Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752577AbbKXBOU (ORCPT <rfc822;w@1wt.eu>);
	Mon, 23 Nov 2015 20:14:20 -0500
Received: from mail-bl2on0144.outbound.protection.outlook.com ([65.55.169.144]:19934
	"EHLO na01-bl2-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1752185AbbKXBOR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 23 Nov 2015 20:14:17 -0500
X-Greylist: delayed 856 seconds by postgrey-1.27 at vger.kernel.org; Mon, 23 Nov 2015 20:14:17 EST
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=Joe.Lawrence@stratus.com; 
To: <linux-kernel@vger.kernel.org>
CC: Thomas Gleixner <tglx@linutronix.de>,
        Joe Lawrence <joe.lawrence@stratus.com>
From: Joe Lawrence <joe.lawrence@stratus.com>
Subject: irq_desc use-after-free in smp_irq_move_cleanup_interrupt
Message-ID: <5653B688.4050809@stratus.com>
Date: Mon, 23 Nov 2015 19:59:52 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [198.97.41.12]
X-ClientProxiedBy: BL2PR01CA0021.prod.exchangelabs.com (10.141.66.21) To
 SN2PR0801MB592.namprd08.prod.outlook.com (25.160.15.16)
X-Microsoft-Exchange-Diagnostics: 1;SN2PR0801MB592;2:r6FjHjA1RW2g46VssZpfxdu3dx/MDfmkGGzX5zgxsvohIn7cCWPTZfP8aSnhnNocBFzWm0BrXvKzKXzQZWwHVd52sRIcqrG8gpFluGk9wuSf/HCcK6kh+SKKRuo1wnSJwcHAuwzmpm8ZcR8XMQudPA==;3:jpunfCmcFR69zdKW0ayj90Qke4U7vlh/jOyq+Fo5wNP0PKjnALLEeonQIWt9wHFCkIhMMyCPRcMGnM58lkrHe8JFbcBBL+RxwZrG3kdrRd6BAJZ54fgiZ/evvzgfyqx4;25:HT0T6esuedbR5qZLf2MjL55SmeAXZrM2B3ZeJ6bAALejQpKUVD3PV19Wxv/pH7XWNiyZYgOCMxRSf9w1PTLaxcXj1YqhQ0wZ1tVi6BdB5SMDkIiVbZqO+VAno3y7lb0QlxSOciSFnEmgNDEzZfO64hI388W4DbewVfd08/89kICFQ+fsYAk/rrNmE1GbHEZ1Sm5cuuD3Fvf2rzUcAe0YytW0/mRY7k9WkXiCC/DIe+nFsHvkkNe8D7JqLbFX4Yu8
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN2PR0801MB592;
X-Microsoft-Exchange-Diagnostics: 1;SN2PR0801MB592;20:Wx2IMX/RFR7yhUTnKdGp6UpISLa5VvQisTpuVEKEQfOExM6JEG0zR5Q7SlXsPlCXfkNFZQ832egbKbnycd1Yw1MZrgsho2wScs93az5FU3kfvhzdceR5yNxvV0G94wupLoHzR0ZkVCbBf3u1IEDZliO6/kmXw8wb7RSnBPmZaKqlfMUA6YBMFO2Wj/9QGRcf9TMNoZ5ein574/k4PUq7yr/VdzGiHZbXbRF73p4H8b5u3/SqicUYdq6aU+d9g/8w4/sx0d/T75Airz4uyIRyq9odBZc+WNrf5rWxwRGURCSNMFRFgb6d/9rjbN9arleQsexGaiLOJyM6hAa5ocxceIJnBumlrGAWeestG9lzjRwnWLjcdxo5KJA5j36dzNKI5e/faMZ++