1. 15 May, 2012 1 commit
    • Peter Zijlstra's avatar
      lockdep: fix oops in processing workqueue · 4d82a1de
      Peter Zijlstra authored
      Under memory load, on x86_64, with lockdep enabled, the workqueue's
      process_one_work() has been seen to oops in __lock_acquire(), barfing
      on a 0xffffffff00000000 pointer in the lockdep_map's class_cache[].
      
      Because it's permissible to free a work_struct from its callout function,
      the map used is an onstack copy of the map given in the work_struct: and
      that copy is made without any locking.
      
      Surprisingly, gcc (4.5.1 in Hugh's case) uses "rep movsl" rather than
      "rep movsq" for that structure copy: which might race with a workqueue
      user's wait_on_work() doing lock_map_acquire() on the source of the
      copy, putting a pointer into the class_cache[], but only in time for
      the top half of that pointer to be copied to the destination map.
      
      Boom when process_one_work() subsequently does lock_map_acquire()
      on its onstack copy of the lockdep_map.
      
      Fix this, and a similar instance in call_timer_fn(), with a
      lockdep_copy_map() function which additionally NULLs the class_cache[].
      
      Note: this oops was actually seen on 3.4-next, where flush_work() newly
      does the racing lock_map_acquire(); but Tejun points out that 3.4 and
      earlier are already vulnerable to the same through wait_on_work().
      
      * Patch orginally from Peter.  Hugh modified it a bit and wrote the
        description.
      Signed-off-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Reported-by: default avatarHugh Dickins <hughd@google.com>
      LKML-Reference: <alpine.LSU.2.00.1205070951170.1544@eggly.anvils>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      4d82a1de
  2. 14 May, 2012 1 commit
    • Tejun Heo's avatar
      workqueue: skip nr_running sanity check in worker_enter_idle() if trustee is active · 544ecf31
      Tejun Heo authored
      worker_enter_idle() has WARN_ON_ONCE() which triggers if nr_running
      isn't zero when every worker is idle.  This can trigger spuriously
      while a cpu is going down due to the way trustee sets %WORKER_ROGUE
      and zaps nr_running.
      
      It first sets %WORKER_ROGUE on all workers without updating
      nr_running, releases gcwq->lock, schedules, regrabs gcwq->lock and
      then zaps nr_running.  If the last running worker enters idle
      inbetween, it would see stale nr_running which hasn't been zapped yet
      and trigger the WARN_ON_ONCE().
      
      Fix it by performing the sanity check iff the trustee is idle.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Reported-by: default avatar"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
      Cc: stable@vger.kernel.org
      544ecf31
  3. 23 Apr, 2012 1 commit
    • Stephen Boyd's avatar
      workqueue: Catch more locking problems with flush_work() · 0976dfc1
      Stephen Boyd authored
      If a workqueue is flushed with flush_work() lockdep checking can
      be circumvented. For example:
      
       static DEFINE_MUTEX(mutex);
      
       static void my_work(struct work_struct *w)
       {
               mutex_lock(&mutex);
               mutex_unlock(&mutex);
       }
      
       static DECLARE_WORK(work, my_work);
      
       static int __init start_test_module(void)
       {
               schedule_work(&work);
               return 0;
       }
       module_init(start_test_module);
      
       static void __exit stop_test_module(void)
       {
               mutex_lock(&mutex);
               flush_work(&work);
               mutex_unlock(&mutex);
       }
       module_exit(stop_test_module);
      
      would not always print a warning when flush_work() was called.
      In this trivial example nothing could go wrong since we are
      guaranteed module_init() and module_exit() don't run concurrently,
      but if the work item is schedule asynchronously we could have a
      scenario where the work item is running just at the time flush_work()
      is called resulting in a classic ABBA locking problem.
      
