| Age | Commit message (Collapse) | Author |
|---|
|
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
"Fix for my braino in replace_fd(), dhowell's fix for the fallout from
over-enthusiastic bo^Wdeclaration movements plus crapectomy that
should've happened a long time ago (SEL_... definitions)."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
bury SEL_{IN,OUT,EX}
Unexport some bits of linux/fs.h
fix a leak in replace_fd() users
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pinctrl fixes from Linus Walleij:
"A number of pinctrl fixes for the v3.7 series:
- duplicate includes, section markup, code mishaps
- erroneous return value in errorpath on the bcm2835 driver
- remove an unused sirf function that was causing build errors
- multiple-platform compilation stubs and a missed code review
comment fixup on the nomadik pin controller"
* tag 'pinctrl-fixes-v3.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl/nomadik: always use the simple irqdomain
pinctrl/nomadik: provide stubs for legacy Nomadik
pinctrl: remove duplicated include from pinctrl-xway.c
pinctrl: sirf: remove sirfsoc_gpio_set_pull function
pinctrl: fix return value in bcm2835_pinctrl_probe()
pinctrl: remove duplicated include from pinctrl-bcm2835.c
pinctrl: bcm2835: Use existing pointer to struct device
pinctrl: samsung: use __devinit section for init code
|
|
Merge emailed patches from Corey Minyard:
"Remove some bogus docs, Fix ACPI/IPMI interactions, fix some warnings,
and add register spacing detection for PCI interfaces."
* ipmi:
IPMI: Detect register spacing on PCI interfaces
IPMI: Fix some uninitialized warning
IPMI: Change link order
ACPI: Reorder IPMI driver before any other ACPI drivers
IPMI: Remove SMBus driver info from the docs
|
|
The IPMI spec defines a way to detect register spacing for PCI interfaces,
so implement it.
Signed-off-by: Steven Hsieh <sshsieh@broadcom.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
There was a spot where the compiler couldn't tell some variables
would be set. So initialize them to make the warning go away.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
IPMI must be initialised before ACPI in order to ensure that any IPMI
services are available before ACPI driver initialisation attempts to use
any IPMI operation regions.
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Drivers may make calls that require the ACPI IPMI driver to have been
initialised already, so make sure that it appears earlier in the build
order.
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Some documentation for the SMBus driver is in the IPMI docs, but that
code is not in the kernel tree at this point. So remove the docs to
avoid confusion.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Signed-off-by: Bryan Wu <cooloney@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
When reading /proc/pid/numa_maps, it's possible to return the contents of
the stack where the mempolicy string should be printed if the policy gets
freed from beneath us.
This happens because mpol_to_str() may return an error the
stack-allocated buffer is then printed without ever being stored.
There are two possible error conditions in mpol_to_str():
- if the buffer allocated is insufficient for the string to be stored,
and
- if the mempolicy has an invalid mode.
The first error condition is not triggered in any of the callers to
mpol_to_str(): at least 50 bytes is always allocated on the stack and this
is sufficient for the string to be written. A future patch should convert
this into BUILD_BUG_ON() since we know the maximum strlen possible, but
that's not -rc material.
The second error condition is possible if a race occurs in dropping a
reference to a task's mempolicy causing it to be freed during the read().
The slab poison value is then used for the mode and mpol_to_str() returns
-EINVAL.
This race is only possible because get_vma_policy() believes that
mm->mmap_sem protects task->mempolicy, which isn't true. The exit path
does not hold mm->mmap_sem when dropping the reference or setting
task->mempolicy to NULL: it uses task_lock(task) instead.
Thus, it's required for the caller of a task mempolicy to hold
task_lock(task) while grabbing the mempolicy and reading it. Callers with
a vma policy store their mempolicy earlier and can simply increment the
reference count so it's guaranteed not to be freed.
Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
There was a serious disconnect in the logic happening in
sparc_pmu_disable_event() vs. sparc_pmu_enable_event().
Event disable is implemented by programming a NOP event into the PCR.
However, event enable was not reversing this operation. Instead, it
was setting the User/Priv/Hypervisor trace enable bits.
That's not sparc_pmu_enable_event()'s job, that's what
sparc_pmu_enable() and sparc_pmu_disable() do .
