On the x86 arch, user space single step exceptions should be ignored
if they occur in the kernel space, such as ptrace stepping through a
system call.
First check if it is kgdb that is executing a single step, then ensure
it is not an accidental traversal into the user space, while in kgdb,
any other time the TIF_SINGLESTEP is set, kgdb should ignore the
exception.
On x86, arm, mips and powerpc, the kgdb_contthread usage was
inconsistent with the way single stepping is implemented in the kgdb
core. The arch specific stub should always set the
kgdb_cpu_doing_single_step correctly if it is single stepping. This
allows kgdb to correctly process an instruction steps if ptrace
happens to be requesting an instruction step over a system call.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
On the ARM architecture, kgdb will crash the kernel if the last byte
of valid memory is written due to a flush_icache_range flushing
beyond the memory boundary.
Signed-off-by: Atsuo Igarashi <atsuo_igarashi@tripeaks.co.jp>
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
* 'linux-next' of git://git.infradead.org/~dedekind/ubifs-2.6:
UBIFS: fix printk format warnings
UBIFS: remove incorrect assert
UBIFS: TNC / GC race fixes
UBIFS: create the name of the background thread in every case
Yet another bug was found in xfs_iext_irec_compact_full() and while the
source of the bug was found it wasn't an easy task to track it down
because the conditions are very difficult to reproduce.
A HUGE thank-you goes to Russell Cattelan and Eric Sandeen for their
significant effort in tracking down the source of this corruption.
xfs_iext_irec_compact_full() and xfs_iext_irec_compact_pages() are almost
identical - they both compact indirect extent lists by moving extents from
subsequent buffers into earlier ones. xfs_iext_irec_compact_pages() only
moves extents if all of the extents in the next buffer will fit into the
empty space in the buffer before it. xfs_iext_irec_compact_full() will go
a step further and move part of the next buffer if all the extents wont
fit. It will then shift the remaining extents in the next buffer up to the
start of the buffer. The bug here was that we did not update er_extoff and
this caused extent list corruption.
It does not appear that this extra functionality gains us much. Calling
xfs_iext_irec_compact_pages() instead will do a good enough job at
compacting the indirect list and will be quicker too.
For the case in xfs_iext_indirect_to_direct() the total number of extents
in the indirect list will fit into one buffer so we will never need the
extra functionality of xfs_iext_irec_compact_full() there.
Also xfs_iext_irec_compact_pages() doesn't need to do a memmove() (the
buffers will never overlap) so we don't want the performance hit that can
incur.
SGI-PV: 987159
SGI-Modid: xfs-linux-melb:xfs-kern:32166a
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
If we don't move all the records from the next buffer into the current
buffer then we need to update the er_extoff field of the next buffer as we
shift the remaining records to the start of the buffer.
SGI-PV: 987159
SGI-Modid: xfs-linux-melb:xfs-kern:32165a
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Signed-off-by: Russell Cattelan <cattelan@thebarn.com>
Commit ee1e2c82 ("IPoIB: Refresh paths instead of flushing them on SM
change events") changed how paths are flushed on an SM event. This
change introduces a problem if the path record query triggered by
fails, causing path->ah to become NULL. A later successful path query
will then trigger WARN_ON() in path_rec_completion(), and crash
because path->ah has already been freed, so the ipoib_put_ah() inside
the lock in path_rec_completion() may actually drop the last reference
(contrary to the comment that claims this is safe).
Fix this by updating path->ah and freeing old_ah only when the path
record query is successful. This prevents the neighbour AH and that
path AH from getting out of sync.
This fixes <https://bugs.openfabrics.org/show_bug.cgi?id=1194>
Reported-by: Rabah Salem <ravah@mellanox.com>
Debugged-by: Eli Cohen <eli@mellanox.co.il>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The power_mutex lock in snd_pcm_drop may cause a possible deadlock
chain, and above all, it's unneeded. Let's get rid of it.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The PCM and rawmidi open callbacks have a lock against card->controls_list
but it takes a wrong one, card->controls_rwsem, instead of a right one
card->ctl_files_rwlock. This patch fixes them.
