openwrt/staging/blogic.git
13 years agorcu: Decrease memory-barrier usage based on semi-formal proof
Paul E. McKenney [Tue, 7 Sep 2010 17:38:22 +0000 (10:38 -0700)]
rcu: Decrease memory-barrier usage based on semi-formal proof

Commit d09b62d fixed grace-period synchronization, but left some smp_mb()
invocations in rcu_process_callbacks() that are no longer needed, but
sheer paranoia prevented them from being removed.  This commit removes
them and provides a proof of correctness in their absence.  It also adds
a memory barrier to rcu_report_qs_rsp() immediately before the update to
rsp->completed in order to handle the theoretical possibility that the
compiler or CPU might move massive quantities of code into a lock-based
critical section.  This also proves that the sheer paranoia was not
entirely unjustified, at least from a theoretical point of view.

In addition, the old dyntick-idle synchronization depended on the fact
that grace periods were many milliseconds in duration, so that it could
be assumed that no dyntick-idle CPU could reorder a memory reference
across an entire grace period.  Unfortunately for this design, the
addition of expedited grace periods breaks this assumption, which has
the unfortunate side-effect of requiring atomic operations in the
functions that track dyntick-idle state for RCU.  (There is some hope
that the algorithms used in user-level RCU might be applied here, but
some work is required to handle the NMIs that user-space applications
can happily ignore.  For the short term, better safe than sorry.)

This proof assumes that neither compiler nor CPU will allow a lock
acquisition and release to be reordered, as doing so can result in
deadlock.  The proof is as follows:

1. A given CPU declares a quiescent state under the protection of
its leaf rcu_node's lock.

2. If there is more than one level of rcu_node hierarchy, the
last CPU to declare a quiescent state will also acquire the
->lock of the next rcu_node up in the hierarchy,  but only
after releasing the lower level's lock.  The acquisition of this
lock clearly cannot occur prior to the acquisition of the leaf
node's lock.

3. Step 2 repeats until we reach the root rcu_node structure.
Please note again that only one lock is held at a time through
this process.  The acquisition of the root rcu_node's ->lock
must occur after the release of that of the leaf rcu_node.

4. At this point, we set the ->completed field in the rcu_state
structure in rcu_report_qs_rsp().  However, if the rcu_node
hierarchy contains only one rcu_node, then in theory the code
preceding the quiescent state could leak into the critical
section.  We therefore precede the update of ->completed with a
memory barrier.  All CPUs will therefore agree that any updates
preceding any report of a quiescent state will have happened
before the update of ->completed.

5. Regardless of whether a new grace period is needed, rcu_start_gp()
will propagate the new value of ->completed to all of the leaf
rcu_node structures, under the protection of each rcu_node's ->lock.
If a new grace period is needed immediately, this propagation
will occur in the same critical section that ->completed was
set in, but courtesy of the memory barrier in #4 above, is still
seen to follow any pre-quiescent-state activity.

6. When a given CPU invokes __rcu_process_gp_end(), it becomes
aware of the end of the old grace period and therefore makes
any RCU callbacks that were waiting on that grace period eligible
for invocation.

If this CPU is the same one that detected the end of the grace
period, and if there is but a single rcu_node in the hierarchy,
we will still be in the single critical section.  In this case,
the memory barrier in step #4 guarantees that all callbacks will
be seen to execute after each CPU's quiescent state.

On the other hand, if this is a different CPU, it will acquire
the leaf rcu_node's ->lock, and will again be serialized after
each CPU's quiescent state for the old grace period.

On the strength of this proof, this commit therefore removes the memory
barriers from rcu_process_callbacks() and adds one to rcu_report_qs_rsp().
The effect is to reduce the number of memory barriers by one and to
reduce the frequency of execution from about once per scheduling tick
per CPU to once per grace period.

Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
13 years agorcu: Remove conditional compilation for RCU CPU stall warnings
Paul E. McKenney [Wed, 9 Feb 2011 01:14:39 +0000 (17:14 -0800)]
rcu: Remove conditional compilation for RCU CPU stall warnings

The RCU CPU stall warnings can now be controlled using the
rcu_cpu_stall_suppress boot-time parameter or via the same parameter
from sysfs.  There is therefore no longer any reason to have
kernel config parameters for this feature.  This commit therefore
removes the RCU_CPU_STALL_DETECTOR and RCU_CPU_STALL_DETECTOR_RUNNABLE
kernel config parameters.  The RCU_CPU_STALL_TIMEOUT parameter remains
to allow the timeout to be tuned and the RCU_CPU_STALL_VERBOSE parameter
remains to allow task-stall information to be suppressed if desired.

Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
13 years agoLinux 2.6.39-rc6
Linus Torvalds [Wed, 4 May 2011 02:59:13 +0000 (19:59 -0700)]
Linux 2.6.39-rc6

13 years agoMerge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied...
Linus Torvalds [Wed, 4 May 2011 01:52:09 +0000 (18:52 -0700)]
Merge branch 'drm-fixes' of git://git./linux/kernel/git/airlied/drm-2.6

* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon/kms: fix gart setup on fusion parts (v2)
  drm: Send pending vblank events before disabling vblank.
  drm/radeon: fix regression on atom cards with hardcoded EDID record.
  drm/radeon/kms: add some new pci ids

13 years agodrm/radeon/kms: fix gart setup on fusion parts (v2)
Alex Deucher [Tue, 3 May 2011 23:28:02 +0000 (19:28 -0400)]
drm/radeon/kms: fix gart setup on fusion parts (v2)

Out of the entire GART/VM subsystem, the hw designers changed
the location of 3 regs.

v2: airlied: add parameter for userspace to work from.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
13 years agodrm: Send pending vblank events before disabling vblank.
Christopher James Halse Rogers [Wed, 27 Apr 2011 06:10:57 +0000 (16:10 +1000)]
drm: Send pending vblank events before disabling vblank.

This is the least-bad behaviour.  It means that we signal the
vblank event before it actually happens, but since we're disabling
vblanks there's no guarantee that it will *ever* happen otherwise.

This prevents GL applications which use WaitMSC from hanging
indefinitely.

Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
13 years agodrm/radeon: fix regression on atom cards with hardcoded EDID record.
Dave Airlie [Sun, 1 May 2011 10:16:30 +0000 (20:16 +1000)]
drm/radeon: fix regression on atom cards with hardcoded EDID record.

Since fafcf94e2b5732d1e13b440291c53115d2b172e9 introduced an edid size, it seems to have broken this path.

This manifest as oops on T500 Lenovo laptops with dual graphics primarily.

Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=33812
cc: stable@kernel.org
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
13 years agodrm/radeon/kms: add some new pci ids
Alex Deucher [Tue, 3 May 2011 19:15:55 +0000 (15:15 -0400)]
drm/radeon/kms: add some new pci ids

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
13 years agologfs: initialize superblock entries earlier
Linus Torvalds [Tue, 3 May 2011 23:10:25 +0000 (16:10 -0700)]
logfs: initialize superblock entries earlier

In particular, s_freeing_list needs to be initialized early, since it is
used on some of the error paths when mounts fail.  The mapping inode,
for example, would be initialized and then free'd on an error path
before s_freeing_list was initialized, but the inode drop operation
needs the s_freeing_list to be set up.

Normally you'd never see this, because not only is logfs fairly rare,
but a successful mount will never have any issues.

