While testing our KVM code for s390 (starting and killall kvm in a loop)
I can reproduce the following oops:
Unable to handle kernel pointer dereference at virtual kernel address 6b6b6b6b6b6b6000 Oops: 0038 [#1] SMP
Modules linked in: dm_multipath sunrpc qeth_l3 qeth_l2 dm_mod qeth
ccwgroup CPU: 1 Not tainted 2.6.27-rc1 #54
Process kuli (pid: 4409, task: 00000000b6aa5940, ksp: 00000000b7343e10)
Krnl PSW : 0704e00180000000 00000000002e0b8c
(disassociate_ctty+0x1c0/0x288) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3
CC:2 PM:0 EA:3 Krnl GPRS: 0000000000000000 6b6b6b6b6b6b6b6b
0000000000000001 00000000000003a6 00000000002e0a46 00000000004b4160
0000000000000001 00000000bbd79758 00000000b7343e58 00000000b8854148
00000000bd34dea0 00000000b7343c20 0000000000000001 00000000004b6d08
00000000002e0a46 00000000b7343c20 Krnl Code: 00000000002e0b7e:
eb9fb0a00004 lmg %r9,%r15,160(%r11) 00000000002e0b84:
07f4 bcr 15,%r4 00000000002e0b86:
e31090080004 lg %r1,8(%r9) >00000000002e0b8c:
d501109cd000 clc 156(2,%r1),0(%r13) 00000000002e0b92:
a784ff5d brc 8,2e0a4c 00000000002e0b96:
b9040029 lgr %r2,%r9 00000000002e0b9a:
c0e5fffff9c3 brasl %r14,2dff20 00000000002e0ba0:
a7f4ff56 brc 15,2e0a4c Call Trace:
([<00000000002e0a46>] disassociate_ctty+0x7a/0x288)
[<0000000000141fe6>] do_exit+0x212/0x8d4
[<0000000000142708>] do_group_exit+0x60/0xcc
[<0000000000150660>] get_signal_to_deliver+0x270/0x3ac
[<000000000010bfd6>] do_signal+0x8e/0x8dc
[<0000000000113772>] sysc_sigpending+0xe/0x22
[<000001ff0000b134>] 0x1ff0000b134
INFO: lockdep is turned off.
Last Breaking-Event-Address:
[<00000000002e0a48>] disassociate_ctty+0x7c/0x288
Kernel panic - not syncing: Fatal exception: panic_on_oops
It seems that tty was already free in disassocate_ctty when it tries
to dereference tty->driver.
After moving the lock_kernel before the mutex_unlock, I can no longer
reproduce the problem.
[ This is a temporary partial fix for the documented and long standing
race in disassociate_tty. This stops most problem cases for now.
For the next release the -next tree has an initial implementation of
kref counting for tty structures and this quickfix will be dropped.
- Alan ]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by; Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus-merged' of master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 5177/1: arm/mach-sa1100/Makefile: remove CONFIG_SA1100_USB
[ARM] 5166/1: magician: add MAINTAINERS entry
[ARM] fix pnx4008 build errors
[ARM] Fix SMP booting with non-zero PHYS_OFFSET
[ARM] 5185/1: Fix spi num_chipselect for lubbock
[ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach
[ARM] Add support for arch/arm/mach-*/include and arch/arm/plat-*/include
[ARM] Remove asm/hardware.h, use asm/arch/hardware.h instead
[ARM] Eliminate useless includes of asm/mach-types.h
[ARM] Fix circular include dependency with IRQ headers
avr32: Use <mach/foo.h> instead of <asm/arch/foo.h>
avr32: Introduce arch/avr32/mach-*/include/mach
avr32: Move include/asm-avr32 to arch/avr32/include/asm
[ARM] sa1100_wdt: use reset_status to remember watchdog reset status
[ARM] pxa: introduce reset_status and clear_reset_status for driver's usage
[ARM] pxa: introduce reset.h for reset specific header information
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (99 commits)
pkt_sched: Fix actions referencing
bnx2x: fix logical op
tcp: (whitespace only) fix confusing indentation
pkt_sched: Fix qdisc config when link is down.
