1. 27 12月, 2011 13 次提交
    • H
      [S390] topology: get rid of ifdefs · 83a24e32
      Heiko Carstens 提交于
      Remove all ifdefs from topology code and also only compile it for the
      CONFIG_SCHED_BOOK case. The new code selects SCHED_MC if SCHED_BOOK is
      selected. SCHED_MC without SCHED_BOOK is not possible anymore.
      Furthermore various sysfs attributes are not available anymore for the
      !SCHED_BOOK case. In particular all attributes that correspond to
      CPU polarization.
      But since all real world kernels have SCHED_BOOK selected anyway this
      doesn't matter too much.
      Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      83a24e32
    • M
      [S390] kernel: Fix smp_switch_to_ipl_cpu() stack frame setup · 3931723f
      Michael Holzheu 提交于
      Currently, when smp_switch_to_ipl_cpu() is done, the backchain in the dump
      analysis tool crash looks like the following:
      
       #0 [1f746e70] __machine_kexec at 11dd92
       #1 [1f746eb8] smp_restart_cpu at 11820e
       #0 [00907eb0] cpu_idle at 10602e
       #1 [00907ef8] start_kernel at 979a08
      
      It would be good to see the registers of the interrupted function.
      To achieve this, the backchain on the new stack has to be set to zero.
      This looks then like the following:
      
       #0 [1f746e70] __machine_kexec at 11dd8e
       #1 [1f746eb8] smp_restart_cpu at 11820a
       PSW:  0706000180000000 00000000005c6fe6 (vtime_stop_cpu+134)
       GPRS: 0000000000000000 00000000005c6fe6 0000000001ad0228 0000000001ad0248
             0000000000907f08 0000000001ad0b40 0000000000979344 0000000000000000
             00000000009c0000 00000000009c0010 00000000009ab024 0000000001ad0200
             0000000001ad0238 00000000005cc9d8 000000000010602e 0000000000907e68
       #0 [00907eb0] cpu_idle at 10602e
       #1 [00907ef8] start_kernel at 979a08
      
      In addition to this, now also the correct PSW is stored in the pt_regs
      structure that is located at the start of the panic stack.
      Signed-off-by: NMichael Holzheu <holzheu@linux.vnet.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      3931723f
    • M
      [S390] add support for physical memory > 4TB · 14045ebf
      Martin Schwidefsky 提交于
      The kernel address space of a 64 bit kernel currently uses a three level
      page table and the vmemmap array has a fixed address and a fixed maximum
      size. A three level page table is good enough for systems with less than
      3.8TB of memory, for bigger systems four page table levels need to be
      used. Each page table level costs a bit of performance, use 3 levels for
      normal systems and 4 levels only for the really big systems.
      To avoid bloating sparse.o too much set MAX_PHYSMEM_BITS to 46 for a
      maximum of 64TB of memory.
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      14045ebf
    • M
    • M
      [S390] Rework create_mem_hole() function · 44e5ddc4
      Michael Holzheu 提交于
      This patch makes the create_mem_hole() function more readable and
      fixes some minor bugs (e.g. off-by-one problems).
      Signed-off-by: NMichael Holzheu <holzheu@linux.vnet.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      44e5ddc4
    • C
      [S390] kvm: fix sleeping function ... at mm/page_alloc.c:2260 · c86cce2a
      Christian Borntraeger 提交于
      commit cc772456
          [S390] fix list corruption in gmap reverse mapping
      
      added a potential dead lock:
      
