1. 19 Oct, 2013 1 commit
    • Steven Rostedt's avatar
      tracing: Fix potential out-of-bounds in trace_get_user() · 057db848
      Steven Rostedt authored
      Andrey reported the following report:
      ERROR: AddressSanitizer: heap-buffer-overflow on address ffff8800359c99f3
      ffff8800359c99f3 is located 0 bytes to the right of 243-byte region [ffff8800359c9900, ffff8800359c99f3)
      Accessed by thread T13003:
        #0 ffffffff810dd2da (asan_report_error+0x32a/0x440)
        #1 ffffffff810dc6b0 (asan_check_region+0x30/0x40)
        #2 ffffffff810dd4d3 (__tsan_write1+0x13/0x20)
        #3 ffffffff811cd19e (ftrace_regex_release+0x1be/0x260)
        #4 ffffffff812a1065 (__fput+0x155/0x360)
        #5 ffffffff812a12de (____fput+0x1e/0x30)
        #6 ffffffff8111708d (task_work_run+0x10d/0x140)
        #7 ffffffff810ea043 (do_exit+0x433/0x11f0)
        #8 ffffffff810eaee4 (do_group_exit+0x84/0x130)
        #9 ffffffff810eafb1 (SyS_exit_group+0x21/0x30)
        #10 ffffffff81928782 (system_call_fastpath+0x16/0x1b)
      Allocated by thread T5167:
        #0 ffffffff810dc778 (asan_slab_alloc+0x48/0xc0)
        #1 ffffffff8128337c (__kmalloc+0xbc/0x500)
        #2 ffffffff811d9d54 (trace_parser_get_init+0x34/0x90)
        #3 ffffffff811cd7b3 (ftrace_regex_open+0x83/0x2e0)
        #4 ffffffff811cda7d (ftrace_filter_open+0x2d/0x40)
        #5 ffffffff8129b4ff (do_dentry_open+0x32f/0x430)
        #6 ffffffff8129b668 (finish_open+0x68/0xa0)
        #7 ffffffff812b66ac (do_last+0xb8c/0x1710)
        #8 ffffffff812b7350 (path_openat+0x120/0xb50)
        #9 ffffffff812b8884 (do_filp_open+0x54/0xb0)
        #10 ffffffff8129d36c (do_sys_open+0x1ac/0x2c0)
        #11 ffffffff8129d4b7 (SyS_open+0x37/0x50)
        #12 ffffffff81928782 (system_call_fastpath+0x16/0x1b)
      Shadow bytes around the buggy address:
        ffff8800359c9700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
        ffff8800359c9780: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
        ffff8800359c9800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        ffff8800359c9880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        ffff8800359c9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      =>ffff8800359c9980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[03]fb
        ffff8800359c9a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        ffff8800359c9a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        ffff8800359c9b00: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
        ffff8800359c9b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        ffff8800359c9c00: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07
        Heap redzone:          fa
        Heap kmalloc redzone:  fb
        Freed heap region:     fd
        Shadow gap:            fe
      The out-of-bounds access happens on 'parser->buffer[parser->idx] = 0;'
      Although the crash happened in ftrace_regex_open() the real bug
      occurred in trace_get_user() where there's an incrementation to
      parser->idx without a check against the size. The way it is triggered
      is if userspace sends in 128 characters (EVENT_BUF_SIZE + 1), the loop
      that reads the last character stores it and then breaks out because
      there is no more characters. Then the last character is read to determine
      what to do next, and the index is incremented without checking size.
      Then the caller of trace_get_user() usually nulls out the last character
      with a zero, but since the index is equal to the size, it writes a nul
      character after the allocated space, which can corrupt memory.
      Luckily, only root user has write access to this file.
      Link: http://lkml.kernel.org/r/20131009222323.04fd1a0d@gandalf.local.home
      Reported-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
  2. 10 Oct, 2013 1 commit
  3. 06 Oct, 2013 4 commits
    • Linus Torvalds's avatar
      Linux 3.12-rc4 · d0e639c9
      Linus Torvalds authored
    • Eric W. Biederman's avatar
      net: Update the sysctl permissions handler to test effective uid/gid · 2433c8f0
      Eric W. Biederman authored
      Modify the code to use current_euid(), and in_egroup_p, as in done
      in fs/proc/proc_sysctl.c:test_perm()
      Cc: stable@vger.kernel.org
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
      Reported-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · 13caa8ed
      Linus Torvalds authored
      Pull SCSI target fixes from Nicholas Bellinger:
       "Here are the outstanding target fixes queued up for v3.12-rc4 code.
        The highlights include:
         - Make vhost/scsi tag percpu_ida_alloc() use GFP_ATOMIC
         - Allow sess_cmd_map allocation failure fallback to use vzalloc
         - Fix COMPARE_AND_WRITE se_cmd->data_length bug with FILEIO backends
         - Fixes for COMPARE_AND_WRITE callback recursive failure OOPs + non
           zero scsi_status bug
         - Make iscsi-target do acknowledgement tag release from RX context
         - Setup iscsi-target with extra (cmdsn_depth / 2) percpu_ida tags
        Also included is a iscsi-target patch CC'ed for v3.10+ that avoids
        legacy wait_for_task=true release during fast-past StatSN
        acknowledgement, and two other SRP target related patches that address
        long-standing issues that are CC'ed for v3.3+.
