lab.nexedi.com will be down from Thursday, 20 March 2025, 07:30:00 UTC for a duration of approximately 2 hours

  1. 03 Jul, 2013 5 commits
    • Zefan Li's avatar
      dlci: acquire rtnl_lock before calling __dev_get_by_name() · eadc8331
      Zefan Li authored
      commit 11eb2645 upstream.
      
      Otherwise the net device returned can be freed at anytime.
      Signed-off-by: default avatarLi Zefan <lizefan@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      eadc8331
    • Oleg Nesterov's avatar
      hw_breakpoint: Use cpu_possible_mask in {reserve,release}_bp_slot() · ed0b72ac
      Oleg Nesterov authored
      commit c790b0ad upstream.
      
      fetch_bp_busy_slots() and toggle_bp_slot() use
      for_each_online_cpu(), this is obviously wrong wrt cpu_up() or
      cpu_down(), we can over/under account the per-cpu numbers.
      
      For example:
      
      	# echo 0 >> /sys/devices/system/cpu/cpu1/online
      	# perf record -e mem:0x10 -p 1 &
      	# echo 1 >> /sys/devices/system/cpu/cpu1/online
      	# perf record -e mem:0x10,mem:0x10,mem:0x10,mem:0x10 -C1 -a &
      	# taskset -p 0x2 1
      
      triggers the same WARN_ONCE("Can't find any breakpoint slot") in
      arch_install_hw_breakpoint().
      Reported-by: default avatarVince Weaver <vincent.weaver@maine.edu>
      Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
      Acked-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Link: http://lkml.kernel.org/r/20130620155009.GA6327@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ed0b72ac
    • Anderson Lizardo's avatar
      Bluetooth: Fix crash in l2cap_build_cmd() with small MTU · 630493e2
      Anderson Lizardo authored
      commit 300b962e upstream.
      
      If a too small MTU value is set with ioctl(HCISETACLMTU) or by a bogus
      controller, memory corruption happens due to a memcpy() call with
      negative length.
      
      Fix this crash on either incoming or outgoing connections with a MTU
      smaller than L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE:
      
