1. 22 Jan, 2013 18 commits
  2. 21 Jan, 2013 10 commits
    • Steven Rostedt's avatar
      ftrace: Be first to run code modification on modules · c1bf08ac
      Steven Rostedt authored
      If some other kernel subsystem has a module notifier, and adds a kprobe
      to a ftrace mcount point (now that kprobes work on ftrace points),
      when the ftrace notifier runs it will fail and disable ftrace, as well
      as kprobes that are attached to ftrace points.
      
      Here's the error:
      
       WARNING: at kernel/trace/ftrace.c:1618 ftrace_bug+0x239/0x280()
       Hardware name: Bochs
       Modules linked in: fat(+) stap_56d28a51b3fe546293ca0700b10bcb29__8059(F) nfsv4 auth_rpcgss nfs dns_resolver fscache xt_nat iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack lockd sunrpc ppdev parport_pc parport microcode virtio_net i2c_piix4 drm_kms_helper ttm drm i2c_core [last unloaded: bid_shared]
       Pid: 8068, comm: modprobe Tainted: GF            3.7.0-0.rc8.git0.1.fc19.x86_64 #1
       Call Trace:
        [<ffffffff8105e70f>] warn_slowpath_common+0x7f/0xc0
        [<ffffffff81134106>] ? __probe_kernel_read+0x46/0x70
        [<ffffffffa0180000>] ? 0xffffffffa017ffff
        [<ffffffffa0180000>] ? 0xffffffffa017ffff
        [<ffffffff8105e76a>] warn_slowpath_null+0x1a/0x20
        [<ffffffff810fd189>] ftrace_bug+0x239/0x280
        [<ffffffff810fd626>] ftrace_process_locs+0x376/0x520
        [<ffffffff810fefb7>] ftrace_module_notify+0x47/0x50
        [<ffffffff8163912d>] notifier_call_chain+0x4d/0x70
        [<ffffffff810882f8>] __blocking_notifier_call_chain+0x58/0x80
        [<ffffffff81088336>] blocking_notifier_call_chain+0x16/0x20
        [<ffffffff810c2a23>] sys_init_module+0x73/0x220
        [<ffffffff8163d719>] system_call_fastpath+0x16/0x1b
       ---[ end trace 9ef46351e53bbf80 ]---
       ftrace failed to modify [<ffffffffa0180000>] init_once+0x0/0x20 [fat]
        actual: cc:bb:d2:4b:e1
      
      A kprobe was added to the init_once() function in the fat module on load.
      But this happened before ftrace could have touched the code. As ftrace
      didn't run yet, the kprobe system had no idea it was a ftrace point and
      simply added a breakpoint to the code (0xcc in the cc:bb:d2:4b:e1).
      
      Then when ftrace went to modify the location from a call to mcount/fentry
      into a nop, it didn't see a call op, but instead it saw the breakpoint op
      and not knowing what to do with it, ftrace shut itself down.
      
      The solution is to simply give the ftrace module notifier the max priority.
      This should have been done regardless, as the core code ftrace modification
      also happens very early on in boot up. This makes the module modification
      closer to core modification.
      
      Link: http://lkml.kernel.org/r/20130107140333.593683061@goodmis.org
      
      Cc: stable@vger.kernel.org
      Acked-by: default avatarMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Reported-by: default avatarFrank Ch. Eigler <fche@redhat.com>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      c1bf08ac
    • Jerry Snitselaar's avatar
      security/device_cgroup: lock assert fails in dev_exception_clean() · 103a197c
      Jerry Snitselaar authored
      devcgroup_css_free() calls dev_exception_clean() without the devcgroup_mutex being locked.
      
      Shutting down a kvm virt was giving me the following trace:
      
