- 19 Feb, 2011 2 commits
-
-
Thomas Gleixner authored
With CONFIG_SHIRQ_DEBUG=y we call a newly installed interrupt handler in request_threaded_irq(). The original implementation (commit a304e1b8) called the handler _BEFORE_ it was installed, but that caused problems with handlers calling disable_irq_nosync(). See commit 377bf1e4. It's braindead in the first place to call disable_irq_nosync in shared handlers, but .... Moving this call after we installed the handler looks innocent, but it is very subtle broken on SMP. Interrupt handlers rely on the fact, that the irq core prevents reentrancy. Now this debug call violates that promise because we run the handler w/o the IRQ_INPROGRESS protection - which we cannot apply here because that would result in a possibly forever masked interrupt line. A concurrent real hardware interrupt on a different CPU results in handler reentrancy and can lead to complete wreckage, which was unfortunately observed in reality and took a fricking long time to debug. Leave the code here for now. We want this debug feature, but that's not easy to fix. We really should get rid of those disable_irq_nosync() abusers and remove that function completely. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Anton Vorontsov <avorontsov@ru.mvista.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Arjan van de Ven <arjan@infradead.org> Cc: stable@kernel.org # .28 -> .37
-
Thomas Gleixner authored
Lars-Peter Clausen pointed out: I stumbled upon this while looking through the existing archs using SPARSE_IRQ. Even with SPARSE_IRQ the NR_IRQS is still the upper limit for the number of IRQs. Both PXA and MMP set NR_IRQS to IRQ_BOARD_START, with IRQ_BOARD_START being the number of IRQs used by the core. In various machine files the nr_irqs field of the ARM machine defintion struct is then set to "IRQ_BOARD_START + NR_BOARD_IRQS". As a result "nr_irqs" will greater then NR_IRQS which then again causes the "allocated_irqs" bitmap in the core irq code to be accessed beyond its size overwriting unrelated data. The core code really misses a sanity check there. This went unnoticed so far as by chance the compiler/linker places data behind that bitmap which gets initialized later on those affected platforms. So the obvious fix would be to add a sanity check in early_irq_init() and break all affected platforms. Though that check wants to be backported to stable as well, which will require to fix all known problematic platforms and probably some more yet not known ones as well. Lots of churn. A way simpler solution is to allocate a slightly larger bitmap and avoid the whole churn w/o breaking anything. Add a few warnings when an arch returns utter crap. Reported-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@kernel.org # .37 Cc: Haojian Zhuang <haojian.zhuang@marvell.com> Cc: Eric Miao <eric.y.miao@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org>
-
- 18 Feb, 2011 13 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tipLinus Torvalds authored
* 'rtc-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: RTC: Re-enable UIE timer/polling emulation RTC: Revert UIE emulation removal RTC: Release mutex in error path of rtc_alarm_irq_enable
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (37 commits) net: deinit automatic LIST_HEAD net: dont leave active on stack LIST_HEAD net: provide default_advmss() methods to blackhole dst_ops tg3: Restrict phy ioctl access drivers/net: Call netif_carrier_off at the end of the probe ixgbe: work around for DDP last buffer size ixgbe: fix panic due to uninitialised pointer e1000e: flush all writebacks before unload e1000e: check down flag in tasks isdn: hisax: Use l2headersize() instead of dup (and buggy) func. arp_notify: unconditionally send gratuitous ARP for NETDEV_NOTIFY_PEERS. cxgb4vf: Use defined Mailbox Timeout cxgb4vf: Quiesce Virtual Interfaces on shutdown ... cxgb4vf: Behave properly when CONFIG_DEBUG_FS isn't defined ... cxgb4vf: Check driver parameters in the right place ... pch_gbe: Fix the MAC Address load issue. iwlwifi: Delete iwl3945_good_plcp_health. net/can/softing: make CAN_SOFTING_CS depend on CAN_SOFTING netfilter: nf_iterate: fix incorrect RCU usage pch_gbe: Fix the issue that the receiving data is not normal. ...