The intent of sparc_pmu_enable_event() is clear, since it first clear
out the event type encoding field. So fix this by OR'ing in the event
encoding rather than the trace enable bits.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Commit 1d5783030a1 (ipv6/addrconf: speedup /proc/net/if_inet6 filling)
added bugs hiding some devices from if_inet6 and breaking applications.
"ip -6 addr" could still display all IPv6 addresses, while "ifconfig -a"
couldnt.
One way to reproduce the bug is by starting in a shell :
unshare -n /bin/bash
ifconfig lo up
And in original net namespace, lo device disappeared from if_inet6
Reported-by: Jan Hinnerk Stosch <janhinnerk.stosch@gmail.com>
Tested-by: Jan Hinnerk Stosch <janhinnerk.stosch@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Mihai Maruseac <mihai.maruseac@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Since commit a3348722 AFEX FCoE function is continuously reset.
The patch prevents the resetting and removes debug print
to stop garbaging syslog.
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com>
Signed-off-by: Ariel Elior <ariele@broadcom.com>
Signed-off-by: Eilon Greenstein <eilong@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The recovery thread, when failing, tears down the respective interface. To do
so, it needs to obtain the rtnl lock first, as the interface configuration is
changed.
If another process tries to modify an interface setting at the same time, that
process can obtain the rtnl lock first, but the respective callback in the qeth
driver will block until recovery has completed - which cannot happen since the
calling process already obtained it.
In one particular case, the bonding driver acquired the rtnl lock to modify the
card's MAC address, while the recovery failed at the same time due to the card
being removed. Hence qeth_l2_set_mac_address (implicitly holding the rtnl lock)
was waiting on qeth_l2_recover, which deadlocked when waiting on the rtnl lock.
This patch uses rtnl_trylock instead of rtnl_lock in the recovery thread. If the
lock cannot be obtained, the interface will be left up, but the card state
remains in CARD_STATE_RECOVER, which will prevent any further activities on the
card.
Signed-off-by: Stefan Raspl <raspl@linux.vnet.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Reviewed-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
smsg_pm_restore_thaw() uses wrong checking before reconnecting
the IUCV path to *MSG. It is corrected with this patch.
Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <frank.blaschka@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Bug introduced by commit edfee0339e681a784ebacec7e8c2dc97dc6d2839
(sctp: check src addr when processing SACK to update transport state)
Signed-off-by: Zijie Pan <zijie.pan@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
In vlan_uses_dev() check for number of vlan devs rather than existence
of vlan_info. The reason is that vlan id 0 is there without appropriate
vlan dev on it by default which prevented from enslaving vlan challenged
dev.
Reported-by: Jon Stanley <jstanley@rmrf.net>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Had not been used for more than a decade and half; it used
to be a part of (in-kernel) ->select() API and it has been pining
for fjords since 2.1.23pre1. This is an ex-parrot...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
There are some bits of linux/fs.h which are only used within the kernel and
shouldn't be in the UAPI. Move these from uapi/linux/fs.h into linux/fs.h.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
replace_fd() began with "eats a reference, tries to insert into
descriptor table" semantics; at some point I'd switched it to
much saner current behaviour ("try to insert into descriptor
table, grabbing a new reference if inserted; caller should do
fput() in any case"), but forgot to update the callers.
Mea culpa...
[Spotted by Pavel Roskin, who has really weird system with pipe-fed
coredumps as part of what he considers a normal boot ;-)]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes
minor set of nouveau fixes.
* 'drm-nouveau-fixes' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
drm/nouveau/bios: fix typo in error message
drm/nouveau: only call ttm_agp_tt_create when __OS_HAS_AGP
drm/nv50/fb: fix double free of vram mm
drm/nouveau/pm: do not stop reclocking if failing to set the fan speed
drm/nouveau/pm: fix a typo related to the move to the therm subdev
drm/nouveau/hwmon: fix the initialization condition
|
|
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
|
ttm_agp_tt_create is itself defined under CONFIG_AGP, so there's no
point calling it otherwise.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
|
nouveau_fb_destroy already calls nouveau_mm_fini on vram mm.
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
|
With the introduction of fan management modes, fan may not be drivable.
We should allow reclocking nonetheless.
