1. 19 Jul, 2012 3 commits
  2. 17 Jul, 2012 1 commit
    • Lin Ming's avatar
      ipvs: fix oops on NAT reply in br_nf context · 9e33ce45
      Lin Ming authored
      IPVS should not reset skb->nf_bridge in FORWARD hook
      by calling nf_reset for NAT replies. It triggers oops in
      [  579.781508] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
      [  579.781669] IP: [<ffffffff817b1ca5>] br_nf_forward_finish+0x58/0x112
      [  579.781792] PGD 218f9067 PUD 0
      [  579.781865] Oops: 0000 [#1] SMP
      [  579.781945] CPU 0
      [  579.781983] Modules linked in:
      [  579.782047]
      [  579.782080]
      [  579.782114] Pid: 4644, comm: qemu Tainted: G        W    3.5.0-rc5-00006-g95e69f9 #282 Hewlett-Packard  /30E8
      [  579.782300] RIP: 0010:[<ffffffff817b1ca5>]  [<ffffffff817b1ca5>] br_nf_forward_finish+0x58/0x112
      [  579.782455] RSP: 0018:ffff88007b003a98  EFLAGS: 00010287
      [  579.782541] RAX: 0000000000000008 RBX: ffff8800762ead00 RCX: 000000000001670a
      [  579.782653] RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff8800762ead00
      [  579.782845] RBP: ffff88007b003ac8 R08: 0000000000016630 R09: ffff88007b003a90
      [  579.782957] R10: ffff88007b0038e8 R11: ffff88002da37540 R12: ffff88002da01a02
      [  579.783066] R13: ffff88002da01a80 R14: ffff88002d83c000 R15: ffff88002d82a000
      [  579.783177] FS:  0000000000000000(0000) GS:ffff88007b000000(0063) knlGS:00000000f62d1b70
      [  579.783306] CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
      [  579.783395] CR2: 0000000000000004 CR3: 00000000218fe000 CR4: 00000000000027f0
      [  579.783505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  579.783684] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      [  579.783795] Process qemu (pid: 4644, threadinfo ffff880021b20000, task ffff880021aba760)
      [  579.783919] Stack:
      [  579.783959]  ffff88007693cedc ffff8800762ead00 ffff88002da01a02 ffff8800762ead00
      [  579.784110]  ffff88002da01a02 ffff88002da01a80 ffff88007b003b18 ffffffff817b26c7
      [  579.784260]  ffff880080000000 ffffffff81ef59f0 ffff8800762ead00 ffffffff81ef58b0
      [  579.784477] Call Trace:
      [  579.784523]  <IRQ>
      [  579.784562]
      [  579.784603]  [<ffffffff817b26c7>] br_nf_forward_ip+0x275/0x2c8
      [  579.784707]  [<ffffffff81704b58>] nf_iterate+0x47/0x7d
      [  579.784797]  [<ffffffff817ac32e>] ? br_dev_queue_push_xmit+0xae/0xae
      [  579.784906]  [<ffffffff81704bfb>] nf_hook_slow+0x6d/0x102
      [  579.784995]  [<ffffffff817ac32e>] ? br_dev_queue_push_xmit+0xae/0xae
      [  579.785175]  [<ffffffff8187fa95>] ? _raw_write_unlock_bh+0x19/0x1b
      [  579.785179]  [<ffffffff817ac417>] __br_forward+0x97/0xa2
      [  579.785179]  [<ffffffff817ad366>] br_handle_frame_finish+0x1a6/0x257
      [  579.785179]  [<ffffffff817b2386>] br_nf_pre_routing_finish+0x26d/0x2cb
      [  579.785179]  [<ffffffff817b2cf0>] br_nf_pre_routing+0x55d/0x5c1
      [  579.785179]  [<ffffffff81704b58>] nf_iterate+0x47/0x7d
      [  579.785179]  [<ffffffff817ad1c0>] ? br_handle_local_finish+0x44/0x44
      [  579.785179]  [<ffffffff81704bfb>] nf_hook_slow+0x6d/0x102
      [  579.785179]  [<ffffffff817ad1c0>] ? br_handle_local_finish+0x44/0x44
      [  579.785179]  [<ffffffff81551525>] ? sky2_poll+0xb35/0xb54
      [  579.785179]  [<ffffffff817ad62a>] br_handle_frame+0x213/0x229
      [  579.785179]  [<ffffffff817ad417>] ? br_handle_frame_finish+0x257/0x257
      [  579.785179]  [<ffffffff816e3b47>] __netif_receive_skb+0x2b4/0x3f1
      [  579.785179]  [<ffffffff816e69fc>] process_backlog+0x99/0x1e2
      [  579.785179]  [<ffffffff816e6800>] net_rx_action+0xdf/0x242
      [  579.785179]  [<ffffffff8107e8a8>] __do_softirq+0xc1/0x1e0
      [  579.785179]  [<ffffffff8135a5ba>] ? trace_hardirqs_off_thunk+0x3a/0x6c
      [  579.785179]  [<ffffffff8188812c>] call_softirq+0x1c/0x30
      The steps to reproduce as follow,
      1. On Host1, setup brige br0(
      2. Boot a kvm guest( on Host1 and start httpd
      3. Start IPVS service on Host1
         ipvsadm -A -t -s rr
         ipvsadm -a -t -r -m
      4. Run apache benchmark on Host2(
         ab -n 1000
                skb->nf_bridge = NULL;
      Actually, IPVS wants in this case just to replace nfct
      with untracked version. So replace the nf_reset(skb) call
      in ip_vs_notrack() with a nf_conntrack_put(skb->nfct) call.
