- 11 7月, 2008 13 次提交
-
-
由 Dmitry Adamushko 提交于
Vegard Nossum reported a crash in kmem_cache_alloc(): BUG: unable to handle kernel paging request at da87d000 IP: [<c01991c7>] kmem_cache_alloc+0xc7/0xe0 *pde = 28180163 *pte = 1a87d160 Oops: 0002 [#1] PREEMPT SMP DEBUG_PAGEALLOC Pid: 3850, comm: grep Not tainted (2.6.26-rc9-00059-gb190333 #5) EIP: 0060:[<c01991c7>] EFLAGS: 00210203 CPU: 0 EIP is at kmem_cache_alloc+0xc7/0xe0 EAX: 00000000 EBX: da87c100 ECX: 1adad71a EDX: 6b6b6b6b ESI: 00200282 EDI: da87d000 EBP: f60bfe74 ESP: f60bfe54 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 and analyzed it: "The register %ecx looks innocent but is very important here. The disassembly: mov %edx,%ecx shr $0x2,%ecx rep stos %eax,%es:(%edi) <-- the fault So %ecx has been loaded from %edx... which is 0x6b6b6b6b/POISON_FREE. (0x6b6b6b6b >> 2 == 0x1adadada.) %ecx is the counter for the memset, from here: memset(object, 0, c->objsize); i.e. %ecx was loaded from c->objsize, so "c" must have been freed. Where did "c" come from? Uh-oh... c = get_cpu_slab(s, smp_processor_id()); This looks like it has very much to do with CPU hotplug/unplug. Is there a race between SLUB/hotplug since the CPU slab is used after it has been freed?" Good analysis. Yeah, it's possible that a caller of kmem_cache_alloc() -> slab_alloc() can be migrated on another CPU right after local_irq_restore() and before memset(). The inital cpu can become offline in the mean time (or a migration is a consequence of the CPU going offline) so its 'kmem_cache_cpu' structure gets freed ( slab_cpuup_callback). At some point of time the caller continues on another CPU having an obsolete pointer... Signed-off-by: NDmitry Adamushko <dmitry.adamushko@gmail.com> Reported-by: NVegard Nossum <vegard.nossum@gmail.com> Acked-by: NIngo Molnar <mingo@elte.hu> Cc: stable@kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Hugh Dickins 提交于
Kernel Bugzilla #11063 points out that on some architectures (e.g. x86_32) exec'ing an ELF without a PT_GNU_STACK program header should default to an executable stack; but this got broken by the unlimited argv feature because stack vma is now created before the right personality has been established: so breaking old binaries using nested function trampolines. Therefore re-evaluate VM_STACK_FLAGS in setup_arg_pages, where stack vm_flags used to be set, before the mprotect_fixup. Checking through our existing VM_flags, none would have changed since insert_vm_struct: so this seems safer than finding a way through the personality labyrinth. Reported-by: pageexec@freemail.hu Signed-off-by: NHugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2由 Linus Torvalds 提交于
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2: ocfs2: Fix flags in ocfs2_file_lock
-
由 Linus Torvalds 提交于
Merge branch 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: sched: fix cpu hotplug, cleanup sched: fix cpu hotplug
-
由 Linus Torvalds 提交于
Clean up __migrate_task(): to just have separate "done" and "fail" cases, instead of that "out" case with random error behavior. Signed-off-by: NIngo Molnar <mingo@elte.hu>
-
由 Linus Torvalds 提交于
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86: fix /dev/mem compatibility under PAT
-
由 Nick Piggin 提交于
PREEMPT_RCU without HOTPLUG_CPU is broken. The rcu_online_cpu is called to initially populate rcu_cpu_online_map with all online CPUs when the hotplug event handler is installed, and also to populate the map with CPUs as they come online. The former case is meant to happen with and without HOTPLUG_CPU, but without HOTPLUG_CPU, the rcu_offline_cpu function is no-oped -- while it still gets called, it does not set the rcu CPU map. With a blank RCU CPU map, grace periods get to tick by completely oblivious to active RCU read side critical sections. This results in free-before-grace bugs. Fix is obvious once the problem is known. (Also, change __devinit to __cpuinit so the function gets thrown away on !HOTPLUG_CPU kernels). Signed-off-by: NNick Piggin <npiggin@suse.de> Reported-and-tested-by: NAlexey Dobriyan <adobriyan@gmail.com> Acked-by: NIngo Molnar <mingo@elte.hu> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> [ Nick is my personal hero of the day - Linus ] Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Steven Rostedt 提交于
This is the long awaited ftrace.txt. It explains in quite detail how to use ftrace and the various tracers. Signed-off-by: NSteven Rostedt <srostedt@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Daniel Guilak 提交于
Signed-off-by: NDaniel Guilak <daniel@danielguilak.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Daniel Guilak 提交于
Signed-off-by: NDaniel Guilak <daniel@danielguilak.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: chainiv - Invoke completion function
-
git://neil.brown.name/md由 Linus Torvalds 提交于
* 'for-2.6.26' of git://neil.brown.name/md: md: ensure all blocks are uptodate or locked when syncing
-
由 Mark Fasheh 提交于
The stack-glue merge changed the way we use flags in dlmglue in that we now use the fs/dlm equivalents. Unfortunately, a merge error left the new flock code only partially updated. This took a while to show up though, because the lock level constants are actually identical between o2dlm and fs/dlm. The *_CONVERT and *_NOQUEUE flags have different values though, which is eventually causing a crash in flags_to_o2dlm(). Signed-off-by: NMark Fasheh <mfasheh@suse.com>