Reported-by: werner <w.landgraf@ru.ru>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agoMerge branch 'stable/bug-fixes-for-rc5' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 3 May 2011 16:25:42 +0000 (09:25 -0700)]
Merge branch 'stable/bug-fixes-for-rc5' of git://git./linux/kernel/git/konrad/xen

* 'stable/bug-fixes-for-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen: mask_rw_pte mark RO all pagetable pages up to pgt_buf_top
  xen/mmu: Add workaround "x86-64, mm: Put early page table high"

13 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc
Linus Torvalds [Tue, 3 May 2011 16:24:44 +0000 (09:24 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/cjb/mmc

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc:
  mmc: sdhci: Check mrq != NULL in sdhci_tasklet_finish
  mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish
  mmc: tmio: fix .set_ios(MMC_POWER_UP) handling
  mmc: fix a race between card-detect rescan and clock-gate work instances
  mmc: omap: Fix possible NULL pointer deref
  mmc: core: mmc_add_card(): fix missing break in switch statement
  mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot()

13 years agoMerge branches 'x86-fixes-for-linus' and 'irq-fixes-for-linus' of git://git.kernel...
Linus Torvalds [Tue, 3 May 2011 16:23:44 +0000 (09:23 -0700)]
Merge branches 'x86-fixes-for-linus' and 'irq-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86, reboot: Fix relocations in reboot_32.S
  x86, NUMA: Fix empty memblk detection in numa_cleanup_meminfo()
  x86, AMD: Fix APIC timer erratum 400 affecting K8 Rev.A-E processors

* 'irq-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  genirq: Fix typo CONFIG_GENIRC_IRQ_SHOW_LEVEL

13 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Tue, 3 May 2011 03:26:32 +0000 (20:26 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: wm831x-ts - move BTN_TOUCH reporting to data transfer
  Input: wm831x-ts - allow IRQ flags to be specified
  Input: wm831x-ts - fix races with IRQ management

13 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Tue, 3 May 2011 01:00:43 +0000 (18:00 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (47 commits)
  sysctl: net: call unregister_net_sysctl_table where needed
  Revert: veth: remove unneeded ifname code from veth_newlink()
  smsc95xx: fix reset check
  tg3: Fix failure to enable WoL by default when possible
  networking: inappropriate ioctl operation should return ENOTTY
  amd8111e: trivial typo spelling: Negotitate -> Negotiate
  ipv4: don't spam dmesg with "Using LC-trie" messages
  af_unix: Only allow recv on connected seqpacket sockets.
  mii: add support of pause frames in mii_get_an
  net: ftmac100: fix scheduling while atomic during PHY link status change
  usbnet: Transfer of maintainership
  usbnet: add support for some Huawei modems with cdc-ether ports
  bnx2: cancel timer on device removal
  iwl4965: fix "Received BA when not expected"
  iwlagn: fix "Received BA when not expected"
  dsa/mv88e6131: fix unknown multicast/broadcast forwarding on mv88e6085
  usbnet: Resubmit interrupt URB if device is open
  iwl4965: fix "TX Power requested while scanning"
  iwlegacy: led stay solid on when no traffic
  b43: trivial: update module info about ucode16_mimo firmware
  ...

13 years agosysctl: net: call unregister_net_sysctl_table where needed
Lucian Adrian Grijincu [Sun, 1 May 2011 01:44:01 +0000 (01:44 +0000)]
sysctl: net: call unregister_net_sysctl_table where needed

ctl_table_headers registered with register_net_sysctl_table should
have been unregistered with the equivalent unregister_net_sysctl_table

Signed-off-by: Lucian Adrian Grijincu <lucian.grijincu@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoRevert: veth: remove unneeded ifname code from veth_newlink()
Jiri Pirko [Sat, 30 Apr 2011 01:28:17 +0000 (01:28 +0000)]
Revert: veth: remove unneeded ifname code from veth_newlink()

84c49d8c3e4abefb0a41a77b25aa37ebe8d6b743 ("veth: remove unneeded
ifname code from veth_newlink()") caused regression on veth
creation. This patch reverts the original one.

Reported-by: Michał Mirosław <mirqus@gmail.com>
Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agosmsc95xx: fix reset check
Rabin Vincent [Sat, 30 Apr 2011 08:29:27 +0000 (08:29 +0000)]
smsc95xx: fix reset check

The reset loop check should check the MII_BMCR register value for
BMCR_RESET rather than for MII_BMCR (the register address, which also
happens to be zero).

Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agotg3: Fix failure to enable WoL by default when possible
Rafael J. Wysocki [Thu, 28 Apr 2011 11:02:15 +0000 (11:02 +0000)]
tg3: Fix failure to enable WoL by default when possible

tg3 is supposed to enable WoL by default on adapters which support
that, but it fails to do so unless the adapter's
/sys/devices/.../power/wakeup file contains 'enabled' during the
initialization of the adapter.  Fix that by making tg3 use
device_set_wakeup_enable() to enable wakeup automatically whenever
WoL should be enabled by default.

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonetworking: inappropriate ioctl operation should return ENOTTY
Lifeng Sun [Wed, 27 Apr 2011 22:04:51 +0000 (22:04 +0000)]
networking: inappropriate ioctl operation should return ENOTTY

ioctl() calls against a socket with an inappropriate ioctl operation
are incorrectly returning EINVAL rather than ENOTTY:

  [ENOTTY]
      Inappropriate I/O control operation.

BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=33992
Signed-off-by: Lifeng Sun <lifongsun@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agox86, reboot: Fix relocations in reboot_32.S
H. Peter Anvin [Mon, 2 May 2011 21:33:24 +0000 (14:33 -0700)]
x86, reboot: Fix relocations in reboot_32.S

The use of base for %ebx in this file is arbitrary, *except* that we
also use it to compute the real-mode segment.  Therefore, make it so
that r_base really is the true address to which %ebx points.

This resolves kernel bugzilla 33302.

Reported-and-tested-by: Alexey Zaytsev <alexey.zaytsev@gmail.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Link: http://lkml.kernel.org/n/tip-08os5wi3yq1no0y4i5m4z7he@git.kernel.org
13 years agoamd8111e: trivial typo spelling: Negotitate -> Negotiate
Joe Perches [Mon, 2 May 2011 09:59:29 +0000 (09:59 +0000)]
amd8111e: trivial typo spelling: Negotitate -> Negotiate

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoxen: mask_rw_pte mark RO all pagetable pages up to pgt_buf_top
Stefano Stabellini [Tue, 12 Apr 2011 11:19:49 +0000 (12:19 +0100)]
xen: mask_rw_pte mark RO all pagetable pages up to pgt_buf_top

mask_rw_pte is currently checking if a pfn is a pagetable page if it
falls in the range pgt_buf_start - pgt_buf_end but that is incorrect
because pgt_buf_end is a moving target: pgt_buf_top is the real
boundary.

Acked-by: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
13 years agoxen/mmu: Add workaround "x86-64, mm: Put early page table high"
Konrad Rzeszutek Wilk [Fri, 29 Apr 2011 15:34:00 +0000 (11:34 -0400)]
xen/mmu: Add workaround "x86-64, mm: Put early page table high"

As a consequence of the commit:

commit 4b239f458c229de044d6905c2b0f9fe16ed9e01e
Author: Yinghai Lu <yinghai@kernel.org>
Date:   Fri Dec 17 16:58:28 2010 -0800

    x86-64, mm: Put early page table high

it causes the Linux kernel to crash under Xen:

mapping kernel into physical memory
Xen: setup ISA identity maps
about to get started...
(XEN) mm.c:2466:d0 Bad type (saw 7400000000000001 != exp 1000000000000000) for mfn b1d89 (pfn bacf7)
(XEN) mm.c:3027:d0 Error while pinning mfn b1d89
(XEN) traps.c:481:d0 Unhandled invalid opcode fault/trap [#6] on VCPU 0 [ec=0000]
(XEN) domain_crash_sync called from entry.S
(XEN) Domain 0 (vcpu#0) crashed on cpu#0:
...

The reason is that at some point init_memory_mapping is going to reach
the pagetable pages area and map those pages too (mapping them as normal
memory that falls in the range of addresses passed to init_memory_mapping
as argument). Some of those pages are already pagetable pages (they are
in the range pgt_buf_start-pgt_buf_end) therefore they are going to be
mapped RO and everything is fine.
Some of these pages are not pagetable pages yet (they fall in the range
pgt_buf_end-pgt_buf_top; for example the page at pgt_buf_end) so they
are going to be mapped RW.  When these pages become pagetable pages and
are hooked into the pagetable, xen will find that the guest has already
a RW mapping of them somewhere and fail the operation.
The reason Xen requires pagetables to be RO is that the hypervisor needs
to verify that the pagetables are valid before using them. The validation
operations are called "pinning" (more details in arch/x86/xen/mmu.c).