      Signed-off-by: default avatarLin Ming <mlin@ss.pku.edu.cn>
      Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
  3. 11 Jul, 2012 5 commits
    • Yinghai Lu's avatar
      memblock: free allocated memblock_reserved_regions later · 29f67386
      Yinghai Lu authored
      memblock_free_reserved_regions() calls memblock_free(), but
      memblock_free() would double reserved.regions too, so we could free the
      old range for reserved.regions.
      Also tj said there is another bug which could be related to this.
      | I don't think we're saving any noticeable
      | amount by doing this "free - give it to page allocator - reserve
      | again" dancing.  We should just allocate regions aligned to page
      | boundaries and free them later when memblock is no longer in use.
      in that case, when DEBUG_PAGEALLOC, will get panic:
           memblock_free: [0x0000102febc080-0x0000102febf080] memblock_free_reserved_regions+0x37/0x39
        BUG: unable to handle kernel paging request at ffff88102febd948
        IP: [<ffffffff836a5774>] __next_free_mem_range+0x9b/0x155
        PGD 4826063 PUD cf67a067 PMD cf7fa067 PTE 800000102febd160
        Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
        CPU 0
        Pid: 0, comm: swapper Not tainted 3.5.0-rc2-next-20120614-sasha #447
        RIP: 0010:[<ffffffff836a5774>]  [<ffffffff836a5774>] __next_free_mem_range+0x9b/0x155
      See the discussion at https://lkml.org/lkml/2012/6/13/469
      So try to allocate with PAGE_SIZE alignment and free it later.
      Reported-by: default avatarSasha Levin <levinsasha928@gmail.com>
      Acked-by: default avatarTejun Heo <tj@kernel.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Signed-off-by: default avatarYinghai Lu <yinghai@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Yinghai Lu's avatar
      mm: sparse: fix usemap allocation above node descriptor section · 99ab7b19
      Yinghai Lu authored
      After commit f5bf18fa ("bootmem/sparsemem: remove limit constraint
      in alloc_bootmem_section"), usemap allocations may easily be placed
      outside the optimal section that holds the node descriptor, even if
      there is space available in that section.  This results in unnecessary
      hotplug dependencies that need to have the node unplugged before the
      section holding the usemap.
      The reason is that the bootmem allocator doesn't guarantee a linear
      search starting from the passed allocation goal but may start out at a
      much higher address absent an upper limit.
      Fix this by trying the allocation with the limit at the section end,
      then retry without if that fails.  This keeps the fix from f5bf18fa
      of not panicking if the allocation does not fit in the section, but
      still makes sure to try to stay within the section at first.
      Signed-off-by: default avatarYinghai Lu <yinghai@kernel.org>
      Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Cc: <stable@vger.kernel.org>	[3.3.x, 3.4.x]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Jiang Liu's avatar
      memory hotplug: fix invalid memory access caused by stale kswapd pointer · d8adde17
      Jiang Liu authored
      kswapd_stop() is called to destroy the kswapd work thread when all memory
      of a NUMA node has been offlined.  But kswapd_stop() only terminates the
      work thread without resetting NODE_DATA(nid)->kswapd to NULL.  The stale
      pointer will prevent kswapd_run() from creating a new work thread when
      adding memory to the memory-less NUMA node again.  Eventually the stale
      pointer may cause invalid memory access.
      An example stack dump as below. It's reproduced with 2.6.32, but latest
      kernel has the same issue.