      [   46.885433] BUG: unable to handle kernel paging request at f56ad000
      [   46.888037] IP: [<c03d94cd>] memcpy+0x1d/0x40
      [   46.888037] *pdpt = 0000000000ac3001 *pde = 00000000373f8067 *pte = 80000000356ad060
      [   46.888037] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC
      [   46.888037] Modules linked in: hci_vhci bluetooth virtio_balloon i2c_piix4 uhci_hcd usbcore usb_common
      [   46.888037] CPU: 0 PID: 1044 Comm: kworker/u3:0 Not tainted 3.10.0-rc1+ #12
      [   46.888037] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
      [   46.888037] Workqueue: hci0 hci_rx_work [bluetooth]
      [   46.888037] task: f59b15b0 ti: f55c4000 task.ti: f55c4000
      [   46.888037] EIP: 0060:[<c03d94cd>] EFLAGS: 00010212 CPU: 0
      [   46.888037] EIP is at memcpy+0x1d/0x40
      [   46.888037] EAX: f56ac1c0 EBX: fffffff8 ECX: 3ffffc6e EDX: f55c5cf2
      [   46.888037] ESI: f55c6b32 EDI: f56ad000 EBP: f55c5c68 ESP: f55c5c5c
      [   46.888037]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
      [   46.888037] CR0: 8005003b CR2: f56ad000 CR3: 3557d000 CR4: 000006f0
      [   46.888037] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
      [   46.888037] DR6: ffff0ff0 DR7: 00000400
      [   46.888037] Stack:
      [   46.888037]  fffffff8 00000010 00000003 f55c5cac f8c6a54c ffffffff f8c69eb2 00000000
      [   46.888037]  f4783cdc f57f0070 f759c590 1001c580 00000003 0200000a 00000000 f5a88560
      [   46.888037]  f5ba2600 f5a88560 00000041 00000000 f55c5d90 f8c6f4c7 00000008 f55c5cf2
      [   46.888037] Call Trace:
      [   46.888037]  [<f8c6a54c>] l2cap_send_cmd+0x1cc/0x230 [bluetooth]
      [   46.888037]  [<f8c69eb2>] ? l2cap_global_chan_by_psm+0x152/0x1a0 [bluetooth]
      [   46.888037]  [<f8c6f4c7>] l2cap_connect+0x3f7/0x540 [bluetooth]
      [   46.888037]  [<c019b37b>] ? trace_hardirqs_off+0xb/0x10
      [   46.888037]  [<c01a0ff8>] ? mark_held_locks+0x68/0x110
      [   46.888037]  [<c064ad20>] ? mutex_lock_nested+0x280/0x360
      [   46.888037]  [<c064b9d9>] ? __mutex_unlock_slowpath+0xa9/0x150
      [   46.888037]  [<c01a118c>] ? trace_hardirqs_on_caller+0xec/0x1b0
      [   46.888037]  [<c064ad08>] ? mutex_lock_nested+0x268/0x360
      [   46.888037]  [<c01a125b>] ? trace_hardirqs_on+0xb/0x10
      [   46.888037]  [<f8c72f8d>] l2cap_recv_frame+0xb2d/0x1d30 [bluetooth]
      [   46.888037]  [<c01a0ff8>] ? mark_held_locks+0x68/0x110
      [   46.888037]  [<c064b9d9>] ? __mutex_unlock_slowpath+0xa9/0x150
      [   46.888037]  [<c01a118c>] ? trace_hardirqs_on_caller+0xec/0x1b0
      [   46.888037]  [<f8c754f1>] l2cap_recv_acldata+0x2a1/0x320 [bluetooth]
      [   46.888037]  [<f8c491d8>] hci_rx_work+0x518/0x810 [bluetooth]
      [   46.888037]  [<f8c48df2>] ? hci_rx_work+0x132/0x810 [bluetooth]
      [   46.888037]  [<c0158979>] process_one_work+0x1a9/0x600
      [   46.888037]  [<c01588fb>] ? process_one_work+0x12b/0x600
      [   46.888037]  [<c015922e>] ? worker_thread+0x19e/0x320
      [   46.888037]  [<c015922e>] ? worker_thread+0x19e/0x320
      [   46.888037]  [<c0159187>] worker_thread+0xf7/0x320
      [   46.888037]  [<c0159090>] ? rescuer_thread+0x290/0x290
      [   46.888037]  [<c01602f8>] kthread+0xa8/0xb0
      [   46.888037]  [<c0656777>] ret_from_kernel_thread+0x1b/0x28
      [   46.888037]  [<c0160250>] ? flush_kthread_worker+0x120/0x120
      [   46.888037] Code: c3 90 8d 74 26 00 e8 63 fc ff ff eb e8 90 55 89 e5 83 ec 0c 89 5d f4 89 75 f8 89 7d fc 3e 8d 74 26 00 89 cb 89 c7 c1 e9 02 89 d6 <f3> a5 89 d9 83 e1 03 74 02 f3 a4 8b 5d f4 8b 75 f8 8b 7d fc 89
      [   46.888037] EIP: [<c03d94cd>] memcpy+0x1d/0x40 SS:ESP 0068:f55c5c5c
      [   46.888037] CR2: 00000000f56ad000
      [   46.888037] ---[ end trace 0217c1f4d78714a9 ]---
      Signed-off-by: default avatarAnderson Lizardo <anderson.lizardo@openbossa.org>
      Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      630493e2
    • Simon Baatz's avatar
      ARM: 7772/1: Fix missing flush_kernel_dcache_page() for noMMU · a5f9dc0a
      Simon Baatz authored
      commit 63384fd0 upstream.
      
      Commit 1bc39742 (ARM: 7755/1: handle user space mapped pages in
      flush_kernel_dcache_page) moved the implementation of
      flush_kernel_dcache_page() into mm/flush.c but did not implement it
      on noMMU ARM.
      Signed-off-by: default avatarSimon Baatz <gmbnomis@gmail.com>
      Acked-by: default avatarKevin Hilman <khilman@linaro.org>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a5f9dc0a
    • Simon Baatz's avatar
      ARM: 7755/1: handle user space mapped pages in flush_kernel_dcache_page · 5fca91fe
      Simon Baatz authored
      commit 1bc39742 upstream.
      