In order to fix the issue we mark all the pages in the entire range
pgt_buf_start-pgt_buf_top as RO, however when the pagetable allocation
is completed only the range pgt_buf_start-pgt_buf_end is reserved by
init_memory_mapping. Hence the kernel is going to crash as soon as one
of the pages in the range pgt_buf_end-pgt_buf_top is reused (b/c those
ranges are RO).

For this reason, this function is introduced which is called _after_
the init_memory_mapping has completed (in a perfect world we would
call this function from init_memory_mapping, but lets ignore that).

Because we are called _after_ init_memory_mapping the pgt_buf_[start,
end,top] have all changed to new values (b/c another init_memory_mapping
is called). Hence, the first time we enter this function, we save
away the pgt_buf_start value and update the pgt_buf_[end,top].

When we detect that the "old" pgt_buf_start through pgt_buf_end
PFNs have been reserved (so memblock_x86_reserve_range has been called),
we immediately set out to RW the "old" pgt_buf_end through pgt_buf_top.

And then we update those "old" pgt_buf_[end|top] with the new ones
so that we can redo this on the next pagetable.

Acked-by: "H. Peter Anvin" <hpa@zytor.com>
Reviewed-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
[v1: Updated with Jeremy's comments]
[v2: Added the crash output]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
13 years agoMerge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirel...
David S. Miller [Mon, 2 May 2011 19:21:47 +0000 (12:21 -0700)]
Merge branch 'master' of git://git./linux/kernel/git/linville/wireless-2.6

13 years agoMerge branch 'for-linus' of git://git.infradead.org/ubifs-2.6
Linus Torvalds [Mon, 2 May 2011 19:17:29 +0000 (12:17 -0700)]
Merge branch 'for-linus' of git://git.infradead.org/ubifs-2.6

* 'for-linus' of git://git.infradead.org/ubifs-2.6:
  UBIFS: seek journal heads to the latest bud in replay
  UBIFS: do not free write-buffers when in R/O mode

13 years agoMerge branch 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm
Linus Torvalds [Mon, 2 May 2011 19:17:05 +0000 (12:17 -0700)]
Merge branch 'fixes' of /home/rmk/linux-2.6-arm

* 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm: (47 commits)
  CLKDEV: Fix clkdev return value for NULL clk case
  ARM: 6891/1: prevent heap corruption in OABI semtimedop
  ARM: kprobes: Tidy-up kprobes-decode.c
  ARM: kprobes: Add emulation of hint instructions like NOP and WFI
  ARM: kprobes: Add emulation of SBFX, UBFX, BFI and BFC instructions
  ARM: kprobes: Add emulation of MOVW and MOVT instructions
  ARM: kprobes: Reject probing of undefined data processing instructions
  ARM: kprobes: Remove redundant code in space_1111
  ARM: kprobes: Fix emulation of PLD instructions
  ARM: kprobes: Reject probing of SETEND instructions
  ARM: kprobes: Consolidate stub decoding functions
  ARM: kprobes: Reject probing of all coprocessor instructions
  ARM: kprobes: Fix emulation of USAD8 instructions
  ARM: kprobes: Fix emulation of SMUAD, SMUSD and SMMUL instructions
  ARM: kprobes: Fix emulation of SXTB16, SXTB, SXTH, UXTB16, UXTB and UXTH instructions
  ARM: kprobes: Reject probing of undefined media instructions
  ARM: kprobes: Add emulation of RBIT instruction
  ARM: kprobes: Reject probing of LDRB instructions which load PC
  ARM: kprobes: Fix emulation of LDRD and STRD instructions
  ARM: kprobes: Reject probing of LDR/STR instructions which update PC unpredictably
  ...

13 years agogenirq: Fix typo CONFIG_GENIRC_IRQ_SHOW_LEVEL
Geert Uytterhoeven [Sat, 30 Apr 2011 20:56:20 +0000 (22:56 +0200)]
genirq: Fix typo CONFIG_GENIRC_IRQ_SHOW_LEVEL

commit ab7798ffcf98b11a9525cf65bacdae3fd58d357f ("genirq: Expand generic
show_interrupts()") added the Kconfig option GENERIC_IRQ_SHOW_LEVEL to
accomodate PowerPC, but this doesn't actually enable the functionality due
to a typo in the #ifdef check.

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Linux/PPC Development <linuxppc-dev@lists.ozlabs.org>
Link: http://lkml.kernel.org/r/%3Calpine.DEB.2.00.1104302251370.19068%40ayla.of.borg%3E
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
13 years agoUBIFS: seek journal heads to the latest bud in replay
Artem Bityutskiy [Mon, 25 Apr 2011 15:46:31 +0000 (18:46 +0300)]
UBIFS: seek journal heads to the latest bud in replay

This is the second fix of the following symptom:

UBIFS error (pid 34456): could not find an empty LEB

which sometimes happens after power cuts when we mount the file-system - UBIFS
refuses it with the above error message which comes from the
'ubifs_rcvry_gc_commit()' function. I can reproduce this using the integck test
with the UBIFS power cut emulation enabled.

Analysis of the problem.

Currently UBIFS replay seeks the journal heads to the last _replayed_ bud.
But the buds are replayed out-of-order, so the replay basically seeks journal
heads to the "random" bud belonging to this head, and not to the _last_ one.

The result of this is that the GC head may be seeked to a full LEB with no free
space, or very little free space. And 'ubifs_rcvry_gc_commit()' tries to find a
fully or mostly dirty LEB to match the current GC head (because we need to
garbage-collect that dirty LEB at one go, because we do not have @c->gc_lnum).
So 'ubifs_find_dirty_leb()' fails and we fall back to finding an empty LEB and
also fail. As a result - recovery fails and mounting fails.

This patch teaches the replay to initialize the GC heads exactly to the latest
buds, i.e. the buds which have the largest sequence number in corresponding
log reference nodes.

Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Cc: stable@kernel.org
13 years agoUBIFS: do not free write-buffers when in R/O mode
Artem Bityutskiy [Mon, 25 Apr 2011 15:17:09 +0000 (18:17 +0300)]
UBIFS: do not free write-buffers when in R/O mode

Currently UBIFS has a small optimization - it frees write-buffers when it is
re-mounted from R/W mode to R/O mode. Of course, when it is mounted R/O, it
does not allocate write-buffers as well.

This optimization is nice but it leads to subtle problems and complications
in recovery, which I can reproduce using the integck test. The symptoms are
that after a power cut the file-system cannot be mounted if we first mount
it R/O, and then re-mount R/W - 'ubifs_rcvry_gc_commit()' prints:

UBIFS error (pid 34456): could not find an empty LEB

Analysis of the  problem.

When mounting R/W, the reply process sets journal heads to buds [1], but
when mounting R/O - it does not do this, because the write-buffers are not
allocated. So 'ubifs_rcvry_gc_commit()' works completely differently for the
same file-system but for the following 2 cases:

1. mounting R/W after a power cut and recover
2. mounting R/O after a power cut, re-mounting R/W and run deferred recovery

In the former case, we have journal heads seeked to the a bud, in the latter
case, they are non-seeked (wbuf->lnum == -1). So in the latter case we do not
try to recover the GC LEB by garbage-collecting to the GC head, but we just
try to find an empty LEB, and there may be no empty LEBs, so we just fail.
On the other hand, in the former case (mount R/W), we are able to make a GC LEB
(@c->gc_lnum) by garbage-collecting.

Thus, let's remove this small nice optimization and always allocate
write-buffers. This should not make too big difference - we have only 3
of them, each of max. write unit size, which is usually 2KiB. So this is
about 6KiB of RAM for the typical case, and only when mounted R/O.

[1]: Note, currently the replay process is setting (seeking) the journal heads
to _some_ buds, not necessarily to the buds which had been the journal heads
before the power cut happened. This will be fixed separately.

Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Cc: stable@kernel.org
13 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
Linus Torvalds [Mon, 2 May 2011 16:07:27 +0000 (09:07 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/tiwai/sound-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: hda - Fix Realtek's chained fixup checks
  Revert "ALSA: hda - Fix pin-config of Gigabyte mobo"
  ALSA: HDA: Fix automute for Gateway NV79
  ALSA: hda: add beep quirk for Realtek 0x1043:831a
  ALSA: usb-audio - Terratec Aureon 7.1 USB ID as C-Media cm6206 quirks
  ALSA: hda - VIA: Fix notify_aa_path_ctls() invalid issue.
  ALSA - au88x0 - Add buffer bytes constraints

13 years agoMerge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
Linus Torvalds [Mon, 2 May 2011 15:47:35 +0000 (08:47 -0700)]
Merge branch 'for-linus' of git://git390.marist.edu/linux-2.6

* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
  [S390] irqstats: fix counting of pfault, dasd diag and virtio irqs
  [S390] prng: fix pointer arithmetic

13 years agoMerge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groec...
Linus Torvalds [Mon, 2 May 2011 15:47:12 +0000 (08:47 -0700)]
Merge branch 'hwmon-for-linus' of git://git./linux/kernel/git/groeck/staging

* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging:
  hwmon: (twl4030-madc-hwmon) Return proper error if hwmon_device_register fails

13 years agoMerge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvar...
Linus Torvalds [Mon, 2 May 2011 15:46:50 +0000 (08:46 -0700)]
Merge branch 'i2c-for-linus' of git://git./linux/kernel/git/jdelvare/staging

* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  i2c-parport: Fix adapter list handling
  i2c-i801: Move device ID definitions to driver

13 years agoXZ decompressor: Fix decoding of empty LZMA2 streams
Lasse Collin [Sun, 1 May 2011 16:38:42 +0000 (19:38 +0300)]
XZ decompressor: Fix decoding of empty LZMA2 streams

The old code considered valid empty LZMA2 streams to be corrupt.
Note that a typical empty .xz file has no LZMA2 data at all,
and thus most .xz files having no uncompressed data are handled
correctly even without this fix.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
13 years agoALSA: hda - Fix Realtek's chained fixup checks
Takashi Iwai [Mon, 2 May 2011 11:55:36 +0000 (13:55 +0200)]
ALSA: hda - Fix Realtek's chained fixup checks

The check of chained fixup list entry was done against the wrong element.
A stupid mistake during refactoring.

Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
13 years agoRevert "ALSA: hda - Fix pin-config of Gigabyte mobo"
Takashi Iwai [Mon, 2 May 2011 08:37:29 +0000 (10:37 +0200)]
Revert "ALSA: hda - Fix pin-config of Gigabyte mobo"

This reverts commit c6b358748e19ce7e230b0926ac42696bc485a562.

It turned out that there are different pin configurations for this
PCI SSID, including multi-channel modes.  And more proper fix for
allowing line-out mutes will come up in 2.6.40 tree, so we won't need
this fixup any more there.

Reported-by: Andrew Clayton <andrew@digital-domain.net>
Reported-by: Emmanuel Benisty <benisty.e@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
13 years agoipv4: don't spam dmesg with "Using LC-trie" messages
Alexey Dobriyan [Sun, 1 May 2011 02:04:11 +0000 (02:04 +0000)]
ipv4: don't spam dmesg with "Using LC-trie" messages

fib_trie_table() is called during netns creation and
Chromium uses clone(CLONE_NEWNET) to sandbox renderer process.

Don't print anything.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoaf_unix: Only allow recv on connected seqpacket sockets.
Eric W. Biederman [Sun, 24 Apr 2011 01:54:57 +0000 (01:54 +0000)]
af_unix: Only allow recv on connected seqpacket sockets.

This fixes the following oops discovered by Dan Aloni:
> Anyway, the following is the output of the Oops that I got on the
> Ubuntu kernel on which I first detected the problem
> (2.6.37-12-generic). The Oops that followed will be more useful, I
> guess.

>[ 5594.669852] BUG: unable to handle kernel NULL pointer dereference
> at           (null)
> [ 5594.681606] IP: [<ffffffff81550b7b>] unix_dgram_recvmsg+0x1fb/0x420
> [ 5594.687576] PGD 2a05d067 PUD 2b951067 PMD 0
> [ 5594.693720] Oops: 0002 [#1] SMP
> [ 5594.699888] last sysfs file:

The bug was that unix domain sockets use a pseduo packet for
connecting and accept uses that psudo packet to get the socket.
In the buggy seqpacket case we were allowing unconnected
sockets to call recvmsg and try to receive the pseudo packet.

That is always wrong and as of commit 7361c36c5 the pseudo
packet had become enough different from a normal packet
that the kernel started oopsing.

Do for seqpacket_recv what was done for seqpacket_send in 2.5
and only allow it on connected seqpacket sockets.

Cc: stable@kernel.org
Tested-by: Dan Aloni <dan@aloni.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agox86, NUMA: Fix empty memblk detection in numa_cleanup_meminfo()
Yinghai Lu [Sun, 1 May 2011 17:12:04 +0000 (19:12 +0200)]
x86, NUMA: Fix empty memblk detection in numa_cleanup_meminfo()

numa_cleanup_meminfo() trims each memblk between low (0) and
high (max_pfn) limits and discards empty ones.  However, the
emptiness detection incorrectly used equality test.  If the
start of a memblk is higher than max_pfn, it is empty but fails
the equality test and doesn't get discarded.

The condition triggers when max_pfn is lower than start of a
NUMA node and results in memory misconfiguration - leading to
WARN_ON()s and other funnies.  The bug was discovered in devel
branch where 32bit too uses this code path for NUMA init.  If a
node is above the addressing limit, max_pfn ends up lower than
the node triggering this problem.

The failure hasn't been observed on x86-64 but is still possible
with broken hardware e820/NUMA info.  As the fix is very low
risk, it would be better to apply it even for 64bit.

Fix it by using >= instead of ==.

Signed-off-by: Yinghai Lu <yinghai@kernel.org>
[ Extracted the actual fix from the original patch and rewrote patch description. ]
Signed-off-by: Tejun Heo <tj@kernel.org>
Link: http://lkml.kernel.org/r/20110501171204.GO29280@htj.dyndns.org
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agox86, AMD: Fix APIC timer erratum 400 affecting K8 Rev.A-E processors
Boris Ostrovsky [Fri, 29 Apr 2011 21:47:43 +0000 (17:47 -0400)]
x86, AMD: Fix APIC timer erratum 400 affecting K8 Rev.A-E processors

Older AMD K8 processors (Revisions A-E) are affected by erratum
400 (APIC timer interrupts don't occur in C states greater than
C1). This, for example, means that X86_FEATURE_ARAT flag should
not be set for these parts.

This addresses regression introduced by commit
b87cf80af3ba4b4c008b4face3c68d604e1715c6 ("x86, AMD: Set ARAT
feature on AMD processors") where the system may become
unresponsive until external interrupt (such as keyboard input)
occurs. This results, for example, in time not being reported
correctly, lack of progress on the system and other lockups.

Reported-by: Joerg-Volker Peetz <jvpeetz@web.de>
Tested-by: Joerg-Volker Peetz <jvpeetz@web.de>
Acked-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: Boris Ostrovsky <Boris.Ostrovsky@amd.com>
Cc: stable@kernel.org
Link: http://lkml.kernel.org/r/1304113663-6586-1-git-send-email-ostr@amd64.org
Signed-off-by: Ingo Molnar <mingo@elte.hu>
13 years agoi2c-parport: Fix adapter list handling
Jean Delvare [Sun, 1 May 2011 16:18:49 +0000 (18:18 +0200)]
i2c-parport: Fix adapter list handling

Use a standard list with proper locking to handle the list of
adapters. Thankfully it only matters on systems with more than one
parallel port, which are very rare.

