In free_unmap_area_noflush(), va->flags is marked as VM_LAZY_FREE first, and
then vmap_lazy_nr is increased atomically.
But, in __purge_vmap_area_lazy(), while traversing of vmap_are_list, nr
is counted by checking VM_LAZY_FREE is set to va->flags. After counting
the variable nr, kernel reads vmap_lazy_nr atomically and checks a
BUG_ON condition whether nr is greater than vmap_lazy_nr to prevent
vmap_lazy_nr from being negative.
The problem is that, if interrupted right after marking VM_LAZY_FREE,
increment of vmap_lazy_nr can be delayed. Consequently, BUG_ON
condition can be met because nr is counted more than vmap_lazy_nr.
It is highly probable when vmalloc/vfree are called frequently. This
scenario have been verified by adding delay between marking VM_LAZY_FREE
and increasing vmap_lazy_nr in free_unmap_area_noflush().
Even the vmap_lazy_nr is for checking high watermark, it never be the
strict watermark. Although the BUG_ON condition is to prevent
vmap_lazy_nr from being negative, vmap_lazy_nr is signed variable. So,
it could go down to negative value temporarily.
Consequently, removing the BUG_ON condition is proper.
A possible BUG_ON message is like the below.
kernel BUG at mm/vmalloc.c:517!
invalid opcode: 0000 [#1] SMP
EIP: 0060:[<c04824a4>] EFLAGS: 00010297 CPU: 3
EIP is at __purge_vmap_area_lazy+0x144/0x150
EAX: ee8a8818 EBX: c08e77d4 ECX: e7c7ae40 EDX: c08e77ec
ESI: 000081fe EDI: e7c7ae60 EBP: e7c7ae64 ESP: e7c7ae3c
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Call Trace:
[<c0482ad9>] free_unmap_vmap_area_noflush+0x69/0x70
[<c0482b02>] remove_vm_area+0x22/0x70
[<c0482c15>] __vunmap+0x45/0xe0
[<c04831ec>] vmalloc+0x2c/0x30
Code: 8d 59 e0 eb 04 66 90 89 cb 89 d0 e8 87 fe ff ff 8b 43 20 89 da 8d 48 e0 8d 43 20 3b 04 24 75 e7 fe 05 a8 a5 a3 c0 e9 78 ff ff ff <0f> 0b eb fe 90 8d b4 26 00 00 00 00 56 89 c6 b8 ac a5 a3 c0 31
EIP: [<c04824a4>] __purge_vmap_area_lazy+0x144/0x150 SS:ESP 0068:e7c7ae3c
[ See also http://marc.info/?l=linux-kernel&m=126335856228090&w=2 ]
Signed-off-by: Yongseok Koh <yongseok.koh@samsung.com>
Reviewed-by: Minchan Kim <minchan.kim@gmail.com>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When DEBUG_SUSPEND is enabled print active wakelocks when we check
if there are any active wakelocks.
In print_active_locks(), print expired wakelocks if DEBUG_EXPIRE is enabled
Change-Id: Ib1cb795555e71ff23143a2bac7c8a58cbce16547
Signed-off-by: Mike Chan <mike@android.com>
gether_disconnect() is always called before gether_connect() by the different
USB ethernet functions, so this warning was firing during normal operation.
Change-Id: I178cc7d1f67e9e87ac2e99c6674c4db8fcddf4a0
Signed-off-by: Mike Lockwood <lockwood@android.com>
Only set device descriptor bDeviceClass field to USB_CLASS_COMM when
the RNDIS function is actually enabled.
Signed-off-by: Mike Lockwood <lockwood@android.com>
For disk devices, a new uevent parameter 'NPARTS' specifies the number
of partitions detected by the kernel. Partition devices get 'PARTN' which
specifies the partitions index in the table.
Signed-off-by: San Mehat <san@google.com>
For UP systems this is not required, and results in a more consistent
sample interval.
