forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Robin Holt 68d39a688a x86: uv: XPC receive message reuse triggers invalid BUG_ON() 
commit 046d6c563b upstream.

This was a difficult bug to trip.  XPC was in the middle of sending an
acknowledgement for a received message.

In xpc_received_payload_uv():
.
        ret = xpc_send_gru_msg(ch->sn.uv.cached_notify_gru_mq_desc, msg,
                               sizeof(struct xpc_notify_mq_msghdr_uv));
        if (ret != xpSuccess)
                XPC_DEACTIVATE_PARTITION(&xpc_partitions[ch->partid], ret);

        msg->hdr.msg_slot_number += ch->remote_nentries;

at the point in xpc_send_gru_msg() where the hardware has dispatched the
acknowledgement, the remote side is able to reuse the message structure
and send a message with a different slot number.  This problem is made
worse by interrupts.

The adjustment of msg_slot_number and the BUG_ON in
xpc_handle_notify_mq_msg_uv() which verifies the msg_slot_number is
consistent are only used for debug purposes.  Since a fix for this that
preserves the debug functionality would either have to infringe upon the
payload or allocate another structure just for debug, I decided to remove
it entirely.

Signed-off-by: Robin Holt <holt@sgi.com>
Cc: Jack Steiner <steiner@sgi.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-12-09 13:27:14 -08:00
..
accessibility
acpi ACPI: EC: add Vista incompatibility DMI entry for Toshiba Satellite L355 2010-12-09 13:27:00 -08:00
amba
ata libata: fix NULL sdev dereference race in atapi_qc_complete() 2010-12-09 13:26:52 -08:00
atm solos-pci: Fix race condition in tasklet RX handling 2010-08-13 13:19:34 -07:00
auxdisplay
base firmware_class: fix memory leak - free allocated pages 2010-08-02 10:21:25 -07:00
block loop: Update mtime when writing using aops 2010-08-13 13:20:23 -07:00
bluetooth bluetooth: Fix missing NULL check 2010-11-22 10:47:30 -08:00
cdrom
char TTY: ldisc, fix open flag handling 2010-12-09 13:26:47 -08:00
clocksource clocksource: sh_tmu: compute mult and shift before registration 2010-09-26 17:21:37 -07:00
connector connector: Delete buggy notification code. 2010-02-09 04:50:59 -08:00
cpufreq revert "[CPUFREQ] remove rwsem lock from CPUFREQ_GOV_STOP call (second call site)" 2010-08-02 10:21:25 -07:00
cpuidle cpuidle: Fix incorrect optimization 2010-05-12 14:57:16 -07:00
crypto crypto: padlock - Fix AES-CBC handling on odd-block-sized input 2010-12-09 13:27:10 -08:00
dca
dio
dma dmaengine: fix interrupt clearing for mv_xor 2010-10-28 21:44:01 -07:00
edac amd64_edac: Correct scrub rate setting 2010-08-10 10:20:38 -07:00
eisa
firewire firewire: ohci: fix race in AR split packet handling 2010-12-09 13:26:50 -08:00
firmware DMI: allow omitting ident strings in DMI tables 2010-01-28 15:01:52 -08:00
gpio gpiolib: Actually set output state in wm831x_gpio_direction_output() 2010-03-15 08:49:57 -07:00
gpu drm/ttm: Clear the ghost cpu_writers flag on ttm_buffer_object_transfer. 2010-12-09 13:26:52 -08:00
hid HID: hidraw, fix a NULL pointer dereference in hidraw_write 2010-12-09 13:27:05 -08:00
hwmon hwmon: (lm85) Fix ADT7468 frequency table 2010-12-09 13:26:39 -08:00
i2c i2c-pca-platform: Change device name of request_irq 2010-12-09 13:26:33 -08:00
ide ide-cd: Do not access completed requests in the irq handler 2010-08-13 13:19:36 -07:00
idle
ieee1394
ieee802154 ieee802154: dont leak skbs in ieee802154_fake_xmit() 2009-11-19 13:16:21 -08:00