        Extra thanks to Thomas Glanzmann for his testing feedback with
      * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
        iscsi-target; Allow an extra tag_num / 2 number of percpu_ida tags
        iscsi-target: Perform release of acknowledged tags from RX context
        iscsi-target: Only perform wait_for_tasks when performing shutdown
        target: Fail on non zero scsi_status in compare_and_write_callback
        target: Fix recursive COMPARE_AND_WRITE callback failure
        target: Reset data_length for COMPARE_AND_WRITE to NoLB * block_size
        ib_srpt: always set response for task management
        target: Fall back to vzalloc upon ->sess_cmd_map kzalloc failure
        vhost/scsi: Use GFP_ATOMIC with percpu_ida_alloc for obtaining tag
        ib_srpt: Destroy cm_id before destroying QP.
        target: Fix xop->dbl assignment in target_xcopy_parse_segdesc_02
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma · 831ae3c1
      Linus Torvalds authored
      Pull slave-dmaengine fixes from Vinod Koul:
       "Here is the slave dmanegine fixes.  We have the fix for deadlock issue
        on imx-dma by Michael and Josh's edma config fix along with author
      * 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
        dmaengine: imx-dma: fix callback path in tasklet
        dmaengine: imx-dma: fix lockdep issue between irqhandler and tasklet
        dmaengine: imx-dma: fix slow path issue in prep_dma_cyclic
        dma/Kconfig: Make TI_EDMA select TI_PRIV_EDMA
        edma: Update author email address
  4. 05 Oct, 2013 9 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · e62063d6
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason:
       "This is a small collection of fixes, including a regression fix from
        Liu Bo that solves rare crashes with compression on.
        I've merged my for-linus up to 3.12-rc3 because the top commit is only
        meant for 3.12.  The rest of the fixes are also available in my master
        branch on top of my last 3.11 based pull"
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        btrfs: Fix crash due to not allocating integrity data for a bioset
        Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishing
        Btrfs: eliminate races in worker stopping code
        Btrfs: fix crash of compressed writes
        Btrfs: fix transid verify errors when recovering log tree
    • Linus Torvalds's avatar
      Merge tag 'gpio-v3.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 85f6d2db
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "Two patches for the OMAP driver, dealing with setting up IRQs properly
        on the device tree boot path"
      * tag 'gpio-v3.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio/omap: auto-setup a GPIO when used as an IRQ
        gpio/omap: maintain GPIO and IRQ usage separately
    • Linus Torvalds's avatar
      Merge tag 'usb-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 4ed54764
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are none fixes for various USB driver problems.  The majority are
        gadget/musb fixes, but there are some new device ids in here as well"
      * tag 'usb-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: chipidea: add Intel Clovertrail pci id
        usb: gadget: s3c-hsotg: fix can_write limit for non-periodic endpoints
        usb: gadget: f_fs: fix error handling
        usb: musb: dsps: do not bind to "musb-hdrc"
        USB: serial: option: Ignore card reader interface on Huawei E1750
        usb: musb: gadget: fix otg active status flag
        usb: phy: gpio-vbus: fix deferred probe from __init
        usb: gadget: pxa25x_udc: fix deferred probe from __init
        usb: musb: fix otg default state
    • Linus Torvalds's avatar
      Merge tag 'tty-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · e3757a1f
      Linus Torvalds authored
      Pull tty fixes from Greg KH:
       "Here are two tty driver fixes for 3.12-rc4.
        One fixes the reported regression in the n_tty code that a number of
        people found recently, and the other one fixes an issue with xen
        consoles that broke in 3.10"
      * tag 'tty-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        xen/hvc: allow xenboot console to be used again
        tty: Fix pty master read() after slave closes
    • Linus Torvalds's avatar
      Merge tag 'staging-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 20fa7867
      Linus Torvalds authored
      Pull staging fixes from Greg KH:
       "Here are 4 tiny staging and iio driver fixes for 3.12-rc4.  Nothing
        major, just some small fixes for reported issues"
      * tag 'staging-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
        iio:magnetometer: Bugfix magnetometer default output registers
        iio: Remove debugfs entries in iio_device_unregister()
        iio: amplifiers: ad8366: Remove regulator_put
    • Darrick J. Wong's avatar
      btrfs: Fix crash due to not allocating integrity data for a bioset · b208c2f7
      Darrick J. Wong authored
      When btrfs creates a bioset, we must also allocate the integrity data pool.
      Otherwise btrfs will crash when it tries to submit a bio to a checksumming
       BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
       IP: [<ffffffff8111e28a>] mempool_alloc+0x4a/0x150
       PGD 2305e4067 PUD 23063d067 PMD 0
       Oops: 0000 [#1] PREEMPT SMP
       Modules linked in: btrfs scsi_debug xfs ext4 jbd2 ext3 jbd mbcache
      sch_fq_codel eeprom lpc_ich mfd_core nfsd exportfs auth_rpcgss af_packet
      raid6_pq xor zlib_deflate libcrc32c [last unloaded: scsi_debug]
       CPU: 1 PID: 4486 Comm: mount Not tainted 3.12.0-rc1-mcsum #2
       Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
       task: ffff8802451c9720 ti: ffff880230698000 task.ti: ffff880230698000
       RIP: 0010:[<ffffffff8111e28a>]  [<ffffffff8111e28a>] mempool_alloc+0x4a/0x150
       RSP: 0018:ffff880230699688  EFLAGS: 00010286
       RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000005f8445
       RDX: 0000000000000001 RSI: 0000000000000010 RDI: 0000000000000000