      Add a lockdep hint by acquiring and releasing the work item
      lockdep_map in flush_work() so that we always catch this
      potential deadlock scenario.
      Signed-off-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      Reviewed-by: default avatarYong Zhang <yong.zhang0@gmail.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      0976dfc1
  4. 16 Apr, 2012 1 commit
  5. 11 Apr, 2012 1 commit
  6. 10 Apr, 2012 8 commits
  7. 09 Apr, 2012 6 commits
  8. 08 Apr, 2012 1 commit
  9. 07 Apr, 2012 13 commits
    • Linus Torvalds's avatar
      Merge tag 'regmap-3.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap · f4e52e7f
      Linus Torvalds authored
      Pull two more small regmap fixes from Mark Brown:
       - Now we have users for it that aren't running Android it turns out
         that regcache_sync_region() is much more useful to drivers if it's
         exported for use by modules.  Who knew?
       - Make sure we don't divide by zero when doing debugfs dumps of
         rbtrees, not visible up until now because everything was providing at
         least some cache on startup.
      
      * tag 'regmap-3.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
        regmap: prevent division by zero in rbtree_show
        regmap: Export regcache_sync_region()
      f4e52e7f
    • Linus Torvalds's avatar
      Merge branch 'kvm-updates/3.4' of git://git.kernel.org/pub/scm/virt/kvm/kvm · a3fac080
      Linus Torvalds authored
      Pull a few KVM fixes from Avi Kivity:
       "A bunch of powerpc KVM fixes, a guest and a host RCU fix (unrelated),
        and a small build fix."
      
      * 'kvm-updates/3.4' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: Resolve RCU vs. async page fault problem
        KVM: VMX: vmx_set_cr0 expects kvm->srcu locked
        KVM: PMU: Fix integer constant is too large warning in kvm_pmu_set_msr()
        KVM: PPC: Book3S: PR: Fix preemption
        KVM: PPC: Save/Restore CR over vcpu_run
        KVM: PPC: Book3S HV: Save and restore CR in __kvmppc_vcore_entry
        KVM: PPC: Book3S HV: Fix kvm_alloc_linear in case where no linears exist
        KVM: PPC: Book3S: Compile fix for ppc32 in HIOR access code
      a3fac080
    • Linus Torvalds's avatar
      Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh · 664481ed
      Linus Torvalds authored
      Pull SuperH fixes from Paul Mundt.
      
      * tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
        sh: fix clock-sh7757 for the latest sh_mobile_sdhi driver
        serial: sh-sci: use serial_port_in/out vs sci_in/out.
        sh: vsyscall: Fix up .eh_frame generation.
        sh: dma: Fix up device attribute mismatch from sysdev fallout.
        sh: dwarf unwinder depends on SHcompact.
        sh: fix up fallout from system.h disintegration.
      664481ed
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · d6a624ee
      Linus Torvalds authored
      Pull security layer fixlet from James Morris.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        sysctl: fix write access to dmesg_restrict/kptr_restrict
      d6a624ee
    • Linus Torvalds's avatar
      Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux · f21fec96
      Linus Torvalds authored
      Pull ACPI & Power Management patches from Len Brown:
       "Two fixes for cpuidle merge-window changes, plus a URL fix in
        MAINTAINERS"
      
      * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
        MAINTAINERS: Update git url for ACPI
        cpuidle: Fix panic in CPU off-lining with no idle driver
        ACPI processor: Use safe_halt() rather than halt() in acpi_idle_play_dead()
      f21fec96
    • Linus Torvalds's avatar
      Merge branch '3.4-rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · a0421da4
      Linus Torvalds authored
      Pull target fixes from Nicholas Bellinger:
       "Pull two tcm_fc fabric related fixes for -rc2:
      
        Note that both have been CC'ed to stable, and patch #1 is the
        important one that addresses a memory corruption bug related to FC
        exchange timeouts + command abort.
      
        Thanks again to MDR for tracking down this issue!"
      
      * '3.4-rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
        tcm_fc: Do not free tpg structure during wq allocation failure
        tcm_fc: Add abort flag for gracefully handling exchange timeout
      a0421da4
    • Mark Rustad's avatar
      tcm_fc: Do not free tpg structure during wq allocation failure · 06383f10
      Mark Rustad authored
      Avoid freeing a registered tpg structure if an alloc_workqueue call
      fails.  This fixes a bug where the failure was leaking memory associated
      with se_portal_group setup during the original core_tpg_register() call.
      Signed-off-by: default avatarMark Rustad <mark.d.rustad@intel.com>
      Acked-by: default avatarKiran Patil <Kiran.patil@intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      06383f10
    • Mark Rustad's avatar
      tcm_fc: Add abort flag for gracefully handling exchange timeout · e1c40382
      Mark Rustad authored
      Add abort flag and use it to terminate processing when an exchange
      is timed out or is reset. The abort flag is used in place of the
      transport_generic_free_cmd function call in the reset and timeout
      cases, because calling that function in that context would free
      memory that was in use. The aborted flag allows the lifetime to
      be managed in a more normal way, while truncating the processing.
      
