1. 19 6月, 2017 1 次提交
    • H
      mm: larger stack guard gap, between vmas · 1be7107f
      Hugh Dickins 提交于
      Stack guard page is a useful feature to reduce a risk of stack smashing
      into a different mapping. We have been using a single page gap which
      is sufficient to prevent having stack adjacent to a different mapping.
      But this seems to be insufficient in the light of the stack usage in
      userspace. E.g. glibc uses as large as 64kB alloca() in many commonly
      used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX]
      which is 256kB or stack strings with MAX_ARG_STRLEN.
      
      This will become especially dangerous for suid binaries and the default
      no limit for the stack size limit because those applications can be
      tricked to consume a large portion of the stack and a single glibc call
      could jump over the guard page. These attacks are not theoretical,
      unfortunatelly.
      
      Make those attacks less probable by increasing the stack guard gap
      to 1MB (on systems with 4k pages; but make it depend on the page size
      because systems with larger base pages might cap stack allocations in
      the PAGE_SIZE units) which should cover larger alloca() and VLA stack
      allocations. It is obviously not a full fix because the problem is
      somehow inherent, but it should reduce attack space a lot.
      
      One could argue that the gap size should be configurable from userspace,
      but that can be done later when somebody finds that the new 1MB is wrong
      for some special case applications.  For now, add a kernel command line
      option (stack_guard_gap) to specify the stack gap size (in page units).
      
      Implementation wise, first delete all the old code for stack guard page:
      because although we could get away with accounting one extra page in a
      stack vma, accounting a larger gap can break userspace - case in point,
      a program run with "ulimit -S -v 20000" failed when the 1MB gap was
      counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK
      and strict non-overcommit mode.
      
      Instead of keeping gap inside the stack vma, maintain the stack guard
      gap as a gap between vmas: using vm_start_gap() in place of vm_start
      (or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few
      places which need to respect the gap - mainly arch_get_unmapped_area(),
      and and the vma tree's subtree_gap support for that.
      Original-patch-by: NOleg Nesterov <oleg@redhat.com>
      Original-patch-by: NMichal Hocko <mhocko@suse.com>
      Signed-off-by: NHugh Dickins <hughd@google.com>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Tested-by: Helge Deller <deller@gmx.de> # parisc
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      1be7107f
  2. 09 6月, 2017 2 次提交
    • P
      rcu: Remove *_SLOW_* Kconfig options · 90040c9e
      Paul E. McKenney 提交于
      The RCU_TORTURE_TEST_SLOW_PREINIT, RCU_TORTURE_TEST_SLOW_PREINIT_DELAY,
      RCU_TORTURE_TEST_SLOW_PREINIT_DELAY, RCU_TORTURE_TEST_SLOW_INIT,
      RCU_TORTURE_TEST_SLOW_INIT_DELAY, RCU_TORTURE_TEST_SLOW_CLEANUP,
      and RCU_TORTURE_TEST_SLOW_CLEANUP_DELAY Kconfig options are only
      useful for torture testing, and there are the rcutree.gp_cleanup_delay,
      rcutree.gp_init_delay, and rcutree.gp_preinit_delay kernel boot parameters
      that rcutorture can use instead.  The effect of these parameters is to
      artificially slow down grace period initialization and cleanup in order
      to make some types of race conditions happen more often.
      
      This commit therefore simplifies Tree RCU a bit by removing the Kconfig
      options and adding the corresponding kernel parameters to rcutorture's
      .boot files instead.  However, this commit also leaves out the kernel
      parameters for TREE02, TREE04, and TREE07 in order to have about the
      same number of tests slowed as not slowed.  TREE01, TREE03, TREE05,
      and TREE06 are slowed, and the rest are not slowed.
      Reported-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      90040c9e
    • P
      srcu: Prevent sdp->srcu_gp_seq_needed counter wrap · c350c008
      Paul E. McKenney 提交于
      If a given CPU never happens to ever start an SRCU grace period, the
      grace-period sequence counter might wrap.  If this CPU were to decide to
      finally start a grace period, the state of its sdp->srcu_gp_seq_needed
      might make it appear that it has already requested this grace period,
      which would prevent starting the grace period.  If no other CPU ever started
      a grace period again, this would look like a grace-period hang.  Even
      if some other CPU took pity and started the needed grace period, the
      leaf rcu_node structure's ->srcu_data_have_cbs field won't have record
      of the fact that this CPU has a callback pending, which would look like
      a very localized grace-period hang.
      
