Force irq migration path during cpu offline, is not using proper locks and
irq_chip mask/unmask routines. This will result in some races(especially
the device generating the interrupt can see some inconsistent state,
resulting in issues like stuck irq,..).
Appended patch fixes the issue by taking proper lock and encapsulating
irq_chip set_affinity() with a mask() before and an unmask() after.
This fixes a MSI irq stuck issue reported by Darrick Wong.
There are several more general bugs in this area(irq migration in the
process context). For example,
1. Possibility of missing edge triggered irq.
2. Reliable method of migrating level triggered irq in the process context.
We plan to look and close these in the near future.
Eric says:
In addition even with the fix from Suresh there is still at least one
nasty hardware race in fixup_irqs(). However we exercise that code
path rarely enough that we are unlikely to hit it in the real world,
and that race seems to have existed since the code was merged. And a
fix for that is not coming soon as it is an open investigation area
if we can fix irq migration to work outside of irq context or if
we have to rework the requirements imposed by the generic cpu hotplug
and layer on fixup_irqs(). So this may come up again.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Reported-and-tested-by: Darrick Wong <djwong@us.ibm.com>
Cc: Andi Kleen <ak@suse.de>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
set the irq_chip name for lapic.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 4449/1: more entries in arch/arm/boot/.gitignore
[ARM] 4452/1: Force the literal pool dump before reloc_end
[ARM] Update show_regs/oops register format
[ARM] Add support for pause_on_oops and display preempt/smp options
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Count timer interrupts correctly.
[MIPS] SMTC and non-SMTC kernel and modules are incompatible
[MIPS] EMMA2RH: Disable GEN_RTC, it can't possibly work.
[MIPS] Remove a duplicated local variable in test_and_clear_bit()
[MIPS] use compat_siginfo in rt_sigframe_n32
[MIPS] 20K: Handle WAIT related bugs according to errata information
[MIPS] AP/SP requires shadow registers, auto enable support.
[MIPS] Fix pb1500 reg B access
[MIPS] Alchemy: Fix wrong cast
[MIPS] remove "support for" from system type entry
[MIPS] add io_map_base to pci_controller on Cobalt
[MIPS] __ucmpdi2 arguments are unsigned long long.
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Fix subtle FP state corruption bug in signal return on SMP
[POWERPC] Fix VDSO gettimeofday() when called with NULL struct timeval
[POWERPC] Update defconfigs
[POWERPC] Update g5_defconfig
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/usb-2.6:
USB: ftdio_sio: New IPlus device ID
USB: add new device id to option driver
USB: fix race leading to use after free in io_edgeport
USB: usblcd doesn't limit memory consumption during write
USB: memory leak in iowarrior.c
USB: ti serial driver sleeps with spinlock held
USB: g_file_storage: call allow_signal()
This one changes the SN2 specific PCI drivers to use ioremap() for
obtaining the real address to access for the PCI registers instead of
manually calculating them with __IA64_UNCACHED_OFFSET.
The patch should have no real change when running on a normal Linux
kernel, but when running as a paravirtualized it is needed.
Signed-off-by: Jes Sorenson <jes@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Montecito behaves slightly differently than previous processors,
resulting in the MCA due to a failed PIO read to sometimes surfacing
outside the nofault code. Adding an additional or and stop bits
ensures the MCA surfaces in the nofault code.
Signed-off-by: Russ Anderson <rja@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Change sn_change_coherence's ia64_sal_oemcall to the nolock variety since
PROM does the locking for this function internally.
Signed-off-by: Dean Nelson <dcn@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Remove duplicate header include line from arch/ia64/kernel/time.c.
Signed-off-by: MUNEDA Takahiro <muneda.takahiro@jp.fujitsu.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Both rp_loc and pfs_loc can be in the register stack area _or_ they can
be in the memory stack area, the latter occurs when a struct pt_regs is
pushed. Correct the validation check on these fields to check for both
stack areas. Not allowing for memory stack locations means no
backtrace past ia64_leave_kernel, or any other code that uses
PT_REGS_UNWIND_INFO.
Signed-off-by: Keith Owens <kaos@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Replacing (n & (n-1)) in the context of power of 2 checks
with is_power_of_2
Signed-off-by: vignesh babu <vignesh.babu@wipro.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Neither rtc_mips_get_time nor rtc_mips_set_time are being initialized by
the EMMA2RH setup code, so genrtc at best was a RTC dummy avoiding a few
error messages but not providing actual functionality.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Fix a sparse warning caused by 2c921d07f8c641e691b0dfd80a5cfe14c60ec489
include2/asm/bitops.h:313:23: warning: symbol 'res' shadows an earlier one
include2/asm/bitops.h:309:16: originally declared here
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
We used to avoid the WAIT entirely on the 20K but really only need to do
this on early revs of the 20K. Without this a 20K was a bit of a
power hog. Well, in the lower power power hog category ;-)
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
sctp_sock_migrate() grabs the socket lock on a newly allocated socket while
holding the socket lock on an old socket. lockdep worries that this might
be a recursive lock attempt.
task/3026 is trying to acquire lock:
(sk_lock-AF_INET){--..}, at: [<ffffffff88105b8c>] sctp_sock_migrate+0x2e3/0x327 [sctp]
but task is already holding lock:
(sk_lock-AF_INET){--..}, at: [<ffffffff8810891f>] sctp_accept+0xdf/0x1e3 [sctp]
This patch tells lockdep that this locking is safe by using
lock_sock_nested().