      This change eliminates a source of memory corruption which
      manifested in a variety of ugly ways.
      
      (nab: Drop unused struct fc_exch *ep in ft_recv_seq)
      Signed-off-by: default avatarMark Rustad <mark.d.rustad@intel.com>
      Acked-by: default avatarKiran Patil <Kiran.patil@intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
      e1c40382
    • Len Brown's avatar
      eeaab2d8
    • Igor Murzov's avatar
      MAINTAINERS: Update git url for ACPI · aaef292a
      Igor Murzov authored
      Signed-off-by: default avatarIgor Murzov <e-mail@date.by>
      Signed-off-by: default avatarLen Brown <len.brown@intel.com>
      aaef292a
    • Linus Torvalds's avatar
      Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile · 4157368e
      Linus Torvalds authored
      Pull arch/tile bug fixes from Chris Metcalf:
       "This includes Paul Gortmaker's change to fix the <asm/system.h>
        disintegration issues on tile, a fix to unbreak the tilepro ethernet
        driver, and a backlog of bugfix-only changes from internal Tilera
        development over the last few months.
      
        They have all been to LKML and on linux-next for the last few days.
        The EDAC change to MAINTAINERS is an oddity but discussion on the
        linux-edac list suggested I ask you to pull that change through my
        tree since they don't have a tree to pull edac changes from at the
        moment."
      
      * 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: (39 commits)
        drivers/net/ethernet/tile: fix netdev_alloc_skb() bombing
        MAINTAINERS: update EDAC information
        tilepro ethernet driver: fix a few minor issues
        tile-srom.c driver: minor code cleanup
        edac: say "TILEGx" not "TILEPro" for the tilegx edac driver
        arch/tile: avoid accidentally unmasking NMI-type interrupt accidentally
        arch/tile: remove bogus performance optimization
        arch/tile: return SIGBUS for addresses that are unaligned AND invalid
        arch/tile: fix finv_buffer_remote() for tilegx
        arch/tile: use atomic exchange in arch_write_unlock()
        arch/tile: stop mentioning the "kvm" subdirectory
        arch/tile: export the page_home() function.
        arch/tile: fix pointer cast in cacheflush.c
        arch/tile: fix single-stepping over swint1 instructions on tilegx
        arch/tile: implement panic_smp_self_stop()
        arch/tile: add "nop" after "nap" to help GX idle power draw
        arch/tile: use proper memparse() for "maxmem" options
        arch/tile: fix up locking in pgtable.c slightly
        arch/tile: don't leak kernel memory when we unload modules
        arch/tile: fix bug in delay_backoff()
        ...
      4157368e
    • Linus Torvalds's avatar
      Merge tag 'stable/for-linus-3.4-rc1-tag' of... · 9479f0f8
      Linus Torvalds authored
      Merge tag 'stable/for-linus-3.4-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
      
      Pull xen fixes from Konrad Rzeszutek Wilk:
       "Two fixes for regressions:
         * one is a workaround that will be removed in v3.5 with proper fix in
           the tip/x86 tree,
         * the other is to fix drivers to load on PV (a previous patch made
           them only load in PVonHVM mode).
      
        The rest are just minor fixes in the various drivers and some cleanup
        in the core code."
      
      * tag 'stable/for-linus-3.4-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
        xen/pcifront: avoid pci_frontend_enable_msix() falsely returning success
        xen/pciback: fix XEN_PCI_OP_enable_msix result
        xen/smp: Remove unnecessary call to smp_processor_id()
        xen/x86: Workaround 'x86/ioapic: Add register level checks to detect bogus io-apic entries'
        xen: only check xen_platform_pci_unplug if hvm
      9479f0f8
    • Linus Torvalds's avatar
      Merge tag 'mmc-fixes-for-3.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc · 1ddca057
      Linus Torvalds authored
      Pull MMC fixes from Chris Ball:
       - Disable use of MSI in sdhci-pci, which caused multiple chipsets to
         stop working in 3.4-rc1.  I'll wait to turn this on again until we
         have a chipset whitelist for it.
       - Fix a libertas SDIO powered-resume regression introduced in 3.3;
         thanks to Neil Brown and Rafael Wysocki for this fix.
       - Fix module reloading on omap_hsmmc.
       - Stop trusting the spec/card's specified maximum data timeout length,
         and use three seconds instead.  Previously we used 300ms.
      