Thanks to Lukasz Kapiec for reporting the problem to me.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: stable@kernel.org
13 years agoi2c-i801: Move device ID definitions to driver
Jean Delvare [Sun, 1 May 2011 16:18:49 +0000 (18:18 +0200)]
i2c-i801: Move device ID definitions to driver

Move the SMBus device ID definitions of recent devices from pci_ids.h
to the i2c-i801.c driver file. They don't have to be shared, as they
are clearly identified and only used in this driver. In the future,
such IDs will go to i2c-i801 directly. This will make adding support
for new devices much faster and easier, as it will avoid cross-
subsystem patch sets and merge conflicts.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Seth Heasley <seth.heasley@intel.com>
Acked-by: Jesse Barnes <jbarnes@virtuousgeek.org>
13 years agohwmon: (twl4030-madc-hwmon) Return proper error if hwmon_device_register fails
Axel Lin [Sun, 1 May 2011 15:34:55 +0000 (11:34 -0400)]
hwmon: (twl4030-madc-hwmon) Return proper error if hwmon_device_register fails

The driver did not return an error if the call to hwmon_device_register failed.
Fix by returning the error reported from hwmon_device_register.

Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
13 years agoMerge branch 'fixes-2.6.39' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
Linus Torvalds [Sat, 30 Apr 2011 16:15:40 +0000 (09:15 -0700)]
Merge branch 'fixes-2.6.39' of git://git./linux/kernel/git/tj/wq

* 'fixes-2.6.39' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: fix deadlock in worker_maybe_bind_and_lock()
  workqueue: Document debugging tricks

Fix up trivial spelling conflict in kernel/workqueue.c

13 years agoCLKDEV: Fix clkdev return value for NULL clk case
Russell King [Sat, 30 Apr 2011 09:14:08 +0000 (10:14 +0100)]
CLKDEV: Fix clkdev return value for NULL clk case

clkdev may incorrectly cause a clkdev entry with a NULL clk to return
-ENOENT.  This is not the intention of this code; -ENOENT should only
be returned if the clock entry can not be found in the table.  Fix
this.

Reported-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
13 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
Linus Torvalds [Fri, 29 Apr 2011 23:27:52 +0000 (16:27 -0700)]
Merge git://git./linux/kernel/git/jejb/scsi-rc-fixes-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] pmcraid: reject negative request size
  [SCSI] put stricter guards on queue dead checks
  [SCSI] scsi_dh: fix reference counting in scsi_dh_activate error path
  [SCSI] mpt2sas: prevent heap overflows and unchecked reads

13 years agoMerge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 29 Apr 2011 22:08:53 +0000 (15:08 -0700)]
Merge branch 'perf-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  perf, x86, nmi: Move LVT un-masking into irq handlers
  perf events, x86: Work around the Nehalem AAJ80 erratum
  perf, x86: Fix BTS condition
  ftrace: Build without frame pointers on Microblaze

13 years agoMerge branch 'timer-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 29 Apr 2011 22:08:31 +0000 (15:08 -0700)]
Merge branch 'timer-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'timer-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  hrtimer: Initialize CLOCK_ID to HRTIMER_BASE table statically
  rtc: max8925: Call dev_set_drvdata before rtc_device_register

13 years agoMerge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Fri, 29 Apr 2011 22:07:19 +0000 (15:07 -0700)]
Merge branch 'x86-fixes-for-linus' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86: ce4100: Configure IOAPIC pins for USB and SATA to level type
  x86: devicetree: Configure IOAPIC pin only once
  x86, setup: When probing memory with e801, use ax/bx as a pair

13 years agoMerge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelv...
Linus Torvalds [Fri, 29 Apr 2011 21:58:34 +0000 (14:58 -0700)]
Merge branch 'hwmon-for-linus' of git://git./linux/kernel/git/jdelvare/staging

* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  hwmon: (lm85) Fix error paths in probe function
  hwmon: (lm85) Add missing list terminators
  hwmon: (adm1021) Clarify documentation regarding Xeon processors
  hwmon: (lm90) Fix update interval information in driver documentation
  hwmon: (lm90) Add support for ADT7461A and NCT1008

13 years agomii: add support of pause frames in mii_get_an
artpol [Wed, 27 Apr 2011 17:49:14 +0000 (17:49 +0000)]
mii: add support of pause frames in mii_get_an

Add support of pause frames advertise in mii_get_an. This provides all drivers
that use mii_ethtool_gset to represent their own and Link partner flow control
abilities in ethtool.

Signed-off-by: Artem Polyakov <artpol84@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agonet: ftmac100: fix scheduling while atomic during PHY link status change
Adam Jaremko [Thu, 28 Apr 2011 07:41:18 +0000 (07:41 +0000)]
net: ftmac100: fix scheduling while atomic during PHY link status change

Signed-off-by: Adam Jaremko <adam.jaremko@gmail.com>
Acked-by: Po-Yu Chuang <ratbert@faraday-tech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agousbnet: Transfer of maintainership
Oliver Neukum [Fri, 29 Apr 2011 12:15:53 +0000 (14:15 +0200)]
usbnet: Transfer of maintainership

Somebody has to do it, however unfortunate be the cause.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agousbnet: add support for some Huawei modems with cdc-ether ports
Dan Williams [Wed, 27 Apr 2011 09:54:28 +0000 (09:54 +0000)]
usbnet: add support for some Huawei modems with cdc-ether ports

Some newer Huawei devices (T-Mobile Rocket, others) have cdc-ether
compatible ports, so recognize and expose them.

Signed-off-by: Dan Williams <dcbw@redhat.com>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agobnx2: cancel timer on device removal
Neil Horman [Tue, 26 Apr 2011 10:30:11 +0000 (10:30 +0000)]
bnx2: cancel timer on device removal

This oops was recently reported to me:

invalid opcode: 0000 [#1] SMP
last sysfs file:
/sys/devices/pci0000:00/0000:00:01.0/0000:01:0d.0/0000:02:05.0/device
CPU 1
Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg
microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4
shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core
dm_mod [last unloaded: bnx2]

Modules linked in: bnx2(+) sunrpc ipv6 dm_mirror dm_region_hash dm_log sg
microcode serio_raw amd64_edac_mod edac_core edac_mce_amd k8temp i2c_piix4
shpchp ext4 mbcache jbd2 sd_mod crc_t10dif mptsas mptscsih mptbase
scsi_transport_sas radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core
dm_mod [last unloaded: bnx2]
Pid: 23900, comm: pidof Not tainted 2.6.32-130.el6.x86_64 #1 BladeCenter LS21
-[797251Z]-
RIP: 0010:[<ffffffffa058b270>]  [<ffffffffa058b270>] 0xffffffffa058b270
RSP: 0018:ffff880002083e48  EFLAGS: 00010246
RAX: ffff880002083e90 RBX: ffff88007ccd4000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: dead000000200200 RDI: ffff8800007b8700
RBP: ffff880002083ed0 R08: ffff88000208db40 R09: 0000022d191d27c8
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800007b9bc8
R13: ffff880002083e90 R14: ffff8800007b8700 R15: ffffffffa058b270
FS:  00007fbb3bcf7700(0000) GS:ffff880002080000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001664a98 CR3: 0000000060395000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process pidof (pid: 23900, threadinfo ffff8800007e8000, task ffff8800091c0040)
Stack:
 ffffffff81079f77 ffffffff8109e010 ffff88007ccd5c20 ffff88007ccd5820
<0> ffff88007ccd5420 ffff8800007e9fd8 ffff8800007e9fd8 0000010000000000
<0> ffff88007ccd5020 ffff880002083e90 ffff880002083e90 ffffffff8102a00d
Call Trace:
 <IRQ>
 [<ffffffff81079f77>] ? run_timer_softirq+0x197/0x340
 [<ffffffff8109e010>] ? tick_sched_timer+0x0/0xc0
 [<ffffffff8102a00d>] ? lapic_next_event+0x1d/0x30
 [<ffffffff8106f737>] __do_softirq+0xb7/0x1e0
 [<ffffffff81092cc0>] ? hrtimer_interrupt+0x140/0x250
 [<ffffffff81185f90>] ? filldir+0x0/0xe0
 [<ffffffff8100c2cc>] call_softirq+0x1c/0x30
 [<ffffffff8100df05>] do_softirq+0x65/0xa0
 [<ffffffff8106f525>] irq_exit+0x85/0x90
 [<ffffffff814e3340>] smp_apic_timer_interrupt+0x70/0x9b
 [<ffffffff8100bc93>] apic_timer_interrupt+0x13/0x20
 <EOI>
 [<ffffffff81211ba5>] ? selinux_file_permission+0x45/0x150
 [<ffffffff81262a75>] ? _atomic_dec_and_lock+0x55/0x80
 [<ffffffff812050c6>] security_file_permission+0x16/0x20
 [<ffffffff811861c1>] vfs_readdir+0x71/0xe0
 [<ffffffff81186399>] sys_getdents+0x89/0xf0
 [<ffffffff8100b172>] system_call_fastpath+0x16/0x1b