       RBP: ffff8802306996f8 R08: 0000000000011200 R09: 0000000000000008
       R10: 0000000000000020 R11: ffff88009d6e8000 R12: 0000000000011210
       R13: 0000000000000030 R14: ffff8802306996b8 R15: ffff8802451c9720
       FS:  00007f25b8a16800(0000) GS:ffff88024fc80000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
       CR2: 0000000000000018 CR3: 0000000230576000 CR4: 00000000000007e0
        ffff8802451c9720 0000000000000002 ffffffff81a97100 0000000000281250
        ffffffff81a96480 ffff88024fc99150 ffff880228d18200 0000000000000000
        0000000000000000 0000000000000040 ffff880230e8c2e8 ffff8802459dc900
       Call Trace:
        [<ffffffff811b2208>] bio_integrity_alloc+0x48/0x1b0
        [<ffffffff811b26fc>] bio_integrity_prep+0xac/0x360
        [<ffffffff8111e298>] ? mempool_alloc+0x58/0x150
        [<ffffffffa03e8041>] ? alloc_extent_state+0x31/0x110 [btrfs]
        [<ffffffff81241579>] blk_queue_bio+0x1c9/0x460
        [<ffffffff8123e58a>] generic_make_request+0xca/0x100
        [<ffffffff8123e639>] submit_bio+0x79/0x160
        [<ffffffffa03f865e>] btrfs_map_bio+0x48e/0x5b0 [btrfs]
        [<ffffffffa03c821a>] btree_submit_bio_hook+0xda/0x110 [btrfs]
        [<ffffffffa03e7eba>] submit_one_bio+0x6a/0xa0 [btrfs]
        [<ffffffffa03ef450>] read_extent_buffer_pages+0x250/0x310 [btrfs]
        [<ffffffff8125eef6>] ? __radix_tree_preload+0x66/0xf0
        [<ffffffff8125f1c5>] ? radix_tree_insert+0x95/0x260
        [<ffffffffa03c66f6>] btree_read_extent_buffer_pages.constprop.128+0xb6/0x120
        [<ffffffffa03c8c1a>] read_tree_block+0x3a/0x60 [btrfs]
        [<ffffffffa03caefd>] open_ctree+0x139d/0x2030 [btrfs]
        [<ffffffffa03a282a>] btrfs_mount+0x53a/0x7d0 [btrfs]
        [<ffffffff8113ab0b>] ? pcpu_alloc+0x8eb/0x9f0
        [<ffffffff81167305>] ? __kmalloc_track_caller+0x35/0x1e0
        [<ffffffff81176ba0>] mount_fs+0x20/0xd0
        [<ffffffff81191096>] vfs_kern_mount+0x76/0x120
        [<ffffffff81193320>] do_mount+0x200/0xa40
        [<ffffffff81135cdb>] ? strndup_user+0x5b/0x80
        [<ffffffff81193bf0>] SyS_mount+0x90/0xe0
        [<ffffffff8156d31d>] system_call_fastpath+0x1a/0x1f
       Code: 4c 8d 75 a8 4c 89 6d e8 45 89 e0 4c 8d 6f 30 48 89 5d d8 41 83 e0 af 48
      89 fb 49 83 c6 18 4c 89 7d f8 65 4c 8b 3c 25 c0 b8 00 00 <48> 8b 73 18 44 89 c7
      44 89 45 98 ff 53 20 48 85 c0 48 89 c2 74
       RIP  [<ffffffff8111e28a>] mempool_alloc+0x4a/0x150
        RSP <ffff880230699688>
       CR2: 0000000000000018
       ---[ end trace 7a96042017ed21e2 ]---
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fusionio.com>
      Signed-off-by: default avatarChris Mason <chris.mason@fusionio.com>
    • Chris Mason's avatar
      Merge branch 'for-linus' into for-linus-3.12 · 1329dfc8
      Chris Mason authored
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6 · a5c984cc
      Linus Torvalds authored
      Pull CIFS fixes from Steve French:
       "Small set of cifs fixes.  Most important is Jeff's fix that works
        around disconnection problems which can be caused by simultaneous use
        of user space tools (starting a long running smbclient backup then
        doing a cifs kernel mount) or multiple cifs mounts through a NAT, and
        Jim's fix to deal with reexport of cifs share.
        I expect to send two more cifs fixes next week (being tested now) -
        fixes to address an SMB2 unmount hang when server dies and a fix for
        cifs symlink handling of Windows "NFS" symlinks"
      * 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
        [CIFS] update cifs.ko version
        [CIFS] Remove ext2 flags that have been moved to fs.h
        [CIFS] Provide sane values for nlink
        cifs: stop trying to use virtual circuits
        CIFS: FS-Cache: Uncache unread pages in cifs_readpages() before freeing them
    • Linus Torvalds's avatar
      Merge tag 'pci-v3.12-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 95167aad
      Linus Torvalds authored
      Pull PCI fix from Bjorn Helgaas:
       "We merged what was intended to be an MMCONFIG cleanup, but in fact,
        for systems without _CBA (which is almost everything), it broke
        extended config space for domain 0 and it broke all config space for
        other domains.
        This reverts the change"
      * tag 'pci-v3.12-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        Revert "x86/PCI: MMCONFIG: Check earlier for MMCONFIG region at address zero"
  5. 04 Oct, 2013 23 commits
    • Bjorn Helgaas's avatar
      Revert "x86/PCI: MMCONFIG: Check earlier for MMCONFIG region at address zero" · 67d470e0
      Bjorn Helgaas authored
      This reverts commit 07f9b61c.
      07f9b61c was intended to be a cleanup that didn't change anything, but in
      fact, for systems without _CBA (which is almost everything), it broke
      extended config space for domain 0 and all config space for other domains.
      Reference: http://lkml.kernel.org/r/20131004011806.GE20450@dangermouse.emea.sgi.com
      Reported-by: default avatarHedi Berriche <hedi@sgi.com>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 7dee8dff
      Linus Torvalds authored
      Pull ACPI and power management fixes from Rafael Wysocki:
       - The resume part of user space driven hibernation (s2disk) is now
         broken after the change that moved the creation of memory bitmaps to
         after the freezing of tasks, because I forgot that the resume utility
         loaded the image before freezing tasks and needed the bitmaps for
         that.  The fix adds special handling for that case.
       - One of recent commits changed the export of acpi_bus_get_device() to
         EXPORT_SYMBOL_GPL(), which was technically correct but broke existing
         binary modules using that function including one in particularly
         widespread use.  Change it back to EXPORT_SYMBOL().
       - The intel_pstate driver sometimes fails to disable turbo if its
         no_turbo sysfs attribute is set.  Fix from Srinivas Pandruvada.
       - One of recent cpufreq fixes forgot to update a check in cpufreq-cpu0
         which still (incorrectly) treats non-NULL as non-error.  Fix from
         Philipp Zabel.
