1. 03 Feb, 2007 2 commits
    • Magnus Damm's avatar
      [PATCH] kexec: Avoid migration of already disabled irqs (ia64) · 29a00277
      Magnus Damm authored
      This patch fixes up ia64 kexec support for HP rx2620 hardware.  It does
      this by skipping migration of already disabled irqs.  This is most likely a
      problem on other ia64 platforms as well, but I've only been able to
      reproduce it on one machine so far.
      
      The full story is that handle_bad_irq() gets invoked before starting the
      new kernel without this patch.  This seems to happen when fixup_irqs()
      calls generic_handle_irq() on already migrated (and disabled) irqs.  So by
      avoiding migration of disabled irqs we stay away of handle_bad_irq().
      
      The code has been tested on three different ia64 machines, all with good
      results.  It is possible to trigger the same bug by offlining a processor
      using echo 0 > /sys/devices/system/cpu/cpuX/online.
      
      More detailed information is available in the following mail thread:
      http://lists.osdl.org/pipermail/fastboot/2007-January/thread.html#5774
      
      Signed-off-by: default avatarMagnus Damm <magnus@valinux.co.jp>
      Acked-by: default avatarSimon Horman <horms@verge.net.au>
      Acked-by: default avatarZou, Nanhai <nanhai.zou@intel.com>
      Acked-by: default avatarJay Lan <jlan@sgi.com>
      Acked-by: default avatar"Luck, Tony" <tony.luck@intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      29a00277
    • Ken Chen's avatar
      [PATCH] aio: fix buggy put_ioctx call in aio_complete - v2 · dee11c23
      Ken Chen authored
      An AIO bug was reported that sleeping function is being called in softirq
      context:
      
      BUG: warning at kernel/mutex.c:132/__mutex_lock_common()
      Call Trace:
           [<a000000100577b00>] __mutex_lock_slowpath+0x640/0x6c0
           [<a000000100577ba0>] mutex_lock+0x20/0x40
           [<a0000001000a25b0>] flush_workqueue+0xb0/0x1a0
           [<a00000010018c0c0>] __put_ioctx+0xc0/0x240
           [<a00000010018d470>] aio_complete+0x2f0/0x420
           [<a00000010019cc80>] finished_one_bio+0x200/0x2a0
           [<a00000010019d1c0>] dio_bio_complete+0x1c0/0x200
           [<a00000010019d260>] dio_bio_end_aio+0x60/0x80
           [<a00000010014acd0>] bio_endio+0x110/0x1c0
           [<a0000001002770e0>] __end_that_request_first+0x180/0xba0
           [<a000000100277b90>] end_that_request_chunk+0x30/0x60
           [<a0000002073c0c70>] scsi_end_request+0x50/0x300 [scsi_mod]
           [<a0000002073c1240>] scsi_io_completion+0x200/0x8a0 [scsi_mod]
           [<a0000002074729b0>] sd_rw_intr+0x330/0x860 [sd_mod]
           [<a0000002073b3ac0>] scsi_finish_command+0x100/0x1c0 [scsi_mod]
           [<a0000002073c2910>] scsi_softirq_done+0x230/0x300 [scsi_mod]
           [<a000000100277d20>] blk_done_softirq+0x160/0x1c0
           [<a000000100083e00>] __do_softirq+0x200/0x240
           [<a000000100083eb0>] do_softirq+0x70/0xc0
      
      See report: http://marc.theaimsgroup.com/?l=linux-kernel&m=116599593200888&w=2
      
      
      
      flush_workqueue() is not allowed to be called in the softirq context.
      However, aio_complete() called from I/O interrupt can potentially call
      put_ioctx with last ref count on ioctx and triggers bug.  It is simply
      incorrect to perform ioctx freeing from aio_complete.
      
      The bug is trigger-able from a race between io_destroy() and aio_complete().
      A possible scenario:
      
      cpu0                               cpu1
      io_destroy                         aio_complete
        wait_for_all_aios {                __aio_put_req
           ...                                 ctx->reqs_active--;
           if (!ctx->reqs_active)
              return;
        }
        ...
        put_ioctx(ioctx)
      
                                           put_ioctx(ctx);
                                              __put_ioctx
                                                bam! Bug trigger!
      
      The real problem is that the condition check of ctx->reqs_active in
      wait_for_all_aios() is incorrect that access to reqs_active is not
      being properly protected by spin lock.
      
      This patch adds that protective spin lock, and at the same time removes
      all duplicate ref counting for each kiocb as reqs_active is already used
      as a ref count for each active ioctx.  This also ensures that buggy call
      to flush_workqueue() in softirq context is eliminated.
      Signed-off-by: default avatar"Ken Chen" <kenchen@google.com>
      Cc: Zach Brown <zach.brown@oracle.com>
      Cc: Suparna Bhattacharya <suparna@in.ibm.com>
      Cc: Benjamin LaHaise <bcrl@kvack.org>
      Cc: Badari Pulavarty <pbadari@us.ibm.com>
      Cc: <stable@kernel.org>
      Acked-by: default avatarJeff Moyer <jmoyer@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dee11c23
  2. 02 Feb, 2007 19 commits
  3. 01 Feb, 2007 18 commits
  4. 31 Jan, 2007 1 commit
    • Linus Torvalds's avatar
      Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 · 190ff5b3
      Linus Torvalds authored
      * master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
        [NETFILTER]: xt_hashlimit: fix ip6tables dependency
        [SCTP]: Force update of the rto when processing HB-ACK
        [IPV6]: fix BUG of ndisc_send_redirect()
        [IPV6]: Fix up some CONFIG typos
        [NETFILTER]: SIP conntrack: fix out of bounds memory access
        [NETFILTER]: SIP conntrack: fix skipping over user info in SIP headers
        [NETFILTER]: xt_connbytes: fix division by zero
        [MAINTAINERS]: netfilter@ is subscribers-only
      190ff5b3