      [36280.732764] ------------[ cut here ]------------
      [36280.732778] WARNING: at /home/snits/dev/linux/security/device_cgroup.c:172 dev_exception_clean+0xa9/0xc0()
      [36280.732782] Hardware name: Studio XPS 8100
      [36280.732785] Modules linked in: xt_REDIRECT fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat xt_CHECKSUM iptable_mangle bridge stp llc nf_conntrack_ipv4 ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 nf_defrag_ipv4 ip6table_filter it87 hwmon_vid xt_state nf_conntrack ip6_tables snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq coretemp snd_seq_device crc32c_intel snd_pcm snd_page_alloc snd_timer snd broadcom tg3 serio_raw i7core_edac edac_core ptp pps_core lpc_ich pcspkr mfd_core soundcore microcode i2c_i801 nfsd auth_rpcgss nfs_acl lockd vhost_net sunrpc tun macvtap macvlan kvm_intel kvm uinput binfmt_misc autofs4 usb_storage firewire_ohci firewire_core crc_itu_t radeon drm_kms_helper ttm
      [36280.732921] Pid: 933, comm: libvirtd Tainted: G        W    3.8.0-rc3-00307-g4c217de #1
      [36280.732922] Call Trace:
      [36280.732927]  [<ffffffff81044303>] warn_slowpath_common+0x93/0xc0
      [36280.732930]  [<ffffffff8104434a>] warn_slowpath_null+0x1a/0x20
      [36280.732932]  [<ffffffff812deaf9>] dev_exception_clean+0xa9/0xc0
      [36280.732934]  [<ffffffff812deb2a>] devcgroup_css_free+0x1a/0x30
      [36280.732938]  [<ffffffff810ccd76>] cgroup_diput+0x76/0x210
      [36280.732941]  [<ffffffff8119eac0>] d_delete+0x120/0x180
      [36280.732943]  [<ffffffff81195cff>] vfs_rmdir+0xef/0x130
      [36280.732945]  [<ffffffff81195e47>] do_rmdir+0x107/0x1c0
      [36280.732949]  [<ffffffff8132d17e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
      [36280.732951]  [<ffffffff81198646>] sys_rmdir+0x16/0x20
      [36280.732954]  [<ffffffff8173bd82>] system_call_fastpath+0x16/0x1b
      [36280.732956] ---[ end trace ca39dced899a7d9f ]---
      Signed-off-by: default avatarJerry Snitselaar <jerry.snitselaar@oracle.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      103a197c
    • Dmitry Kasatkin's avatar
      evm: checking if removexattr is not a NULL · a67adb99
      Dmitry Kasatkin authored
      The following lines of code produce a kernel oops.
      
      fd = socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
      fchmod(fd, 0666);
      
      [  139.922364] BUG: unable to handle kernel NULL pointer dereference at   (null)
      [  139.924982] IP: [<  (null)>]   (null)
      [  139.924982] *pde = 00000000
      [  139.924982] Oops: 0000 [#5] SMP
      [  139.924982] Modules linked in: fuse dm_crypt dm_mod i2c_piix4 serio_raw evdev binfmt_misc button
      [  139.924982] Pid: 3070, comm: acpid Tainted: G      D      3.8.0-rc2-kds+ #465 Bochs Bochs
      [  139.924982] EIP: 0060:[<00000000>] EFLAGS: 00010246 CPU: 0
      [  139.924982] EIP is at 0x0
      [  139.924982] EAX: cf5ef000 EBX: cf5ef000 ECX: c143d600 EDX: c15225f2
      [  139.924982] ESI: cf4d2a1c EDI: cf4d2a1c EBP: cc02df10 ESP: cc02dee4
      [  139.924982]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
      [  139.924982] CR0: 80050033 CR2: 00000000 CR3: 0c059000 CR4: 000006d0
      [  139.924982] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
      [  139.924982] DR6: ffff0ff0 DR7: 00000400
      [  139.924982] Process acpid (pid: 3070, ti=cc02c000 task=d7705340 task.ti=cc02c000)
      [  139.924982] Stack:
      [  139.924982]  c1203c88 00000000 cc02def4 cf4d2a1c ae21eefa 471b60d5 1083c1ba c26a5940
      [  139.924982]  e891fb5e 00000041 00000004 cc02df1c c1203964 00000000 cc02df4c c10e20c3
      [  139.924982]  00000002 00000000 00000000 22222222 c1ff2222 cf5ef000 00000000 d76efb08
      [  139.924982] Call Trace:
      [  139.924982]  [<c1203c88>] ? evm_update_evmxattr+0x5b/0x62
      [  139.924982]  [<c1203964>] evm_inode_post_setattr+0x22/0x26
      [  139.924982]  [<c10e20c3>] notify_change+0x25f/0x281
      [  139.924982]  [<c10cbf56>] chmod_common+0x59/0x76
      [  139.924982]  [<c10e27a1>] ? put_unused_fd+0x33/0x33
      [  139.924982]  [<c10cca09>] sys_fchmod+0x39/0x5c
      [  139.924982]  [<c13f4f30>] syscall_call+0x7/0xb
      [  139.924982] Code:  Bad EIP value.
      
      This happens because sockets do not define the removexattr operation.
      Before removing the xattr, verify the removexattr function pointer is
      not NULL.
      Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
      Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      a67adb99
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 9a928415
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "A bunch of intel and radeon fixes, along with two fixes to TTM code.
      