        BUG: unable to handle kernel NULL pointer dereference at (null)
        IP: [<ffffffff81051a94>] exit_creds+0x12/0x78
        PGD 0
        Oops: 0000 [#1] SMP
        last sysfs file: /sys/devices/system/memory/memory391/state
        CPU 11
        Modules linked in: cpufreq_conservative cpufreq_userspace cpufreq_powersave acpi_cpufreq microcode fuse loop dm_mod tpm_tis rtc_cmos i2c_i801 rtc_core tpm serio_raw pcspkr sg tpm_bios igb i2c_core iTCO_wdt rtc_lib mptctl iTCO_vendor_support button dca bnx2 usbhid hid uhci_hcd ehci_hcd usbcore sd_mod crc_t10dif edd ext3 mbcache jbd fan ide_pci_generic ide_core ata_generic ata_piix libata thermal processor thermal_sys hwmon mptsas mptscsih mptbase scsi_transport_sas scsi_mod
        Pid: 7949, comm: sh Not tainted #92 Tecal RH2285
        RIP: 0010:exit_creds+0x12/0x78
        RSP: 0018:ffff8806044f1d78  EFLAGS: 00010202
        RAX: 0000000000000000 RBX: ffff880604f22140 RCX: 0000000000019502
        RDX: 0000000000000000 RSI: 0000000000000202 RDI: 0000000000000000
        RBP: ffff880604f22150 R08: 0000000000000000 R09: ffffffff81a4dc10
        R10: 00000000000032a0 R11: ffff880006202500 R12: 0000000000000000
        R13: 0000000000c40000 R14: 0000000000008000 R15: 0000000000000001
        FS:  00007fbc03d066f0(0000) GS:ffff8800282e0000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
        CR2: 0000000000000000 CR3: 000000060f029000 CR4: 00000000000006e0
        DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
        Process sh (pid: 7949, threadinfo ffff8806044f0000, task ffff880603d7c600)
         ffff880604f22140 ffffffff8103aac5 ffff880604f22140 ffffffff8104d21e
         ffff880006202500 0000000000008000 0000000000c38000 ffffffff810bd5b1
         0000000000000000 ffff880603d7c600 00000000ffffdd29 0000000000000003
        Call Trace:
        Code: ff 4d 00 0f 94 c0 84 c0 74 08 48 89 ef e8 1f fd ff ff 5b 5d 31 c0 41 5c c3 53 48 8b 87 20 06 00 00 48 89 fb 48 8b bf 18 06 00 00 <8b> 00 48 c7 83 18 06 00 00 00 00 00 00 f0 ff 0f 0f 94 c0 84 c0
        RIP  exit_creds+0x12/0x78
         RSP <ffff8806044f1d78>
        CR2: 0000000000000000
      [akpm@linux-foundation.org: add pglist_data.kswapd locking comments]
      Signed-off-by: default avatarXishi Qiu <qiuxishi@huawei.com>
      Signed-off-by: default avatarJiang Liu <jiang.liu@huawei.com>
      Acked-by: default avatarKAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Acked-by: default avatarKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
      Acked-by: default avatarMel Gorman <mgorman@suse.de>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Reviewed-by: default avatarMinchan Kim <minchan@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Thomas Gleixner's avatar
      timekeeping: Provide hrtimer update function · f6c06abf
      Thomas Gleixner authored
      To finally fix the infamous leap second issue and other race windows
      caused by functions which change the offsets between the various time
      function which atomically gets the current monotonic time and updates
      the offsets of CLOCK_REALTIME and CLOCK_BOOTTIME with minimalistic
      overhead. The previous patch which provides ktime_t offsets allows us
      to make this function almost as cheap as ktime_get() which is going to
      be replaced in hrtimer_interrupt().
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarIngo Molnar <mingo@kernel.org>
      Acked-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Acked-by: default avatarPrarit Bhargava <prarit@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohn Stultz <johnstul@us.ibm.com>
      Link: http://lkml.kernel.org/r/1341960205-56738-7-git-send-email-johnstul@us.ibm.com
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    • John Stultz's avatar
      hrtimer: Provide clock_was_set_delayed() · f55a6faa
      John Stultz authored
      clock_was_set() cannot be called from hard interrupt context because
      it calls on_each_cpu().
      For fixing the widely reported leap seconds issue it is necessary to
      call it from hard interrupt context, i.e. the timer tick code, which
      does the timekeeping updates.
      Provide a new function which denotes it in the hrtimer cpu base
      structure of the cpu on which it is called and raise the hrtimer
      softirq. We then execute the clock_was_set() notificiation from
      softirq context in run_hrtimer_softirq(). The hrtimer softirq is
      rarely used, so polling the flag there is not a performance issue.
      [ tglx: Made it depend on CONFIG_HIGH_RES_TIMERS. We really should get
        rid of all this ifdeffery ASAP ]
      Signed-off-by: default avatarJohn Stultz <johnstul@us.ibm.com>
      Reported-by: default avatarJan Engelhardt <jengelh@inai.de>
      Reviewed-by: default avatarIngo Molnar <mingo@kernel.org>
      Acked-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Acked-by: default avatarPrarit Bhargava <prarit@redhat.com>
      Cc: stable@vger.kernel.org
      Link: http://lkml.kernel.org/r/1341960205-56738-2-git-send-email-johnstul@us.ibm.com
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
  4. 10 Jul, 2012 1 commit
    • Alan Stern's avatar
      PCI: EHCI: fix crash during suspend on ASUS computers · dbf0e4c7
      Alan Stern authored
      Quite a few ASUS computers experience a nasty problem, related to the
      EHCI controllers, when going into system suspend.  It was observed
      that the problem didn't occur if the controllers were not put into the
      D3 power state before starting the suspend, and commit
      151b6128 (USB: EHCI: fix crash during
      suspend on ASUS computers) was created to do this.