This return was stupid to begin with since it may have left the card
in an intermediate state (clocks corresponding to a perflvl and voltage
corresponding to another one). The reclocking code will need to be
rewritten in a near-future in order to provide a better error handling.
Reported-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Signed-off-by: Martin Peres <martin.peres@labri.fr>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
|
Reported-by: Vekin on IRC
Reported-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Martin Peres <martin.peres@labri.fr>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
|
Signed-off-by: Martin Peres <martin.peres@labri.fr>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
|
|
This cast was causing a warning on 32-bit builds.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
drivers/gpu/drm/radeon/radeon_atpx_handler.c:151:3: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'size_t'
[airlied: Alex had others fixed already, except for atpx one]
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
into drm-fixes
Alex writes:
"This is the first -fixes pull for 3.7. I would have preferred
to have gotten it out a bit sooner, but I was on holiday last week.
- Cleanup of the new 2 level page table code it get it in
better shape and using less memory.
- Fix some display issues related to the PLL rework.
- Fix some cmpiler warnings and errors with certain config
options.
- Other misc bug fixes."
* 'drm-fixes-3.7' of git://people.freedesktop.org/~agd5f/linux:
drm/radeon: fix spelling typos in debugging output
drm/radeon: Don't destroy I2C Bus Rec in radeon_ext_tmds_enc_destroy().
drm/radeon: check if pcie gen 2 is already enabled (v2)
drm/radeon/cayman: set VM max pfn at MC init
drm/radeon: separate pt alloc from lru add
drm/radeon: don't add the IB pool to all VMs v2
drm/radeon: allocate page tables on demand v4
drm/radeon: update comments to clarify VM setup (v2)
drm/radeon: allocate PPLLs from low to high
drm/radeon: fix compilation with backlight disabled
drm/radeon: use %zu for formatting size_t
|
|
git://people.freedesktop.org/~danvet/drm-intel into drm-fixes
Daniel writes:
"- some register magic to fix hsw crw (Paulo&Ben)
- fix backlight destruction for cpu edp (Jani)
- fix gen ch7xxx dvo ->get_hw_state
- fixup the plane->pipe fixup code, the broken version massively angers
the modeset sanity checks
- kill pipe A quirk for i855gm, otherwise I get a black screen with the
above patch
- fixup for gem_get_page helper (Chris)
- fixup guardband clipping w/a (Ken), without this mesa master can erronously
drop vertices on snb, mesa 9.0 has the optimization reverted
- another pageflip vs. modeset fix
- kill bogus BUG_ON which broke ums+gem from Willy Tarreau (gasp, people
are still using this!)"
* 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
drm/i915: fix non-DP-D eDP backlight cleanup and module reload
drm/i915: HSW CRW stability magic
drm/i915/dvo-ch7xxx: fix get_hw_state
drm/i915: fixup the plane->pipe fixup code
drm/i915: rip out the pipe A quirk for i855gm
drm/i915: disable wc gtt pte mappings on gen2
drm/i915: fixup i915_gem_object_get_page inline helper
drm/i915: Disallow preallocation of requests
drm/i915: Set guardband clipping workaround bit in the right register.
drm/i915: paper over a pipe-enable vs pageflip race
drm/i915: remove useless BUG_ON which caused a regression in 3.5.
|
|
Commit 023614183768 ("thermal: add generic cpufreq cooling
implementation") requires cpufreq_frequency_get_table(), but that
function is only defined for CONFIG_CPU_FREQ_TABLE resulting in the
following build error:
drivers/built-in.o: In function `cpufreq_get_max_state':
drivers/thermal/cpu_cooling.c:259: undefined reference to `cpufreq_frequency_get_table'
drivers/built-in.o: In function `get_cpu_frequency':
drivers/thermal/cpu_cooling.c:129: undefined reference to `cpufreq_frequency_get_table'
Fix it by selecting CONFIG_CPU_FREQ_TABLE for such a configuration.
It turns out CONFIG_EXYNOS_THERMAL also needs CONFIG_CPU_FREQ_TABLE, so
select it there as well.
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Commit fe04ddf7c291 ("kbuild: Do not package /boot and /lib in make
tar-pkg") accidentally reverted two previous kbuild commits. I don't
know what I was thinking.