       - The SPEAr cpufreq driver uses a wrong variable type in one place
         preventing it from catching errors returned by one of the functions
         called by it.  Fix from Sachin Kamat.
      * tag 'pm+acpi-3.12-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: Use EXPORT_SYMBOL() for acpi_bus_get_device()
        intel_pstate: fix no_turbo
        cpufreq: cpufreq-cpu0: NULL is a valid regulator, part 2
        cpufreq: SPEAr: Fix incorrect variable type
        PM / hibernate: Fix user space driven resume regression
    • Linus Torvalds's avatar
      Merge tag 'xfs-for-linus-v3.12-rc4' of git://oss.sgi.com/xfs/xfs · 3dbecf0a
      Linus Torvalds authored
      Pull xfs bugfixes from Ben Myers:
       "There are lockdep annotations for project quotas, a fix for dirent
        dtype support on v4 filesystems, a fix for a memory leak in recovery,
        and a fix for the build error that resulted from it.  D'oh"
      * tag 'xfs-for-linus-v3.12-rc4' of git://oss.sgi.com/xfs/xfs:
        xfs: Use kmem_free() instead of free()
        xfs: fix memory leak in xlog_recover_add_to_trans
        xfs: dirent dtype presence is dependent on directory magic numbers
        xfs: lockdep needs to know about 3 dquot-deep nesting
    • Linus Torvalds's avatar
      selinux: remove 'flags' parameter from avc_audit() · ab354062
      Linus Torvalds authored
      Now avc_audit() has no more users with that parameter. Remove it.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Linus Torvalds's avatar
      selinux: avc_has_perm_flags has no more users · cb4fbe57
      Linus Torvalds authored
      .. so get rid of it.  The only indirect users were all the
      avc_has_perm() callers which just expanded to have a zero flags
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Ilya Dryomov's avatar
      Btrfs: fix a use-after-free bug in btrfs_dev_replace_finishing · 1357272f
      Ilya Dryomov authored
      free_device rcu callback, scheduled from btrfs_rm_dev_replace_srcdev,
      can be processed before btrfs_scratch_superblock is called, which would
      result in a use-after-free on btrfs_device contents.  Fix this by
      zeroing the superblock before the rcu callback is registered.
      Cc: Stefan Behrens <sbehrens@giantdisaster.de>
      Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fusionio.com>
    • Ilya Dryomov's avatar
      Btrfs: eliminate races in worker stopping code · 964fb15a
      Ilya Dryomov authored
      The current implementation of worker threads in Btrfs has races in
      worker stopping code, which cause all kinds of panics and lockups when
      running btrfs/011 xfstest in a loop.  The problem is that
      btrfs_stop_workers is unsynchronized with respect to check_idle_worker,
      check_busy_worker and __btrfs_start_workers.
      E.g., check_idle_worker race flow:
             btrfs_stop_workers():            check_idle_worker(aworker):
      - grabs the lock
      - splices the idle list into the
        working list
      - removes the first worker from the
        working list
      - releases the lock to wait for
        its kthread's completion
                                        - grabs the lock
                                        - if aworker is on the working list,
                                          moves aworker from the working list
                                          to the idle list
                                        - releases the lock
      - grabs the lock
      - puts the worker
      - removes the second worker from the
        working list
              btrfs_stop_workers returns, aworker is on the idle list
                       FS is umounted, memory is freed
                    aworker is waken up, fireworks ensue
      With this applied, I wasn't able to trigger the problem in 48 hours,
      whereas previously I could reliably reproduce at least one of these
      races within an hour.
      Reported-by: default avatarDavid Sterba <dsterba@suse.cz>
      Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fusionio.com>
    • Liu Bo's avatar
      Btrfs: fix crash of compressed writes · 385fe0be
      Liu Bo authored
      The crash[1] is found by xfstests/generic/208 with "-o compress",
      it's not reproduced everytime, but it does panic.
      The bug is quite interesting, it's actually introduced by a recent commit
      Btrfs: actually limit the size of delalloc range).
      Btrfs implements delay allocation, so during writeback, we
      (1) get a page A and lock it
      (2) search the state tree for delalloc bytes and lock all pages within the range
      (3) process the delalloc range, including find disk space and create
          ordered extent and so on.
      (4) submit the page A.
      It runs well in normal cases, but if we're in a racy case, eg.
      buffered compressed writes and aio-dio writes,
      sometimes we may fail to lock all pages in the 'delalloc' range,
      in which case, we need to fall back to search the state tree again with
      a smaller range limit(max_bytes = PAGE_CACHE_SIZE - offset).
      The mentioned commit has a side effect, that is, in the fallback case,
      we can find delalloc bytes before the index of the page we already have locked,
      so we're in the case of (delalloc_end <= *start) and return with (found > 0).
      This ends with not locking delalloc pages but making ->writepage still
      process them, and the crash happens.
      This fixes it by just thinking that we find nothing and returning to caller
      as the caller knows how to deal with it properly.
      ------------[ cut here ]------------
      kernel BUG at mm/page-writeback.c:2170!