-
- 10 7月, 2008 5 次提交
-
-
由 Herbert Xu 提交于
When chainiv postpones requests it never calls their completion functions. This causes symptoms such as memory leaks when IPsec is in use. Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-
由 Venkatesh Pallipadi 提交于
Add ioremap_default(), which gives a sane mapping without worrying about type conflicts. Use it in /dev/mem read in place of ioremap(), as with ioremap(), any mapping of the region (other than UC_MINUS) will cause a conflict and failure of /dev/mem read. Should address the vbetest failure reported at: http://bugzilla.kernel.org/show_bug.cgi?id=11057Signed-off-by: NVenkatesh Pallipadi <venkatesh.pallipadi@intel.com> Signed-off-by: NIngo Molnar <mingo@elte.hu>
-
由 Dmitry Adamushko 提交于
I think we may have a race between try_to_wake_up() and migrate_live_tasks() -> move_task_off_dead_cpu() when the later one may end up looping endlessly. Interrupts are enabled on other CPUs when migration_call(CPU_DEAD, ...) is called so we may get a race between try_to_wake_up() and migrate_live_tasks() -> move_task_off_dead_cpu(). The former one may push a task out of a dead CPU causing the later one to loop endlessly. Heiko Carstens observed: | That's exactly what explains a dump I got yesterday. Thanks for fixing! :) Signed-off-by: NDmitry Adamushko <dmitry.adamushko@gmail.com> Cc: miaox@cn.fujitsu.com Cc: Lai Jiangshan <laijs@cn.fujitsu.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Avi Kivity <avi@qumranet.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: NIngo Molnar <mingo@elte.hu>
-
由 Dan Williams 提交于
Remove the dubious attempt to prefer 'compute' over 'read'. Not only is it wrong given commit c337869d (md: do not compute parity unless it is on a failed drive), but it can trigger a BUG_ON in handle_parity_checks5(). Cc: <stable@kernel.org> Signed-off-by: NDan Williams <dan.j.williams@intel.com> Signed-off-by: NNeil Brown <neilb@suse.de>
-
git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: RDMA/cxgb3: Fix regression caused by class_device -> device conversion
-
- 09 7月, 2008 20 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2由 Linus Torvalds 提交于
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2: [PATCH] ocfs2/dlm: Fixes oops in dlm_new_lockres()
-
由 Vitaly Bordug 提交于
There is dma_mask in of_device upon of_platform_device_create() but we don't actually set coherent_dma_mask. This may cause weird behavior of USB subsystem using of_device USB host drivers. Signed-off-by: NVitaly Bordug <vitb@kernel.crashing.org> Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: tcrypt - Fix memory leak in test_cipher
-
由 Daniel Guilak 提交于
Signed-off-by: NDaniel Guilak <daniel@danielguilak.com> Acked-by: NJosh Triplett <josh@kernel.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Steve Wise 提交于
The change to iwch_provider.c in commit f4e91eb4 ("IB: convert struct class_device to struct device") undid the fix done in commit 7f049f2f ("RDMA/cxgb3: Hold rtnl_lock() around ethtool get_drvinfo call"). It removed the calls to rtnl_lock() that serialized the iw_cxgb3 ethtool ops calls into the cxgb3 driver. This locking is needed to avoid messing up the internal state of the cxgb3 driver. Signed-off-by: NSteve Wise <swise@opengridcomputing.com> Signed-off-by: NRoland Dreier <rolandd@cisco.com>
-
由 Takashi Iwai 提交于
On 2.6.26-rc9, the commit 05946bce ("fsl_diu_fb: fix build with CONFIG_PM=y, plus fix some warnings") breaks its previous fix f969c567 ("fsl-diu-db: compile fix") This patch reverts the broken part. Signed-off-by: NTakashi Iwai <tiwai@suse.de> Acked-by: NAnton Vorontsov <avorontsov@ru.mvista.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.linux-nfs.org/projects/trondmy/nfs-2.6由 Linus Torvalds 提交于
* 'hotfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6: SUNRPC: Fix an rpcbind breakage for the case of IPv6 lookups SUNRPC: Fix a double-free in rpcbind NFS: Fix readdir cache invalidation
-
git://ftp.linux-mips.org/pub/scm/upstream-linus由 Linus Torvalds 提交于
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] Fix 32bit kernels on R4k with 128 byte cache line size [MIPS] Atlas, decstation: Fix section mismatches triggered by defconfigs
-
由 Jeff Mahoney 提交于
With the removal of struct file from the xattr code, reiserfs_file_release() isn't used anymore, so the prealloc isn't discarded. This causes hangs later down the line. This patch adds it to reiserfs_delete_inode. In most cases it will be a no-op due to it already having been called, but will avoid hangs with xattrs. Signed-off-by: NJeff Mahoney <jeffm@suse.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Trond Myklebust 提交于
Now that rpcb_next_version has been split into an IPv4 version and an IPv6 version, we Oops when rpcb_call_async attempts to look up the IPv6-specific RPC procedure in rpcb_next_version. Fix the Oops simply by having rpcb_getport_async pass the correct RPC procedure as an argument. Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Trond Myklebust 提交于