lMaAdPbNd3IxUnpGcnCgD2c8DTqlcu3xQBZgV0OBvHyNBQIQ0JaJefUs4cFAceIg7K1F+aZMeTPLPlNI4nG3BxWJlxCfuLnuFJAGXRQh6So6QIq7Ny8Ev6H;4:VNAQUB0/SMQr7pX3rlxzT6qIncuUBK057/8fJ6xn6jIcnyL3Ih9r23I1Mm/pPl2D+1Is8i3Px51XzQw4FBe96Sb6grPoj7+xye2w+ANPVGeOqp4CX44QB7iMID8YW6uNCSIVc20GrRd94959gFJIUWhTYyePCtbRxhL0sRMYVKtpUlpIA+dYm8/PWDMNh4wCK5mv5xrXuyWTFC5STR+M/RZ1nlyHSwvqVy6y9sK4MUfjotS21YjUM9rNX8Yb+XTszZ5pWjQSiSXE5ALuneq8gocAwRFWrLQL4SugEtDP/Ryhx2CVvvkvE8Q65PStf2vCiorsi4e62Gu6xRNKaBB2cohsqspyf4Io2rV2rptuokSiOkFYm8JZssEIf6Kgq0L1
X-Microsoft-Antispam-PRVS: <SN2PR0801MB5925F5B6570EF056C9BD63A98060@SN2PR0801MB592.namprd08.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(8121501046)(520078)(5005006)(3002001)(10201501046);SRVR:SN2PR0801MB592;BCL:0;PCL:0;RULEID:;SRVR:SN2PR0801MB592;
X-Forefront-PRVS: 0770F75EA9
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(6069001)(6009001)(189002)(199003)(86362001)(101416001)(36756003)(2351001)(59896002)(40100003)(50986999)(33656002)(575784001)(189998001)(230783001)(229853001)(47776003)(66066001)(65956001)(6116002)(5008740100001)(65806001)(4001430100002)(3846002)(64126003)(586003)(230700001)(77096005)(80316001)(42186005)(106356001)(5001960100002)(92566002)(87976001)(23676002)(4001350100001)(122386002)(87266999)(5004730100002)(50466002)(5007970100001)(105586002)(54356999)(97736004)(65816999)(110136002)(81156007)(107886002)(83506001);DIR:OUT;SFP:1102;SCL:1;SRVR:SN2PR0801MB592;H:localhost.localdomain;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjJQUjA4MDFNQjU5MjsyMzpaZmVHOUl6OWpXM1p3TVU0Q0VuWEtMRDRW?=
 =?utf-8?B?Ym9BZkVUUURqU0U0aDY2bVdVOU9QWmtQcWdMTnZlUmt5Y3VZODNtRjM4Vi82?=
 =?utf-8?B?T0dRVHcwSnVUNmZqaGprSksyU1NkYi9OYzZsUXk5Z0NLSzZaNjh5ZklhNnF6?=
 =?utf-8?B?aVRWYzRTWFdTRDJrYVdnY29DTEhpWXJ2MVJGellFVUxxRzdlWkpXckZITVlR?=
 =?utf-8?B?SUpML05QOVJPVGk1bTlnQ2NuMjVvamJkelNXTDl2VE1jcWRGelBGSE9adDJ5?=
 =?utf-8?B?ZzZzVDg4ZDBNVW5nTFRtN3RUSE8xNHlWL2EwNFR6SDduaE5uMU5jVzhIZEZR?=
 =?utf-8?B?RHFVUVFpQWJJbzFUQmdLcUNIYzY0S09HNXlnOGViRVoveU5pUTJTNllJQWhU?=
 =?utf-8?B?dCthd0NOMjJyeFdpSXFaT3RjTTBkYkNKTVBocEVGa3ozWSsxUmlyWTRaeHpu?=
 =?utf-8?B?cnJhYU9wZ054b2MyM0RoMnRaNkJzL05sL0YwTERkZ2xXSE5NM2NEMCsvaXFF?=
 =?utf-8?B?bTdPNWt6UkhYelo5S3BqZlcvNjkwbFVDUXlPOU4zU0FKcGowa2VYbWdLbUZ6?=