      It turned out this approach messed up other computers that didn't have
      the problem -- it prevented USB wakeup from working.  Consequently
      commit c2fb8a3f (USB: add
      NO_D3_DURING_SLEEP flag and revert 151b6128) was merged; it
      reverted the earlier commit and added a whitelist of known good board
      Now we know the actual cause of the problem.  Thanks to AceLan Kao for
      tracking it down.
      According to him, an engineer at ASUS explained that some of their
      BIOSes contain a bug that was added in an attempt to work around a
      problem in early versions of Windows.  When the computer goes into S3
      suspend, the BIOS tries to verify that the EHCI controllers were first
      quiesced by the OS.  Nothing's wrong with this, but the BIOS does it
      by checking that the PCI COMMAND registers contain 0 without checking
      the controllers' power state.  If the register isn't 0, the BIOS
      assumes the controller needs to be quiesced and tries to do so.  This
      involves making various MMIO accesses to the controller, which don't
      work very well if the controller is already in D3.  The end result is
      a system hang or memory corruption.
      Since the value in the PCI COMMAND register doesn't matter once the
      controller has been suspended, and since the value will be restored
      anyway when the controller is resumed, we can work around the BIOS bug
      simply by setting the register to 0 during system suspend.  This patch
      (as1590) does so and also reverts the second commit mentioned above,
      which is now unnecessary.
      In theory we could do this for every PCI device.  However to avoid
      introducing new problems, the patch restricts itself to EHCI host
      Finally the affected systems can suspend with USB wakeup working
      Reference: https://bugzilla.kernel.org/show_bug.cgi?id=37632
      Reference: https://bugzilla.kernel.org/show_bug.cgi?id=42728
      Based-on-patch-by: default avatarAceLan Kao <acelan.kao@canonical.com>
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Tested-by: default avatarDâniel Fraga <fragabr@gmail.com>
      Tested-by: default avatarJavier Marcet <jmarcet@gmail.com>
      Tested-by: default avatarAndrey Rahmatullin <wrar@wrar.name>
      Tested-by: default avatarOleksij Rempel <bug-track@fisher-privat.net>
      Tested-by: default avatarPavel Pisa <pisa@cmp.felk.cvut.cz>
      Cc: stable <stable@vger.kernel.org>
      Acked-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Acked-by: default avatarRafael J. Wysocki <rjw@sisk.pl>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
  5. 09 Jul, 2012 1 commit
  6. 08 Jul, 2012 2 commits
    • Dan Williams's avatar
      [SCSI] libsas: fix taskfile corruption in sas_ata_qc_fill_rtf · 6ef1b512
      Dan Williams authored
      fill_result_tf() grabs the taskfile flags from the originating qc which
      sas_ata_qc_fill_rtf() promptly overwrites.  The presence of an
      ata_taskfile in the sata_device makes it tempting to just copy the full
      contents in sas_ata_qc_fill_rtf().  However, libata really only wants
      the fis contents and expects the other portions of the taskfile to not
      be touched by ->qc_fill_rtf.  To that end store a fis buffer in the
      sata_device and use ata_tf_from_fis() like every other ->qc_fill_rtf()
      Cc: <stable@vger.kernel.org>
      Reported-by: default avatarPraveen Murali <pmurali@logicube.com>
      Tested-by: default avatarPraveen Murali <pmurali@logicube.com>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
    • Mark Rustad's avatar
      [SCSI] Fix NULL dereferences in scsi_cmd_to_driver · 222a806a
      Mark Rustad authored
      Avoid crashing if the private_data pointer happens to be NULL. This has
      been seen sometimes when a host reset happens, notably when there are
      many LUNs:
      host3: Assigned Port ID 0c1601
      scsi host3: libfc: Host reset succeeded on port (0c1601)
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000350
      IP: [<ffffffff81352bb8>] scsi_send_eh_cmnd+0x58/0x3a0
      Process scsi_eh_3 (pid: 4144, threadinfo ffff88030920c000, task ffff880326b160c0)
       000000010372e6ba 0000000000000282 000027100920dca0 ffffffffa0038ee0
       0000000000000000 0000000000030003 ffff88030920dc80 ffff88030920dc80
       00000002000e0000 0000000a00004000 ffff8803242f7760 ffff88031326ed80
      Call Trace:
       [<ffffffff8105b590>] ? lock_timer_base+0x70/0x70
       [<ffffffff81352fbe>] scsi_eh_tur+0x3e/0xc0
       [<ffffffff81353a36>] scsi_eh_test_devices+0x76/0x170
       [<ffffffff81354125>] scsi_eh_host_reset+0x85/0x160
       [<ffffffff81354291>] scsi_eh_ready_devs+0x91/0x110
       [<ffffffff813543fd>] scsi_unjam_host+0xed/0x1f0
       [<ffffffff813546a8>] scsi_error_handler+0x1a8/0x200
