1. 03 5月, 2016 1 次提交
  2. 02 5月, 2016 2 次提交
  3. 30 4月, 2016 2 次提交
    • V
      gpiolib-acpi: Duplicate con_id string when adding it to the crs lookup list · 7df89e92
      Ville Syrjälä 提交于
      Calling gpiod_get() from a module and then unloading the module leads to an
      oops due to acpi_can_fallback_to_crs() storing the pointer to the passed
      'con_id' string onto acpi_crs_lookup_list. The next guy to come along will then
      try to access the string but the memory may now be gone with the module.
      Make a copy of the passed string instead, and store the copy on the list.
      
      BUG: unable to handle kernel paging request at ffffffffa03e7855
      IP: [<ffffffff81338322>] strcmp+0x12/0x30
      PGD 2a07067 PUD 2a08063 PMD 74720067 PTE 0
      Oops: 0000 [#1] PREEMPT SMP
      Modules linked in: i915(+) drm_kms_helper drm intel_gtt snd_hda_codec snd_hda_core i2c_algo_bit syscopya
      rea sysfillrect sysimgblt fb_sys_fops agpgart snd_soc_sst_bytcr_rt5640 coretemp hwmon intel_rapl intel_soc_dts_thermal
      punit_atom_debug snd_soc_rt5640 snd_soc_rl6231 serio snd_intel_sst_acpi snd_intel_sst_core video snd_soc_sst_mfld_platf
      orm snd_soc_sst_match backlight int3402_thermal processor_thermal_device int3403_thermal int3400_thermal acpi_thermal_r
      el snd_soc_core intel_soc_dts_iosf int340x_thermal_zone snd_compress i2c_hid hid snd_pcm snd_timer snd soundcore evdev
      sch_fq_codel efivarfs ipv6 autofs4 [last unloaded: drm]
      CPU: 2 PID: 3064 Comm: modprobe Tainted: G     U  W       4.6.0-rc3-ffrd-ipvr+ #302
      Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLAKFF81.X64.0088.R10.1403240443 FFD8
      _X64_R_2014_13_1_00 03/24/2014
      task: ffff8800701cd200 ti: ffff880070034000 task.ti: ffff880070034000
      RIP: 0010:[<ffffffff81338322>]  [<ffffffff81338322>] strcmp+0x12/0x30
      RSP: 0000:ffff880070037748  EFLAGS: 00010286
      RAX: 0000000080000000 RBX: ffff88007a342800 RCX: 0000000000000006
      RDX: 0000000000000006 RSI: ffffffffa054f856 RDI: ffffffffa03e7856
      RBP: ffff880070037748 R08: 0000000000000000 R09: 0000000000000001
      R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa054f855
      R13: ffff88007281cae0 R14: 0000000000000010 R15: ffffffffffffffea
      FS:  00007faa51447700(0000) GS:ffff880079300000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: ffffffffa03e7855 CR3: 0000000041eba000 CR4: 00000000001006e0
      Stack:
       ffff880070037770 ffffffff8136ad28 ffffffffa054f855 0000000000000000
       ffff88007a0a2098 ffff8800700377e8 ffffffff8136852e ffff88007a342800
       00000007700377a0 ffff8800700377a0 ffffffff81412442 70672d6c656e6170
      Call Trace:
       [<ffffffff8136ad28>] acpi_can_fallback_to_crs+0x88/0x100
       [<ffffffff8136852e>] gpiod_get_index+0x25e/0x310
       [<ffffffff81412442>] ? mipi_dsi_attach+0x22/0x30
       [<ffffffff813685f2>] gpiod_get+0x12/0x20
       [<ffffffffa04fcf41>] intel_dsi_init+0x421/0x480 [i915]
       [<ffffffffa04d3783>] intel_modeset_init+0x853/0x16b0 [i915]
       [<ffffffffa0504864>] ? intel_setup_gmbus+0x214/0x260 [i915]
       [<ffffffffa0510158>] i915_driver_load+0xdc8/0x19b0 [i915]
       [<ffffffff8160fb53>] ? _raw_spin_unlock_irqrestore+0x43/0x70
       [<ffffffffa026b13b>] drm_dev_register+0xab/0xc0 [drm]
       [<ffffffffa026d7b3>] drm_get_pci_dev+0x93/0x1f0 [drm]
       [<ffffffff8160fb53>] ? _raw_spin_unlock_irqrestore+0x43/0x70
       [<ffffffffa043f1f4>] i915_pci_probe+0x34/0x50 [i915]
       [<ffffffff81379751>] pci_device_probe+0x91/0x100
       [<ffffffff8141a75a>] driver_probe_device+0x20a/0x2d0
       [<ffffffff8141a8be>] __driver_attach+0x9e/0xb0
       [<ffffffff8141a820>] ? driver_probe_device+0x2d0/0x2d0
       [<ffffffff81418439>] bus_for_each_dev+0x69/0xa0
       [<ffffffff8141a04e>] driver_attach+0x1e/0x20
       [<ffffffff81419c20>] bus_add_driver+0x1c0/0x240
       [<ffffffff8141b6d0>] driver_register+0x60/0xe0
       [<ffffffff81377d20>] __pci_register_driver+0x60/0x70
       [<ffffffffa026d9f4>] drm_pci_init+0xe4/0x110 [drm]
       [<ffffffff810ce04e>] ? trace_hardirqs_on+0xe/0x10
       [<ffffffffa02f1000>] ? 0xffffffffa02f1000
       [<ffffffffa02f1094>] i915_init+0x94/0x9b [i915]
       [<ffffffff810003bb>] do_one_initcall+0x8b/0x1c0
       [<ffffffff810eb616>] ? rcu_read_lock_sched_held+0x86/0x90
       [<ffffffff811de6d6>] ? kmem_cache_alloc_trace+0x1f6/0x270
       [<ffffffff81183826>] do_init_module+0x60/0x1dc
       [<ffffffff81115a8d>] load_module+0x1d0d/0x2390
       [<ffffffff811120b0>] ? __symbol_put+0x70/0x70
       [<ffffffff811f41b2>] ? kernel_read_file+0x92/0x120
       [<ffffffff811162f4>] SYSC_finit_module+0xa4/0xb0
       [<ffffffff8111631e>] SyS_finit_module+0xe/0x10
       [<ffffffff81001ff3>] do_syscall_64+0x63/0x350
       [<ffffffff816103da>] entry_SYSCALL64_slow_path+0x25/0x25
      Code: f7 48 8d 76 01 48 8d 52 01 0f b6 4e ff 84 c9 88 4a ff 75 ed 5d c3 0f 1f 00 55 48 89 e5 eb 04 84 c0
       74 18 48 8d 7f 01 48 8d 76 01 <0f> b6 47 ff 3a 46 ff 74 eb 19 c0 83 c8 01 5d c3 31 c0 5d c3 66
      RIP  [<ffffffff81338322>] strcmp+0x12/0x30
       RSP <ffff880070037748>
      CR2: ffffffffa03e7855
      