      BUG: sleeping function called from invalid context at mm/page_alloc.c:2260
      in_atomic(): 1, irqs_disabled(): 0, pid: 1108, name: qemu-system-s39
      3 locks held by qemu-system-s39/1108:
       #0:  (&kvm->slots_lock){+.+.+.}, at: [<000003e004866542>] kvm_set_memory_region+0x3a/0x6c [kvm]
       #1:  (&mm->mmap_sem){++++++}, at: [<0000000000123790>] gmap_map_segment+0x9c/0x298
       #2:  (&(&mm->page_table_lock)->rlock){+.+.+.}, at: [<00000000001237a8>] gmap_map_segment+0xb4/0x298
      CPU: 0 Not tainted 3.1.3 #45
      Process qemu-system-s39 (pid: 1108, task: 00000004f8b3cb30, ksp: 00000004fd5978d0)
      00000004fd5979a0 00000004fd597920 0000000000000002 0000000000000000
             00000004fd5979c0 00000004fd597938 00000004fd597938 0000000000617e96
             0000000000000000 00000004f8b3cf58 0000000000000000 0000000000000000
             000000000000000d 000000000000000c 00000004fd597988 0000000000000000
             0000000000000000 0000000000100a18 00000004fd597920 00000004fd597960
      Call Trace:
      ([<0000000000100926>] show_trace+0xee/0x144)
       [<0000000000131f3a>] __might_sleep+0x12a/0x158
       [<0000000000217fb4>] __alloc_pages_nodemask+0x224/0xadc
       [<0000000000123086>] gmap_alloc_table+0x46/0x114
       [<000000000012395c>] gmap_map_segment+0x268/0x298
       [<000003e00486b014>] kvm_arch_commit_memory_region+0x44/0x6c [kvm]
       [<000003e004866414>] __kvm_set_memory_region+0x3b0/0x4a4 [kvm]
       [<000003e004866554>] kvm_set_memory_region+0x4c/0x6c [kvm]
       [<000003e004867c7a>] kvm_vm_ioctl+0x14a/0x314 [kvm]
       [<0000000000292100>] do_vfs_ioctl+0x94/0x588
       [<0000000000292688>] SyS_ioctl+0x94/0xac
       [<000000000061e124>] sysc_noemu+0x22/0x28
       [<000003fffcd5e7ca>] 0x3fffcd5e7ca
      3 locks held by qemu-system-s39/1108:
       #0:  (&kvm->slots_lock){+.+.+.}, at: [<000003e004866542>] kvm_set_memory_region+0x3a/0x6c [kvm]
       #1:  (&mm->mmap_sem){++++++}, at: [<0000000000123790>] gmap_map_segment+0x9c/0x298
       #2:  (&(&mm->page_table_lock)->rlock){+.+.+.}, at: [<00000000001237a8>] gmap_map_segment+0xb4/0x298
      
      Fix this by freeing the lock on the alloc path. This is ok, since the
      gmap table is never freed until we call gmap_free, so the table we are
      walking cannot go.
      Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      c86cce2a
    • M
      [S390] Check for NULL termination in command line setup · 1fb81057
      Michael Holzheu 提交于
      The current code in setup_boot_command_line() uses a heuristic to
      detect an EBCDIC command line. It checks if any of the bytes in
      the command line has bit one (0x80) set. In that case it is assumed
      that we have an EBCDIC string and the complete command line is
      converted.
      
      On s390 there are cases where the boot loader provides a kernel
      command line that is NULL terminated, but has random data after
      the NULL termination. In that case, setup_boot_command_line()
      might misinterpret an ASCII string for an EBCDIC string. A
      subsequent string conversion can then damage the ASCII string.
      
      This patch solves the problem by checking for NULL termination.
      If no EBCDIC character has been found until the the NULL
      termination has been found, we now assume that we have an ASCII
      string.
      Signed-off-by: NMichael Holzheu <holzheu@linux.vnet.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      1fb81057
    • H
      [S390] irq: fix accounting of external call/emergency signal · 272f01bf
      Heiko Carstens 提交于
      Mask the extint_code parameter of the smp external interrupt handler
      to get the interruption code. Otherwise emergency call interrupts
      erroneously might be accounted as emergency signal interrupts.
      Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      272f01bf
    • K
      drm/i915: Disable RC6 on Sandybridge by default · 371de6e4
      Keith Packard 提交于
      RC6 fails again.
      
      > I found my system freeze mostly during starting up X and KDE. Sometimes it
      > works for some minutes, sometimes it freezes immediatly. When the freeze
      > happens, everything is dead (even the reset button does not work, I need to
      > power cycle).
      
      > I disabled RC6, and my system runs wonderfully.
      
      > The system is a Z68 Pro board with Sandybridge i5-2500K processor, 8
      > GB of RAM and UEFI firmware.
      Reported-by: NKai Krakow <hurikhan77@gmail.com>
      Signed-off-by: NKeith Packard <keithp@keithp.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      371de6e4
    • K
      drm/i915: Disable semaphores by default on SNB · ebbd857e
      Keith Packard 提交于
      Semaphores still cause problems on some machines:
      
      > From Udo Steinberg:
      >
      > With Linux-3.2-rc6 I'm frequently seeing GPU hangs when large amounts of
      > text scroll in an xterm, such as when extracting a tar archive. Such as this
      > one (note the timestamps):
      >
      >  I can reproduce it fairly easily with something
      >  as simple as:
      >
      >	  while true; do dmesg; done
      
