1. 04 11月, 2011 1 次提交
    • R
      oprofile: Fix crash when unloading module (hr timer mode) · 87121ca5
      Robert Richter 提交于
      Oprofile may crash in a KVM guest while unlaoding modules. This
      happens if oprofile_arch_init() fails and oprofile switches to the hr
      timer mode as a fallback. In this case oprofile_arch_exit() is called,
      but it never was initialized properly which causes the crash. This
      patch fixes this.
      
      oprofile: using timer interrupt.
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
      IP: [<ffffffff8123c226>] unregister_syscore_ops+0x41/0x58
      PGD 41da3f067 PUD 41d80e067 PMD 0
      Oops: 0002 [#1] PREEMPT SMP
      CPU 5
      Modules linked in: oprofile(-)
      
      Pid: 2382, comm: modprobe Not tainted 3.1.0-rc7-00018-g709a39d #18 Advanced Micro Device Anaheim/Anaheim
      RIP: 0010:[<ffffffff8123c226>]  [<ffffffff8123c226>] unregister_syscore_ops+0x41/0x58
      RSP: 0018:ffff88041de1de98  EFLAGS: 00010296
      RAX: 0000000000000000 RBX: ffffffffa00060e0 RCX: dead000000200200
      RDX: 0000000000000000 RSI: dead000000100100 RDI: ffffffff8178c620
      RBP: ffff88041de1dea8 R08: 0000000000000001 R09: 0000000000000082
      R10: 0000000000000000 R11: ffff88041de1dde8 R12: 0000000000000080
      R13: fffffffffffffff5 R14: 0000000000000001 R15: 0000000000610210
      FS:  00007f9ae5bef700(0000) GS:ffff88042fd40000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      CR2: 0000000000000008 CR3: 000000041ca44000 CR4: 00000000000006e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process modprobe (pid: 2382, threadinfo ffff88041de1c000, task ffff88042db6d040)
      Stack:
       ffff88041de1deb8 ffffffffa0006770 ffff88041de1deb8 ffffffffa000251e
       ffff88041de1dec8 ffffffffa00022c2 ffff88041de1ded8 ffffffffa0004993
       ffff88041de1df78 ffffffff81073115 656c69666f72706f 0000000000610200
      Call Trace:
       [<ffffffffa000251e>] op_nmi_exit+0x15/0x17 [oprofile]
       [<ffffffffa00022c2>] oprofile_arch_exit+0xe/0x10 [oprofile]
       [<ffffffffa0004993>] oprofile_exit+0x13/0x15 [oprofile]
       [<ffffffff81073115>] sys_delete_module+0x1c3/0x22f
       [<ffffffff811bf09e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
       [<ffffffff8148070b>] system_call_fastpath+0x16/0x1b
      Code: 20 c6 78 81 e8 c5 cc 23 00 48 8b 13 48 8b 43 08 48 be 00 01 10 00 00 00 ad de 48 b9 00 02 20 00 00 00 ad de 48 c7 c7 20 c6 78 81
       89 42 08 48 89 10 48 89 33 48 89 4b 08 e8 a6 c0 23 00 5a 5b
      RIP  [<ffffffff8123c226>] unregister_syscore_ops+0x41/0x58
       RSP <ffff88041de1de98>
      CR2: 0000000000000008
      ---[ end trace 06d4e95b6aa3b437 ]---
      
      CC: stable@kernel.org # 2.6.37+
      Signed-off-by: NRobert Richter <robert.richter@amd.com>
      87121ca5
  2. 29 9月, 2011 1 次提交
  3. 28 9月, 2011 1 次提交
  4. 26 9月, 2011 2 次提交
  5. 22 9月, 2011 10 次提交
    • L
      Linux 3.1-rc7 · d93dc5c4
      Linus Torvalds 提交于
      d93dc5c4
    • L
      XZ: Fix incorrect XZ_BUF_ERROR · 9c1f8594
      Lasse Collin 提交于
      xz_dec_run() could incorrectly return XZ_BUF_ERROR if all of the
      following was true:
      
       - The caller knows how many bytes of output to expect and only provides
         that much output space.
      