      Also cleanups and fixes for s3c, atmel, sh_mmcif and omap_hsmmc.
      
      * tag 'mmc-fixes-for-3.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc: (28 commits)
        mmc: use really long write timeout to deal with crappy cards
        mmc: sdhci-dove: Fix compile error by including module.h
        mmc: Prevent 1.8V switch for SD hosts that don't support UHS modes.
        Revert "mmc: sdhci-pci: Add MSI support"
        Revert "mmc: sdhci-pci: add quirks for broken MSI on O2Micro controllers"
        mmc: core: fix power class selection
        mmc: omap_hsmmc: fix module re-insertion
        mmc: omap_hsmmc: convert to module_platform_driver
        mmc: omap_hsmmc: make it behave well as a module
        mmc: omap_hsmmc: trivial cleanups
        mmc: omap_hsmmc: context save after enabling runtime pm
        mmc: omap_hsmmc: use runtime put sync in probe error patch
        mmc: sdio: Use empty system suspend/resume callbacks at the bus level
        mmc: bus: print bus speed mode of UHS-I card
        mmc: sdhci-pci: add quirks for broken MSI on O2Micro controllers
        mmc: sh_mmcif: Simplify calculation of mmc->f_min
        mmc: sh_mmcif: mmc->f_max should be half of the bus clock
        mmc: sh_mmcif: double clock speed
        mmc: block: Remove use of mmc_blk_set_blksize
        mmc: atmel-mci: add support for odd clock dividers
        ...
      1ddca057
  10. 06 Apr, 2012 7 commits
    • Linus Torvalds's avatar
      Make the "word-at-a-time" helper functions more commonly usable · f68e556e
      Linus Torvalds authored
      I have a new optimized x86 "strncpy_from_user()" that will use these
      same helper functions for all the same reasons the name lookup code uses
      them.  This is preparation for that.
      
      This moves them into an architecture-specific header file.  It's
      architecture-specific for two reasons:
      
       - some of the functions are likely to want architecture-specific
         implementations.  Even if the current code happens to be "generic" in
         the sense that it should work on any little-endian machine, it's
         likely that the "multiply by a big constant and shift" implementation
         is less than optimal for an architecture that has a guaranteed fast
         bit count instruction, for example.
      
       - I expect that if architectures like sparc want to start playing
         around with this, we'll need to abstract out a few more details (in
         particular the actual unaligned accesses).  So we're likely to have
         more architecture-specific stuff if non-x86 architectures start using
         this.
      
         (and if it turns out that non-x86 architectures don't start using
         this, then having it in an architecture-specific header is still the
         right thing to do, of course)
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f68e556e
    • Toshi Kani's avatar
      cpuidle: Fix panic in CPU off-lining with no idle driver · ee01e663
      Toshi Kani authored
      Fix a NULL pointer dereference panic in cpuidle_play_dead() during
      CPU off-lining when no cpuidle driver is registered.  A cpuidle
      driver may be registered at boot-time based on CPU type.  This patch
      allows an off-lined CPU to enter HLT-based idle in this condition.
      Signed-off-by: default avatarToshi Kani <toshi.kani@hp.com>
      Cc: Boris Ostrovsky <boris.ostrovsky@amd.com>
      Reviewed-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Tested-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: default avatarLen Brown <len.brown@intel.com>
      ee01e663
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 23f347ef
      Linus Torvalds authored
      Pull networking updates from David Miller:
      
       1) Fix inaccuracies in network driver interface documentation, from Ben
          Hutchings.
      
       2) Fix handling of negative offsets in BPF JITs, from Jan Seiffert.
      
       3) Compile warning, locking, and refcounting fixes in netfilter's
          xt_CT, from Pablo Neira Ayuso.
      
       4) phonet sendmsg needs to validate user length just like any other
          datagram protocol, fix from Sasha Levin.
      