      This patch turns them off on SNB while leaving them on for IVB.
      Reported-by: NUdo Steinberg <udo@hypervisor.org>
      Cc: Daniel Vetter <daniel@ffwll.ch>
      Cc: Eugeni Dodonov <eugeni@dodonov.net>
      Signed-off-by: NKeith Packard <keithp@keithp.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      ebbd857e
    • L
      Merge branch 'kvm-updates/3.2' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 7f54492f
      Linus Torvalds 提交于
      * 'kvm-updates/3.2' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: PPC: e500: include linux/export.h
        KVM: PPC: fix kvmppc_start_thread() for CONFIG_SMP=N
        KVM: PPC: protect use of kvmppc_h_pr
        KVM: PPC: move compute_tlbie_rb to book3s_64 common header
        KVM: Don't automatically expose the TSC deadline timer in cpuid
        KVM: Device assignment permission checks
        KVM: Remove ability to assign a device without iommu support
        KVM: x86: Prevent starting PIT timers in the absence of irqchip support
      7f54492f
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 · 6fd8fb7f
      Linus Torvalds 提交于
      post 3.2-rc7 pull request
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
        MAINTAINERS: firewire git URL update
      6fd8fb7f
    • L
      vfs: fix handling of lock allocation failure in lease-break case · 6d4b9e38
      Linus Torvalds 提交于
      Bruce Fields notes that commit 778fc546 ("locks: fix tracking of
      inprogress lease breaks") introduced a possible error pointer
      dereference on failure to allocate memory.  locks_conflict() will
      dereference the passed-in new lease lock structure that may be an error pointer.
      
      This means an open (without O_NONBLOCK set) on a file with a lease
      applied (generally only done when Samba or nfsd (with v4) is running)
      could crash if a kmalloc() fails.
      
      So instead of playing games with IS_ERROR() all over the place, just
      check the allocation failure early.  That makes the code more
      straightforward, and avoids this possible bad pointer dereference.
      Based-on-patch-by: NJ. Bruce Fields <bfields@redhat.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6d4b9e38
  2. 26 12月, 2011 6 次提交
  3. 25 12月, 2011 4 次提交
  4. 24 12月, 2011 9 次提交
  5. 23 12月, 2011 8 次提交
    • F
      netfilter: xt_connbytes: handle negation correctly · 0354b48f
      Florian Westphal 提交于
      "! --connbytes 23:42" should match if the packet/byte count is not in range.
      
      As there is no explict "invert match" toggle in the match structure,
      userspace swaps the from and to arguments
      (i.e., as if "--connbytes 42:23" were given).
      
      However, "what <= 23 && what >= 42" will always be false.
      
      Change things so we use "||" in case "from" is larger than "to".
      
      This change may look like it breaks backwards compatibility when "to" is 0.
      However, older iptables binaries will refuse "connbytes 42:0",
      and current releases treat it to mean "! --connbytes 0:42",
      so we should be fine.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      0354b48f
    • A
      Btrfs: call d_instantiate after all ops are setup · 08c422c2
      Al Viro 提交于
      This closes races where btrfs is calling d_instantiate too soon during
      inode creation.  All of the callers of btrfs_add_nondir are updated to
      instantiate after the inode is fully setup in memory.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NChris Mason <chris.mason@oracle.com>
      08c422c2
    • C
      Btrfs: fix worker lock misuse in find_worker · 8d532b2a
      Chris Mason 提交于
      Dan Carpenter noticed that we were doing a double unlock on the worker
      lock, and sometimes picking a worker thread without the lock held.
      
      This fixes both errors.
      Signed-off-by: NChris Mason <chris.mason@oracle.com>
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      8d532b2a
    • E
      net: relax rcvbuf limits · 0fd7bac6
      Eric Dumazet 提交于
      skb->truesize might be big even for a small packet.
      
      Its even bigger after commit 87fb4b7b (net: more accurate skb
      truesize) and big MTU.
      
      We should allow queueing at least one packet per receiver, even with a
      low RCVBUF setting.
      Reported-by: NMichal Simek <monstr@monstr.eu>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0fd7bac6
    • X
      rps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt() · a0a129f8
      Xi Wang 提交于
      Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
      cause a kernel oops due to insufficient bounds checking.
      
      	if (count > 1<<30) {
      		/* Enforce a limit to prevent overflow */
      		return -EINVAL;
      	}
      	count = roundup_pow_of_two(count);
      	table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count));
      
      Note that the macro RPS_DEV_FLOW_TABLE_SIZE(count) is defined as:
      
      	... + (count * sizeof(struct rps_dev_flow))
      
      where sizeof(struct rps_dev_flow) is 8.  (1 << 30) * 8 will overflow
      32 bits.
      