-
git://xenbits.xen.org/people/ianc/linux-2.6Linus Torvalds authored
* 'for-linus/bugfixes' of git://xenbits.xen.org/people/ianc/linux-2.6: xen: suspend and resume system devices when running PVHVM
-
git://git.kernel.org/pub/scm/linux/kernel/git/tj/wqLinus Torvalds authored
* 'fixes-2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: make sure MAYDAY_INITIAL_TIMEOUT is at least 2 jiffies long workqueue, freezer: unify spelling of 'freeze' + 'able' to 'freezable' workqueue: wake up a worker when a rescuer is leaving a gcwq
-
Eric Dumazet authored
commit 9b5e383c (net: Introduce unregister_netdevice_many()) left an active LIST_HEAD() in rollback_registered(), with possible memory corruption. Even if device is freed without touching its unreg_list (and therefore touching the previous memory location holding LISTE_HEAD(single), better close the bug for good, since its really subtle. (Same fix for default_device_exit_batch() for completeness) Reported-by: Michal Hocko <mhocko@suse.cz> Tested-by: Michal Hocko <mhocko@suse.cz> Reported-by: Eric W. Biderman <ebiderman@xmission.com> Tested-by: Eric W. Biderman <ebiderman@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Ingo Molnar <mingo@elte.hu> CC: Octavian Purdila <opurdila@ixiacom.com> CC: stable <stable@kernel.org> [.33+] Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Torvalds authored
Eric W. Biderman and Michal Hocko reported various memory corruptions that we suspected to be related to a LIST head located on stack, that was manipulated after thread left function frame (and eventually exited, so its stack was freed and reused). Eric Dumazet suggested the problem was probably coming from commit 44345724 (net: factorize sync-rcu call in unregister_netdevice_many) This patch fixes __dev_close() and dev_close() to properly deinit their respective LIST_HEAD(single) before exiting. References: https://lkml.org/lkml/2011/2/16/304 References: https://lkml.org/lkml/2011/2/14/223Reported-by: Michal Hocko <mhocko@suse.cz> Tested-by: Michal Hocko <mhocko@suse.cz> Reported-by: Eric W. Biderman <ebiderman@xmission.com> Tested-by: Eric W. Biderman <ebiderman@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Ingo Molnar <mingo@elte.hu> CC: Octavian Purdila <opurdila@ixiacom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Commit 0dbaee3b (net: Abstract default ADVMSS behind an accessor.) introduced a possible crash in tcp_connect_init(), when dst->default_advmss() is called from dst_metric_advmss() Reported-by: George Spelvin <linux@horizon.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Torvalds authored
When list debugging is enabled, we aim to readably show list corruption errors, and the basic list_add/list_del operations end up having extra debugging code in them to do some basic validation of the list entries. However, "list_del_init()" and "list_move[_tail]()" ended up avoiding the debug code due to how they were written. This fixes that. So the _next_ time we have list_move() problems with stale list entries, we'll hopefully have an easier time finding them.. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6Linus Torvalds authored
* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6: PM / Hibernate: Return error code when alloc_image_page() fails
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6Linus Torvalds authored
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm/radeon/kms: add missing frac fb div flag for dce4+ drm/radeon/kms: do not reject X16 and Y16X16 floating-point formats on r300 drm/nouveau: fix suspend/resume on GPUs that don't have PM support drm/nouveau: flips/flipd need to always set 'evict' for move_accel_cleanup() drm/nv40: fix tiling-related setup for a number of chipsets drm/nouveau: fix non-EDIDful native mode selection drm/nouveau: Fix detection of DDC-based LVDS on DCB15 boards. drm/nv04-nv40: Fix NULL dereference when we fail to find an LVDS native mode. drm/nv10: Fix crash when allocating a BO larger than half the available VRAM.