[Bluetooth] Add full quirk implementation for btusb driver
[Bluetooth] Removal of unnecessary ignore module parameter
[Bluetooth] Add parameters to control BNEP header compression
ath9k: Revamp wireless mode usage
ath9k: More unused macros
ath9k: Remove a few unused macros and fix indentation
ath9k: Use mac80211's band macros and remove enum hal_freq_band
ath9k: Remove redundant data structure ath9k_txq_info
ath9k: Cleanup data structures related to HW capabilities
ath9k: work around gcc ICEs
ath9k: Add new Atheros IEEE 802.11n driver
ath5k: remove Atheros 11n devices from supported list
list.h: add list_cut_position()
list.h: Add list_splice_tail() and list_splice_tail_init()
p54: swap short slot time dcf values
rt2x00: Block all unsupported modes
...
This driver was declared obsolete over 2 years ago, the alternative
console driver for legacy iSeries (hvc_iseries) was made the default
over 1 year ago and this driver has been build broken for over 3
months, so remove it.
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Remove includes of asm/hardware.h in addition to asm/arch/hardware.h.
Then, since asm/hardware.h only exists to include asm/arch/hardware.h,
update everything to directly include asm/arch/hardware.h and remove
asm/hardware.h.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
The bogus code to call into the n_tty layer got removed in commit
8bc5fb6abb ("Remove bogons from the
iSeries console"), but it left a now uninitialized "return ret;" around.
Not that this code has ever even compiled since the BKL pushdown, since
not only is "ret" no longer initialized, it was never actually declared
even originally.
Replace it with a "return -ENOIOCTLCMD"
Pointed-out-by: Paul Mackerras <paulus@samba.org>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
commit 9e98966c7b (tty: rework break handling)
forgot to update one exit point of rs_break() in the Amiga serial driver.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The iSeries driver calls into the n_tty ldisc code directly for some
bizarre reason. I previously tagged this with a query but this actually
does need fixing as n_tty methods when you have a different ldisc set are
not a good thing to call.
In n_tty mode this change should have no effect, the core tty layer has
always called the ldisc ioctl method *anyway* and will call the one for
the right ldisc.
Signed-off-by: Alan Cox <alan@redhat.com>
Acked-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
powerpc: Remove use of CONFIG_PPC_MERGE
powerpc: Force printing of 'total_memory' to unsigned long long
powerpc: Fix compiler warning in arch/powerpc/mm/mem.c
powerpc: Move include files to arch/powerpc/include/asm
2.6.26 corrected the mutex locking on tty resizing to fix the case where
you could get the tty/vt sizing out of sync. That turns out to have a
deadlock.
The actual fix is really major and I've got it lined up as part of the ops
changes for 2.6.28 so for 2.6.26/2.6.27 it is safer to reintroduce this
ages old minor bug.
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
from include/asm-powerpc. This is the result of a
mkdir arch/powerpc/include/asm
git mv include/asm-powerpc/* arch/powerpc/include/asm
Followed by a few documentation/comment fixups and a couple of places
where <asm-powepc/...> was being used explicitly. Of the latter only
one was outside the arch code and it is a driver only built for powerpc.
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Currently function tty_ldisc_get() tries to load an ldisc driver module
only when tty_ldisc_try_get() returns -EAGAIN. This happens only if
module is being unloaded. If ldisc module is not loaded
tty_ldisc_try_get() returns -EINVAL and this case is not handled in
tty_ldisc_get(), so request_module() is not called.
Attached patch fixes this by calling request_module() if
tty_ldisc_try_get() returned any error code.
I discovered this when my UMTS modem stopped working with 2.6.27-rc1
because module ppp_async was not loaded.
Signed-off-by: Eugeniy Meshcheryakov <eugen@debian.org>
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/mm: Lockless get_user_pages_fast() for 64-bit (v3)
powerpc: Don't use the wrong thread_struct for ptrace get/set VSX regs
powerpc: Fix ptrace buffer size for VSX
powerpc: Correctly hookup PTRACE_GET/SETVSRREGS for 32 bit processes
ide/powermac: Fix use of uninitialized pointer on media-bay
powerpc: Allow non-hcall return values for lparcfg writes
ipmi/powerpc: Use linux/of_{device,platform}.h instead of asm
powerpc/fsl: proliferate simple-bus compatibility to soc nodes
Documentation: remove old sbc8260 board specific information
cpm2: Rework baud rate generators configuration to support external clocks.
powerpc: rtc_cmos_setup: assign interrupts only if there is i8259 PIC
cpm_uart: Add generic clock API support to set baudrates
cpm_uart: Modem control lines support
powerpc: implement GPIO LIB API on CPM1 Freescale SoC.