      Commit f8b63c18 made flush_kernel_dcache_page a no-op assuming that
      the pages it needs to handle are kernel mapped only.  However, for
      example when doing direct I/O, pages with user space mappings may
      occur.
      
      Thus, continue to do lazy flushing if there are no user space
      mappings.  Otherwise, flush the kernel cache lines directly.
      Signed-off-by: default avatarSimon Baatz <gmbnomis@gmail.com>
      Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5fca91fe
  2. 27 Jun, 2013 28 commits
  3. 20 Jun, 2013 7 commits
    • Greg Kroah-Hartman's avatar
      Linux 3.4.50 · 8861fd33
      Greg Kroah-Hartman authored
      8861fd33
    • Benjamin Herrenschmidt's avatar
      powerpc: Fix missing/delayed calls to irq_work · 05266fa3
      Benjamin Herrenschmidt authored
      commit 230b3034 upstream.
      
      When replaying interrupts (as a result of the interrupt occurring
      while soft-disabled), in the case of the decrementer, we are exclusively
      testing for a pending timer target. However we also use decrementer
      interrupts to trigger the new "irq_work", which in this case would
      be missed.
      
      This change the logic to force a replay in both cases of a timer
      boundary reached and a decrementer interrupt having actually occurred
      while disabled. The former test is still useful to catch cases where
      a CPU having been hard-disabled for a long time completely misses the
      interrupt due to a decrementer rollover.
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Tested-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      05266fa3
    • Michael Ellerman's avatar
      powerpc: Fix stack overflow crash in resume_kernel when ftracing · 0031e5e3
      Michael Ellerman authored
      commit 0e37739b upstream.
      
      It's possible for us to crash when running with ftrace enabled, eg:
      
        Bad kernel stack pointer bffffd12 at c00000000000a454
        cpu 0x3: Vector: 300 (Data Access) at [c00000000ffe3d40]
            pc: c00000000000a454: resume_kernel+0x34/0x60
            lr: c00000000000335c: performance_monitor_common+0x15c/0x180
            sp: bffffd12
           msr: 8000000000001032
           dar: bffffd12
         dsisr: 42000000
      
      If we look at current's stack (paca->__current->stack) we see it is
      equal to c0000002ecab0000. Our stack is 16K, and comparing to
      paca->kstack (c0000002ecab3e30) we can see that we have overflowed our
      kernel stack. This leads to us writing over our struct thread_info, and
      in this case we have corrupted thread_info->flags and set
      _TIF_EMULATE_STACK_STORE.
      
      Dumping the stack we see:
      
        3:mon> t c0000002ecab0000
        [c0000002ecab0000] c00000000002131c .performance_monitor_exception+0x5c/0x70
        [c0000002ecab0080] c00000000000335c performance_monitor_common+0x15c/0x180
        --- Exception: f01 (Performance Monitor) at c0000000000fb2ec .trace_hardirqs_off+0x1c/0x30
        [c0000002ecab0370] c00000000016fdb0 .trace_graph_entry+0xb0/0x280 (unreliable)
        [c0000002ecab0410] c00000000003d038 .prepare_ftrace_return+0x98/0x130
        [c0000002ecab04b0] c00000000000a920 .ftrace_graph_caller+0x14/0x28
        [c0000002ecab0520] c0000000000d6b58 .idle_cpu+0x18/0x90
        [c0000002ecab05a0] c00000000000a934 .return_to_handler+0x0/0x34
        [c0000002ecab0620] c00000000001e660 .timer_interrupt+0x160/0x300
        [c0000002ecab06d0] c0000000000025dc decrementer_common+0x15c/0x180
        --- Exception: 901 (Decrementer) at c0000000000104d4 .arch_local_irq_restore+0x74/0xa0
        [c0000002ecab09c0] c0000000000fe044 .trace_hardirqs_on+0x14/0x30 (unreliable)
        [c0000002ecab0fb0] c00000000016fe3c .trace_graph_entry+0x13c/0x280
        [c0000002ecab1050] c00000000003d038 .prepare_ftrace_return+0x98/0x130
        [c0000002ecab10f0] c00000000000a920 .ftrace_graph_caller+0x14/0x28
        [c0000002ecab1160] c0000000000161f0 .__ppc64_runlatch_on+0x10/0x40
        [c0000002ecab11d0] c00000000000a934 .return_to_handler+0x0/0x34
        --- Exception: 901 (Decrementer) at c0000000000104d4 .arch_local_irq_restore+0x74/0xa0
      
        ... and so on
      
      __ppc64_runlatch_on() is called from RUNLATCH_ON in the exception entry
      path. At that point the irq state is not consistent, ie. interrupts are
      hard disabled (by the exception entry), but the paca soft-enabled flag
      may be out of sync.
      