      This might seem very unlikely, but SRCU grace periods can take less than
      a microsecond on small systems, which means that overflow can happen
      in much less than an hour on a 32-bit embedded system.  And embedded
      systems are especially likely to have long-term idle CPUs.  Therefore,
      it makes sense to prevent this scenario from happening.
      
      This commit therefore scans each srcu_data structure occasionally,
      with frequency controlled by the srcutree.counter_wrap_check kernel
      boot parameter.  This parameter can be set to something like 255
      in order to exercise the counter-wrap-prevention code.
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      c350c008
  3. 08 6月, 2017 2 次提交
    • P
      rcuperf: Add writer_holdoff boot parameter · 820687a7
      Paul E. McKenney 提交于
      This commit adds a writer_holdoff boot parameter to rcuperf, which is
      intended to be used to test Tree SRCU's auto-expediting.  This
      boot parameter is in microseconds, and defaults to zero (that is,
      disabled).  Set it to a bit larger than srcutree.exp_holdoff,
      keeping the nanosecond/microsecond conversion, to force Tree SRCU
      to auto-expedite more aggressively.
      
      This commit also adds documentation for this parameter, and fixes some
      alphabetization while in the neighborhood.
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      820687a7
    • P
      rcuperf: Add ability to performance-test call_rcu() and friends · 881ed593
      Paul E. McKenney 提交于
      This commit upgrades rcuperf so that it can do performance testing on
      asynchronous grace-period primitives such as call_srcu().  There is
      a new rcuperf.gp_async module parameter that specifies this new behavior,
      with the pre-existing rcuperf.gp_exp testing expedited grace periods such as
      synchronize_rcu_expedited, and with the default being to test synchronous
      non-expedited grace periods such as synchronize_rcu().
      
      There is also a new rcuperf.gp_async_max module parameter that specifies
      the maximum number of outstanding callbacks per writer kthread, defaulting
      to 1,000.  When this limit is exceeded, the writer thread invokes the
      appropriate flavor of rcu_barrier() to wait for callbacks to drain.
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      [ paulmck: Removed the redundant initialization noted by Arnd Bergmann. ]
      881ed593
  4. 01 6月, 2017 1 次提交
  5. 10 5月, 2017 1 次提交
  6. 01 5月, 2017 1 次提交
  7. 27 4月, 2017 2 次提交
    • P
      srcu: Specify auto-expedite holdoff time · 22607d66
      Paul E. McKenney 提交于
      On small systems, in the absence of readers, expedited SRCU grace
      periods can complete in less than a microsecond.  This means that an
      eight-CPU system can have all CPUs doing synchronize_srcu() in a tight
      loop and almost always expedite.  This might actually be desirable in
      some situations, but in general it is a good way to needlessly burn
      CPU cycles.  And in those situations where it is desirable, your friend
      is the function synchronize_srcu_expedited().
      