 =?utf-8?B?VUw3VkhOSFo5ZkFMYUJxL2tOd1Awd0tkck9pRmFGZ2lNbW5yWmtsZTFtcmJB?=
 =?utf-8?B?L3NjSS9kK01NdFJ1TEdKcUJPUXlwN0xkNEJyY3E0NEYzdFBSdFlXSzhKbWhU?=
 =?utf-8?B?ZnBaVWZ6dmNoQTl6aFVFNW91eG1oOVpJSG5mYkEyVmkwalYzNVZ2d0hsN0dN?=
 =?utf-8?B?ZjFrQkdtalJJM2JldmRIb21vYk5aQ3loMUNoTVBZazhWZWMra05aRjNOd2li?=
 =?utf-8?B?VG9EQytQN24zNFl0YkJWbzBUMGJzMVIycGtONGRqMEdFbHJqZmxCOXRjTVFp?=
 =?utf-8?B?WlZxaUJLS1hsVkI0ekZBN05hcTJKTHMvSlNxemVXdzd4ejhiUEduNTNSUlBl?=
 =?utf-8?B?RmRIbkVvWGFGUVMrbW1UWm5hSVNrSFkwMS91c2UvY1RzWktJdFVpdjF4cDZs?=
 =?utf-8?B?R3dCVlovc0hBVlFLdXhTQ09uM2tabS9QUW9Bb2FPRU1KaGV4Q3RJc0U0RTh1?=
 =?utf-8?B?NWdOb0NVMCtmY2lOVk1ZWE5RZGJoYUxwdFd0bEdJNGM0cmdTYWFXY0RYQkds?=
 =?utf-8?B?NGErOXp1T054dkRXM01vVTE3Z21ESkREbW5ZUjJMM3dsMkh1ZldJWTJqOU5s?=
 =?utf-8?B?djNJVmI3dGVGREZ6YVREM0ovc1ZzbTFxZVg1QW55V1FKb20wWXBKQ2hOcXcr?=
 =?utf-8?B?YXAxY3BCL3k5WnF3cWJFUTQ5WHlqT3RYdHNMM3c0cVBRblRSWjZaSERYYkpZ?=
 =?utf-8?B?VkYrbEU0a052SEdTcXB4Zk1uVXdXcGNKdnJhdzFpbjkybm9jS0kzQWVrSkhr?=
 =?utf-8?B?WjMrYm9wWEVUNjZDQnJSYUtIM21zRElmVXRJRjZHN2pzcWlVam9PdkhxeE9u?=
 =?utf-8?B?cE1WZStIdERmcTVDSU5rTnVhNUJ0TmNDRXJKakJPRk9rSlpsWmpLUWFrT2pQ?=
 =?utf-8?B?Rzl2TFdKRjJGa1Z4Y2wvSVFWUmFENVhTV2F3VytNNFZYd3F1dytQZWMwdVVG?=
 =?utf-8?B?UVRTdGJLNFdqUGhLdFZ4VXNWN2ovTnZqWlA4YzVoSC9sa3c5VkRraWx5ajZ0?=
 =?utf-8?B?MTVkS2VGSmtIbVp6QStKcG1BUklOYjVyQVF0UGlMZys1ZWJZQnJRL3RUVU5G?=
 =?utf-8?Q?nSwvIzs8OnkXbZRYGLwpKbbNPJMPlzxOErhWksMU?=
X-Microsoft-Exchange-Diagnostics: 1;SN2PR0801MB592;5:ifzC+t+GRm7uKxjsg2YV+6xheJh5WNsRmQ15hgWg0WZrwynlQY4irOhYsN5uMzKfB/4rYcN5TxFcKCON/S3Thzzujj684nhb4sg5rZsHnlqjTAMrI/BKuDOnAf0Np1J50GUjUsLzMNc+EGdakmxSUw==;24:lRjRfJL3AuYHgf1zGetIWtZA5BEk1RZOQj3O46tnQ95+6Kkm0Os7Dm3ME0gbjyXgC6OpFxuebmYBPQ5PS+12971PP1+loFm6Qr2xRMQV5rU=;20:1mnjVIludok450g9B/rLKU4iLuzwZ7DX88D/rr8oYSx2ptw5MobxYK/QbLbP7mvrLiI0YzdEzE4cHee+wI+XOlChCN8aam/0Sj/Ve5OvLTRktO+HwD1ieGcDZMj8XSNK1MAucIhTE9rEUXSAvRc0XENeO+M6mwMfK7eDJRkX9S8=
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: stratus.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2015 00:59:57.0048 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR0801MB592
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 8460
Lines: 152