      v2: Make the copied con_id const
      
      Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
      Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
      Cc: Alexandre Courbot <gnurou@gmail.com>
      Cc: stable@vger.kernel.org
      Fixes: 10cf4899 ("gpiolib: tighten up ACPI legacy gpio lookups")
      Signed-off-by: NVille Syrjälä <ville.syrjala@linux.intel.com>
      Acked-by: NMika Westerberg <mika.westerberg@linux.intel.com>
      Reviewed-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
      7df89e92
    • S
      raid5: delete unnecessary warnning · b8a0b8e9
      Shaohua Li 提交于
      If device has R5_LOCKED set, it's legit device has R5_SkipCopy set and page !=
      orig_page. After R5_LOCKED is clear, handle_stripe_clean_event will clear the
      SkipCopy flag and set page to orig_page. So the warning is unnecessary.
      Reported-by: NJoey Liao <joeyliao@qnap.com>
      Signed-off-by: NShaohua Li <shli@fb.com>
      b8a0b8e9
  4. 29 4月, 2016 28 次提交
  5. 28 4月, 2016 7 次提交
    • S
      IB/mlx5: Expose correct max_sge_rd limit · 986ef95e
      Sagi Grimberg 提交于
      mlx5 devices (Connect-IB, ConnectX-4, ConnectX-4-LX) has a limitation
      where rdma read work queue entries cannot exceed 512 bytes.
      A rdma_read wqe needs to fit in 512 bytes:
      - wqe control segment (16 bytes)
      - rdma segment (16 bytes)
      - scatter elements (16 bytes each)
      
      So max_sge_rd should be: (512 - 16 - 16) / 16 = 30.
      
      Cc: linux-stable@vger.kernel.org
      Reported-by: NChristoph Hellwig <hch@lst.de>
      Tested-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NSagi Grimberg <sagig@grimberg.me>
      Signed-off-by: NLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      986ef95e
    • C
      mmc: sunxi: Disable eMMC HS-DDR (MMC_CAP_1_8V_DDR) for Allwinner A80 · 2963070a
      Chen-Yu Tsai 提交于
      eMMC HS-DDR no longer works on the A80, despite it working when support
      for this developed.
      
      Disable it for now.
      Signed-off-by: NChen-Yu Tsai <wens@csie.org>
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      2963070a
    • I
      rbd: report unsupported features to syslog · d3767f0f
      Ilya Dryomov 提交于
      ... instead of just returning an error.
      Signed-off-by: NIlya Dryomov <idryomov@gmail.com>
      Reviewed-by: NJosh Durgin <jdurgin@redhat.com>
      d3767f0f
    • I
      rbd: fix rbd map vs notify races · 811c6688
      Ilya Dryomov 提交于
      A while ago, commit 9875201e ("rbd: fix use-after free of
      rbd_dev->disk") fixed rbd unmap vs notify race by introducing
      an exported wrapper for flushing notifies and sticking it into
      do_rbd_remove().
      