This brings back changes made by commits 24cc7fb69a5b ("x86/kbuild:
archscripts depends on scripts_basic") and c1c1a59e37da ("firmware: fix
directory creation rule matching with make 3.80")
Reported-by: Jan Beulich <JBeulich@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
radeon_i2c_fini() walks thru the list of I2C bus recs rdev->i2c_bus[]
to destroy each of them.
radeon_ext_tmds_enc_destroy() however also has code to destroy it's
associated I2C bus rec which has been obtained by radeon_i2c_lookup()
and is therefore also in the i2c_bus[] list.
This causes a double free resulting in a kernel panic when unloading
the radeon driver.
Removing destroy code from radeon_ext_tmds_enc_destroy() fixes this
problem.
agd5f: fix compiler warning
Signed-off-by: Egbert Eich <eich@suse.de>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
|
|
If so, skip enabling it to save time.
v2: coding style fixes
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
No need to emit them at VM flush as we no longer use
variable sized page tables now that we support 2 level
page tables. This matches the behavior of SI (which
does not support variable sized page tables).
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
|
|
Make it possible to allocate a persistent page table.
Signed-off-by: Christian König <deathsimple@vodafone.de>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
We want to use VMs without the IB pool in the future.
v2: also remove it from radeon_vm_finish.
Signed-off-by: Christian König <deathsimple@vodafone.de>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Based on Dmitries work, but splitting the code into page
directory and page table handling makes it far more
readable and (hopefully) more reliable.
Allocations of page tables are made from the SA on demand,
that should still work fine since all page tables are of
the same size.
Also using the fact that allocations from the SA are mostly
continuously (except for end of buffer wraps and under very
high memory pressure) to group updates send to the chipset
specific code into larger chunks.
v3: mostly a rewrite of Dmitries previous patch.
v4: fix some typos and coding style
Signed-off-by: Dmitry Cherkasov <Dmitrii.Cherkasov@amd.com>
Signed-off-by: Christian König <deathsimple@vodafone.de>
Tested-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
The actual set up and assignment of VM page tables
is done on the fly in radeon_gart.c.
v2: update vm size comments
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
|
|
The order shouldn't matter, but there have been problems
reported on certain older asics. This behaves more
like the original code before the PPLL allocation
rework.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: Markus Trippelsdorf <markus@trippelsdorf.de>
|
|
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Fixes compiler warnings on 32bit.
Signed-off-by: Luca Tettamanti <kronos.it@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
|
|
Update file paths in Documentation/DocBook/networking.tmpl for uapi headers.
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Certain configurations won't implicitly pull in <linux/pagemap.h> resulting
in the following build error:
mm/huge_memory.c: In function 'release_pte_page':
mm/huge_memory.c:1697:2: error: implicit declaration of function 'unlock_page' [-Werror=implicit-function-declaration]
mm/huge_memory.c: In function '__collapse_huge_page_isolate':
mm/huge_memory.c:1757:3: error: implicit declaration of function 'trylock_page' [-Werror=implicit-function-declaration]
cc1: some warnings being treated as errors
Reported-by: David Daney <david.daney@cavium.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Daniel Mack reports an oops at boot with the latest kernels:
Internal error: Oops - undefined instruction: 0 [#1] SMP THUMB2
Modules linked in:
CPU: 0 Not tainted (3.6.0-11057-g584df1d #145)
PC is at cpsw_probe+0x45a/0x9ac
LR is at trace_hardirqs_on_caller+0x8f/0xfc
pc : [<c03493de>] lr : [<c005e81f>] psr: 60000113
sp : cf055fb0 ip : 00000000 fp : 00000000
r10: 00000000 r9 : 00000000 r8 : 00000000
r7 : 00000000 r6 : 00000000 r5 : c0344555 r4 : 00000000
r3 : cf057a40 r2 : 00000000 r1 : 00000001 r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 50c5387d Table: 8f3f4019 DAC: 00000015
Process init (pid: 1, stack limit = 0xcf054240)
Stack: (0xcf055fb0 to 0xcf056000)
5fa0: 00000001 00000000 00000000 00000000
5fc0: cf055fb0 c000d1a8 00000000 00000000 00000000 00000000 00000000 00000000
5fe0: 00000000 be9b3f10 00000000 b6f6add0 00000010 00000000 aaaabfaf a8babbaa
The analysis of this is as follows. In init/main.c, we issue:
kernel_thread(kernel_init, NULL, CLONE_FS | CLONE_SIGHAND);
This creates a new thread, which falls through to the ret_from_fork
assembly, with r4 set NULL and r5 set to kernel_init. You can see
this in your oops dump register set - r5 is 0xc0344555, which is the
address of kernel_init plus 1 which marks the function as Thumb code.