      For other situations, this commit adds a kernel parameter that specifies
      a holdoff between completing the last SRCU grace period and auto-expediting
      the next.  If the next grace period starts before the holdoff expires,
      auto-expediting is disabled.  The holdoff is 50 microseconds by default,
      and can be tuned to the desired number of nanoseconds.  A value of zero
      disables auto-expediting.
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Tested-by: NMike Galbraith <efault@gmx.de>
      22607d66
    • S
      x86, iommu/vt-d: Add an option to disable Intel IOMMU force on · bfd20f1c
      Shaohua Li 提交于
      IOMMU harms performance signficantly when we run very fast networking
      workloads. It's 40GB networking doing XDP test. Software overhead is
      almost unaware, but it's the IOTLB miss (based on our analysis) which
      kills the performance. We observed the same performance issue even with
      software passthrough (identity mapping), only the hardware passthrough
      survives. The pps with iommu (with software passthrough) is only about
      ~30% of that without it. This is a limitation in hardware based on our
      observation, so we'd like to disable the IOMMU force on, but we do want
      to use TBOOT and we can sacrifice the DMA security bought by IOMMU. I
      must admit I know nothing about TBOOT, but TBOOT guys (cc-ed) think not
      eabling IOMMU is totally ok.
      
      So introduce a new boot option to disable the force on. It's kind of
      silly we need to run into intel_iommu_init even without force on, but we
      need to disable TBOOT PMR registers. For system without the boot option,
      nothing is changed.
      Signed-off-by: NShaohua Li <shli@fb.com>
      Signed-off-by: NJoerg Roedel <jroedel@suse.de>
      bfd20f1c
  8. 21 4月, 2017 1 次提交
  9. 06 4月, 2017 1 次提交
    • W
      iommu: Allow default domain type to be set on the kernel command line · fccb4e3b
      Will Deacon 提交于
      The IOMMU core currently initialises the default domain for each group
      to IOMMU_DOMAIN_DMA, under the assumption that devices will use
      IOMMU-backed DMA ops by default. However, in some cases it is desirable
      for the DMA ops to bypass the IOMMU for performance reasons, reserving
      use of translation for subsystems such as VFIO that require it for
      enforcing device isolation.
      
      Rather than modify each IOMMU driver to provide different semantics for
      DMA domains, instead we introduce a command line parameter that can be
      used to change the type of the default domain. Passthrough can then be
      specified using "iommu.passthrough=1" on the kernel command line.
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      fccb4e3b
  10. 01 4月, 2017 1 次提交
  11. 28 3月, 2017 1 次提交
    • B
      RAS: Add a Corrected Errors Collector · 011d8261
      Borislav Petkov 提交于
      Introduce a simple data structure for collecting correctable errors
      along with accessors. More detailed description in the code itself.
      
      The error decoding is done with the decoding chain now and
      mce_first_notifier() gets to see the error first and the CEC decides
      whether to log it and then the rest of the chain doesn't hear about it -
      basically the main reason for the CE collector - or to continue running
      the notifiers.
      
      When the CEC hits the action threshold, it will try to soft-offine the
      page containing the ECC and then the whole decoding chain gets to see
      the error.
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-edac <linux-edac@vger.kernel.org>
      Link: http://lkml.kernel.org/r/20170327093304.10683-5-bp@alien8.deSigned-off-by: NIngo Molnar <mingo@kernel.org>
      011d8261
  12. 21 3月, 2017 1 次提交
  13. 06 3月, 2017 2 次提交
  14. 03 3月, 2017 1 次提交
  15. 23 2月, 2017 1 次提交
    • T
      slub: make sysfs directories for memcg sub-caches optional · 1663f26d
      Tejun Heo 提交于
      SLUB creates a per-cache directory under /sys/kernel/slab which hosts a
      bunch of debug files.  Usually, there aren't that many caches on a
      system and this doesn't really matter; however, if memcg is in use, each
      cache can have per-cgroup sub-caches.  SLUB creates the same directories
      for these sub-caches under /sys/kernel/slab/$CACHE/cgroup.
      
      Unfortunately, because there can be a lot of cgroups, active or
      draining, the product of the numbers of caches, cgroups and files in
      each directory can reach a very high number - hundreds of thousands is
      commonplace.  Millions and beyond aren't difficult to reach either.
      
      What's under /sys/kernel/slab is primarily for debugging and the
      information and control on the a root cache already cover its
      sub-caches.  While having a separate directory for each sub-cache can be
      helpful for development, it doesn't make much sense to pay this amount
      of overhead by default.
      