       [<ffffffff81354500>] ? scsi_unjam_host+0x1f0/0x1f0
       [<ffffffff8106ec3e>] kthread+0x9e/0xb0
       [<ffffffff81509264>] kernel_thread_helper+0x4/0x10
       [<ffffffff8106eba0>] ? kthread_freezable_should_stop+0x70/0x70
       [<ffffffff81509260>] ? gs_change+0x13/0x13
      Code: 25 28 00 00 00 48 89 45 c8 31 c0 48 8b 87 80 00 00 00 48 8d b5 60 ff ff ff 89 d1 48 89 fb 41 89 d6 4c 89 fa 48 8b 80 b8 00 00 00
       <48> 8b 80 50 03 00 00 48 8b 00 48 89 85 38 ff ff ff 48 8b 07 4c
      RIP  [<ffffffff81352bb8>] scsi_send_eh_cmnd+0x58/0x3a0
       RSP <ffff88030920dc50>
      CR2: 0000000000000350
      Signed-off-by: default avatarMark Rustad <mark.d.rustad@intel.com>
      Tested-by: default avatarMarcus Dennis <marcusx.e.dennis@intel.com>
      Cc: <stable@kernel.org>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
  7. 07 Jul, 2012 1 commit
  8. 06 Jul, 2012 3 commits
  9. 05 Jul, 2012 3 commits
  10. 04 Jul, 2012 2 commits
    • Ohad Ben-Cohen's avatar
      rpmsg: make sure inflight messages don't invoke just-removed callbacks · 15fd943a
      Ohad Ben-Cohen authored
      When inbound messages arrive, rpmsg core looks up their associated
      endpoint (by destination address) and then invokes their callback.
      We've made sure that endpoints will never be de-allocated after they
      were found by rpmsg core, but we also need to protect against the
      (rare) scenario where the rpmsg driver was just removed, and its
      callback function isn't available anymore.
      This is achieved by introducing a callback mutex, which must be taken
      before the callback is invoked, and, obviously, before it is removed.
      Cc: stable <stable@vger.kernel.org>
      Reported-by: default avatarFernando Guzman Lugo <fernando.lugo@ti.com>
      Signed-off-by: default avatarOhad Ben-Cohen <ohad@wizery.com>
    • Ohad Ben-Cohen's avatar
      rpmsg: avoid premature deallocation of endpoints · 5a081caa
      Ohad Ben-Cohen authored
      When an inbound message arrives, the rpmsg core looks up its
      associated endpoint and invokes the registered callback.
      If a message arrives while its endpoint is being removed (because
      the rpmsg driver was removed, or a recovery of a remote processor
      has kicked in) we must ensure atomicity, i.e.:
      - Either the ept is removed before it is found
      - The ept is found but will not be freed until the callback returns
      This is achieved by maintaining a per-ept reference count, which,
      when drops to zero, will trigger deallocation of the ept.
      With this in hand, it is now forbidden to directly deallocate
      epts once they have been added to the endpoints idr.
      Cc: stable <stable@vger.kernel.org>
      Reported-by: default avatarFernando Guzman Lugo <fernando.lugo@ti.com>
      Signed-off-by: default avatarOhad Ben-Cohen <ohad@wizery.com>
  11. 03 Jul, 2012 1 commit
  12. 02 Jul, 2012 1 commit
  13. 01 Jul, 2012 1 commit
    • Neil Horman's avatar
      sctp: be more restrictive in transport selection on bundled sacks · 4244854d
      Neil Horman authored
      It was noticed recently that when we send data on a transport, its possible that
      we might bundle a sack that arrived on a different transport.  While this isn't
      a major problem, it does go against the SHOULD requirement in section 6.4 of RFC
       An endpoint SHOULD transmit reply chunks (e.g., SACK, HEARTBEAT ACK,
         etc.) to the same destination transport address from which it
         received the DATA or control chunk to which it is replying.  This
         rule should also be followed if the endpoint is bundling DATA chunks
         together with the reply chunk.
      This patch seeks to correct that.  It restricts the bundling of sack operations
      to only those transports which have moved the ctsn of the association forward
      since the last sack.  By doing this we guarantee that we only bundle outbound
      saks on a transport that has received a chunk since the last sack.  This brings
      us into stricter compliance with the RFC.
      Vlad had initially suggested that we strictly allow only sack bundling on the
      transport that last moved the ctsn forward.  While this makes sense, I was
      concerned that doing so prevented us from bundling in the case where we had
      received chunks that moved the ctsn on multiple transports.  In those cases, the
      RFC allows us to select any of the transports having received chunks to bundle
      the sack on.  so I've modified the approach to allow for that, by adding a state
      variable to each transport that tracks weather it has moved the ctsn since the
      last sack.  This I think keeps our behavior (and performance), close enough to
      our current profile that I think we can do this without a sysctl knob to
      enable/disable it.