Signed-off-by: Jocelyn Falempe <jocelyn.falempe@motorola.com>
Signed-off-by: Mike Chan <mike@android.com>
erase kpanic partition when there is no data(console and thread)
Signed-off-by: Tom Zhu <a2289c@android-hal-04.(none)>
Signed-off-by: San Mehat <san@google.com>
Add bad block handling in apanic
Signed-off-by: Tom Zhu <ling.zhu@motorola.com>
Signed-off-by: San Mehat <san@google.com>
misc: apanic: Improved bad-block / watchdog handling
1. handle cases that there is no more good blocks
2. touch softlockup watchdog at the start of apanic
3. change unsigned char get_bb() to unsigned int get_bb()
4. return idx instead of rc2, to keep the previous written pages.
Signed-off-by: Tom Zhu <ling.zhu@motorola.com>
Signed-off-by: San Mehat <san@google.com>
This driver triggers when the kernel panics and attempts to
write critical debug data to the flash.
Signed-off-by: San Mehat <san@google.com>
drivers: apanic: checkpatch fixes
Signed-off-by: San Mehat <san@google.com>
apanic: Fix a few cases of calling non-atomic things from atomic
We need to pay special care to not enrage cond_resched(), and the
base nand bb stuff calls schedule() so thats out.
Signed-off-by: San Mehat <san@google.com>
This is extremely useful in diagnosing remote crashes, and is based heavily
on original work by <md@google.com>.
Signed-off-by: San Mehat <san@google.com>
Cc: Michael Davidson <md@google.com>
[ARM] process: Use uber-safe probe_kernel_address() to read mem when dumping.
This prevents the dump from taking pagefaults / external aborts.
Signed-off-by: San Mehat <san@google.com>
Signed-off-by: San Mehat <san@google.com>
mtd: nand_base: fix nand_panic_wait
fix the problem of nand_panic_wait
Signed-off-by: Tom Zhu <a2289c@android-hal-04.(none)>
Signed-off-by: San Mehat <san@google.com>
Rather than hard-lock the kernel, we now BUG() when a driver takes
> 3 seconds to suspend. If the underlying platform supports panic dumps,
then the data can be collected for debug.
Signed-off-by: San Mehat <san@google.com>
power_save is a feature to allow HID devices to control the sniff mode.
Unfortunately it also prevents us exiting sniff mode on some A2DP devices
that do not explicitly exit sniff mode themselves, resulting in skipping
audio.
Marcel is trying to finalize a setsockopt() API to control whether power_save
is enabled on a per socket basis. In the mean-time, turn off power_save for
Android, since we do not have official HID support, and this is causing
problems for A2DP which we do support.
(Note the power_save logic is reversed, 0 is on, 1 is off).
Change-Id: Ife4478055128b81669bf49308d2e2199e1aa11a1
Signed-off-by: Nick Pelly <npelly@google.com>
With Bluetooth 2.1 ACL packets can be flushable or non-flushable. This changes
makes the default ACL packet non-flushable, and allows selection of flushable
packets on a per-L2CAP socket basis with L2CAP_LM_FLUSHABLE.
Note the HCI Write Automatic Flush Timeout command also needs to be issued
to set the flush timeout to non-zero.
Need to featurize this change to Bluetooth 2.1 chipsets only before pushing
upstream.
Signed-off-by: Nick Pelly <npelly@google.com>
When in sniff mode with a long interval time (1.28s) it can take 4+ seconds to
establish a SCO link. Fix by requesting active mode before requesting SCO
connection. This improves SCO setup time to ~500ms.
Bluetooth headsets that use a long interval time, and exhibit the long SCO
connection time include Motorola H790, HX1 and H17. They have a CSR 2.1 chipset
Verified this behavior and fix with host Bluetooth chipsets: BCM4329 and
TI1271.
