in.o: In function `cleanup_io_leave_insn': /space/kvm/arch/s390/kernel/entry.S:(.text+0xbfce): undefined reference to `preempt_schedule_irq' This patch hides preempt_schedule_irq if CONFIG_PREEMPT is not set. Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-
Christian Borntraeger authored
When loading a dcss segment with the dcssblk driver, sometimes the following kind of message appears: bio too big device dcssblk0 (8 > 0) Buffer I/O error on device dcssblk0, logical block 172016 .. The fix is to move the disk registration after setting the make_request function, to avoid calls into generic_make_request for dcssblock without having the make_request function set up properly. Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-
Peter Oberparleiter authored
Add loop end statement to prevent looping over empty subchannel sets. Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-
Cornelia Huck authored
We may receive a unit check for every path when we issue a SenseID. Unfortunately, the channel subsystem will try on a different path every time if we use a lpm of 0xff, which will exhaust our retry counter. Therefore, revert SenseID to its previous per-path behaviour and just leave out the suspend multipath reconnect. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-
Linus Torvalds authored
-
- 03 Dec, 2007 9 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6.24Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6.24: sh: Support PCI IO access of SH7780 base boards. sh: Fix PCI IO space base address of SH7780.
-
Ralf Baechle authored
The old code did did only work as long as CFE and the kernel were using the same interrupt numbering ... Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86: x86: fix x86-32 early fixmap initialization. x86: disable hpet legacy replacement for kdump x86: disable hpet on shutdown
-
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpcLinus Torvalds authored
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: [POWERPC] Remove xmon from ml300 and ml403 defconfig in arch/ppc Revert "[POWERPC] Fix RTAS os-term usage on kernel panic"
-
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6Linus Torvalds authored
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: ACPICA: fix acpi-cpufreq boot crash due to _PSD return-by-reference ACPI: Delete the IRQ operation in throttling controll via PTC
-
git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-schedLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched: sched: cpu accounting controller (V2)
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: [SCSI] NCR5380: Fix bugs and canonicalize irq handler usage [SCSI] zfcp: fix cleanup of dismissed error recovery actions [SCSI] zfcp: fix dismissal of error recovery actions [SCSI] qla1280: convert to use the data buffer accessors [SCSI] iscsi: return data transfer residual for data-out commands [SCSI] iscsi_tcp: fix potential lockup with write commands [SCSI] aacraid: fix security weakness [SCSI] aacraid: fix up le32 issues in BlinkLED [SCSI] aacraid: fix potential panic in thread stop [SCSI] aacraid: don't assign cpu_to_le32(constant) to u8
-
Eric W. Biederman authored
pageexec@freemail.hu writes: > i've just noticed that the chunk in i386/kernel/head.S ended up in a > weird place, namely, it's not going to be executed as it's just after > a 'jmp 3f' and before startup_32_smp, probably not what you intended. > on a sidenote, the whole thing can be done in a single insn, like: > > movl $(swapper_pg_pmd - __PAGE_OFFSET + 0x067), (swapper_pg_dir - > __PAGE_OFFSET+ 4092) Thanks for the reminder I thought we had fixed this problem a while ago. Needed to get fixed virtual address for USB debug and earlycon with mmio. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>
-
OGAWA Hirofumi authored
we should also add hpet_disable() for kdump. Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-