      This leads to the local_irq_restore() in trace_graph_entry() actually
      enabling interrupts, which we do not want. Because we have not yet
      reprogrammed the decrementer we immediately take another decrementer
      exception, and recurse.
      
      The fix is twofold. Firstly make sure we call DISABLE_INTS before
      calling RUNLATCH_ON. The badly named DISABLE_INTS actually reconciles
      the irq state in the paca with the hardware, making it safe again to
      call local_irq_save/restore().
      
      Although that should be sufficient to fix the bug, we also mark the
      runlatch routines as notrace. They are called very early in the
      exception entry and we are asking for trouble tracing them. They are
      also fairly uninteresting and tracing them just adds unnecessary
      overhead.
      
      [ This regression was introduced by fe1952fc
        "powerpc: Rework runlatch code" by myself --BenH
      ]
      Signed-off-by: default avatarMichael Ellerman <michael@ellerman.id.au>
      Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0031e5e3
    • Sage Weil's avatar
      ceph: fix statvfs fr_size · 999899ad
      Sage Weil authored
      commit 92a49fb0 upstream.
      
      Different versions of glibc are broken in different ways, but the short of
      it is that for the time being, frsize should == bsize, and be used as the
      multiple for the blocks, free, and available fields.  This mirrors what is
      done for NFS.  The previous reporting of the page size for frsize meant
      that newer glibc and df would report a very small value for the fs size.
      
      Fixes http://tracker.ceph.com/issues/3793.
      Signed-off-by: default avatarSage Weil <sage@inktank.com>
      Reviewed-by: default avatarGreg Farnum <greg@inktank.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      999899ad
    • Sage Weil's avatar
      libceph: wrap auth methods in a mutex · 7f259658
      Sage Weil authored
      commit e9966076 upstream.
      
      The auth code is called from a variety of contexts, include the mon_client
      (protected by the monc's mutex) and the messenger callbacks (currently
      protected by nothing).  Avoid chaos by protecting all auth state with a
      mutex.  Nothing is blocking, so this should be simple and lightweight.
      Signed-off-by: default avatarSage Weil <sage@inktank.com>
      Reviewed-by: default avatarAlex Elder <elder@inktank.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7f259658
    • Sage Weil's avatar
      libceph: wrap auth ops in wrapper functions · aa80dd9d
      Sage Weil authored
      commit 27859f97 upstream.
      
      Use wrapper functions that check whether the auth op exists so that callers
      do not need a bunch of conditional checks.  Simplifies the external
      interface.
      Signed-off-by: default avatarSage Weil <sage@inktank.com>
      Reviewed-by: default avatarAlex Elder <elder@inktank.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      aa80dd9d
    • Sage Weil's avatar
      libceph: add update_authorizer auth method · 29c65a27
      Sage Weil authored
      commit 0bed9b5c upstream.
      
      Currently the messenger calls out to a get_authorizer con op, which will
      create a new authorizer if it doesn't yet have one.  In the meantime, when
      we rotate our service keys, the authorizer doesn't get updated.  Eventually
      it will be rejected by the server on a new connection attempt and get
      invalidated, and we will then rebuild a new authorizer, but this is not
      ideal.
      
      Instead, if we do have an authorizer, call a new update_authorizer op that
      will verify that the current authorizer is using the latest secret.  If it
      is not, we will build a new one that does.  This avoids the transient
      failure.
      
      This fixes one of the sorry sequence of events for bug
      
      	http://tracker.ceph.com/issues/4282Signed-off-by: default avatarSage Weil <sage@inktank.com>
      Reviewed-by: default avatarAlex Elder <elder@inktank.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      29c65a27