1. 21 Jul, 2015 9 commits
  2. 18 Jul, 2015 2 commits
  3. 17 Jul, 2015 1 commit
  4. 15 Jul, 2015 1 commit
    • Thomas Gleixner's avatar
      genirq: Revert sparse irq locking around __cpu_up() and move it to x86 for now · ce0d3c0a
      Thomas Gleixner authored
      Boris reported that the sparse_irq protection around __cpu_up() in the
      generic code causes a regression on Xen. Xen allocates interrupts and
      some more in the xen_cpu_up() function, so it deadlocks on the
      sparse_irq_lock.
      
      There is no simple fix for this and we really should have the
      protection for all architectures, but for now the only solution is to
      move it to x86 where actual wreckage due to the lack of protection has
      been observed.
      Reported-and-tested-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      Fixes: a8994181 'hotplug: Prevent alloc/free of irq descriptors during cpu up/down'
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: xiao jin <jin.xiao@intel.com>
      Cc: Joerg Roedel <jroedel@suse.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Yanmin Zhang <yanmin_zhang@linux.intel.com>
      Cc: xen-devel <xen-devel@lists.xenproject.org>
      ce0d3c0a
  5. 14 Jul, 2015 1 commit
  6. 11 Jul, 2015 1 commit
  7. 08 Jul, 2015 4 commits
    • Peter Zijlstra's avatar
      module: Fix load_module() error path · 758556bd
      Peter Zijlstra authored
      The load_module() error path frees a module but forgot to take it out
      of the mod_tree, leaving a dangling entry in the tree, causing havoc.
      
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Reported-by: default avatarArthur Marsh <arthur.marsh@internode.on.net>
      Tested-by: default avatarArthur Marsh <arthur.marsh@internode.on.net>
      Fixes: 93c2e105 ("module: Optimize __module_address() using a latched RB-tree")
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      758556bd
    • Linus Torvalds's avatar
      Fix broken audit tests for exec arg len · 45820c29
      Linus Torvalds authored
      The "fix" in commit 0b08c5e5 ("audit: Fix check of return value of
      strnlen_user()") didn't fix anything, it broke things.  As reported by
      Steven Rostedt:
      
       "Yes, strnlen_user() returns 0 on fault, but if you look at what len is
        set to, than you would notice that on fault len would be -1"
      
      because we just subtracted one from the return value.  So testing
      against 0 doesn't test for a fault condition, it tests against a
      perfectly valid empty string.
      
      Also fix up the usual braindamage wrt using WARN_ON() inside a
      conditional - make it part of the conditional and remove the explicit
      unlikely() (which is already part of the WARN_ON*() logic, exactly so
      that you don't have to write unreadable code.
      Reported-and-tested-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Cc: Jan Kara <jack@suse.cz>
      Cc: Paul Moore <pmoore@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      45820c29
    • Steven Rostedt (Red Hat)'s avatar
      tracing: Have branch tracer use recursive field of task struct · 6224beb1
      Steven Rostedt (Red Hat) authored
      Fengguang Wu's tests triggered a bug in the branch tracer's start up
      test when CONFIG_DEBUG_PREEMPT set. This was because that config
      adds some debug logic in the per cpu field, which calls back into
      the branch tracer.
      
      The branch tracer has its own recursive checks, but uses a per cpu
      variable to implement it. If retrieving the per cpu variable calls
      back into the branch tracer, you can see how things will break.
      
      Instead of using a per cpu variable, use the trace_recursion field
      of the current task struct. Simply set a bit when entering the
      branch tracing and clear it when leaving. If the bit is set on
      entry, just don't do the tracing.
      
      There's also the case with lockdep, as the local_irq_save() called
      before the recursion can also trigger code that can call back into
      the function. Changing that to a raw_local_irq_save() will protect
      that as well.
      
      This prevents the recursion and the inevitable crash that follows.
      
      Link: http://lkml.kernel.org/r/20150630141803.GA28071@wfg-t540p.sh.intel.com
      
      Cc: stable@vger.kernel.org # 3.10+
      Reported-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Tested-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      6224beb1
    • Thomas Gleixner's avatar
      hotplug: Prevent alloc/free of irq descriptors during cpu up/down · a8994181
      Thomas Gleixner authored
      When a cpu goes up some architectures (e.g. x86) have to walk the irq
      space to set up the vector space for the cpu. While this needs extra
      protection at the architecture level we can avoid a few race
      conditions by preventing the concurrent allocation/free of irq
      descriptors and the associated data.
      
      When a cpu goes down it moves the interrupts which are targeted to
      this cpu away by reassigning the affinities. While this happens
      interrupts can be allocated and freed, which opens a can of race
      conditions in the code which reassignes the affinities because
      interrupt descriptors might be freed underneath.
      
      Example:
      
      CPU1				CPU2
      cpu_up/down
       irq_desc = irq_to_desc(irq);
      				remove_from_radix_tree(desc);
       raw_spin_lock(&desc->lock);
      				free(desc);
      
      We could protect the irq descriptors with RCU, but that would require
      a full tree change of all accesses to interrupt descriptors. But
      fortunately these kind of race conditions are rather limited to a few
      things like cpu hotplug. The normal setup/teardown is very well
      serialized. So the simpler and obvious solution is:
      
      Prevent allocation and freeing of interrupt descriptors accross cpu
      hotplug.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Acked-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Cc: xiao jin <jin.xiao@intel.com>
      Cc: Joerg Roedel <jroedel@suse.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Yanmin Zhang <yanmin_zhang@linux.intel.com>
      Link: http://lkml.kernel.org/r/20150705171102.063519515@linutronix.de
      a8994181
  8. 07 Jul, 2015 10 commits
  9. 06 Jul, 2015 2 commits
  10. 04 Jul, 2015 4 commits
  11. 03 Jul, 2015 1 commit
  12. 02 Jul, 2015 1 commit
  13. 01 Jul, 2015 3 commits