      CPU: 2 PID: 11755 Comm: btrfs-delalloc- Tainted: G           O 3.11.0+ #8
      RIP: 0010:[<ffffffff810f5093>]  [<ffffffff810f5093>] clear_page_dirty_for_io+0x1e/0x83
      [ 4934.248731] Stack:
      [ 4934.248731]  ffff8801477e5dc8 ffffea00049b9f00 ffff8801869f9ce8 ffffffffa02b841a
      [ 4934.248731]  0000000000000000 0000000000000000 0000000000000fff 0000000000000620
      [ 4934.248731]  ffff88018db59c78 ffffea0005da8d40 ffffffffa02ff860 00000001810016c0
      [ 4934.248731] Call Trace:
      [ 4934.248731]  [<ffffffffa02b841a>] extent_range_clear_dirty_for_io+0xcf/0xf5 [btrfs]
      [ 4934.248731]  [<ffffffffa02a8889>] compress_file_range+0x1dc/0x4cb [btrfs]
      [ 4934.248731]  [<ffffffff8104f7af>] ? detach_if_pending+0x22/0x4b
      [ 4934.248731]  [<ffffffffa02a8bad>] async_cow_start+0x35/0x53 [btrfs]
      [ 4934.248731]  [<ffffffffa02c694b>] worker_loop+0x14b/0x48c [btrfs]
      [ 4934.248731]  [<ffffffffa02c6800>] ? btrfs_queue_worker+0x25c/0x25c [btrfs]
      [ 4934.248731]  [<ffffffff810608f5>] kthread+0x8d/0x95
      [ 4934.248731]  [<ffffffff81060868>] ? kthread_freezable_should_stop+0x43/0x43
      [ 4934.248731]  [<ffffffff814fe09c>] ret_from_fork+0x7c/0xb0
      [ 4934.248731]  [<ffffffff81060868>] ? kthread_freezable_should_stop+0x43/0x43
      [ 4934.248731] Code: ff 85 c0 0f 94 c0 0f b6 c0 59 5b 5d c3 0f 1f 44 00 00 55 48 89 e5 41 54 53 48 89 fb e8 2c de 00 00 49 89 c4 48 8b 03 a8 01 75 02 <0f> 0b 4d 85 e4 74 52 49 8b 84 24 80 00 00 00 f6 40 20 01 75 44
      [ 4934.248731] RIP  [<ffffffff810f5093>] clear_page_dirty_for_io+0x1e/0x83
      [ 4934.248731]  RSP <ffff8801869f9c48>
      [ 4934.280307] ---[ end trace 36f06d3f8750236a ]---
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fusionio.com>
    • Josef Bacik's avatar
      Btrfs: fix transid verify errors when recovering log tree · 60e7cd3a
      Josef Bacik authored
      If we crash with a log, remount and recover that log, and then crash before we
      can commit another transaction we will get transid verify errors on the next
      mount.  This is because we were not zero'ing out the log when we committed the
      transaction after recovery.  This is ok as long as we commit another transaction
      at some point in the future, but if you abort or something else goes wrong you
      can end up in this weird state because the recovery stuff says that the tree log
      should have a generation+1 of the super generation, which won't be the case of
      the transaction that was started for recovery.  Fix this by removing the check
      and _always_ zero out the log portion of the super when we commit a transaction.
      This fixes the transid verify issues I was seeing with my force errors tests.
      Signed-off-by: default avatarJosef Bacik <jbacik@fusionio.com>
    • Linus Torvalds's avatar
      selinux: remove 'flags' parameter from inode_has_perm · 19e49834
      Linus Torvalds authored
      Every single user passes in '0'.  I think we had non-zero users back in
      some stone age when selinux_inode_permission() was implemented in terms
      of inode_has_perm(), but that complicated case got split up into a
      totally separate code-path so that we could optimize the much simpler
      special cases.
      See commit 2e334057
       ("SELinux: delay initialization of audit data in
      selinux_inode_permission") for example.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Thierry Reding's avatar
      xfs: Use kmem_free() instead of free() · b2a42f78
      Thierry Reding authored
      This fixes a build failure caused by calling the free() function which
      does not exist in the Linux kernel.
      Signed-off-by: default avatarThierry Reding <treding@nvidia.com>
      Reviewed-by: default avatarMark Tinguely <tinguely@sgi.com>
      Signed-off-by: default avatarBen Myers <bpm@sgi.com>
      (cherry picked from commit aaaae980)
    • tinguely@sgi.com's avatar
      xfs: fix memory leak in xlog_recover_add_to_trans · 9b3b77fe
      tinguely@sgi.com authored
      Free the memory in error path of xlog_recover_add_to_trans().
      Normally this memory is freed in recovery pass2, but is leaked
      in the error path.
      Signed-off-by: default avatarMark Tinguely <tinguely@sgi.com>
      Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: default avatarBen Myers <bpm@sgi.com>
      (cherry picked from commit 519ccb81)
    • Dave Chinner's avatar
      xfs: dirent dtype presence is dependent on directory magic numbers · 6d313498
      Dave Chinner authored
      The determination of whether a directory entry contains a dtype
      field originally was dependent on the filesystem having CRCs
      enabled. This meant that the format for dtype beign enabled could be
      determined by checking the directory block magic number rather than
      doing a feature bit check. This was useful in that it meant that we
      didn't need to pass a struct xfs_mount around to functions that
      were already supplied with a directory block header.
      Unfortunately, the introduction of dtype fields into the v4
      structure via a feature bit meant this "use the directory block
      magic number" method of discriminating the dirent entry sizes is
      broken. Hence we need to convert the places that use magic number
      checks to use feature bit checks so that they work correctly and not
      by chance.
      The current code works on v4 filesystems only because the dirent
      size roundup covers the extra byte needed by the dtype field in the
      places where this problem occurs.