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      CC: Vlad Yaseivch <vyasevich@gmail.com>
      CC: David S. Miller <davem@davemloft.net>
      CC: linux-sctp@vger.kernel.org
      Reported-by: default avatarMichele Baldessari <michele@redhat.com>
      Reported-by: default avatarsorin serban <sserban@redhat.com>
      Acked-by: default avatarVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  14. 30 Jun, 2012 1 commit
  15. 28 Jun, 2012 2 commits
    • Steven Rostedt's avatar
      tracing: Remove NR_CPUS array from trace_iterator · 6d158a81
      Steven Rostedt authored
      Replace the NR_CPUS array of buffer_iter from the trace_iterator
      with an allocated array. This will just create an array of
      possible CPUS instead of the max number specified.
      The use of NR_CPUS in that array caused allocation failures for
      machines that were tight on memory. This did not cause any failures
      to the system itself (no crashes), but caused unnecessary failures
      for reading the trace files.
      Added a helper function called 'trace_buffer_iter()' that returns
      the buffer_iter item or NULL if it is not defined or the array was
      not allocated. Some routines do not require the array
      (tracing_open_pipe() for one).
      Reported-by: default avatarDave Jones <davej@redhat.com>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
    • Namhyung Kim's avatar
      tracing/kvm: Use __print_hex() for kvm_emulate_insn tracepoint · b102f1d0
      Namhyung Kim authored
      The kvm_emulate_insn tracepoint used __print_insn()
      for printing its instructions. However it makes the
      format of the event hard to parse as it reveals TP
      Fortunately, kernel provides __print_hex for almost
      same purpose, we can use it instead of open coding
      it. The user-space can be changed to parse it later.
      That means raw kernel tracing will not be affected
      by this change:
       # cd /sys/kernel/debug/tracing/
       # cat events/kvm/kvm_emulate_insn/format
       name: kvm_emulate_insn
       ID: 29
       print fmt: "%x:%llx:%s (%s)%s", REC->csbase, REC->rip, __print_hex(REC->insn, REC->len), \
       __print_symbolic(REC->flags, { 0, "real" }, { (1 << 0) | (1 << 1), "vm16" }, \
       { (1 << 0), "prot16" }, { (1 << 0) | (1 << 2), "prot32" }, { (1 << 0) | (1 << 3), "prot64" }), \
       REC->failed ? " failed" : ""
       # echo 1 > events/kvm/kvm_emulate_insn/enable
       # cat trace
       # tracer: nop
       # entries-in-buffer/entries-written: 2183/2183   #P:12
       #                              _-----=> irqs-off
       #                             / _----=> need-resched
       #                            | / _---=> hardirq/softirq
       #                            || / _--=> preempt-depth
       #                            ||| /     delay
       #           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION
       #              | |       |   ||||       |         |
               qemu-kvm-1782  [002] ...1   140.931636: kvm_emulate_insn: 0:c102fa25:89 10 (prot32)
               qemu-kvm-1781  [004] ...1   140.931637: kvm_emulate_insn: 0:c102fa25:89 10 (prot32)
      Link: http://lkml.kernel.org/n/tip-wfw6y3b9ugtey8snaow9nmg5@git.kernel.org
      Link: http://lkml.kernel.org/r/1340757701-10711-2-git-send-email-namhyung@kernel.org
      Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Namhyung Kim <namhyung.kim@lge.com>
      Cc: kvm@vger.kernel.org
      Acked-by: default avatarAvi Kivity <avi@redhat.com>
      Signed-off-by: default avatarNamhyung Kim <namhyung@kernel.org>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
  16. 25 Jun, 2012 1 commit
    • Paul Mundt's avatar
      bug.h: Fix up CONFIG_BUG=n implicit function declarations. · 09682c1d
      Paul Mundt authored
      Commit 2603efa3
       ("bug.h: Fix up powerpc build regression") corrected
      the powerpc build case and extended the __ASSEMBLY__ guards, but it also
      got caught in pre-processor hell accidentally matching the else case of
      CONFIG_BUG resulting in the BUG disabled case tripping up on
      It's not possible to __ASSEMBLY__ guard the entire file as architecture
      code needs to get at the BUGFLAG_WARNING definition in the GENERIC_BUG
      case, but the rest of the CONFIG_BUG=y/n case needs to be guarded.
      Rather than littering endless __ASSEMBLY__ checks in each of the if/else
      cases we just move the BUGFLAG definitions up under their own
      GENERIC_BUG test and then shove everything else under one big
      __ASSEMBLY__ guard.
      Build tested on all of x86 CONFIG_BUG=y, CONFIG_BUG=n, powerpc (due to
      it's dependence on BUGFLAG definitions in assembly code), and sh (due to
      not bringing in linux/kernel.h to satisfy the taint flag definitions used
      by the generic bug code).