infiniband RDMA/cxgb3: Turn off RX coalescing for iWARP connections 2010-10-28 21:43:55 -07:00
input Input: i8042 - add Sony VAIO VPCZ122GX to nomux list 2010-12-09 13:27:08 -08:00
isdn isdn: fix information leak 2010-08-26 16:41:51 -07:00
leds leds-gpio: fix default state handling on OF platforms 2010-04-01 15:58:53 -07:00
lguest lguest: fix bug in setting guest GDT entry 2010-01-06 15:05:19 -08:00
macintosh macintosh/therm_adt746x: Fix sysfs attributes lifetime 2010-03-15 08:49:46 -07:00
mca
md md: fix return value of rdev_size_change() 2010-12-09 13:26:46 -08:00
media V4L/DVB: ivtvfb: prevent reading uninitialized stack memory 2010-12-09 13:27:10 -08:00
memstick memstick: fix hangs on unexpected device removal in mspro_blk 2010-08-26 16:41:32 -07:00
message SCSI: mptsas: fix hangs caused by ATA pass-through 2010-09-26 17:21:28 -07:00
mfd mfd: WM835x GPIO direction register is not locked 2010-01-22 15:18:18 -08:00
misc x86: uv: XPC receive message reuse triggers invalid BUG_ON() 2010-12-09 13:27:14 -08:00
mmc mmc: sdhci-s3c: fix NULL ptr access in sdhci_s3c_remove 2010-10-28 21:43:55 -07:00
mtd pxa3xx: fix ns2cycle equation 2010-08-26 16:41:42 -07:00
net gianfar: Fix crashes on RX path (Was Re: [Bugme-new] [Bug 19692] New: linux-2.6.36-rc5 crash with gianfar ethernet at full line rate traffic) 2010-12-09 13:27:05 -08:00
nubus
of
oprofile oprofile: fix crash when accessing freed task structs 2010-09-20 13:17:50 -07:00
parisc PARISC: led.c - fix potential stack overflow in led_proc_write() 2010-08-10 10:20:37 -07:00
parport
pci PCI: fix offset check for sysfs mmapped files 2010-12-09 13:26:53 -08:00
pcmcia pcmcia: avoid buffer overflow in pcmcia_setup_isa_irq 2010-08-26 16:41:53 -07:00
platform eeepc-laptop: check wireless hotplug events 2010-08-02 10:21:29 -07:00
pnp
power olpc_battery: Fix endian neutral breakage for s16 values 2010-12-09 13:26:37 -08:00
pps pps: events reporting fix up 2009-11-12 07:26:01 -08:00
ps3
rapidio
regulator regulator: Fix display of null constraints for regulators 2010-02-23 07:37:49 -08:00
rtc rtc: fix ds1388 time corruption 2010-08-02 10:20:53 -07:00
s390 nohz: Introduce arch_needs_cpu 2010-08-13 13:20:13 -07:00
sbus
scsi Fix regressions in scsi_internal_device_block 2010-11-22 10:47:38 -08:00
serial serial: cpm_uart: implement the cpm_uart_early_write() function for console poll 2010-08-02 10:20:52 -07:00
sfi
sh
sn
spi SPI: spi_txx9: Fix bit rate calculation 2009-12-02 23:58:32 +00:00
ssb ssb: b43-pci-bridge: Add new vendor for BCM4318 2010-12-09 13:26:41 -08:00
staging staging: rtl8187se: Change panic to warn when RF switch turned off 2010-12-09 13:27:04 -08:00
tc
telephony
thermal
uio uio: pm_runtime_disable is needed if failed 2009-11-13 11:36:00 +09:00
usb USB: serial: ftdi_sio: Vardaan USB RS422/485 converter PID added 2010-12-09 13:26:59 -08:00
uwb
video efifb: support the EFI framebuffer on more Apple hardware 2010-12-09 13:27:08 -08:00
virtio virtio-pci: disable msi at startup 2010-08-02 10:20:42 -07:00
vlynq
w1 w1: w1 temp: fix negative termperature calculation 2010-05-12 14:57:00 -07:00
watchdog WATCHDOG: iTCO_wdt: TCO Watchdog patch for additional Intel Cougar Point DeviceIDs 2010-04-26 07:41:18 -07:00
xen xen: ensure that all event channels start off bound to VCPU 0 2010-12-09 13:26:42 -08:00
zorro
Kconfig
Makefile virtio: initialize earlier 2010-05-12 14:57:15 -07:00