This change also fixes automatically the potential deadlocks due to
mm->mmap_sem in munmap and copy_from/to_user, reported by Sitsofe
Wheeler:
A: snd_ctl_elem_user_tlv(): card->controls_rwsem => mm->mmap_sem
B: snd_pcm_open(): card->open_mutex => card->controls_rwsem
C: munmap: mm->mmap_sem => snd_pcm_release(): card->open_mutex
The patch breaks the chain.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
* 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6:
i2c: Fix mailing lists in two MAINTAINERS entries
i2c-dev: Return correct error code on class_create() failure
i2c-powermac: Fix section for probe and remove functions
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86: prevent stale state of c1e_mask across CPU offline/online, fix
Make sched_clock() report time since boot rather than time since last
timer interrupt.
Make sched_clock() expand and scale the 32-bit TSC value running at
IOCLK speed (~33MHz) to a 64-bit nanosecond counter, using cnt32_to_63()
acquired from the ARM arch and without using slow DIVU instructions
every call.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Move asm-arm/cnt32_to_63.h to include/linux/ so that MN10300 can make
use of it too.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The current code ignores rules for internal options in HBH/DST options
header in packet processing if 'Not strict' mode is specified (which is not
implemented). Clearly it is not expected by user.
Kernel should reject HBH/DST rule insertion with 'Not strict' mode
in the first place.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
9p: fix put_data error handling
9p: use an IS_ERR test rather than a NULL test
9p: introduce missing kfree
9p-trans_fd: fix and clean up module init/exit paths
9p-trans_fd: don't do fs segment mangling in p9_fd_poll()
9p-trans_fd: clean up p9_conn_create()
9p-trans_fd: fix trans_fd::p9_conn_destroy()
9p: implement proper trans module refcounting and unregistration
Abhishek Kulkarni pointed out an inconsistency in the way
errors are returned from p9_put_data. On deeper exploration it
seems the error handling for this path was completely wrong.
This patch adds checks for allocation problems and propagates
errors correctly.
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
In case of error, the function p9_client_walk returns an ERR pointer, but
never returns a NULL pointer. So a NULL test that comes after an IS_ERR
test should be deleted.
The semantic match that finds this problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@match_bad_null_test@
expression x, E;
statement S1,S2;
@@
x = p9_client_walk(...)
... when != x = E
* if (x != NULL)
S1 else S2
// </smpl>
Signed-off-by: Julien Brunel <brunel@diku.dk>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Error handling code following a kmalloc should free the allocated data.
The semantic match that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@r exists@
local idexpression x;
statement S;
expression E;
identifier f,l;
position p1,p2;
expression *ptr != NULL;
@@
(
if ((x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...)) == NULL) S
|
x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
)
<... when != x
when != if (...) { <+...x...+> }
x->f = E
...>
(
return \(0\|<+...x...+>\|ptr\);
|
return@p2 ...;
)
@script:python@
p1 << r.p1;
p2 << r.p2;
@@
print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
trans_fd leaked p9_mux_wq on module unload. Fix it. While at it,
collapse p9_mux_global_init() into p9_trans_fd_init(). It's easier to
follow this way and the global poll_tasks array is about to removed
anyway.
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
p9_fd_poll() is never called with user pointers and f_op->poll()
doesn't expect its arguments to be from userland. There's no need to
set kernel ds before calling f_op->poll() from p9_fd_poll(). Remove
it.
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
* Use kzalloc() to allocate p9_conn and remove 0/NULL initializations.
* Clean up error return paths.
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
p9_conn_destroy() first kills all current requests by calling
p9_conn_cancel(), then waits for the request list to be cleared by
waiting on p9_conn->equeue. After that, polling is stopped and the
trans is destroyed. This sequence has a few problems.
* Read and write works were never cancelled and the p9_conn can be
destroyed while the works are running as r/w works remove requests
from the list and dereference the p9_conn from them.
* The list emptiness wait using p9_conn->equeue wouldn't trigger
because p9_conn_cancel() always clears all the lists and the only
way the wait can be triggered is to have another task to issue a
request between the slim window between p9_conn_cancel() and the
wait, which isn't safe under the current implementation with or
without the wait.
This patch fixes the problem by first stopping poll, which can
schedule r/w works, first and cancle r/w works which guarantees that
r/w works are not and will not run from that point and then calling
p9_conn_cancel() and do the rest of destruction.
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
9p trans modules aren't refcounted nor were they unregistered
properly. Fix it.
* Add 9p_trans_module->owner and reference the module on each trans
instance creation and put it on destruction.
* Protect v9fs_trans_list with a spinlock. This isn't strictly
necessary as the list is manipulated only during module loading /
unloading but it's a good idea to make the API safe.