      A similar problem exists on the rbd map path, though: the watch is
      registered in rbd_dev_image_probe(), while the disk is set up quite
      a few steps later, in rbd_dev_device_setup().  Nothing prevents
      a notify from coming in and crashing on a NULL rbd_dev->disk:
      
          BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
          Call Trace:
           [<ffffffffa0508344>] rbd_watch_cb+0x34/0x180 [rbd]
           [<ffffffffa04bd290>] do_event_work+0x40/0xb0 [libceph]
           [<ffffffff8109d5db>] process_one_work+0x17b/0x470
           [<ffffffff8109e3ab>] worker_thread+0x11b/0x400
           [<ffffffff8109e290>] ? rescuer_thread+0x400/0x400
           [<ffffffff810a5acf>] kthread+0xcf/0xe0
           [<ffffffff810b41b3>] ? finish_task_switch+0x53/0x170
           [<ffffffff810a5a00>] ? kthread_create_on_node+0x140/0x140
           [<ffffffff81645dd8>] ret_from_fork+0x58/0x90
           [<ffffffff810a5a00>] ? kthread_create_on_node+0x140/0x140
          RIP  [<ffffffffa050828a>] rbd_dev_refresh+0xfa/0x180 [rbd]
      
      If an error occurs during rbd map, we have to error out, potentially
      tearing down a watch.  Just like on rbd unmap, notifies have to be
      flushed, otherwise rbd_watch_cb() may end up trying to read in the
      image header after rbd_dev_image_release() has run:
      
          Assertion failure in rbd_dev_header_info() at line 4722:
      
           rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
      
          Call Trace:
           [<ffffffff81cccee0>] ? rbd_parent_request_create+0x150/0x150
           [<ffffffff81cd4e59>] rbd_dev_refresh+0x59/0x390
           [<ffffffff81cd5229>] rbd_watch_cb+0x69/0x290
           [<ffffffff81fde9bf>] do_event_work+0x10f/0x1c0
           [<ffffffff81107799>] process_one_work+0x689/0x1a80
           [<ffffffff811076f7>] ? process_one_work+0x5e7/0x1a80
           [<ffffffff81132065>] ? finish_task_switch+0x225/0x640
           [<ffffffff81107110>] ? pwq_dec_nr_in_flight+0x2b0/0x2b0
           [<ffffffff81108c69>] worker_thread+0xd9/0x1320
           [<ffffffff81108b90>] ? process_one_work+0x1a80/0x1a80
           [<ffffffff8111b02d>] kthread+0x21d/0x2e0
           [<ffffffff8111ae10>] ? kthread_stop+0x550/0x550
           [<ffffffff82022802>] ret_from_fork+0x22/0x40
           [<ffffffff8111ae10>] ? kthread_stop+0x550/0x550
          RIP  [<ffffffff81ccd8f9>] rbd_dev_header_info+0xa19/0x1e30
      
      To fix this, a) check if RBD_DEV_FLAG_EXISTS is set before calling
      revalidate_disk(), b) move ceph_osdc_flush_notifies() call into
      rbd_dev_header_unwatch_sync() to cover rbd map error paths and c) turn
      header read-in into a critical section.  The latter also happens to
      take care of rbd map foo@bar vs rbd snap rm foo@bar race.
      
      Fixes: http://tracker.ceph.com/issues/15490Signed-off-by: NIlya Dryomov <idryomov@gmail.com>
      Reviewed-by: NJosh Durgin <jdurgin@redhat.com>
      811c6688
    • L
      thermal: use %d to print S32 parameters · 15333e3a
      Leo Yan 提交于
      Power allocator's parameters are S32 type, so use %d to print them.
      Acked-by: NJavi Merino <javi.merino@arm.com>
      Signed-off-by: NLeo Yan <leo.yan@linaro.org>
      Signed-off-by: NEduardo Valentin <edubezval@gmail.com>
      15333e3a
    • L
      thermal: hisilicon: increase temperature resolution · 5fdfc48b
      Leo Yan 提交于
      When calculate temperature, old code firstly do division and then
      convert to "millicelsius" unit. This will lose resolution and only can
      read back temperature with "Celsius" unit.
      
      So firstly scale step value to "millicelsius" and then do division, so
      finally we can increase resolution for temperature value. Also refine
      the calculation from temperature value to step value.
      Signed-off-by: NLeo Yan <leo.yan@linaro.org>
      Signed-off-by: NEduardo Valentin <edubezval@gmail.com>
      5fdfc48b
    • M
      bnxt_en: Divide a page into 32K buffers for the aggregation ring if necessary. · 89d0a06c
      Michael Chan 提交于
      If PAGE_SIZE is bigger than BNXT_RX_PAGE_SIZE, that means the native CPU
      page is bigger than the maximum length of the RX BD.  Divide the page
      into multiple 32K buffers for the aggregation ring.
      
      Add an offset field in the bnxt_sw_rx_agg_bd struct to keep track of the
      page offset of each buffer.  Since each page can be referenced by multiple
      buffer entries, call get_page() as needed to get the proper reference
      count.
      Signed-off-by: NMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      89d0a06c
新手
引导
客服 返回
顶部