      This patch introduces a boot parameter slub_memcg_sysfs which determines
      whether to create sysfs directories for per-memcg sub-caches.  It also
      adds CONFIG_SLUB_MEMCG_SYSFS_ON which determines the boot parameter's
      default value and defaults to 0.
      
      [akpm@linux-foundation.org: kset_unregister(NULL) is legal]
      Link: http://lkml.kernel.org/r/20170204145203.GB26958@mtj.duckdns.orgSigned-off-by: NTejun Heo <tj@kernel.org>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      1663f26d
  16. 16 2月, 2017 1 次提交
    • T
      x86/platform/goldfish: Prevent unconditional loading · 47512cfd
      Thomas Gleixner 提交于
      The goldfish platform code registers the platform device unconditionally
      which causes havoc in several ways if the goldfish_pdev_bus driver is
      enabled:
      
       - Access to the hardcoded physical memory region, which is either not
         available or contains stuff which is completely unrelated.
      
       - Prevents that the interrupt of the serial port can be requested
      
       - In case of a spurious interrupt it goes into a infinite loop in the
         interrupt handler of the pdev_bus driver (which needs to be fixed
         seperately).
      
      Add a 'goldfish' command line option to make the registration opt-in when
      the platform is compiled in.
      
      I'm seriously grumpy about this engineering trainwreck, which has seven
      SOBs from Intel developers for 50 lines of code. And none of them figured
      out that this is broken. Impressive fail!
      
      Fixes: ddd70cf9 ("goldfish: platform device for x86")
      Reported-by: NGabriel C <nix.or.die@gmail.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: stable@vger.kernel.org
      Acked-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      47512cfd
  17. 08 2月, 2017 1 次提交
  18. 04 2月, 2017 1 次提交
  19. 16 1月, 2017 1 次提交
  20. 15 1月, 2017 1 次提交
  21. 12 1月, 2017 1 次提交
  22. 27 12月, 2016 1 次提交
  23. 21 12月, 2016 1 次提交
  24. 19 12月, 2016 1 次提交
    • G
      swiotlb: Add swiotlb=noforce debug option · fff5d992
      Geert Uytterhoeven 提交于
      On architectures like arm64, swiotlb is tied intimately to the core
      architecture DMA support. In addition, ZONE_DMA cannot be disabled.
      
      To aid debugging and catch devices not supporting DMA to memory outside
      the 32-bit address space, add a kernel command line option
      "swiotlb=noforce", which disables the use of bounce buffers.
      If specified, trying to map memory that cannot be used with DMA will
      fail, and a rate-limited warning will be printed.
      
      Note that io_tlb_nslabs is set to 1, which is the minimal supported
      value.
      Signed-off-by: NGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      fff5d992
  25. 02 12月, 2016 1 次提交
  26. 03 11月, 2016 1 次提交
  27. 28 10月, 2016 1 次提交
    • J
      docs: Clean up and organize the admin guide a bit · 7358bb2f
      Jonathan Corbet 提交于
      The admin guide is a good start, but it's time to turn it into something
      better than an unordered blob of files.  This is a first step in that
      direction.  The TOC has been split up and annotated, the guides have been
      reordered, and minor tweaks have been applied to a few of them.
      
      One consequence of splitting up the TOC is that we don't really want to use
      :numbered: anymore, since the count resets every time and there doesn't
      seem to be a way to change that.  Eventually we probably want to group the
      documents into sub-books, at which point we can go back to a single TOC,
      but it's probably early to do that.
      Reviewed-by: NMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: NJonathan Corbet <corbet@lwn.net>
      7358bb2f
  28. 24 10月, 2016 3 次提交
  29. 18 10月, 2016 1 次提交
  30. 12 10月, 2016 2 次提交
    • M
      Input: i8042 - skip selftest on ASUS laptops · 930e1924
      Marcos Paulo de Souza 提交于
      On suspend/resume cycle, selftest is executed to reset i8042 controller.
      But when this is done in Asus devices, subsequent calls to detect/init
      functions to elantech driver fails. Skipping selftest fixes this problem.
      