      Hopefully that's the end of the corner cases and I can abstain from ever
      having to touch this infernal header ever again.
      Reported-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Tested-by: default avatarFengguang Wu <wfg@linux.intel.com>
      Acked-by: default avatarRandy Dunlap <rdunlap@xenotime.net>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarPaul Mundt <lethal@linux-sh.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  17. 23 Jun, 2012 1 commit
    • Alan Stern's avatar
      SCSI & usb-storage: add try_rc_10_first flag · 6a0bdffa
      Alan Stern authored
      Several bug reports have been received recently for USB mass-storage
      devices that don't handle READ CAPACITY(16) commands properly.  They
      report bogus sizes, in some cases becoming unusable as a result.
      The bugs were triggered by commit
       (SCSI & usb-storage: add
      flags for VPD pages and REPORT LUNS), which caused usb-storage to stop
      overriding the SCSI level reported by devices.  By default, the sd
      driver will try READ CAPACITY(16) first for any device whose level is
      above SCSI_SPC_2.
      It seems likely that any device large enough to require the use of
      READ CAPACITY(16) (i.e., 2 TB or more) would be able to handle READ
      CAPACITY(10) commands properly.  Indeed, I don't know of any devices
      that don't handle READ CAPACITY(10) properly.
      Therefore this patch (as1559) adds a new flag telling the sd driver
      to try READ CAPACITY(10) before READ CAPACITY(16), and sets this flag
      for every USB mass-storage device.  If a device really is larger than
      2 TB, sd will fall back to READ CAPACITY(16) just as it used to.
      This fixes Bugzilla #43391.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Acked-by: default avatarHans de Goede <hdegoede@redhat.com>
      CC: "James E.J. Bottomley" <JBottomley@parallels.com>
      CC: Matthew Dharm <mdharm-usb@one-eyed-alien.net>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
  18. 22 Jun, 2012 1 commit
  19. 21 Jun, 2012 1 commit
  20. 20 Jun, 2012 3 commits
    • Viresh Kumar's avatar
      Viresh has moved · 10d8935f
      Viresh Kumar authored
      viresh.kumar@st.com email-id doesn't exist anymore as I have left the
      company.  Replace ST's id with viresh.linux@gmail.com.
      It also updates .mailmap file to fix address for 'git shortlog'
      Signed-off-by: default avatarViresh Kumar <viresh.linux@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Andrea Arcangeli's avatar
      thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE · e4eed03f
      Andrea Arcangeli authored
      In the x86 32bit PAE CONFIG_TRANSPARENT_HUGEPAGE=y case while holding the
      mmap_sem for reading, cmpxchg8b cannot be used to read pmd contents under
      So instead of dealing only with "consistent" pmdvals in
      pmd_none_or_trans_huge_or_clear_bad() (which would be conceptually
      simpler) we let pmd_none_or_trans_huge_or_clear_bad() deal with pmdvals
      where the low 32bit and high 32bit could be inconsistent (to avoid having
      to use cmpxchg8b).
      The only guarantee we get from pmd_read_atomic is that if the low part of
      the pmd was found null, the high part will be null too (so the pmd will be
      considered unstable).  And if the low part of the pmd is found "stable"
      later, then it means the whole pmd was read atomically (because after a
      pmd is stable, neither MADV_DONTNEED nor page faults can alter it anymore,
      and we read the high part after the low part).
      In the 32bit PAE x86 case, it is enough to read the low part of the pmdval
      atomically to declare the pmd as "stable" and that's true for THP and no
      THP, furthermore in the THP case we also have a barrier() that will
      prevent any inconsistent pmdvals to be cached by a later re-read of the
      Signed-off-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Cc: Jonathan Nieder <jrnieder@gmail.com>
      Cc: Ulrich Obergfell <uobergfe@redhat.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Larry Woodman <lwoodman@redhat.com>
      Cc: Petr Matousek <pmatouse@redhat.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Jan Beulich <jbeulich@suse.com>
      Cc: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
      Tested-by: default avatarAndrew Jones <drjones@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Pravin B Shelar's avatar
      mm: fix slab->page _count corruption when using slub · abca7c49
      Pravin B Shelar authored
      On arches that do not support this_cpu_cmpxchg_double() slab_lock is used
      to do atomic cmpxchg() on double word which contains page->_count.  The
      page count can be changed from get_page() or put_page() without taking
      slab_lock.  That corrupts page counter.
      Fix it by moving page->_count out of cmpxchg_double data.  So that slub
      does no change it while updating slub meta-data in struct page.