It occured during some stress testing, in which the reporter was repeatedly
removing and modprobing the bnx2 module while doing various other random
operations on the bnx2 registered net device.  Noting that this error occured on
a serdes based device, we noted that there were a few ethtool operations (most
notably self_test and set_phys_id) that have execution paths that lead into
bnx2_setup_serdes_phy.  This function is notable because it executes a mod_timer
call, which starts the bp->timer running.  Currently bnx2 is setup to assume
that this timer only nees to be stopped when bnx2_close or bnx2_suspend is
called.  Since the above ethtool operations are not gated on the net device
having been opened however, that assumption is incorrect, and can lead to the
timer still running after the module has been removed, leading to the oops above
(as well as other simmilar oopses).

Fix the problem by ensuring that the timer is stopped when pci_device_unregister
is called.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: Hushan Jia <hjia@redhat.com>
CC: Michael Chan <mchan@broadcom.com>
CC: "David S. Miller" <davem@davemloft.net>
Acked-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 years agoiwl4965: fix "Received BA when not expected"
Stanislaw Gruszka [Fri, 29 Apr 2011 15:51:56 +0000 (17:51 +0200)]
iwl4965: fix "Received BA when not expected"

Need to use broadcast sta_id for management frames, otherwise we broke
BA session in the firmware and get messages like that:

"Received BA when not expected"

or (on older kernels):

"BA scd_flow 0 does not match txq_id 10"

This fix regression introduced in 2.6.35 during station management
code rewrite by:

commit 2a87c26bbe9587baeb9e56d3ce0b4971bd777643
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Fri Apr 30 11:30:45 2010 -0700

    iwlwifi: use iwl_find_station less

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoiwlagn: fix "Received BA when not expected"
Stanislaw Gruszka [Fri, 29 Apr 2011 15:51:06 +0000 (17:51 +0200)]
iwlagn: fix "Received BA when not expected"

Need to use broadcast sta_id for management frames, otherwise we broke
BA session in the firmware and get messages like that:

"Received BA when not expected"

or (on older kernels):

"BA scd_flow 0 does not match txq_id 10"

This fix regression introduced in 2.6.35 during station management
code rewrite by:

commit 2a87c26bbe9587baeb9e56d3ce0b4971bd777643
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Fri Apr 30 11:30:45 2010 -0700

    iwlwifi: use iwl_find_station less

Patch partially resolve:
https://bugzilla.kernel.org/show_bug.cgi?id=16691
However, there are still 11n performance problems on 4965 and 5xxx
devices that need to be investigated.

Cc: stable@kernel.org # 2.6.35+
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
13 years agoworkqueue: fix deadlock in worker_maybe_bind_and_lock()
Tejun Heo [Fri, 29 Apr 2011 16:08:37 +0000 (18:08 +0200)]
workqueue: fix deadlock in worker_maybe_bind_and_lock()

If a rescuer and stop_machine() bringing down a CPU race with each
other, they may deadlock on non-preemptive kernel.  The CPU won't
accept a new task, so the rescuer can't migrate to the target CPU,
while stop_machine() can't proceed because the rescuer is holding one
of the CPU retrying migration.  GCWQ_DISASSOCIATED is never cleared
and worker_maybe_bind_and_lock() retries indefinitely.

This problem can be reproduced semi reliably while the system is
entering suspend.

 http://thread.gmane.org/gmane.linux.kernel/1122051

A lot of kudos to Thilo-Alexander for reporting this tricky issue and
painstaking testing.

stable: This affects all kernels with cmwq, so all kernels since and
        including v2.6.36 need this fix.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Thilo-Alexander Ginkel <thilo@ginkel.com>
Tested-by: Thilo-Alexander Ginkel <thilo@ginkel.com>
Cc: stable@kernel.org
13 years agoMerge branch 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 29 Apr 2011 14:54:48 +0000 (07:54 -0700)]
Merge branch 'omap-fixes-for-linus' of git://git./linux/kernel/git/tmlind/linux-omap-2.6

* 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6:
  OMAP3+: voltage: remove initial voltage
  OMAP4: Intialize IVA Device in addition to DSP device.
  omap: rx51: mark reserved memory earlier
  OMAP3: l3: fix for "irq 10: nobody cared" message
  arm: omap2: enable smc instruction for sleep34xx
  OMAP2/3: hwmod: fix gpio-reset timeouts seen during bootup.
  OMAP3: PM: Do not rely on ROM code to restore CM_AUTOIDLE_PLL.AUTO_PERIPH_DPLL
  OMAP2+: PM: Fix the saving of CM_AUTOIDLE_PLL register on scratchpad area
  OMAP4: clock data: Change DSS clock aliases
  OMAP2+: hwmod data: Fix wrong dma_system end address

13 years agoARM: 6891/1: prevent heap corruption in OABI semtimedop
Dan Rosenberg [Fri, 29 Apr 2011 14:48:07 +0000 (15:48 +0100)]
ARM: 6891/1: prevent heap corruption in OABI semtimedop

When CONFIG_OABI_COMPAT is set, the wrapper for semtimedop does not
bound the nsops argument.  A sufficiently large value will cause an
integer overflow in allocation size, followed by copying too much data
into the allocated buffer.  Fix this by restricting nsops to SEMOPM.
Untested.

Cc: stable@kernel.org
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
13 years agohwmon: (lm85) Fix error paths in probe function
Jean Delvare [Fri, 29 Apr 2011 14:33:36 +0000 (16:33 +0200)]
hwmon: (lm85) Fix error paths in probe function

We must remove all files we created, even in error cases.

Fixes second part of kernel bug #34072:
https://bugzilla.kernel.org/show_bug.cgi?id=34072

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
13 years agohwmon: (lm85) Add missing list terminators
Jean Delvare [Fri, 29 Apr 2011 14:33:36 +0000 (16:33 +0200)]
hwmon: (lm85) Add missing list terminators

Fixes kernel bug #34072:
https://bugzilla.kernel.org/show_bug.cgi?id=34072

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
13 years agohwmon: (adm1021) Clarify documentation regarding Xeon processors
Jean Delvare [Fri, 29 Apr 2011 14:33:36 +0000 (16:33 +0200)]
hwmon: (adm1021) Clarify documentation regarding Xeon processors

Recent Xeon processor thermal sensors are supported by the coretemp
driver and not the adm1021 driver. Only one old generation of Xeon
processors (the first Netburst ones) are supported by the adm1021
driver.

Reported-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
13 years agohwmon: (lm90) Fix update interval information in driver documentation
Guenter Roeck [Fri, 29 Apr 2011 14:33:35 +0000 (16:33 +0200)]
hwmon: (lm90) Fix update interval information in driver documentation

The lm90 driver's attribute update interval is configurable.
Reflect this information in the driver documentation.

Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
13 years agohwmon: (lm90) Add support for ADT7461A and NCT1008
Guenter Roeck [Fri, 29 Apr 2011 14:33:35 +0000 (16:33 +0200)]
hwmon: (lm90) Add support for ADT7461A and NCT1008

This patch adds support for ADT7461A and NCT1008 to the lm90 driver.
Both chips have identical functionality and report the same manufacturing ID
and device ID values.

Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
13 years agoALSA: HDA: Fix automute for Gateway NV79
David Henningsson [Fri, 29 Apr 2011 12:10:55 +0000 (14:10 +0200)]
ALSA: HDA: Fix automute for Gateway NV79

The PCI SSID is 1025:031c and the codec SSID is 1025:031d,
so the driver mistakes this for a SKU value, but looking at
the numbers, this is obviously wrong.

Cc: stable@kernel.org (2.6.38+)
BugLink: http://bugs.launchpad.net/bugs/761861
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
13 years agoMerge branch 'kprobes' of git://git.linaro.org/people/nico/linux into fixes
Russell King [Fri, 29 Apr 2011 10:02:45 +0000 (11:02 +0100)]
Merge branch 'kprobes' of git://git.linaro.org/people/nico/linux into fixes

13 years agohrtimer: Initialize CLOCK_ID to HRTIMER_BASE table statically
Thomas Gleixner [Thu, 28 Apr 2011 22:02:00 +0000 (00:02 +0200)]
hrtimer: Initialize CLOCK_ID to HRTIMER_BASE table statically

Sedat and Bruno reported RCU stalls which turned out to be caused by
the following;

sched_init() calls init_rt_bandwidth() which calls hrtimer_init()
_BEFORE_ hrtimers_init() is called. While not entirely correct this
worked because hrtimer_init() only accessed statically initialized
data (hrtimer_bases.clock_base[CLOCK_MONOTONIC])

Commit e06383db9 (hrtimers: extend hrtimer base code to handle more
then 2 clockids) added an indirection to the hrtimer_bases.clock_base
lookup to avoid gap handling in the hot path. The table which is used
for the translataion from CLOCK_ID to HRTIMER_BASE index is
initialized at runtime in hrtimers_init(). So the early call of the
scheduler code translates CLOCK_MONOTONIC to HRTIMER_BASE_REALTIME.

Thus the rt_bandwith timer ends up on CLOCK_REALTIME. If the timer is
armed and the wall clock time is set (e.g. ntpdate in the early boot
process - which also gives the problem deterministic behaviour
i.e. magic recovery after N hours), then the timer ends up with an
expiry time far into the future. That breaks the RT throttler
mechanism as rt runtime is accumulated and never cleared, so the rt
throttler detects a false cpu hog condition and blocks all RT tasks
until the timer finally expires. That in turn stalls the RCU thread of
TINYRCU which leads to an huge amount of RCU callbacks piling up.

Make the translation table statically initialized, so we are back to
the status of <= 2.6.39.

Reported-and-tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Reported-by: Bruno Prémont <bonbons@linux-vserver.org>
Cc: John stultz <johnstul@us.ibm.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/%3Calpine.LFD.2.02.1104282353140.3005%40ionos%3E
Reviewed-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
13 years ago[S390] irqstats: fix counting of pfault, dasd diag and virtio irqs
Heiko Carstens [Fri, 29 Apr 2011 08:42:19 +0000 (10:42 +0200)]
[S390] irqstats: fix counting of pfault, dasd diag and virtio irqs

pfault, dasd diag and virtio all use the same external interrupt number.
The respective interrupt handlers decide by the subcode if they are
meant to handle the interrupt.
Counting is currently done before looking at the subcode which means
each handler counts an interrupt even if it is not handling it.
Fix this by moving the kstat code after the code which looks at the
subcode.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
13 years agoALSA: hda: add beep quirk for Realtek 0x1043:831a
Daniel Cordero [Fri, 29 Apr 2011 06:18:06 +0000 (08:18 +0200)]
ALSA: hda: add beep quirk for Realtek 0x1043:831a

PC Beep was not being reported as enabled on my EeePC 901:
        SKU: enable_pcbeep=0x0

Signed-off-by: Daniel Cordero <danielcordero@lavabit.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
13 years agoARM: kprobes: Tidy-up kprobes-decode.c
Jon Medhurst [Tue, 19 Apr 2011 09:52:20 +0000 (10:52 +0100)]
ARM: kprobes: Tidy-up kprobes-decode.c

- Remove coding standard violations reported by checkpatch.pl
- Delete comment about handling of conditional branches which is no
  longer true.
- Delete comment at end of file which lists all ARM instructions. This
  duplicates data available in the ARM ARM and seems like an
  unnecessary maintenance burden to keep this up to date and accurate.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Add emulation of hint instructions like NOP and WFI
Jon Medhurst [Tue, 19 Apr 2011 09:52:19 +0000 (10:52 +0100)]
ARM: kprobes: Add emulation of hint instructions like NOP and WFI

Being able to probe NOP instructions is useful for hard-coding probeable
locations and is used by the kprobes test code.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Add emulation of SBFX, UBFX, BFI and BFC instructions
Jon Medhurst [Tue, 19 Apr 2011 09:52:18 +0000 (10:52 +0100)]
ARM: kprobes: Add emulation of SBFX, UBFX, BFI and BFC instructions

These bit field manipulation instructions occur several thousand
times in an ARMv7 kernel.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Add emulation of MOVW and MOVT instructions
Jon Medhurst [Tue, 19 Apr 2011 09:52:17 +0000 (10:52 +0100)]
ARM: kprobes: Add emulation of MOVW and MOVT instructions

The MOVW and MOVT instructions account for approximately 7% of all
instructions in a ARMv7 kernel as GCC uses them instead of a literal
pool.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of undefined data processing instructions
Jon Medhurst [Tue, 19 Apr 2011 09:52:16 +0000 (10:52 +0100)]
ARM: kprobes: Reject probing of undefined data processing instructions

The instruction decoding in space_cccc_000x needs to reject probing of
instructions with undefined patterns as they may in future become
defined and then emulated faultily - as has already happened with the
SMC instruction.

This fix is achieved by testing for the instruction patterns we want to
probe and making the the default fall-through paths reject probes. This
also allows us to remove some explicit tests for instructions that we
wish to reject, as that is now the default action.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Remove redundant code in space_1111
Jon Medhurst [Mon, 18 Apr 2011 07:53:58 +0000 (08:53 +0100)]
ARM: kprobes: Remove redundant code in space_1111

The tests to explicitly reject probing CPS, RFE and SRS instructions
are redundant as the default case is now to reject undecoded patterns.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of PLD instructions
Jon Medhurst [Mon, 18 Apr 2011 07:53:57 +0000 (08:53 +0100)]
ARM: kprobes: Fix emulation of PLD instructions

The PLD instructions wasn't being decoded correctly and the emulation
code wasn't adjusting PC correctly.

As the PLD instruction is only a performance hint we emulate it as a
simple nop, and we can broaden the instruction decoding to take into
account newer PLI and PLDW instructions.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of SETEND instructions
Jon Medhurst [Mon, 18 Apr 2011 07:53:56 +0000 (08:53 +0100)]
ARM: kprobes: Reject probing of SETEND instructions

The emulation of SETEND was broken as it changed the endianess for
the running kprobes handling code. Rather than adding a new simulation
routine to fix this we'll just reject probing of SETEND as these should
be very rare in the kernel.

Note, the function emulate_none is now unused but it is left in the
source code as future patches will use it.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Consolidate stub decoding functions
Jon Medhurst [Mon, 18 Apr 2011 07:53:55 +0000 (08:53 +0100)]
ARM: kprobes: Consolidate stub decoding functions

Following the change to remove support for coprocessor instructions
we are left with three stub functions which can be consolidated.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of all coprocessor instructions
Jon Medhurst [Mon, 18 Apr 2011 07:53:54 +0000 (08:53 +0100)]
ARM: kprobes: Reject probing of all coprocessor instructions

The kernel doesn't currently support VFP or Neon code, and probing of
code with CP15 operations is fraught with bad consequences. Therefore we
don't need the ability to probe coprocessor instructions and the code to
support this can be removed.