        The correct fix for the Intel ironlake failure is in this, and should
        make things more stable, along with some misc radeon fixes."
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        ttm: on move memory failure don't leave a node dangling
        ttm: don't destroy old mm_node on memcpy failure
        Revert "drm/radeon: do not move bo to different placement at each cs"
        drm/i915: fix FORCEWAKE posting reads
        drm/i915: Invalidate the relocation presumed_offsets along the slow path
        drm/i915/eDP: do not write power sequence registers for ghost eDP
        drm/radeon: improve semaphore debugging on lockup
        drm/radeon: allow FP16 color clear registers on r500
        drm/radeon: clear reset flags if engines are idle
        drm/i915: Record DERRMR, FORCEWAKE and RING_CTL in error-state
      9a928415
    • Linus Torvalds's avatar
      module: fix missing module_mutex unlock · ee61abb3
      Linus Torvalds authored
      Commit 1fb9341a ("module: put modules in list much earlier") moved
      some of the module initialization code around, and in the process
      changed the exit paths too.  But for the duplicate export symbol error
      case the change made the ddebug_cleanup path jump to after the module
      mutex unlock, even though it happens with the mutex held.
      
      Rusty has some patches to split this function up into some helper
      functions, hopefully the mess of complex goto targets will go away
      eventually.
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ee61abb3
    • Dave Airlie's avatar
      ttm: on move memory failure don't leave a node dangling · 014b3440
      Dave Airlie authored
      if we have a move notify callback, when moving fails, we call move notify
      the opposite way around, however this ends up with *mem containing the mm_node
      from the bo, which means we double free it. This is a follow on to the previous
      fix.
      Reviewed-by: default avatarJerome Glisse <jglisse@redhat.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      014b3440
    • Dave Airlie's avatar
      ttm: don't destroy old mm_node on memcpy failure · 63054186
      Dave Airlie authored
      When we are using memcpy to move objects around, and we fail to memcpy
      due to lack of memory to populate or failure to finish the copy, we don't
      want to destroy the mm_node that has been copied into old_copy.
      
      While working on a new kms driver that uses memcpy, if I overallocated bo's
      up to the memory limits, and eviction failed, then machine would oops soon
      after due to having an active bo with an already freed drm_mm embedded in it,
      freeing it a second time didn't end well.
      Reviewed-by: default avatarJerome Glisse <jglisse@redhat.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      63054186
    • Dave Airlie's avatar
      Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-next · ffb5fd53
      Dave Airlie authored
      More important fixes for 3.9:
      - error_state improvements to help debug the new scanline wait code added
        for gen6+ - bug reports started popping up :( patch from Chris Wilson.
      - fix a panel power sequence confusion between the eDP and lvds detection
        code resulting in black screens - regression introduce in 3.8 (Jani
        Nikula)
      - Chris fixed the root-cause of the ilk relocation vs. evict bug.
      - Another piece of cargo-culted rc6 lore from Jani, fixes up a regression
        where a system refused to go into rc6 after suspend sometimes.
      
      * 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
        drm/i915: fix FORCEWAKE posting reads
        drm/i915: Invalidate the relocation presumed_offsets along the slow path
        drm/i915/eDP: do not write power sequence registers for ghost eDP
        drm/i915: Record DERRMR, FORCEWAKE and RING_CTL in error-state
      ffb5fd53
    • Dave Airlie's avatar
      Merge branch 'drm-fixes-3.8' of git://people.freedesktop.org/~agd5f/linux into drm-next · a3f5aed4
      Dave Airlie authored
      A number of fixes, and one revert for a patch having some wierd side effects.
      
      * 'drm-fixes-3.8' of git://people.freedesktop.org/~agd5f/linux:
        Revert "drm/radeon: do not move bo to different placement at each cs"
        drm/radeon: improve semaphore debugging on lockup
        drm/radeon: allow FP16 color clear registers on r500
        drm/radeon: clear reset flags if engines are idle
      a3f5aed4
    • Linus Torvalds's avatar
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux · 22636476
      Linus Torvalds authored
      Pull module fixes and a virtio block fix from Rusty Russell:
       "Various minor fixes, but a slightly more complex one to fix the
        per-cpu overload problem introduced recently by kvm id changes."
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
        module: put modules in list much earlier.
        module: add new state MODULE_STATE_UNFORMED.
        module: prevent warning when finit_module a 0 sized file
        virtio-blk: Don't free ida when disk is in use
      22636476
  3. 20 Jan, 2013 3 commits
  4. 19 Jan, 2013 1 commit
  5. 18 Jan, 2013 8 commits