Now, let's look at this code a little closer - this is what the
disassembly looks like:
c000d180 <ret_from_fork>:
c000d180: f03a fe08 bl c0047d94 <schedule_tail>
c000d184: 2d00 cmp r5, #0
c000d186: bf1e ittt ne
c000d188: 4620 movne r0, r4
c000d18a: 46fe movne lr, pc <-- XXXXXXX
c000d18c: 46af movne pc, r5
c000d18e: 46e9 mov r9, sp
c000d190: ea4f 3959 mov.w r9, r9, lsr #13
c000d194: ea4f 3949 mov.w r9, r9, lsl #13
c000d198: e7c8 b.n c000d12c <ret_to_user>
c000d19a: bf00 nop
c000d19c: f3af 8000 nop.w
This code was introduced in 9fff2fa0db911 (arm: switch to saner
kernel_execve() semantics). I have marked one instruction, and it's
the significant one - I'll come back to that later.
Eventually, having had a successful call to kernel_execve(), kernel_init()
returns zero.
In returning, it uses the value in 'lr' which was set by the instruction
I marked above. Unfortunately, this causes lr to contain 0xc000d18e -
an even address. This switches the ISA to ARM on return but with a non
word aligned PC value.
So, what do we end up executing? Well, not the instructions above - yes
the opcodes, but they don't mean the same thing in ARM mode. In ARM mode,
it looks like this instead:
c000d18c: 46e946af strbtmi r4, [r9], pc, lsr #13
c000d190: 3959ea4f ldmdbcc r9, {r0, r1, r2, r3, r6, r9, fp, sp, lr, pc}^
c000d194: 3949ea4f stmdbcc r9, {r0, r1, r2, r3, r6, r9, fp, sp, lr, pc}^
c000d198: bf00e7c8 svclt 0x0000e7c8
c000d19c: 8000f3af andhi pc, r0, pc, lsr #7
c000d1a0: e88db092 stm sp, {r1, r4, r7, ip, sp, pc}
c000d1a4: 46e81fff ; <UNDEFINED> instruction: 0x46e81fff
c000d1a8: 8a00f3ef bhi 0xc004a16c
c000d1ac: 0a0cf08a beq 0xc03493dc
I have included more above, because it's relevant. The PSR flags which
we can see in the oops dump are nZCv, so Z and C are set.
All the above ARM instructions are not executed, except for two.
c000d1a0, which has no writeback, and writes below the current stack
pointer (and that data is lost when we take the next exception.) The
other instruction which is executed is c000d1ac, which takes us to...
0xc03493dc. However, remember that bit 1 of the PC got set. So that
makes the PC value 0xc03493de.
And that value is the value we find in the oops dump for PC. What is
the instruction here when interpreted in ARM mode?
0: f71e150c ; <UNDEFINED> instruction: 0xf71e150c
and there we have our undefined instruction (remember that the 'never'
condition code, 0xf, has been deprecated and is now always executed as
it is now being used for additional instructions.)
This path also nicely explains the state of the stack we see in the oops
dump too.
The above is a consistent and sane story for how we got to the oops
dump, which all stems from the instruction at 0xc000d18a being wrong.
Reported-by: Daniel Mack <zonque@gmail.com>
Tested-by: Daniel Mack <zonque@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
Linus Torvalds
Corey Minyard
Matthew Garrett
Bryan Wu
David Rientjes
David S. Miller
Eric Dumazet
Dmitry Kravkov
Stefan Raspl
Hendrik Brueckner
Zijie Pan
Jiri Pirko
Al Viro
David Howells
Dave Airlie
Ben Skeggs
Max Filippov
Marcin Slusarz
Martin Peres
Randy Dunlap
Michal Marek
Thomas Friebel
Egbert Eich
Alex Deucher
Christian König
Luca Tettamanti
Ralf Baechle
Russell King