       - When the last output bytes are decoded, the caller-provided input
         buffer ends right before the LZMA2 end of payload marker.  So LZMA2
         won't provide more output anymore, but it won't know it yet and thus
         won't return XZ_STREAM_END yet.
      
       - A BCJ filter is in use and it hasn't left any unfiltered bytes in the
         temp buffer.  This can happen with any BCJ filter, but in practice
         it's more likely with filters other than the x86 BCJ.
      
      This fixes <https://bugzilla.redhat.com/show_bug.cgi?id=735408> where
      Squashfs thinks that a valid file system is corrupt.
      
      This also fixes a similar bug in single-call mode where the uncompressed
      size of a block using BCJ + LZMA2 was 0 bytes and caller provided no
      output space.  Many empty .xz files don't contain any blocks and thus
      don't trigger this bug.
      
      This also tweaks a closely related detail: xz_dec_bcj_run() could call
      xz_dec_lzma2_run() to decode into temp buffer when it was known to be
      useless.  This was harmless although it wasted a minuscule number of CPU
      cycles.
      Signed-off-by: NLasse Collin <lasse.collin@tukaani.org>
      Cc: stable <stable@kernel.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      9c1f8594
    • L
      Merge git://github.com/davem330/net · e5b26a88
      Linus Torvalds 提交于
      * git://github.com/davem330/net: (27 commits)
        xfrm: Perform a replay check after return from async codepaths
        fib:fix BUG_ON in fib_nl_newrule when add new fib rule
        ixgbe: fix possible null buffer error
        tg3: fix VLAN tagging regression
        net: pxa168: Fix build errors by including interrupt.h
        netconsole: switch init_netconsole() to late_initcall
        gianfar: Fix overflow check and return value for gfar_get_cls_all()
        ppp_generic: fix multilink fragment MTU calculation (again)
        GRETH: avoid overwrite IP-stack's IP-frags checksum
        GRETH: RX/TX bytes were never increased
        ipv6: fix a possible double free
        b43: Fix beacon problem in ad-hoc mode
        Bluetooth: add support for 2011 mac mini
        Bluetooth: Add MacBookAir4,1 support
        Bluetooth: Fixed BT ST Channel reg order
        r8169: do not enable the TBI for anything but the original 8169.
        r8169: remove erroneous processing of always set bit.
        r8169: fix WOL setting for 8105 and 8111evl
        r8169: add MODULE_FIRMWARE for the firmware of 8111evl
        r8169: fix the reset setting for 8111evl
        ...
      e5b26a88
    • L
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · fed678dc
      Linus Torvalds 提交于
      * 'for-linus' of git://git.kernel.dk/linux-block:
        floppy: use del_timer_sync() in init cleanup
        blk-cgroup: be able to remove the record of unplugged device
        block: Don't check QUEUE_FLAG_SAME_COMP in __blk_complete_request
        mm: Add comment explaining task state setting in bdi_forker_thread()
        mm: Cleanup clearing of BDI_pending bit in bdi_forker_thread()
        block: simplify force plug flush code a little bit
        block: change force plug flush call order
        block: Fix queue_flag update when rq_affinity goes from 2 to 1
        block: separate priority boosting from REQ_META
        block: remove READ_META and WRITE_META
        xen-blkback: fixed indentation and comments
        xen-blkback: Don't disconnect backend until state switched to XenbusStateClosed.
      fed678dc
    • A
      init: carefully handle loglevel option on kernel cmdline. · 808bf29b
      Alexander Sverdlin 提交于
      When a malformed loglevel value (for example "${abc}") is passed on the
      kernel cmdline, the loglevel itself is being set to 0.
      