      [akpm@linux-foundation.org: use standard comment layout, tweak comment text]
      Reported-by: default avatarAmey Bhide <abhide@nicira.com>
      Signed-off-by: default avatarPravin B Shelar <pshelar@nicira.com>
      Acked-by: default avatarChristoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@cs.helsinki.fi>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
  21. 18 Jun, 2012 5 commits
    • Kay Sievers's avatar
      kmsg - kmsg_dump() fix CONFIG_PRINTK=n compilation · 246f6f2f
      Kay Sievers authored
      Signed-off-by: default avatarKay Sievers <kay@vrfy.org>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Reported-by: default avatarRandy Dunlap <rdunlap@xenotime.net>
      Reported-by: default avatarFengguang Wu <wfg@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Paul Mundt's avatar
      bug.h: Fix up powerpc build regression. · 2603efa3
      Paul Mundt authored
      The asm-generic/bug.h __ASSEMBLY__ guarding is completely bogus, which
      tripped up the powerpc build when the kernel.h include was added:
      	In file included from include/asm-generic/bug.h:5:0,
      			 from arch/powerpc/include/asm/bug.h:127,
      			 from arch/powerpc/kernel/head_64.S:31:
      	include/linux/kernel.h:44:0: warning: "ALIGN" redefined [enabled by default]
      	include/linux/linkage.h:57:0: note: this is the location of the previous definition
      	include/linux/sysinfo.h: Assembler messages:
      	include/linux/sysinfo.h:7: Error: Unrecognized opcode: `struct'
      	include/linux/sysinfo.h:8: Error: Unrecognized opcode: `__kernel_long_t'
      Moving the __ASSEMBLY__ guard up and stashing the kernel.h include under
      it fixes this up, as well as covering the case the original fix was
      attempting to handle.
      Tested-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Acked-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarPaul Mundt <lethal@linux-sh.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    • Steven Rostedt's avatar
      ftrace: Make all inline tags also include notrace · 93b3cca1
      Steven Rostedt authored
      Commit 5963e317 ("ftrace/x86: Do not change stacks in DEBUG when
      calling lockdep") prevented lockdep calls from the int3 breakpoint handler
      from reseting the stack if a function that was called was in the process
      of being converted for tracing and had a breakpoint on it. The idea is,
      before calling the lockdep code, do a load_idt() to the special IDT that
      kept the breakpoint stack from reseting. This worked well as a quick fix
      for this kernel release, until a certain config caused a lockup in the
      function tracer start up tests.
      Investigating it, I found that the load_idt that was used to prevent
      the int3 from changing stacks was itself being traced!
      Even though the config had CONFIG_OPTIMIZE_INLINING disabled, and
      all 'inline' tags were set to always inline, there were still cases that
      it did not inline! This was caused by CONFIG_PARAVIRT_GUEST, where it
      would add a pointer to the native_load_idt() which made that function
      to be traced.
      Commit 45959ee7
       ("ftrace: Do not function trace inlined functions")
      only touched the 'inline' tags when CONFIG_OPMITIZE_INLINING was enabled.
      PARAVIRT_GUEST shows that this was not enough and we need to also
      mark always_inline with notrace as well.
      Reported-by: default avatarFengguang Wu <wfg@linux.intel.com>
      Tested-by: default avatarFengguang Wu <wfg@linux.intel.com>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
    • Trond Myklebust's avatar
      NFSv4.1: Fix umount when filelayout DS is also the MDS · 2a4c8994
      Trond Myklebust authored
      Currently there is a 'chicken and egg' issue when the DS is also the mounted
      MDS. The nfs_match_client() reference from nfs4_set_ds_client bumps the
      cl_count, the nfs_client is not freed at umount, and nfs4_deviceid_purge_client
      is not called to dereference the MDS usage of a deviceid which holds a
      reference to the DS nfs_client.  The result is the umount program returns,
      but the nfs_client is not freed, and the cl_session hearbeat continues.
      The MDS (and all other nfs mounts) lose their last nfs_client reference in
      nfs_free_server when the last nfs_server (fsid) is umounted.
      The file layout DS lose their last nfs_client reference in destroy_ds
      when the last deviceid referencing the data server is put and destroy_ds is
      called. This is triggered by a call to nfs4_deviceid_purge_client which
      removes references to a pNFS deviceid used by an MDS mount.
      The fix is to track how many pnfs enabled filesystems are mounted from
      this server, and then to purge the device id cache once that count reaches
      Reported-by: default avatarJorge Mora <Jorge.Mora@netapp.com>
      Reported-by: default avatarAndy Adamson <andros@netapp.com>
      Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
    • Yan, Zheng's avatar
      perf/x86: Add Intel Nehalem and Sandy Bridge-EP uncore support · 7c94ee2e
      Yan, Zheng authored
      The uncore subsystem in Sandy Bridge-EP consists of 8 components:
       Ubox, Cacheing Agent, Home Agent, Memory controller, Power Control,
       QPI Link Layer, R2PCIe, R3QPI.
      Signed-off-by: default avatarZheng Yan <zheng.z.yan@intel.com>
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/1339741902-8449-9-git-send-email-zheng.z.yan@intel.com
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>