      An easier step to reproduce this problem is adding i8042.reset=1 as a
      kernel parameter. On Asus laptops, it'll make the system to start with the
      touchpad already stuck, since psmouse_probe forcibly calls the selftest
      function.
      
      This patch was inspired by John Hiesey's change[1], but, since this problem
      affects a lot of models of Asus, let's avoid running selftests on them.
      
      All models affected by this problem:
      A455LD
      K401LB
      K501LB
      K501LX
      R409L
      V502LX
      X302LA
      X450LCP
      X450LD
      X455LAB
      X455LDB
      X455LF
      Z450LA
      
      [1]: https://marc.info/?l=linux-input&m=144312209020616&w=2
      
      Fixes: "ETPS/2 Elantech Touchpad dies after resume from suspend"
      (https://bugzilla.kernel.org/show_bug.cgi?id=107971)
      Signed-off-by: NMarcos Paulo de Souza <marcos.souza.org@gmail.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>
      930e1924
    • N
      lib/bitmap.c: enhance bitmap syntax · 2d13e6ca
      Noam Camus 提交于
      Today there are platforms with many CPUs (up to 4K).  Trying to boot only
      part of the CPUs may result in too long string.
      
      For example lets take NPS platform that is part of arch/arc.  This
      platform have SMP system with 256 cores each with 16 HW threads (SMT
      machine) where HW thread appears as CPU to the kernel.  In this example
      there is total of 4K CPUs.  When one tries to boot only part of the HW
      threads from each core the string representing the map may be long...  For
      example if for sake of performance we decided to boot only first half of
      HW threads of each core the map will look like:
      0-7,16-23,32-39,...,4080-4087
      
      This patch introduce new syntax to accommodate with such use case.  I
      added an optional postfix to a range of CPUs which will choose according
      to given modulo the desired range of reminders i.e.:
      
          <cpus range>:sed_size/group_size
      
      For example, above map can be described in new syntax like this:
      0-4095:8/16
      
      Note that this patch is backward compatible with current syntax.
      
      [akpm@linux-foundation.org: rework documentation]
      Link: http://lkml.kernel.org/r/1473579629-4283-1-git-send-email-noamca@mellanox.comSigned-off-by: NNoam Camus <noamca@mellanox.com>
      Cc: David Decotigny <decot@googlers.com>
      Cc: Ben Hutchings <ben@decadent.org.uk>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Pan Xinhui <xinhui@linux.vnet.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2d13e6ca
  31. 27 9月, 2016 2 次提交
  32. 24 9月, 2016 1 次提交
    • S
      arm64: arch_timer: Work around QorIQ Erratum A-008585 · f6dc1576
      Scott Wood 提交于
      Erratum A-008585 says that the ARM generic timer counter "has the
      potential to contain an erroneous value for a small number of core
      clock cycles every time the timer value changes".  Accesses to TVAL
      (both read and write) are also affected due to the implicit counter
      read.  Accesses to CVAL are not affected.
      
      The workaround is to reread TVAL and count registers until successive
      reads return the same value.  Writes to TVAL are replaced with an
      equivalent write to CVAL.
      
      The workaround is to reread TVAL and count registers until successive reads
      return the same value, and when writing TVAL to retry until counter
      reads before and after the write return the same value.
      
      The workaround is enabled if the fsl,erratum-a008585 property is found in
      the timer node in the device tree.  This can be overridden with the
      clocksource.arm_arch_timer.fsl-a008585 boot parameter, which allows KVM
      users to enable the workaround until a mechanism is implemented to
      automatically communicate this information.
      
      This erratum can be found on LS1043A and LS2080A.
      Acked-by: NMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: NScott Wood <oss@buserror.net>
      [will: renamed read macro to reflect that it's not usually unstable]
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      f6dc1576