* Unregister trans modules when the corresponding module is being
unloaded.
* While at it, kill unnecessary EXPORT_SYMBOL on p9_trans_fd_init().
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Enabling the MIB interrupts has proven to cause an
interrupt storm after 7 hours of run. We will make use of the
MIB interrupt once we have ANI supported added so for now
to cure this we disable the interrupt.
The interrupt storm can be seen as follows after 7 hours of run
as reported by Steven Noonan <steven@uplinklabs.net>:
18:28:38 sum 1106.00
18:28:39 sum 1037.62
18:28:40 sum 1069.00
18:28:41 sum 1167.00
18:28:42 sum 1155.00
18:28:43 sum 1339.00
18:28:44 sum 18355.00
18:28:45 sum 17845.45
18:28:46 sum 15285.00
18:28:47 sum 17511.00
18:28:48 sum 17568.69
18:28:49 sum 17704.04
18:28:50 sum 18566.67
18:28:51 sum 18913.13
at 18:28:44 the MIB interrupt kicked off and caused huge
latency which can be seen even on a video he submitted:
http://www.youtube.com/watch?v=4GeCx1gZMpA
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Two MAINTAINER entries (I2C/SMBUS STUB DRIVER and SIS 96X I2C/SMBUS
DRIVER) were improperly pointing to the lm-sensors mailing list
instead of the i2c mailing list. Fix them.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Mark M. Hoffman <mhoffman@lightlink.com>
We need to convert the error pointer from class_create(), else we'll return the
successful return code from register_chrdev() on failure.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
__devexit for i2c_powermac_probe is obviously wrong. In the definition
of struct platform_driver i2c_powermac_driver the remove function
i2c_powermac_remove is wrapped in __devexit_p, so it should be defined
using __devexit.
Signed-off-by: Uwe Kleine-Koenig <ukleinek@informatik.uni-freiburg.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
The OLPC doesn't support APM but also doesn't have DMI, so we can't detect
and disable it based on DMI data. So, just disable based on machine_is_olpc()
Signed-off-by: Jeremy Katz <katzj@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Fix build error introduced by commit 4faac97d44 ("x86: prevent stale
state of c1e_mask across CPU offline/online").
process_32.c needs to include idle.h to get the prototype for
c1e_remove_cpu()
Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
When we use > 4KB's page size the original definition is not consistent
with PGDIR_SIZE. For exeample, if we use 16KB page size the PGDIR_SHIFT is
(14-2) + 14 = 26, PGDIR_SIZE is 2^26,so the PTRS_PER_PGD should be:
2^32/2^26 = 2^6
but the original definition of PTRS_PER_PGD is 4096 (PGDIR_ORDER = 0).
So, this definition needs to be consistent with the PGDIR_SIZE.
And the new definition is consistent with the PGD init in pagetable_init().
Signed-off-by: Dajie Tan <jiankemeng@gmail.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
When setting the direction of one GPIO pin we have to keep the state of the
other pins, hence use binary OR. Also gpio_direction_output() wants to set an
initial value, so add that too.
This fixes a problem with the USB power switch on mtx-1 boards.
Signed-off-by: Bruno Randolf <br1@einfach.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (23 commits)
USB: revert recovery from transient errors
usb: unusual devs patch for Nokia 5310 Music Xpress
usb: ftdi_sio: add support for Domintell devices
USB: drivers/usb/musb/: disable it on SuperH
USB Serial: Sierra: Add MC8785 VID/PID
USB: serial: add ZTE CDMA Tech id to option driver
USB: ftdi_sio: Add 0x5050/0x0900 USB IDs (Papouch Quido USB 4/4)
usb serial: ti_usb_3410_5052 obviously broken by firmware changes
USB: fsl_usb2_udc: fix VDBG() format string
USB: unusual_devs addition for RockChip MP3 player
USB: SERIAL CP2101 add device IDs
usb-serial: Add Siemens EF81 to PL-2303 hack triggers
USB: fix EHCI periodic transfers
usb: musb: fix include path
USB: Fixing Nokia 3310c in storage mode
usb gadget: fix omap_udc DMA regression
USB: update of Documentation/usb/anchors.txt
USB: fix hcd interrupt disabling
USB: Correct Sierra Wireless USB EVDO Modem Device ID
USB: Fix the Nokia 6300 storage-mode.
...