Hi Thomas,

I've been chasing down a use-after-free on an irq_desc structure during
repeated device removal testing that crashes 4.3 in
smp_irq_move_cleanup_interrupt.  So far I have a bunch of crashes and some
data gleaned from instrumenting the kernel with trace logging.  Details to
follow, but in short, I think I'm hitting the use-after-free because of
a782a7e46bb5 "x86/irq: Store irq descriptor in vector array".

During the tests, I usually see RCU stalls (sometimes a crash later) --
when looking at a vmcore, the CPU stall is here:

  crash> bt ffff881038ee4200
  PID: 0      TASK: ffff881038ee4200  CPU: 1   COMMAND: "swapper/1"
      [exception RIP: _raw_spin_lock+0x10]
      RIP: ffffffff81672a10  RSP: ffff88103f843f70  RFLAGS: 00000046
      RAX: 0000000000000000  RBX: 0000000000000091  RCX: 0000000000000001
      RDX: 0000000000000001  RSI: 0000000000000001  RDI: ffffffff81d36a88
      RBP: ffff88103f843fa8   R8: 0000000000000101   R9: 0000000000000f78
      R10: 0000000000100000  R11: ffff8810384ccf8c  R12: 0000000000000091
      R13: ffff88102a819794  R14: 000000000000b5e8  R15: ffff88102a8196f8
      CS: 0010  SS: 0018
   #0 [ffff88103f843f70] smp_irq_move_cleanup_interrupt at ffffffff8105319b
   #1 [ffff88103f843fb0] irq_move_cleanup_interrupt at ffffffff81673a04
  --- <IRQ stack> ---
   #2 [ffff881038f0fd90] irq_move_cleanup_interrupt at ffffffff81673a04
      [exception RIP: unknown or invalid address]
      RIP: 000000000000001d  RSP: 0000000000000000  RFLAGS: ffff881038f10000
      RAX: 0000000000000001  RBX: ffff881038f0c000  RCX: 0000000000000005
      RDX: 00000000000a087a  RSI: 0000000000051ca2  RDI: 0000000000000018
      RBP: ffff88103f84f100   R8: ffff881038f0fea0   R9: ffffe8f000042378
      R10: 0000000000000002  R11: 000000ee954efd02  R12: ffffffff810e5060
      R13: ffff881038f0fdc8  R14: ffff88103f84f500  R15: ffff88103f84f100
      ORIG_RAX: ffff88103f856c40  CS: 8000a044  SS: ffffffffffffffdf
  bt: WARNING: possibly bogus exception frame
   #3 [ffff881038f0fe38] cpuidle_enter_state at ffffffff8151e278
   #4 [ffff881038f0fea8] cpuidle_enter at ffffffff8151e417
   #5 [ffff881038f0feb8] call_cpuidle at ffffffff810bef42
   #6 [ffff881038f0fed0] cpu_startup_entry at ffffffff810bf1dc
   #7 [ffff881038f0ff28] start_secondary at ffffffff8104e9e0

The irq_desc is in R15: ffff88102a8196f8

  crash> kmem ffff88102a8196f8
  CACHE            NAME                 OBJSIZE  ALLOCATED     TOTAL  SLABS  SSIZE
  ffff88103f408c80 kmalloc-512              512       5292      5460    140    32k
    SLAB              MEMORY            NODE  TOTAL  ALLOCATED  FREE
    ffffea0040aa0600  ffff88102a818000     0     39         17    22
    FREE / [ALLOCATED]
     ffff88102a8196f8  

        PAGE         PHYSICAL      MAPPING       INDEX CNT FLAGS
  ffffea0040aa0640 102a819000                0        0  0 2fffff80008000 tail