It is wrong to be freeing up the rpcbind arguments if the call to rpcb_call_async() fails, since they should already have been freed up by rpcb_map_release(). Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Trond Myklebust 提交于
invalidate_inode_pages2_range() takes page offset arguments, not byte ranges. Another thought is that individual pages might perhaps get evicted by VM pressure, in which case we might perhaps want to re-read not only the evicted page, but all subsequent pages too (in case the server returns more/less data per page so that the alignment of the next entry changes). We should therefore remove the condition that we only do this on page->index==0. Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
-
由 Thomas Bogendoerfer 提交于
The generated copy_page for R4k CPU with a 128 byte cache line size used Create Dirty Exclusive cache line operations even if only part of the cache line was filled. This change avoids generating cache operations, if only part of the cache line size is copied in one loop. It also increases the maxmimum loop size, because the generated code even fits into the available space for r4k CPUs with 128 byte cache line size. Signed-off-by: NThomas Bogendoerfer <tsbogend@alpha.franken.de> Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Shane McDonald 提交于
Resolve these mismatches by defining affected functions with the __cpuinit attribute, rather than __init. Signed-off-by: NShane McDonald <mcdonald.shane@gmail.com> Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6: it8213: fix return value in it8213_init_one() palm_bk3710: fix IDECLK period calculation ide: add __ide_default_irq() inline helper
-
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
由 Sergei Shtylyov 提交于
The driver uses completely bogus rounding formula for calculating period from the IDECLK frequency which gives one-off period values (e.g. 11 ns with 100 MHz IDECLK) which in turn can lead to overclocked IDE transfer timings. Actually, rounding is just wrong in this case, so use a mere division for a safe result. While at it, also: - give 'ide_palm_clk' variable a more suitable name; - get rid of the useless 'ideclkp' variable; - drop the LISP stype 'p' postfix from the 'clkp' variable's name. :-) Signed-off-by: NSergei Shtylyov <sshtylyov@ru.mvista.com> Cc: mcherkashin@ru.mvista.com Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
Add __ide_default_irq() inline helper and use it instead of ide_default_irq() in ide-probe.c and ns87415.c (all host drivers except IDE PCI ones always setup hwif->irq so it is enough to check only for I/O bases 0x1f0 and 0x170). This fixes post-2.6.25 regression since ide_default_irq() define could shadow ide_default_irq() inline. Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
git://git390.osdl.marist.edu/pub/scm/linux-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: [S390] protect _PAGE_SPECIAL bit against mprotect
-
由 David Gibson 提交于
As Andy Whitcroft recently pointed out, the current powerpc version of huge_ptep_set_wrprotect() has a bug. It just calls ptep_set_wrprotect() which in turn calls pte_update() then hpte_need_flush() with the 'huge' argument set to 0. This will cause hpte_need_flush() to flush the wrong hash entries (of any). Andy's fix for this is already in the powerpc tree as commit 016b33c4. I have confirmed this is a real bug, not masked by some other synchronization, with a new testcase for libhugetlbfs. A process write a (MAP_PRIVATE) hugepage mapping, fork(), then alter the mapping and have the child incorrectly see the second write. Therefore, this should be fixed for 2.6.26, and for the stable tree. Here is a suitable patch for 2.6.26, which I think will also be suitable for the stable tree (neither of the headers in question has been changed much recently). It is cut down slighlty from Andy's original version, in that it does not include a 32-bit version of huge_ptep_set_wrprotect(). Currently, hugepages are not supported on any 32-bit powerpc platform. When they are, a suitable 32-bit version can be added - the only 32-bit hardware which supports hugepages does not use the conventional hashtable MMU and so will have different needs anyway. Signed-off-by: NAndy Whitcroft <apw@shadowen.org> Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 08 7月, 2008 2 次提交
-
-
由 Nick Piggin 提交于
Stop mprotect's pte_modify from wiping out the s390 pte_special bit, which caused oops thereafter when vm_normal_page thought X's abnormal was normal. Debugged-by: NRyan Hope <rmh3093@gmail.com> Debugged-by: NZan Lynx <zlynx@acm.org> Acked-by: NHugh Dickins <hugh@veritas.com> Signed-off-by: NNick Piggin <npiggin@suse.de> Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
-
由 Darren Jenkins 提交于
Coverity CID: 2306 & 2307 RESOURCE_LEAK In the second for loop in test_cipher(), data is allocated space with kzalloc() and is only ever freed in an error case. Looking at this loop, data is written to this memory but nothing seems to read from it. So here is a patch removing the allocation, I think this is the right fix. Only compile tested. Signed-off-by: NDarren Jenkins <darrenrjenkins@gmailcom> Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
-