-
git://git.kernel.org/pub/scm/linux/kernel/git/roland/infinibandLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: IB/qib: Prevent double completions after a timeout or RNR error IB/qib: Fix double add_timer() RDMA/nes: Don't generate async events for unregistered devices
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6: sparc64: Fix NMI startup bug which also breaks perf. sparc: fix size argument to find_next_zero_bit() sparc: use bitmap_set() sparc32: unaligned memory access (MNA) trap handler bug
-
Timo Warns authored
Validate number of blocks in map and remove redundant variable. Signed-off-by: Timo Warns <warns@pre-sense.de> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 17 Feb, 2011 19 commits
-
-
John Stultz authored
This patch re-enables UIE timer/polling emulation for rtc devices that do not support alarm irqs. CC: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> CC: Thomas Gleixner <tglx@linutronix.de> Reported-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Tested-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: John Stultz <john.stultz@linaro.org>
-
John Stultz authored
Uwe pointed out that my alarm based UIE emulation is not sufficient to replace the older timer/polling based UIE emulation on devices where there is no alarm irq. This causes rtc devices without alarms to return -EINVAL to UIE ioctls. The fix is to re-instate the old timer/polling method for devices without alarm irqs. This patch reverts the following commits: 042620a0 - Remove UIE emulation 1daeddd5 - Cleanup removed UIE emulation declaration b5cc8ca1 - Remove Kconfig symbol for UIE emulation The emulation mode will still need to be wired-in with a following patch before it will work. CC: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> CC: Thomas Gleixner <tglx@linutronix.de> Reported-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: John Stultz <john.stultz@linaro.org>
-
Uwe Kleine-König authored
On hardware that doesn't support alarm interrupts, rtc_alarm_irq_enable could return without releasing the ops_lock mutex. This was introduced in aa0be0f4 (RTC: Propagate error handling via rtc_timer_enqueue properly) This patch corrects the issue by only returning once the mutex is released. [john.stultz: Reworded the commit log] Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: John Stultz <john.stultz@linaro.org>
-
Matt Carlson authored
If management firmware is present and the device is down, the firmware will assume control of the phy. If a phy access were allowed from the host, it will collide with firmware phy accesses, resulting in unpredictable behavior. This patch fixes the problem by disallowing phy accesses during the problematic condition. Signed-off-by: Matt Carlson <mcarlson@broadcom.com> Reviewed-by: Michael Chan <mchan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ivan Vecera authored
Without calling of netif_carrier_off at the end of the probe the operstate is unknown when the device is initially opened. By default the carrier is on so when the device is opened and netif_carrier_on is called the link watch event is not fired and operstate remains zero (unknown). This patch fixes this behavior in forcedeth and r8169. Signed-off-by: Ivan Vecera <ivecera@redhat.com> Acked-by: Francois Romieu <romieu@fr.zoreil.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Roland Dreier authored
-
Mike Marciniszyn authored
There is a double completion associated with error handling for RC QPs. The sequence is: - The do_rc_ack() routine fields an RNR nack and there are 0 rnr_retries configured on the QP. - qib_error_qp() stops the pending timer - qib_rc_send_complete() is called from sdma_complete() - qib_rc_send_complete() starts the timer because the msb of the psn just completed says an ack is needed. - a bunch of flushes occur as ipoib posts WQEs to an error'ed QP - rc_timeout() calls qib_restart_rc() - qib_restart_rc() calls qib_send_complete() with a IB_WC_RETRY_EXC_ERR on a wqe that has already been completed in the past The fix avoids starting the timer since another packet will never arrive. Signed-off-by: Mike Marciniszyn <mike.marciniszyn@qlogic.com> Signed-off-by: Roland Dreier <roland@purestorage.com>
-
Ian Campbell authored
Otherwise we fail to properly suspend/resume all of the emulated devices. Something between 2.6.38-rc2 and rc3 appears to have exposed this issue, but it's always been wrong not to do this. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Jeremy Fitzhardinge <jeremy@goop.org>
-
Amir Hanania authored
A HW limitation was recently discovered where the last buffer in a DDP offload cannot be a full buffer size in length. Fix the issue with a work around by adding another buffer with size = 1. Signed-off-by: Amir Hanania <amir.hanania@intel.com> Tested-by: Ross Brattain <ross.b.brattain@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Andy Gospodarek authored