The removed code also had at least two bugs:
 - MRC into R15 should set CPSR not trash PC
 - LDC and STC which use PC as base register needed the address offset by 8

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of USAD8 instructions
Jon Medhurst [Tue, 12 Apr 2011 06:45:26 +0000 (07:45 +0100)]
ARM: kprobes: Fix emulation of USAD8 instructions

The USAD8 instruction wasn't being explicitly decoded leading
to the incorrect emulation routine being called. It can be correctly
decoded in the same way as the signed multiply instructions so we move
the decoding there.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of SMUAD, SMUSD and SMMUL instructions
Jon Medhurst [Tue, 12 Apr 2011 06:45:25 +0000 (07:45 +0100)]
ARM: kprobes: Fix emulation of SMUAD, SMUSD and SMMUL instructions

The signed multiply instructions were being decoded incorrectly.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of SXTB16, SXTB, SXTH, UXTB16, UXTB and UXTH instructions
Jon Medhurst [Tue, 12 Apr 2011 06:45:24 +0000 (07:45 +0100)]
ARM: kprobes: Fix emulation of SXTB16, SXTB, SXTH, UXTB16, UXTB and UXTH instructions

These sign extension instructions are encoded as extend-and-add
instructions where the register to add is specified as r15. The decoding
routines weren't checking for this and were using the incorrect
emulation code, giving incorrect results.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of undefined media instructions
Jon Medhurst [Tue, 12 Apr 2011 06:45:23 +0000 (07:45 +0100)]
ARM: kprobes: Reject probing of undefined media instructions

The instructions space for media instructions contains some undefined
patterns. We need to reject probing of these because they may in future
become defined and the kprobes code may then emulate them faultily.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Add emulation of RBIT instruction
Jon Medhurst [Tue, 12 Apr 2011 06:45:22 +0000 (07:45 +0100)]
ARM: kprobes: Add emulation of RBIT instruction

The v6T2 RBIT instruction was accidentally being emulated correctly,
this patch adds correct decoding for the instruction.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of LDRB instructions which load PC
Jon Medhurst [Tue, 12 Apr 2011 06:45:21 +0000 (07:45 +0100)]
ARM: kprobes: Reject probing of LDRB instructions which load PC

These instructions are specified as UNPREDICTABLE.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of LDRD and STRD instructions
Jon Medhurst [Fri, 8 Apr 2011 14:32:56 +0000 (15:32 +0100)]
ARM: kprobes: Fix emulation of LDRD and STRD instructions

The decoding of these instructions got the register indexed and
immediate indexed forms the wrong way around, causing incorrect
emulation.

Instructions like "LDRD Rx, [Rx]" were corrupting Rx because the base
register writeback was being performed unconditionally, overwriting the
value just loaded from memory. The fix is to only writeback the base
register when that form of the instruction is used. Note, now that we
reject probing writeback with PC the emulation code doesn't need the
check rn!=15.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of LDR/STR instructions which update PC unpredictably
Jon Medhurst [Fri, 8 Apr 2011 14:32:55 +0000 (15:32 +0100)]
ARM: kprobes: Reject probing of LDR/STR instructions which update PC unpredictably

Using PC as an base register with writeback is UNPREDICTABLE, as is non
word-sized loads or stores of PC. (We only really care about preventing
loads to PC but it keeps the code simpler if we also exclude stores.)

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of LDRH, STRH, LDRSB and LDRSH instructions
Jon Medhurst [Fri, 8 Apr 2011 14:32:54 +0000 (15:32 +0100)]
ARM: kprobes: Fix emulation of LDRH, STRH, LDRSB and LDRSH instructions

The decoding of these instructions got the register indexed and
immediate indexed forms the wrong way around, causing incorrect
emulation.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of STREX and LDREX instructions
Jon Medhurst [Fri, 8 Apr 2011 14:32:53 +0000 (15:32 +0100)]
ARM: kprobes: Reject probing of STREX and LDREX instructions

The emulation code for STREX and LDREX instructions is faulty, however,
rather than attempting to fix this we reject probes of these
instructions. We do this because they can never succeed in gaining
exclusive access as the exception framework clears the exclusivity
monitor when a probes breakpoint is hit. (This is a general problem
when probing all instructions executing between a LDREX and its
corresponding STREX and can lead to infinite retry loops.)

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of undefined multiply instructions
Jon Medhurst [Thu, 7 Apr 2011 12:25:19 +0000 (13:25 +0100)]
ARM: kprobes: Reject probing of undefined multiply instructions

The instructions space for 'Multiply and multiply-accumulate'
instructions contains some undefined patterns. We need to reject
probing of these because they may in future become defined and the
kprobes code may then emulate them faultily.

This has already happened with the new MLS instruction which this patch
also adds correct decoding for as well as tightening up other decoding
tests. (Before this patch the wrong emulation routine was being called
for MLS though it still produced correct results.)

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix error in comment
Jon Medhurst [Thu, 7 Apr 2011 12:25:18 +0000 (13:25 +0100)]
ARM: kprobes: Fix error in comment

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing of instructions which write to PC unpredictably.
Jon Medhurst [Thu, 7 Apr 2011 12:25:17 +0000 (13:25 +0100)]
ARM: kprobes: Reject probing of instructions which write to PC unpredictably.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of MRS instruction
Jon Medhurst [Thu, 7 Apr 2011 12:25:16 +0000 (13:25 +0100)]
ARM: kprobes: Fix emulation of MRS instruction

The MRS instruction should set mode and interrupt bits in the read value
so it is simpler to use a new simulation routine (simulate_mrs) rather
than some modified emulation.

prep_emulate_rd12 is now unused and removed.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Reject probing MRS instructions which read SPSR
Jon Medhurst [Thu, 7 Apr 2011 12:25:15 +0000 (13:25 +0100)]
ARM: kprobes: Reject probing MRS instructions which read SPSR

We need to reject probing of instructions which read SPSR because
we can't handle this as the value in SPSR is lost when the exception
handler for the probe breakpoint first runs.

This patch also fixes the bitmask for MRS instructions decoding to
include checking bits 5-7.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of Data-processing (immediate) instructions
Jon Medhurst [Wed, 6 Apr 2011 10:17:12 +0000 (11:17 +0100)]
ARM: kprobes: Fix emulation of Data-processing (immediate) instructions

Emulation of instructions like "ADD rd, rn, #<const>" would result in a
corrupted value for rd.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix emulation of CMP, CMN, TST and TEQ instructions.
Jon Medhurst [Wed, 6 Apr 2011 10:17:11 +0000 (11:17 +0100)]
ARM: kprobes: Fix emulation of CMP, CMN, TST and TEQ instructions.

Probing these instructions was corrupting R0 because the emulation code
didn't account for the fact that they don't write a result to a
register.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Remove redundant condition checks from simulation routines
Jon Medhurst [Wed, 6 Apr 2011 10:17:10 +0000 (11:17 +0100)]
ARM: kprobes: Remove redundant condition checks from simulation routines

Now we have the framework code handling conditionally executed
instructions we can remove redundant checks in individual simulation
routines.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agoARM: kprobes: Fix probing of conditionally executed instructions
Jon Medhurst [Wed, 6 Apr 2011 10:17:09 +0000 (11:17 +0100)]
ARM: kprobes: Fix probing of conditionally executed instructions

When a kprobe is placed onto conditionally executed ARM instructions,
many of the emulation routines used to single step them produce corrupt
register results. Rather than fix all of these cases we modify the
framework which calls them to test the relevant condition flags and, if
the test fails, skip calling the emulation code.

Signed-off-by: Jon Medhurst <tixy@yxit.co.uk>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
13 years agokprobes/arm: Fix ldrd/strd emulation
Viktor Rosendahl [Mon, 28 Mar 2011 15:56:05 +0000 (18:56 +0300)]
kprobes/arm: Fix ldrd/strd emulation

Currently emulate_ldrd and emulate_strd don't even have the adjustment
of the PC value, so in case of Rn == PC, it will not update the PC
incorrectly but instead load/store from the wrong address.  Let's add
both the adjustment of the PC value and the check for PC == PC.

Signed-off-by: Viktor Rosendahl <viktor.rosendahl@nokia.com>
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>