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarBen Myers <bpm@sgi.com>
      Signed-off-by: default avatarBen Myers <bpm@sgi.com>
      (cherry picked from commit 367993e7)
    • Dave Chinner's avatar
      xfs: lockdep needs to know about 3 dquot-deep nesting · 89c6c89a
      Dave Chinner authored
      Michael Semon reported that xfs/299 generated this lockdep warning:
      [ INFO: possible recursive locking detected ]
      3.12.0-rc2+ #2 Not tainted
      touch/21072 is trying to acquire lock:
       (&xfs_dquot_other_class){+.+...}, at: [<c12902fb>] xfs_trans_dqlockedjoin+0x57/0x64
      but task is already holding lock:
       (&xfs_dquot_other_class){+.+...}, at: [<c12902fb>] xfs_trans_dqlockedjoin+0x57/0x64
      other info that might help us debug this:
       Possible unsafe locking scenario:
       *** DEADLOCK ***
       May be due to missing lock nesting notation
      7 locks held by touch/21072:
       #0:  (sb_writers#10){++++.+}, at: [<c11185b6>] mnt_want_write+0x1e/0x3e
       #1:  (&type->i_mutex_dir_key#4){+.+.+.}, at: [<c11078ee>] do_last+0x245/0xe40
       #2:  (sb_internal#2){++++.+}, at: [<c122c9e0>] xfs_trans_alloc+0x1f/0x35
       #3:  (&(&ip->i_lock)->mr_lock/1){+.+...}, at: [<c126cd1b>] xfs_ilock+0x100/0x1f1
       #4:  (&(&ip->i_lock)->mr_lock){++++-.}, at: [<c126cf52>] xfs_ilock_nowait+0x105/0x22f
       #5:  (&dqp->q_qlock){+.+...}, at: [<c12902fb>] xfs_trans_dqlockedjoin+0x57/0x64
       #6:  (&xfs_dquot_other_class){+.+...}, at: [<c12902fb>] xfs_trans_dqlockedjoin+0x57/0x64
      The lockdep annotation for dquot lock nesting only understands
      locking for user and "other" dquots, not user, group and quota
      dquots. Fix the annotations to match the locking heirarchy we now
      Reported-by: default avatarMichael L. Semon <mlsemon35@gmail.com>
      Signed-off-by: default avatarDave Chinner <dchinner@redhat.com>
      Reviewed-by: default avatarBen Myers <bpm@sgi.com>
      Signed-off-by: default avatarBen Myers <bpm@sgi.com>
      (cherry picked from commit f112a049)
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · 15c83d26
      Linus Torvalds authored
      Pull fuse bugfixes from Miklos Szeredi:
       "This contains two more fixes by Maxim for writeback/truncate races and
        fixes for RCU walk in fuse_dentry_revalidate()"
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        fuse: no RCU mode in fuse_access()
        fuse: readdirplus: fix RCU walk
        fuse: don't check_submounts_and_drop() in RCU walk
        fuse: fix fallocate vs. ftruncate race
        fuse: wait for writeback in fuse_file_fallocate()
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v3.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 8e1a2540
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
       "A couple of fixes from the IOMMU side:
         - some small fixes for the new ARM-SMMU driver
         - a register offset correction for VT-d
         - add MAINTAINERS entry for drivers/iommu
        Overall no really big or intrusive changes"
      * tag 'iommu-fixes-v3.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        x86/iommu: correct ICS register offset
        MAINTAINERS: add overall IOMMU section
        iommu/arm-smmu: don't enable SMMU device until probing has completed
        iommu/arm-smmu: fix iommu_present() test in init
        iommu/arm-smmu: fix a signedness bug
    • Linus Torvalds's avatar
      Merge tag 'arm64-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64 · 0d45dab6
      Linus Torvalds authored
      Pull ARM64 fixes/updates from Catalin Marinas:
       - Bug-fixes (get_user/put_user, incorrect register width for ASID,
         FPSIMD initialisation)
       - Kconfig clean-up
       - defconfig update
      * tag 'arm64-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
        arm64: Remove duplicate DEBUG_STACK_USAGE config
        arm64: include VIRTIO_{MMIO,BLK} in defconfig
        arm64: include EXT4 in defconfig
        arm64: fix possible invalid FPSIMD initialization state
        arm64: use correct register width when retrieving ASID
        arm64: avoid multiple evaluation of ptr in get_user/put_user()
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 0bfdbf0e
      Linus Torvalds authored
      Pull MIPS fixes from Ralf Baechle:
       "Two small fixes for 3.12 only this week.  I have a few more fixes
        pending but those are conceptually more complex so will have to wait
        for a bit longer"
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: Fix forgotten preempt_enable() when CPU has inclusive pcaches
        MIPS: Alchemy: MTX-1: fix incorrect placement of __initdata tag
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 413df1cb
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "Two simplefb fixes"
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/simplefb: Mark framebuffer mem-resources as IORESOURCE_BUSY to avoid bootup warning
        x86/simplefb: Fix overflow causing bogus fall-back
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7f467cbf
      Linus Torvalds authored
      Pull irq fix from Ingo Molnar:
       "Frederic's minimal fix for hardirq/softirq nesting crashes"
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irq: Force hardirq exit's softirq processing on its own stack
    • Michael Grzeschik's avatar
      dmaengine: imx-dma: fix callback path in tasklet · fcaaba6c
      Michael Grzeschik authored
      We need to free the ld_active list head before jumping into the callback
      routine. Otherwise the callback could run into issue_pending and change
      our ld_active list head we just going to free. This will run the channel
      list into an currupted and undefined state.
      Signed-off-by: default avatarMichael Grzeschik <m.grzeschik@pengutronix.de>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
    • Michael Grzeschik's avatar
      dmaengine: imx-dma: fix lockdep issue between irqhandler and tasklet · 5a276fa6
      Michael Grzeschik authored
      The tasklet and irqhandler are using spin_lock while other routines are
      using spin_lock_irqsave/restore. This leads to lockdep issues as
      described bellow. This patch is changing the code to use
      spinlock_irq_save/restore in both code pathes.
      As imxdma_xfer_desc always gets called with spin_lock_irqsave lock held,
      this patch also removes the spare call inside the routine to avoid
      double locking.