      That then suppresses all following messages, including all the errors
      and crashes caused by other malformed cmdline options.  This could make
      debugging process quite tricky.
      
      This patch leaves the previous value of loglevel if the new value is
      incorrect and reports an error code in this case.
      Signed-off-by: NAlexander Sverdlin <alexander.sverdlin@sysgo.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      808bf29b
    • D
      teach /proc/$pid/numa_maps about transparent hugepages · 32ef4384
      Dave Hansen 提交于
      This is modeled after the smaps code.
      
      It detects transparent hugepages and then does a single gather_stats()
      for the page as a whole.  This has two benifits:
       1. It is more efficient since it does many pages in a single shot.
       2. It does not have to break down the huge page.
      Signed-off-by: NDave Hansen <dave@linux.vnet.ibm.com>
      Acked-by: NHugh Dickins <hughd@google.com>
      Acked-by: NDavid Rientjes <rientjes@google.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      32ef4384
    • D
      break out numa_maps gather_pte_stats() checks · 3200a8aa
      Dave Hansen 提交于
      gather_pte_stats() does a number of checks on a target page
      to see whether it should even be considered for statistics.
      This breaks that code out in to a separate function so that
      we can use it in the transparent hugepage case in the next
      patch.
      Signed-off-by: NDave Hansen <dave@linux.vnet.ibm.com>
      Acked-by: NHugh Dickins <hughd@google.com>
      Reviewed-by: NChristoph Lameter <cl@gentwo.org>
      Acked-by: NDavid Rientjes <rientjes@google.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3200a8aa
    • D
      make /proc/$pid/numa_maps gather_stats() take variable page size · eb4866d0
      Dave Hansen 提交于
      We need to teach the numa_maps code about transparent huge pages.  The
      first step is to teach gather_stats() that the pte it is dealing with
      might represent more than one page.
      
      Note that will we use this in a moment for transparent huge pages since
      they have use a single pmd_t which _acts_ as a "surrogate" for a bunch
      of smaller pte_t's.
      
      I'm a _bit_ unhappy that this interface counts in hugetlbfs page sizes
      for hugetlbfs pages and PAGE_SIZE for normal pages.  That means that to
      figure out how many _bytes_ "dirty=1" means, you must first know the
      hugetlbfs page size.  That's easier said than done especially if you
      don't have visibility in to the mount.
      
      But, that's probably a discussion for another day especially since it
      would change behavior to fix it.  But, just in case anyone wonders why
      this patch only passes a '1' in the hugetlb case...
      Signed-off-by: NDave Hansen <dave@linux.vnet.ibm.com>
      Acked-by: NHugh Dickins <hughd@google.com>
      Acked-by: NDavid Rientjes <rientjes@google.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      eb4866d0
    • S
      xfrm: Perform a replay check after return from async codepaths · bcf66bf5
      Steffen Klassert 提交于
      When asyncronous crypto algorithms are used, there might be many
      packets that passed the xfrm replay check, but the replay advance
      function is not called yet for these packets. So the replay check
      function would accept a replay of all of these packets. Also the
      system might crash if there are more packets in async processing
      than the size of the anti replay window, because the replay advance
      function would try to update the replay window beyond the bounds.
      
      This pach adds a second replay check after resuming from the async
      processing to fix these issues.
      Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bcf66bf5
    • G
      fib:fix BUG_ON in fib_nl_newrule when add new fib rule · 561dac2d
      Gao feng 提交于
      add new fib rule can cause BUG_ON happen
      the reproduce shell is
      ip rule add pref 38
      ip rule add pref 38
      ip rule add to 192.168.3.0/24 goto 38
      ip rule del pref 38
      ip rule add to 192.168.3.0/24 goto 38
      ip rule add pref 38
      
      then the BUG_ON will happen
      del BUG_ON and use (ctarget == NULL) identify whether this rule is unresolved
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      561dac2d
  6. 21 9月, 2011 22 次提交
  7. 20 9月, 2011 3 次提交