Systems containing an 82599EB and running a backported driver from upstream were panicing on boot. It turns out hw->mac.ops.setup_sfp is only set for 82599, so one should check to be sure that pointer is set before continuing in ixgbe_sfp_config_module_task. I verified by inspection that the upstream driver has the same issue and also added a check before the call in ixgbe_sfp_link_config. Signed-off-by: Andy Gospodarek <andy@greyhouse.net> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Jesse Brandeburg authored
The driver was not flushing all writebacks before unloading, possibly causing memory to be written by the hardware after the driver had reinitialized the rings. This adds missing functionality to flush any pending writebacks and is called in all spots where descriptors should be completed before the driver begins processing. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Reviewed-by: Bruce Allan <bruce.w.allan@intel.com> Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Jesse Brandeburg authored
This change is part of a fix to avoid any tasks running while the driver is exiting and deinitializing resources. Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
git://linux-nfs.org/~bfields/linuxLinus Torvalds authored
* 'for-2.6.38' of git://linux-nfs.org/~bfields/linux: nfsd: correctly handle return value from nfsd_map_name_to_*
-
Dave Airlie authored
* 'nouveau/drm-nouveau-next' of /ssd/git/drm-nouveau-next: drm/nouveau: fix suspend/resume on GPUs that don't have PM support drm/nouveau: flips/flipd need to always set 'evict' for move_accel_cleanup() drm/nv40: fix tiling-related setup for a number of chipsets drm/nouveau: fix non-EDIDful native mode selection drm/nouveau: Fix detection of DDC-based LVDS on DCB15 boards. drm/nv04-nv40: Fix NULL dereference when we fail to find an LVDS native mode. drm/nv10: Fix crash when allocating a BO larger than half the available VRAM.
-
Alex Deucher authored
The fixed ref/post dividers are set by the AdjustPll table rather than the ss info table on dce4+. Make sure we enable the fractional feedback dividers when using a fixed post or ref divider on them as well. Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=29272Signed-off-by: Alex Deucher <alexdeucher@gmail.com> Cc: stable@kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com>
-
Marek Olšák authored
Signed-off-by: Marek Olšák <maraeo@gmail.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
-
Ben Skeggs authored
This has been broken since 2.6.37, and fixes resume on a couple of fermi boards I have access to. Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
-
git://git.secretlab.ca/git/linux-2.6Linus Torvalds authored
* 'spi/merge' of git://git.secretlab.ca/git/linux-2.6: spi/pxa2xx pci: fix the release - remove race
-
Chuck Ebbert authored
This reverts commit 75f1dc0d ("block: check bdev_read_only() from blkdev_get()"). That commit added stricter checking to make sure devices that were being used read-only were actually opened in that mode. It turns out that the change breaks a bunch of kernel code that opens block devices. Affected systems include dm, md, and the loop device. Because strict checking for read-only opens of block devices was not done before this, the code that opens the devices was opening them read-write even if they were being used read-only. Auditing all that code will take time, and new userspace packages for dm, mdadm, etc. will also be required. Signed-off-by: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 16 Feb, 2011 6 commits
-
-
Ben Skeggs authored
We free the temporary binding before leaving this function, so we also have to wait for the move to actually complete. Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
-
Ben Skeggs authored
Due to the default case handling the older chipsets, a bunch of the newer ones ended up having the wrong tiling regs used. This commit switches the default case to handle the newest chipsets. This also makes nv4e touch the "extra" tiling regs. "nv" doesn't touch them for C51 but traces of the NVIDIA binary driver show it being done there. I couldn't find NV41/NV45 traces to confirm the behaviour there, but an educated guess was taken at each of them. Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
-
Ben Skeggs authored
The DRM core fills this value, but at too late a stage for this to work, possibly resulting in an undesirable mode being selected. Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
-
Francisco Jerez authored
Signed-off-by: Francisco Jerez <currojerez@riseup.net> Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
-
Francisco Jerez authored
Reported-by: Alex Buell <alex.buell@munted.org.uk> Signed-off-by: Francisco Jerez <currojerez@riseup.net> Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
-
Francisco Jerez authored
Reported-by: Alex Buell <alex.buell@munted.org.uk> Signed-off-by: Francisco Jerez <currojerez@riseup.net> Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
-