       5) Ipv6 multicast code uses wrong loop index, from RongQing Li.
      
       6) Link handling and firmware fixes in bnx2x driver from Yaniv Rosner
          and Yuval Mintz.
      
       7) mlx4 erroneously allocates 4 pages at a time, regardless of page
          size, fix from Thadeu Lima de Souza Cascardo.
      
       8) SCTP socket option wasn't extended in a backwards compatible way,
          fix from Thomas Graf.
      
       9) Add missing address change event emissions to bonding, from Shlomo
          Pongratz.
      
      10) /proc/net/dev regressed because it uses a private offset to track
          where we are in the hash table, but this doesn't track the offset
          pullback that the seq_file code does resulting in some entries being
          missed in large dumps.
      
          Fix from Eric Dumazet.
      
      11) do_tcp_sendpage() unloads the send queue way too fast, because it
          invokes tcp_push() when it shouldn't.  Let the natural sequence
          generated by the splice paths, and the assosciated MSG_MORE
          settings, guide the tcp_push() calls.
      
          Otherwise what goes out of TCP is spaghetti and doesn't batch
          effectively into GSO/TSO clusters.
      
          From Eric Dumazet.
      
      12) Once we put a SKB into either the netlink receiver's queue or a
          socket error queue, it can be consumed and freed up, therefore we
          cannot touch it after queueing it like that.
      
          Fixes from Eric Dumazet.
      
      13) PPP has this annoying behavior in that for every transmit call it
          immediately stops the TX queue, then calls down into the next layer
          to transmit the PPP frame.
      
          But if that next layer can take it immediately, it just un-stops the
          TX queue right before returning from the transmit method.
      
          Besides being useless work, it makes several facilities unusable, in
          particular things like the equalizers.  Well behaved devices should
          only stop the TX queue when they really are full, and in PPP's case
          when it gets backlogged to the downstream device.
      
          David Woodhouse therefore fixed PPP to not stop the TX queue until
          it's downstream can't take data any more.
      
      14) IFF_UNICAST_FLT got accidently lost in some recent stmmac driver
          changes, re-add.  From Marc Kleine-Budde.
      
      15) Fix link flaps in ixgbe, from Eric W. Multanen.
      
      16) Descriptor writeback fixes in e1000e from Matthew Vick.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
        net: fix a race in sock_queue_err_skb()
        netlink: fix races after skb queueing
        doc, net: Update ndo_start_xmit return type and values
        doc, net: Remove instruction to set net_device::trans_start
        doc, net: Update netdev operation names
        doc, net: Update documentation of synchronisation for TX multiqueue
        doc, net: Remove obsolete reference to dev->poll
        ethtool: Remove exception to the requirement of holding RTNL lock
        MAINTAINERS: update for Marvell Ethernet drivers
        bonding: properly unset current_arp_slave on slave link up
        phonet: Check input from user before allocating
        tcp: tcp_sendpages() should call tcp_push() once
        ipv6: fix array index in ip6_mc_add_src()
        mlx4: allocate just enough pages instead of always 4 pages
        stmmac: re-add IFF_UNICAST_FLT for dwmac1000
        bnx2x: Clear MDC/MDIO warning message
        bnx2x: Fix BCM57711+BCM84823 link issue
        bnx2x: Clear BCM84833 LED after fan failure
        bnx2x: Fix BCM84833 PHY FW version presentation
        bnx2x: Fix link issue for BCM8727 boards.
        ...
      23f347ef
    • Jan Beulich's avatar
      xen/pcifront: avoid pci_frontend_enable_msix() falsely returning success · f09d8432
      Jan Beulich authored
      The original XenoLinux code has always had things this way, and for
      compatibility reasons (in particular with a subsequent pciback
      adjustment) upstream Linux should behave the same way (allowing for two
      distinct error indications to be returned by the backend).
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      f09d8432
    • Jan Beulich's avatar
      xen/pciback: fix XEN_PCI_OP_enable_msix result · 0ee46eca
      Jan Beulich authored
      Prior to 2.6.19 and as of 2.6.31, pci_enable_msix() can return a
      positive value to indicate the number of vectors (less than the amount
      requested) that can be set up for a given device. Returning this as an
      operation value (secondary result) is fine, but (primary) operation
      results are expected to be negative (error) or zero (success) according
      to the protocol. With the frontend fixed to match the XenoLinux
      behavior, the backend can now validly return zero (success) here,
      passing the upper limit on the number of vectors in op->value.
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      0ee46eca
    • Srivatsa S. Bhat's avatar
      xen/smp: Remove unnecessary call to smp_processor_id() · e8c9e788
      Srivatsa S. Bhat authored
      There is an extra and unnecessary call to smp_processor_id()
      in cpu_bringup(). Remove it.
      Signed-off-by: default avatarSrivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      e8c9e788
    • Konrad Rzeszutek Wilk's avatar
      xen/x86: Workaround 'x86/ioapic: Add register level checks to detect bogus io-apic entries' · 2531d64b
      Konrad Rzeszutek Wilk authored
      The above mentioned patch checks the IOAPIC and if it contains
      -1, then it unmaps said IOAPIC. But under Xen we get this:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
      IP: [<ffffffff8134e51f>] xen_irq_init+0x1f/0xb0
      PGD 0
      Oops: 0002 [#1] SMP
      CPU 0
      Modules linked in:
      