This irq_desc is no longer allocated, it's been filled with the slub debug
poison pattern (hence the spinlock is stuck):

  crash> rd ffff88102a8196f8 0x28
  ffff88102a8196f8:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819708:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819718:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819728:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819738:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819748:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819758:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819768:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819778:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819788:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819798:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a8197a8:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a8197b8:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a8197c8:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a8197d8:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a8197e8:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a8197f8:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819808:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819818:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk
  ffff88102a819828:  6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b6b   kkkkkkkkkkkkkkkk

The irq vector is in RBX: 0000000000000091

  crash> p/d 0x91
  $1 = 145

The irq_desc_tree entry for vector 0x91 appears to have been updated to
something new (the device re-add):

  crash> tree -t radix irq_desc_tree -s irq_desc | grep 'irq = 0x91' -B11 | grep -e '^ffff' -e 'irq ='
  ffff88102fb144e8
      irq = 0x91,

But from a custom crash gdb script, the freed irq_desc can still be found
in CPU 1's vector_irq[145]:

  cpu[1] vector_irq[145] irq_desc @ 0xffff88102a8196f8

Sifting through a heavily grepped and abbreviated trace log:

  - The irq moved from CPU 1, vector 145 to CPU 44, vector 134 
  - Both CPUs skip cleaning up their vector_irq[] entries for this irq
    because data->move_in_progress is set (is this normal?)
  - The irq moves again to CPU 34, vector 123
  - The underlying device is removed @ 593.106514 jiffies
  - The irq_desc is freed @ 593.239879 jiffies
  - CPU 1 is last heard from @ 1022.830083 jiffies

  [001]    22.936764: __assign_irq_vector : cpu 44 : vector=134 -> 0xffff88102a8196f8
  [044]    35.209945: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=134 0xffff88102a8196f8
  [001]    35.212370: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=145 0xffff88102a8196f8
  [044]    35.674114: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=134 0xffff88102a8196f8
  [001]    35.675395: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=145 0xffff88102a8196f8
  [044]    36.265716: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=134 0xffff88102a8196f8
  [044]    36.517785: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=134 0xffff88102a8196f8
  [001]    36.520115: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=145 0xffff88102a8196f8
  [001]    54.636651: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=145 0xffff88102a8196f8
  [001]    54.636722: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=145 0xffff88102a8196f8
  [044]    61.670267: __assign_irq_vector : cpu 34 : vector=123 -> 0xffff88102a8196f8
  [001]    61.670979: smp_irq_move_cleanup_interrupt : data->move_in_progress : vector=145 0xffff88102a8196f8
  [044]    61.696120: smp_irq_move_cleanup_interrupt : cpu (this) : vector=134 0xffff88102a8196f8 -> (nil)
  [034]    69.086107: smp_irq_move_cleanup_interrupt : vector == data->cfg.vector && ... : vector=123 0xffff88102a8196f8
  [000]   593.239811: clear_irq_vector : 1 : cpu 34 : vector=123 0xffff88102a8196f8 -> (nil)
  [000]   593.239879: free_desc : desc @ 0xffff88102a8196f8
  [001]  1022.830083: smp_irq_move_cleanup_interrupt : IS_ERR_OR_NULL : vector=144 (nil)

  crash> log | grep 'mpt3sas[0-9]*: _scsih_remove$'
  [  291.658410] mpt3sas0: _scsih_remove
  [  593.106514] mpt3sas1: _scsih_remove           << free_desc
  [  874.345239] mpt3sas3: _scsih_remove

Prior to a782a7e46bb5 "x86/irq: Store irq descriptor in vector array", the
vector_irq array held irq values, those interested in the irq_desc would
have to perform their own irq_to_desc() (ie, a radix_tree_lookup of the
irq_desc_tree).  The radix tree is updated in free_desc(), so any
subsequent lookups would fail.

After the change though, I'm not so sure that direct access to the
irq_desc is safe -- I couldn't figure out anything preventing
use-after-free (the sparse_irq_lock and the vector_lock seem to protect
their respective data-structures, but not the dual-use of the irq_desc's
by both the irq_desc_tree and the per-cpu vector_irq[].)

Hopefully this is on the right track -- I can modify the trace logging or
run other tests if there is additional information that would be helpful.

Regards,

-- Joe
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/