* 'timers-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
timers: fix build error in !oneshot case
x86: c1e_idle: don't mark TSC unstable if CPU has invariant TSC
x86: prevent C-states hang on AMD C1E enabled machines
clockevents: prevent mode mismatch on cpu online
clockevents: check broadcast device not tick device
clockevents: prevent stale tick_next_period for onlining CPUs
x86: prevent stale state of c1e_mask across CPU offline/online
clockevents: prevent cpu online to interfere with nohz
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86: fix 27-rc crash on vsmp due to paravirt during module load
x86, oprofile: BUG scheduling while atomic
AMD IOMMU: protect completion wait loop with iommu lock
AMD IOMMU: set iommu sunc flag after command queuing
This patch (as1135) essentially reverts the major parts of two earlier
patches to usbcore, because they ended up causing a regression.
Trying to recover from transient communication errors can lead to
other problems, because operations that failed during the error period
are not always retried. The simplest example is the initial
Set-Config request sent after device enumeration; if it gets lost then
it will not be retried and the device will remain unconfigured.
This patch restores the old behavior in which any port disconnect or
port disable causes the entire device structure to be removed, fixing a
reported regression.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested-by: Frans Pop <elendil@planet.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The Nokia 5310 Music Xpress phone reports one too many sectors in
usb-storage mode. This patch resolves that.
Signed-off-by: David Almaroad <dalmaroad@gmail.com>
Cc: Matthew Dharm <mdharm-usb@one-eyed-alien.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In file included from drivers/usb/musb/musb_core.h:59,
from drivers/usb/musb/musb_core.c:108:
drivers/usb/musb/musb_io.h:42: error: conflicting types for '__raw_readsl'
/usr/src/devel/arch/sh/include/asm/io.h:112: error: previous declaration of '__raw_readsl' was here
drivers/usb/musb/musb_io.h:42: error: conflicting types for '__raw_readsl'
/usr/src/devel/arch/sh/include/asm/io.h:112: error: previous declaration of '__raw_readsl' was here
drivers/usb/musb/musb_io.h:44: error: conflicting types for 'readsw'
/usr/src/devel/arch/sh/include/asm/io.h:164: error: previous definition of 'readsw' was here
drivers/usb/musb/musb_io.h:46: error: conflicting types for 'readsb'
/usr/src/devel/arch/sh/include/asm/io.h:163: error: previous definition of 'readsb' was here
drivers/usb/musb/musb_io.h:49: error: conflicting types for '__raw_writesl'
/usr/src/devel/arch/sh/include/asm/io.h:111: error: previous declaration of '__raw_writesl' was here
drivers/usb/musb/musb_io.h:49: error: conflicting types for '__raw_writesl'
/usr/src/devel/arch/sh/include/asm/io.h:111: error: previous declaration of '__raw_writesl' was here
drivers/usb/musb/musb_io.h:51: error: conflicting types for 'writesw'
/usr/src/devel/arch/sh/include/asm/io.h:164: error: previous definition of 'writesw' was here
drivers/usb/musb/musb_io.h:53: error: conflicting types for 'writesb'
/usr/src/devel/arch/sh/include/asm/io.h:163: error: previous definition of 'writesb' was here
Cc: Karsten Keil <kkeil@suse.de>
Cc: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
While making some other changes to ti_usb_3410_5052, I noticed that the
changes made to move the firmware loading to a separate function are
broken (in ti_download_firmware(), status is set to -ENOMEM and never
changed). This means the driver will never initialize the device
properly. It looks like status was supposed to get the result of
ti_do_download().
Signed-off-by: Chris Adams <cmadams@hiwaay.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Fixes:
drivers/usb/gadget/fsl_usb2_udc.c: In function 'dr_controller_setup':
drivers/usb/gadget/fsl_usb2_udc.c:229: warning: format '%p' expects type
'void *', but argument 3 has type 'int'
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1136) adds an unusual_devs entry for a version of the
RockChip MP3 player which can't handle the MODE SENSE command used for
write-protect detection.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This hardware needs the pl2303 hack in order to work properly :(
Signed-off-by: Andreas Bombe <aeb@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
As noted by Stefan Neis <Stefan.Neis@kobil.com>, we had a recent
regression with EHCI periodic transfers, in some (seemingly not
all that common) cases.
The root cause was that the schedule activation was only loosely
coupled to the addition or removal of transfers, so two different
execution contexts could both think they had to deactivate (or
conversely activate) the schedule. So this fix tightens that
coupling, managing it more like a refcount.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>