Signed-off-by: Nick Pelly <npelly@google.com>
This is to support the Motorola HF850 carkit which reports the error code 0x10
for an eSCO attempt, even though it advertises eSCO support. Here is the
hcidump:
2009-09-22 15:40:24.492391 < HCI Command: Setup Synchronous Connection
(0x01|0x0028) plen 17
handle 1 voice setting 0x0060
2009-09-22 15:40:24.493002 > HCI Event: Command Status (0x0f) plen 4
Setup Synchronous Connection (0x01|0x0028) status 0x00 ncmd 1
2009-09-22 15:40:30.594869 > HCI Event: Synchronous Connect Complete (0x2c)
plen 17
status 0x10 handle 257 bdaddr 00:50:CD:20:C6:84 type eSCO
Error: Connection Accept Timeout Exceeded
With this patch we will retry with a SCO connection, which succeeds.
Unfortunately the Moto HF850 also takes 5 seconds to return the error for the
eSCO attempt, so it will still take 5 seconds to fallback to SCO with this
patch.
Signed-off-by: Nick Pelly <npelly@google.com>
Legacy pairing is a bit of a problem because on the incoming end it is
impossible to know pairing has begun:
2009-09-18 18:29:24.115692 > HCI Event: Connect Request (0x04) plen 10
bdaddr 00:23:D4:04:51:7A class 0x58020c type ACL
2009-09-18 18:29:24.115966 < HCI Command: Accept Connection Request (0x01|0x0009) plen 7
bdaddr 00:23:D4:04:51:7A role 0x00
Role: Master
2009-09-18 18:29:24.117065 > HCI Event: Command Status (0x0f) plen 4
Accept Connection Request (0x01|0x0009) status 0x00 ncmd 1
2009-09-18 18:29:24.282928 > HCI Event: Role Change (0x12) plen 8
status 0x00 bdaddr 00:23:D4:04:51:7A role 0x00
Role: Master
2009-09-18 18:29:24.291534 > HCI Event: Connect Complete (0x03) plen 11
status 0x00 handle 1 bdaddr 00:23:D4:04:51:7A type ACL encrypt 0x00
2009-09-18 18:29:24.291839 < HCI Command: Read Remote Supported Features (0x01|0x001b) plen 2
handle 1
2009-09-18 18:29:24.292144 > HCI Event: Page Scan Repetition Mode Change (0x20) plen 7
bdaddr 00:23:D4:04:51:7A mode 1
2009-09-18 18:29:24.293823 > HCI Event: Command Status (0x0f) plen 4
Read Remote Supported Features (0x01|0x001b) status 0x00 ncmd 1
2009-09-18 18:29:24.303588 > HCI Event: Max Slots Change (0x1b) plen 3
handle 1 slots 5
2009-09-18 18:29:24.309448 > HCI Event: Read Remote Supported Features (0x0b) plen 11
status 0x00 handle 1
Features: 0xff 0xff 0x2d 0xfe 0x9b 0xff 0x79 0x83
2009-09-18 18:29:24.345916 < HCI Command: Remote Name Request (0x01|0x0019) plen 10
bdaddr 00:23:D4:04:51:7A mode 2 clkoffset 0x0000
2009-09-18 18:29:24.346923 > HCI Event: Command Status (0x0f) plen 4
Remote Name Request (0x01|0x0019) status 0x00 ncmd 1
2009-09-18 18:29:24.375793 > HCI Event: Remote Name Req Complete (0x07) plen 255
status 0x00 bdaddr 00:23:D4:04:51:7A name 'test'
2009-09-18 18:29:34.332190 < HCI Command: Disconnect (0x01|0x0006) plen 3
handle 1 reason 0x13
There are some mainline patches such as "Add different pairing timeout for
Legacy Pairing" but they do not address the HCI sequence above.
I think the real solution is to avoid using CreateBond(), and instead make
the profile connection immediately. This way both sides will use a longer
timeout because there is a higher level connection in progress, and we will
not end up with the useless HCI sequence above.