      [  403.358162] =================================
      [  403.362549] [ INFO: inconsistent lock state ]
      [  403.366945] 3.10.0-20130823+ #904 Not tainted
      [  403.371331] ---------------------------------
      [  403.375721] inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
      [  403.381769] swapper/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
      [  403.386762]  (&(&imxdma->lock)->rlock){?.-...}, at: [<c019d77c>] imxdma_tasklet+0x20/0x134
      [  403.395201] {IN-HARDIRQ-W} state was registered at:
      [  403.400108]   [<c004b264>] mark_lock+0x2a0/0x6b4
      [  403.404798]   [<c004d7c8>] __lock_acquire+0x650/0x1a64
      [  403.410004]   [<c004f15c>] lock_acquire+0x94/0xa8
      [  403.414773]   [<c02f74e4>] _raw_spin_lock+0x54/0x8c
      [  403.419720]   [<c019d094>] dma_irq_handler+0x78/0x254
      [  403.424845]   [<c0061124>] handle_irq_event_percpu+0x38/0x1b4
      [  403.430670]   [<c00612e4>] handle_irq_event+0x44/0x64
      [  403.435789]   [<c0063a70>] handle_level_irq+0xd8/0xf0
      [  403.440903]   [<c0060a20>] generic_handle_irq+0x28/0x38
      [  403.446194]   [<c0009cc4>] handle_IRQ+0x68/0x8c
      [  403.450789]   [<c0008714>] avic_handle_irq+0x3c/0x48
      [  403.455811]   [<c0008f84>] __irq_svc+0x44/0x74
      [  403.460314]   [<c0040b04>] cpu_startup_entry+0x88/0xf4
      [  403.465525]   [<c02f00d0>] rest_init+0xb8/0xe0
      [  403.470045]   [<c03e07dc>] start_kernel+0x28c/0x2d4
      [  403.474986]   [<a0008040>] 0xa0008040
      [  403.478709] irq event stamp: 50854
      [  403.482140] hardirqs last  enabled at (50854): [<c001c6b8>] tasklet_action+0x38/0xdc
      [  403.489954] hardirqs last disabled at (50853): [<c001c6a0>] tasklet_action+0x20/0xdc
      [  403.497761] softirqs last  enabled at (50850): [<c001bc64>] _local_bh_enable+0x14/0x18
      [  403.505741] softirqs last disabled at (50851): [<c001c268>] irq_exit+0x88/0xdc
      [  403.513026]
      [  403.513026] other info that might help us debug this:
      [  403.519593]  Possible unsafe locking scenario:
      [  403.519593]
      [  403.525548]        CPU0
      [  403.528020]        ----
      [  403.530491]   lock(&(&imxdma->lock)->rlock);
      [  403.534828]   <Interrupt>
      [  403.537474]     lock(&(&imxdma->lock)->rlock);
      [  403.541983]
      [  403.541983]  *** DEADLOCK ***
      [  403.541983]
      [  403.547951] no locks held by swapper/0.
      [  403.551813]
      [  403.551813] stack backtrace:
      [  403.556222] CPU: 0 PID: 0 Comm: swapper Not tainted 3.10.0-20130823+ #904
      [  403.563039] Backtrace:
      [  403.565581] [<c000b98c>] (dump_backtrace+0x0/0x10c) from [<c000bb28>] (show_stack+0x18/0x1c)
      [  403.574054]  r6:00000000 r5:c05c51d8 r4:c040bd58 r3:00200000
      [  403.579872] [<c000bb10>] (show_stack+0x0/0x1c) from [<c02f398c>] (dump_stack+0x20/0x28)
      [  403.587955] [<c02f396c>] (dump_stack+0x0/0x28) from [<c02f29c8>] (print_usage_bug.part.28+0x224/0x28c)
      [  403.597340] [<c02f27a4>] (print_usage_bug.part.28+0x0/0x28c) from [<c004b404>] (mark_lock+0x440/0x6b4)
      [  403.606682]  r8:c004a41c r7:00000000 r6:c040bd58 r5:c040c040 r4:00000002
      [  403.613566] [<c004afc4>] (mark_lock+0x0/0x6b4) from [<c004d844>] (__lock_acquire+0x6cc/0x1a64)
      [  403.622244] [<c004d178>] (__lock_acquire+0x0/0x1a64) from [<c004f15c>] (lock_acquire+0x94/0xa8)
      [  403.631010] [<c004f0c8>] (lock_acquire+0x0/0xa8) from [<c02f74e4>] (_raw_spin_lock+0x54/0x8c)
      [  403.639614] [<c02f7490>] (_raw_spin_lock+0x0/0x8c) from [<c019d77c>] (imxdma_tasklet+0x20/0x134)
      [  403.648434]  r6:c3847010 r5:c040e890 r4:c38470d4
      [  403.653194] [<c019d75c>] (imxdma_tasklet+0x0/0x134) from [<c001c70c>] (tasklet_action+0x8c/0xdc)
      [  403.662013]  r8:c0599160 r7:00000000 r6:00000000 r5:c040e890 r4:c3847114 r3:c019d75c
      [  403.670042] [<c001c680>] (tasklet_action+0x0/0xdc) from [<c001bd4c>] (__do_softirq+0xe4/0x1f0)
      [  403.678687]  r7:00000101 r6:c0402000 r5:c059919c r4:00000001
      [  403.684498] [<c001bc68>] (__do_softirq+0x0/0x1f0) from [<c001c268>] (irq_exit+0x88/0xdc)
      [  403.692652] [<c001c1e0>] (irq_exit+0x0/0xdc) from [<c0009cc8>] (handle_IRQ+0x6c/0x8c)
      [  403.700514]  r4:00000030 r3:00000110
      [  403.704192] [<c0009c5c>] (handle_IRQ+0x0/0x8c) from [<c0008714>] (avic_handle_irq+0x3c/0x48)