Signed-off-by: Zach Brown <zach.brown@oracle.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
We were doing the wrong call to turn them on, and also
when enabling we need to forcefully set the state to IDLE.
Signed-off-by: David S. Miller <davem@davemloft.net>
Reported by Grzegorz Chimosz <gchimi@gmail.com>
Signed-off-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
usb_unlink_urb() is asynchronous, therefore an URB's buffer may not
be freed without waiting for the completion handler. This patch switches
to usb_kill_urb(), which is synchronous.
Thanks to Alan for making me look at the remaining users of usb_unlink_urb()
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Al Borchers <alborchers@steinerpoint.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
usblcd currently has no way to limit memory consumption by fast writers.
This is a security problem, as it allows users with write access to this
device to drive the system into oom despite resource limits.
Here's the fix taken from the modern skeleton driver.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
this is a classical memory leak in the ioctl handler. The buffer is simply
never freed. This fixes it the obvious way.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
you are submitting an URB with GFP_KERNEL holding a spinlock.
In this case the spinlock can be dropped earlier.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Cc: Al Borchers <alborchers@steinerpoint.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
New changes in the signal-handling code require compensating changes
in g_file_storage. This patch (as913) by Oleg Nesterov makes the
code use allow_signal() instead of sigprocmask().
From: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fixes a bug which can cause corruption of the floating-point state
on return from a signal handler. If we have a signal handler that has
used the floating-point registers, and it happens to context-switch to
another task while copying the interrupted floating-point state from the
user stack into the thread struct (e.g. because of a page fault, or
because it gets preempted), the context switch code will think that the
FP registers contain valid FP state that needs to be copied into the
thread_struct, and will thus overwrite the values that the signal return
code has put into the thread_struct.
This can occur because we clear the MSR bits that indicate the presence
of valid FP state after copying the state into the thread_struct. To fix
this we just move the clearing of the MSR bits to before the copy. A
similar potential problem also occurs with the Altivec state, and this
fixes that in the same way.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Consider the prototype for gettimeofday():
int gettimofday(struct timeval *tv, struct timezone *tz);
Although it is valid to call with /either/ tv or tz being NULL, and
the C version of sys_gettimeofday() supports this, the current version
of gettimeofday() in the VDSO will SEGV if called with a NULL tv.
This adds a check for tv being NULL so that it doesn't SEGV.
Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Update the g5_defconfig with default settings.
This is to keep things up to date, and specifically to ensure that the
CONFIG_MACINTOSH_DRIVERS option is enabled. This also turns on
CONFIG_MSI.
Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com>
cc: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
wrmsrl() is broken, dropping the upper 32bits of the value to be
written. This broke the NMI watchdog on AMD hardware. (and it
probably broke other code too.)
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In the arch/arm/boot/compressed/head.S file, the contents of the
literal pool accumulated during the relocatable code must be dumped
before reloc_end.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Add silicon revision "any" and "none". Add proper -mcpu option according
to the cpu and silicon revision configuration.
Need update to use latest Blackfin cross compile toolchain.
Signed-off-by: Jie Zhang <jie.zhang@analog.com>
Signed-off-by: Mike Frysinger <michael.frysinger@analog.com>
Signed-off-by: Bryan Wu <bryan.wu@analog.com>
The return value of futex_find_get_task() needs to be -ESRCH in case
that the search fails. This was part of the original futex fixes and
got accidentally dropped, when the futex-tidy-up patch was split out.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Stable Team <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Make skb_seq_read unmap the last fragment
[NET]: Re-enable irqs before pushing pending DMA requests
[TCP] tcp_read_sock: Allow recv_actor() return return negative error value.
[PPP]: Fix osize too small errors when decoding mppe.
[PPP]: Revert 606f585e36
[TIPC]: Fix infinite loop in netlink handler
[SKBUFF]: Fix incorrect config #ifdef around skb_copy_secmark
[IPV4]: include sysctl.h from inetdevice.h
[IPV6] NDISC: Fix thinko to control Router Preference support.
[NETFILTER]: nfctnetlink: Don't allow to change helper
[NETFILTER]: nf_conntrack_sip: add missing message types containing RTP info
Register %ebx serves as the "global offset table base register" for
position-independent code. For absolute code, %ebx serves as a local
register and has no specified role in the function calling sequence. In
either case, a function must preserve the register value for the caller.
acpi_copy_wakeup_routine overrides %ebx without saving it, this may corrupt
the called data.
Kevin found that most time the value of Sx is saved in %esi, however
sometimes compiler also uses %ebx. When this happens, suspends fails since
sleep value in ebx is changed by acpi_copy_wakeup_routine.
The same funtion in X86_64 doesn't have this problem.
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Looks-okay-to: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Len Brown <lenb@kernel.org>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
One of error path in ext3_read_inode() leaks bh since brelse is forgoten.
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Acked-by: Vasily Averin <vvs@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>