      This patch replaces the magic number (1 << 30) with a symbolic bound.
      Suggested-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NXi Wang <xi.wang@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a0a129f8
    • E
      net: introduce DST_NOPEER dst flag · e688a604
      Eric Dumazet 提交于
      Chris Boot reported crashes occurring in ipv6_select_ident().
      
      [  461.457562] RIP: 0010:[<ffffffff812dde61>]  [<ffffffff812dde61>]
      ipv6_select_ident+0x31/0xa7
      
      [  461.578229] Call Trace:
      [  461.580742] <IRQ>
      [  461.582870]  [<ffffffff812efa7f>] ? udp6_ufo_fragment+0x124/0x1a2
      [  461.589054]  [<ffffffff812dbfe0>] ? ipv6_gso_segment+0xc0/0x155
      [  461.595140]  [<ffffffff812700c6>] ? skb_gso_segment+0x208/0x28b
      [  461.601198]  [<ffffffffa03f236b>] ? ipv6_confirm+0x146/0x15e
      [nf_conntrack_ipv6]
      [  461.608786]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.614227]  [<ffffffff81271d64>] ? dev_hard_start_xmit+0x357/0x543
      [  461.620659]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.626440]  [<ffffffffa0379745>] ? br_parse_ip_options+0x19a/0x19a
      [bridge]
      [  461.633581]  [<ffffffff812722ff>] ? dev_queue_xmit+0x3af/0x459
      [  461.639577]  [<ffffffffa03747d2>] ? br_dev_queue_push_xmit+0x72/0x76
      [bridge]
      [  461.646887]  [<ffffffffa03791e3>] ? br_nf_post_routing+0x17d/0x18f
      [bridge]
      [  461.653997]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.659473]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.665485]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.671234]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.677299]  [<ffffffffa0379215>] ?
      nf_bridge_update_protocol+0x20/0x20 [bridge]
      [  461.684891]  [<ffffffffa03bb0e5>] ? nf_ct_zone+0xa/0x17 [nf_conntrack]
      [  461.691520]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.697572]  [<ffffffffa0374812>] ? NF_HOOK.constprop.8+0x3c/0x56
      [bridge]
      [  461.704616]  [<ffffffffa0379031>] ?
      nf_bridge_push_encap_header+0x1c/0x26 [bridge]
      [  461.712329]  [<ffffffffa037929f>] ? br_nf_forward_finish+0x8a/0x95
      [bridge]
      [  461.719490]  [<ffffffffa037900a>] ?
      nf_bridge_pull_encap_header+0x1c/0x27 [bridge]
      [  461.727223]  [<ffffffffa0379974>] ? br_nf_forward_ip+0x1c0/0x1d4 [bridge]
      [  461.734292]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.739758]  [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge]
      [  461.746203]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.751950]  [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge]
      [  461.758378]  [<ffffffffa037533a>] ? NF_HOOK.constprop.4+0x56/0x56
      [bridge]
      
      This is caused by bridge netfilter special dst_entry (fake_rtable), a
      special shared entry, where attaching an inetpeer makes no sense.
      
      Problem is present since commit 87c48fa3 (ipv6: make fragment
      identifications less predictable)
      
      Introduce DST_NOPEER dst flag and make sure ipv6_select_ident() and
      __ip_select_ident() fallback to the 'no peer attached' handling.
      Reported-by: NChris Boot <bootc@bootc.net>
      Tested-by: NChris Boot <bootc@bootc.net>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e688a604
    • T
      mqprio: Avoid panic if no options are provided · 7838f2ce
      Thomas Graf 提交于
      Userspace may not provide TCA_OPTIONS, in fact tc currently does
      so not do so if no arguments are specified on the command line.
      Return EINVAL instead of panicing.
      Signed-off-by: NThomas Graf <tgraf@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7838f2ce
    • E
      bridge: provide a mtu() method for fake_dst_ops · a13861a2
      Eric Dumazet 提交于
      Commit 618f9bc7 (net: Move mtu handling down to the protocol
      depended handlers) forgot the bridge netfilter case, adding a NULL
      dereference in ip_fragment().
      Reported-by: NChris Boot <bootc@bootc.net>
      CC: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a13861a2