cpm2: Implement GPIO LIB API on CPM2 Freescale SoC.
powerpc: Fix 8xx build failure
powerpc: clean up the Book-E HW watchpoint support
The GET_MAJOR ioctl prints out a warning, make it ratelimited.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Drivers should not include the asm variants anymore
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
There's a brown paper bag compile failure introduced by this patch
commit a013869248
Author: David Sterba <dsterba@suse.cz>
Date: Mon Jul 28 16:53:32 2008 +0200
ipwireless: Preallocate received packet buffers with MRU size
Really, it can't ever have been even compile tested. It looks like the
closing bracket is in the wrong place, so this is the fix.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ipwireless: Preallocate received packet buffers with MRU size
Packets are assembled from link size (~300 bytes) up to PPP MRU
(1500 by default). Try to preallocate full size rather than
repeatedly advance buffer size by 256 bytes.
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ipwireless: Put packets to pool start
Put packets to pool start, try to reuse cached memory.
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ipwireless: Increase PPP outgoing queue size
Increase default size of PPP outgoing queue. Currently set to 1, which
means that a packet quickly following another pushed by PPP must wait
until hardware actually sends the previous and PPP has to be waken up
by ppp_wakeup(). This slows down upstream.
Now PPP can push more packets at once which get buffered inside driver
and pushed immediatelly to hardware when previous packet is out.
Experiments show that size = 10 is quite good for all connection types
(GPRS/EDGE/UMTS) and gains 4 KB/sec of upload for UMTS for batch uploads.
Need for higher queue size than 10 occures in only < 0.1 % of cases.
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ipwireless: Explicitly request io and mem regions
Documentation/pcmcia/driver-changes.txt says, that driver should call request_region
for used memory/io regions since PCMCIA does not do this (since 2.6.8).
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ipwireless: Do not return value from sending funcs
Do not return value from do_send_fragment and do_send_packet, it's not used.
The packet size checks are not useful too:
* zero length packet will never be sent, caller always passes packet_header
size which is either 1 or 3
* MTU check is done in caller, no need to repeat
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ipwireless: Misc cleanups
- remove likely() and some extra () in ifs
- use unsigned in for loops
- remove useless typecasts
- remove obvious comments
- add () around ?:
Signed-off-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
commit 236b8756a2 ("dsp56k: BKL pushdown")
removed the `struct inode *inode' parameter from dsp56k_ioctl(), but
forgot to update the use of `inode' in the first line of the function.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The following functions can now become static:
- rtc_interrupt()
- rtc_get_rtc_time()
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Bernhard Walle <bwalle@suse.de>
Acked-by: Paul Gortmaker <p_gortmaker@yahoo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Use the correct data types for the size parameters in tpm_write() and
tpm_read(). Note that rw_verify_area() makes sure that this bug cannot
be exploited to produce a buffer overrun.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Cc: Marcel Selhorst <tpm@selhorst.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch increases size of driver internal response buffers. Some TPM
responses defined in TCG TPM Specification Version 1.2 Revision 103 have
increased size and do not fit previously defined buffers. Some TPM
responses do not have fixed size, so bigger response buffers have to be
allocated. 200B buffers should be enough.
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Marcin Obara <marcin_obara@users.sourceforge.net>
Cc: Marcel Selhorst <tpm@selhorst.net>
Cc: Kylene Jo Hall <kjhall@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch makes two needlessly global structs static.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Marcel Selhorst <tpm@selhorst.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/nwflash.c: In function 'flash_read':
drivers/char/nwflash.c:129: error: 'p' undeclared (first use in this function)
drivers/char/nwflash.c:129: error: (Each undeclared identifier is reported only once
drivers/char/nwflash.c:129: error: for each function it appears in.)
drivers/char/nwflash.c:129: error: 'count' undeclared (first use in this function)
drivers/char/nwflash.c:136: warning: passing argument 4 of 'simple_read_from_buffer' discards qualifiers from pointer target type
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
With the removal of the Solaris binary emulation the export of
proc_clear_tty became unused.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Remove a support of ISA addresses predefined at compile time. It is
unused (filled by zeroes) and prolongs the code. Don't initialize global
array and add `ioaddr' module param description.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
- use dev_* for printing in pci probe function
- move ISA p[rints directly into isa find function, do not postpone it.
Remove macros bound to it then.
- prepend some prints by "mxser: " to know what it belongs to
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>