      Pid: 1, comm: swapper/0 Not tainted 3.2.10-3.fc16.x86_64 #1 Dell Inc. Inspiron
      1525                  /0U990C
      RIP: e030:[<ffffffff8134e51f>]  [<ffffffff8134e51f>] xen_irq_init+0x1f/0xb0
      RSP: e02b: ffff8800d42cbb70  EFLAGS: 00010202
      RAX: 0000000000000000 RBX: 00000000ffffffef RCX: 0000000000000001
      RDX: 0000000000000040 RSI: 00000000ffffffef RDI: 0000000000000001
      RBP: ffff8800d42cbb80 R08: ffff8800d6400000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffef
      R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000010
      FS:  0000000000000000(0000) GS:ffff8800df5fe000(0000) knlGS:0000000000000000
      CS:  e033 DS: 0000 ES: 0000 CR0:000000008005003b
      CR2: 0000000000000040 CR3: 0000000001a05000 CR4: 0000000000002660
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Process swapper/0 (pid: 1, threadinfo ffff8800d42ca000, task ffff8800d42d0000)
      Stack:
       00000000ffffffef 0000000000000010 ffff8800d42cbbe0 ffffffff8134f157
       ffffffff8100a9b2 ffffffff8182ffd1 00000000000000a0 00000000829e7384
       0000000000000002 0000000000000010 00000000ffffffff 0000000000000000
      Call Trace:
       [<ffffffff8134f157>] xen_bind_pirq_gsi_to_irq+0x87/0x230
       [<ffffffff8100a9b2>] ? check_events+0x12+0x20
       [<ffffffff814bab42>] xen_register_pirq+0x82/0xe0
       [<ffffffff814bac1a>] xen_register_gsi.part.2+0x4a/0xd0
       [<ffffffff814bacc0>] acpi_register_gsi_xen+0x20/0x30
       [<ffffffff8103036f>] acpi_register_gsi+0xf/0x20
       [<ffffffff8131abdb>] acpi_pci_irq_enable+0x12e/0x202
       [<ffffffff814bc849>] pcibios_enable_device+0x39/0x40
       [<ffffffff812dc7ab>] do_pci_enable_device+0x4b/0x70
       [<ffffffff812dc878>] __pci_enable_device_flags+0xa8/0xf0
       [<ffffffff812dc8d3>] pci_enable_device+0x13/0x20
      
      The reason we are dying is b/c the call acpi_get_override_irq() is used,
      which returns the polarity and trigger for the IRQs. That function calls
      mp_find_ioapics to get the 'struct ioapic' structure - which along with the
      mp_irq[x] is used to figure out the default values and the polarity/trigger
      overrides. Since the mp_find_ioapics now returns -1 [b/c the IOAPIC is filled
      with 0xffffffff], the acpi_get_override_irq() stops trying to lookup in the
      mp_irq[x] the proper INT_SRV_OVR and we can't install the SCI interrupt.
      
      The proper fix for this is going in v3.5 and adds an x86_io_apic_ops
      struct so that platforms can override it. But for v3.4 lets carry this
      work-around. This patch does that by providing a slightly different variant
      of the fake IOAPIC entries.
      Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      2531d64b