Signed-off-by: Nick Pelly <npelly@google.com>
GM carkits with LGE BT chipsets return this error code when eSCO is attempted.
Signed-off-by: Jaikumar Ganesh <jaikumar@google.com>
Acked-by: Nick Pelly <npelly@google.com>
This fixes a bug where shutdown() and close() on a rfcomm socket during ACL
connection would not cause HCI Create Connection Cancel.
Signed-off-by: Nick Pelly <npelly@google.com>
Some platforms do not want to power down rfkill devices on suspend.
Change-Id: I62a11630521c636d54a4a02ab9037a43435925f5
Signed-off-by: Nick Pelly <npelly@google.com>
This provides kernel_debugger() which can be called from an interrupt
context low level debugger wedge to execute commands that inspect
kernel state. It doesn't do much on its own.
Signed-off-by: Brian Swetland <swetland@google.com>
kernel_debugger_core: Add sysrq command.
sysrq <c> will run the sysrq command <c> and dump what
was added to the kernel log while the command ran.
Signed-off-by: Brian Swetland <swetland@google.com>
Signed-off-by: Arve Hjønnevåg <arve@android.com>
net: Fix a bitmask in PPPoPNS and rename constants in PPPoPNS and PPPoLAC.
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
net: Fix a potential deadlock while releasing PPPoLAC/PPPoPNS socket.
PPP driver guarantees that no thread will be executing start_xmit() after
returning from ppp_unregister_channel(). To achieve this, a spinlock (downl)
is used. In pppolac_release(), ppp_unregister_channel() is called after sk_udp
is locked. At the same time, another thread might be running in pppolac_xmit()
with downl. Thus a deadlock will occur if the thread tries to lock sk_udp.
The same situation might happen on sk_raw in pppopns_release().
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
net: Force PPPoLAC and PPPoPNS to bind an interface before creating PPP channel.
It is common to manipulate the routing table after configuring PPP device.
Since both PPPoLAC and PPPoPNS run over IP, care must be taken to make sure
that there is no loop in the routing table.
Although this can be done by adding a host route, it might still cause
problems when the interface is down for some reason.
To solve this, this patch forces both drivers to bind an interface before
creating PPP channel, so the system will not re-route the tunneling sockets
to another interface when the original one is down. Another benefit is that
now the host route is no longer required, so there is no need to remove it
when PPP channel is closed.
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
net: Avoid sleep-inside-spinlock in PPPoLAC and PPPoPNS.
Since recv() and xmit() are called with a spinlock held, routines which might
sleep cannot be used. This issue is solved by following changes:
Incoming packets are now processed in backlog handler, recv_core(), instead of
recv(). Since backlog handler is always executed with socket spinlock held, the
requirement of ppp_input() is still satisfied.
Outgoing packets are now processed in workqueue handler, xmit_core(), instead of
xmit(). Note that kernel_sendmsg() is no longer used to prevent touching dead
sockets.
In release(), lock_sock() and pppox_unbind_sock() ensure that no thread is in
recv_core() or xmit(). Then socket handlers are restored before release_sock(),
so no packets will leak in backlog queue.
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
net: Fix msg_iovlen in PPPoLAC and PPPoPNS.
Although any positive value should work (which is always true in both drivers),
the correct value should be 1.
Signed-off-by: Chia-chi Yeh <chiachi@android.com>
Rather than using explicit euid == 0 checks when trying to move
tasks into a cgroup via CFS, move permission checks into each
specific cgroup subsystem. If a subsystem does not specify a
'can_attach' handler, then we fall back to doing our checks the old way.
This way non-root processes can add arbitrary processes to
a cgroup if all the registered subsystems on that cgroup agree.
Also change explicit euid == 0 check to CAP_SYS_ADMIN
Signed-off-by: San Mehat <san@google.com>