      [  403.712664]  r5:c0403f28 r4:c0593ebc
      [  403.716343] [<c00086d8>] (avic_handle_irq+0x0/0x48) from [<c0008f84>] (__irq_svc+0x44/0x74)
      [  403.724733] Exception stack(0xc0403f28 to 0xc0403f70)
      [  403.729841] 3f20:                   00000001 00000004 00000000 20000013 c0402000 c04104a8
      [  403.738078] 3f40: 00000002 c0b69620 a0004000 41069264 a03fb5f4 c0403f7c c0403f40 c0403f70
      [  403.746301] 3f60: c004b92c c0009e74 20000013 ffffffff
      [  403.751383]  r6:ffffffff r5:20000013 r4:c0009e74 r3:c004b92c
      [  403.757210] [<c0009e30>] (arch_cpu_idle+0x0/0x4c) from [<c0040b04>] (cpu_startup_entry+0x88/0xf4)
      [  403.766161] [<c0040a7c>] (cpu_startup_entry+0x0/0xf4) from [<c02f00d0>] (rest_init+0xb8/0xe0)
      [  403.774753] [<c02f0018>] (rest_init+0x0/0xe0) from [<c03e07dc>] (start_kernel+0x28c/0x2d4)
      [  403.783051]  r6:c03fc484 r5:ffffffff r4:c040a0e0
      [  403.787797] [<c03e0550>] (start_kernel+0x0/0x2d4) from [<a0008040>] (0xa0008040)
      Signed-off-by: default avatarMichael Grzeschik <m.grzeschik@pengutronix.de>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
    • Michael Grzeschik's avatar
      dmaengine: imx-dma: fix slow path issue in prep_dma_cyclic · edc530fe
      Michael Grzeschik authored
      When perparing cyclic_dma buffers by the sound layer, it will dump the
      following lockdep trace. The leading snd_pcm_action_single get called
      with read_lock_irq called. To fix this, we change the kcalloc call from
      WARNING: at kernel/lockdep.c:2740 lockdep_trace_alloc+0xcc/0x114()
      Modules linked in:
      CPU: 0 PID: 832 Comm: aplay Not tainted 3.11.0-20130823+ #903
      [<c000b98c>] (dump_backtrace+0x0/0x10c) from [<c000bb28>] (show_stack+0x18/0x1c)
       r6:c004c090 r5:00000009 r4:c2e0bd18 r3:00404000
      [<c000bb10>] (show_stack+0x0/0x1c) from [<c02f397c>] (dump_stack+0x20/0x28)
      [<c02f395c>] (dump_stack+0x0/0x28) from [<c001531c>] (warn_slowpath_common+0x54/0x70)
      [<c00152c8>] (warn_slowpath_common+0x0/0x70) from [<c00153dc>] (warn_slowpath_fmt+0x38/0x40)
       r8:00004000 r7:a3b90000 r6:000080d0 r5:60000093 r4:c2e0a000 r3:00000009
      [<c00153a4>] (warn_slowpath_fmt+0x0/0x40) from [<c004c090>] (lockdep_trace_alloc+0xcc/0x114)
       r3:c03955d8 r2:c03907db
      [<c004bfc4>] (lockdep_trace_alloc+0x0/0x114) from [<c008f16c>] (__kmalloc+0x34/0x118)
       r6:000080d0 r5:c3800120 r4:000080d0 r3:c040a0f8
      [<c008f138>] (__kmalloc+0x0/0x118) from [<c019c95c>] (imxdma_prep_dma_cyclic+0x64/0x168)
       r7:a3b90000 r6:00000004 r5:c39d8420 r4:c3847150
      [<c019c8f8>] (imxdma_prep_dma_cyclic+0x0/0x168) from [<c024618c>] (snd_dmaengine_pcm_trigger+0xa8/0x160)
      [<c02460e4>] (snd_dmaengine_pcm_trigger+0x0/0x160) from [<c0241fa8>] (soc_pcm_trigger+0x90/0xb4)
       r8:c058c7b0 r7:c3b8140c r6:c39da560 r5:00000001 r4:c3b81000
      [<c0241f18>] (soc_pcm_trigger+0x0/0xb4) from [<c022ece4>] (snd_pcm_do_start+0x2c/0x38)
       r7:00000000 r6:00000003 r5:c058c7b0 r4:c3b81000
      [<c022ecb8>] (snd_pcm_do_start+0x0/0x38) from [<c022e958>] (snd_pcm_action_single+0x40/0x6c)
      [<c022e918>] (snd_pcm_action_single+0x0/0x6c) from [<c022ea64>] (snd_pcm_action_lock_irq+0x7c/0x9c)
       r7:00000003 r6:c3b810f0 r5:c3b810f0 r4:c3b81000
      [<c022e9e8>] (snd_pcm_action_lock_irq+0x0/0x9c) from [<c023009c>] (snd_pcm_common_ioctl1+0x7f8/0xfd0)
       r8:c3b7f888 r7:005407b8 r6:c2c991c0 r5:c3b81000 r4:c3b81000 r3:00004142
      [<c022f8a4>] (snd_pcm_common_ioctl1+0x0/0xfd0) from [<c023117c>] (snd_pcm_playback_ioctl1+0x464/0x488)
      [<c0230d18>] (snd_pcm_playback_ioctl1+0x0/0x488) from [<c02311d4>] (snd_pcm_playback_ioctl+0x34/0x40)
       r8:c3b7f888 r7:00004142 r6:00000004 r5:c2c991c0 r4:005407b8
      [<c02311a0>] (snd_pcm_playback_ioctl+0x0/0x40) from [<c00a14a4>] (vfs_ioctl+0x30/0x44)
      [<c00a1474>] (vfs_ioctl+0x0/0x44) from [<c00a1fe8>] (do_vfs_ioctl+0x55c/0x5c0)
      [<c00a1a8c>] (do_vfs_ioctl+0x0/0x5c0) from [<c00a208c>] (SyS_ioctl+0x40/0x68)
      [<c00a204c>] (SyS_ioctl+0x0/0x68) from [<c0009380>] (ret_fast_syscall+0x0/0x44)
       r8:c0009544 r7:00000036 r6:bedeaa58 r5:00000000 r4:000000c0
      Signed-off-by: default avatarMichael Grzeschik <m.grzeschik@pengutronix.de>
      Signed-off-by: default avatarVinod Koul <vinod.koul@intel.com>
  6. 03 Oct, 2013 2 commits