1. 28 9月, 2012 20 次提交
    • P
      drivers/virtio/virtio_pci.c: fix error return code · 74a74b37
      Peter Senna Tschudin 提交于
      Convert a nonnegative error return code to a negative one, as returned
      elsewhere in the function.
      
      A simplified version of the semantic match that finds this problem is as
      follows: (http://coccinelle.lip6.fr/)
      
      // <smpl>
      (
      if@p1 (\(ret < 0\|ret != 0\))
       { ... return ret; }
      |
      ret@p1 = 0
      )
      ... when != ret = e1
          when != &ret
      *if(...)
      {
        ... when != ret = e2
            when forall
       return ret;
      }
      // </smpl>
      Signed-off-by: NPeter Senna Tschudin <peter.senna@gmail.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      74a74b37
    • M
      virtio: don't crash when device is buggy · 5543a6ac
      Michael S. Tsirkin 提交于
      Because of a sanity check in virtio_dev_remove, a buggy device can crash
      kernel.  And in case of rproc it's userspace so it's not a good idea.
      We are unloading a driver so how bad can it be?
      Be less aggressive in handling this error: if it's a driver bug,
      warning once should be enough.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      5543a6ac
    • R
      virtio: remove CONFIG_VIRTIO_RING · eccbb05a
      Rusty Russell 提交于
      Everyone who selects VIRTIO is also made to select VIRTIO_RING; just make
      them synonymous, since we removed the indirection layer some time ago.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      eccbb05a
    • R
      virtio: add help to CONFIG_VIRTIO option. · 387daf17
      Rusty Russell 提交于
      Trying to enable a virtio driver (eg CONFIG_VIRTIO_BLK) is painful
      because it depends on CONFIG_VIRTIO.  CONFIG_VIRTIO doesn't tell you
      how to turn it on (it's selected from anything which provides a virtio
      bus).
      
      This patch at least adds some documentation, visible in menuconfig, as
      a hint.
      Reported-by: NKent Overstreet <koverstreet@google.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      387daf17
    • M
      virtio: support reserved vqs · 6457f126
      Michael S. Tsirkin 提交于
      virtio network device multiqueue support reserves
      vq 3 for future use (useful both for future extensions and to make it
      pretty - this way receive vqs have even and transmit - odd numbers).
      Make it possible to skip initialization for
      specific vq numbers by specifying NULL for name.
      Document this usage as well as (existing) NULL callback.
      
      Drivers using this not coded up yet, so I simply tested
      with virtio-pci and verified that this patch does
      not break existing drivers.
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      6457f126
    • J
      virtio: introduce an API to set affinity for a virtqueue · 75a0a52b
      Jason Wang 提交于
      Sometimes, virtio device need to configure irq affinity hint to maximize the
      performance. Instead of just exposing the irq of a virtqueue, this patch
      introduce an API to set the affinity for a virtqueue.
      
      The api is best-effort, the affinity hint may not be set as expected due to
      platform support, irq sharing or irq type. Currently, only pci method were
      implemented and we set the affinity according to:
      
      - if device uses INTX, we just ignore the request
      - if device has per vq vector, we force the affinity hint
      - if the virtqueues share MSI, make the affinity OR over all affinities
        requested
      Signed-off-by: NJason Wang <jasowang@redhat.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      75a0a52b
    • J
      virtio-ring: move queue_index to vring_virtqueue · 17bb6d40
      Jason Wang 提交于
      Instead of storing the queue index in transport-specific virtio structs,
      this patch moves them to vring_virtqueue and introduces an helper to get
      the value.  This lets drivers simplify their management and tracing of
      virtqueues.
      Signed-off-by: NJason Wang <jasowang@redhat.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      17bb6d40
    • R
      virtio_balloon: not EXPERIMENTAL any more. · 7a23eb28
      Rusty Russell 提交于
      It is not experimental in any vaguely-sane sense.
      Reported-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      7a23eb28
    • M
      virtio-balloon: dependency fix · 04679f34
      Michael S. Tsirkin 提交于
      Devices should depend on virtio, not select it.  It's supposed to be
      selected by the particular driver, e.g. VIRTIO_PCI.
      Make balloon depend on VIRTIO and EXPERIMENTAL
      (to match description).
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      04679f34
    • D
      virtio-blk: fix NULL checking in virtblk_alloc_req() · f22cf8eb
      Dan Carpenter 提交于
      Smatch complains about the inconsistent NULL checking here.  Fix it to
      return NULL on failure.
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (fixed accidental deletion)
      f22cf8eb
    • A
      virtio-blk: Add REQ_FLUSH and REQ_FUA support to bio path · c85a1f91
      Asias He 提交于
      We need to support both REQ_FLUSH and REQ_FUA for bio based path since
      it does not get the sequencing of REQ_FUA into REQ_FLUSH that request
      based drivers can request.
      
      REQ_FLUSH is emulated by:
      A) If the bio has no data to write:
      1. Send VIRTIO_BLK_T_FLUSH to device,
      2. In the flush I/O completion handler, finish the bio
      
      B) If the bio has data to write:
      1. Send VIRTIO_BLK_T_FLUSH to device
      2. In the flush I/O completion handler, send the actual write data to device
      3. In the write I/O completion handler, finish the bio
      
      REQ_FUA is emulated by:
      1. Send the actual write data to device
      2. In the write I/O completion handler, send VIRTIO_BLK_T_FLUSH to device
      3. In the flush I/O completion handler, finish the bio
      
      Changes in v7:
      - Using vbr->flags to trace request type
      - Dropped unnecessary struct virtio_blk *vblk parameter
      - Reuse struct virtblk_req in bio done function
      
      Cahnges in v6:
      - Reworked REQ_FLUSH and REQ_FUA emulatation order
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Shaohua Li <shli@kernel.org>
      Cc: "Michael S. Tsirkin" <mst@redhat.com>
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Cc: virtualization@lists.linux-foundation.org
      Signed-off-by: NAsias He <asias@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      c85a1f91
    • A
      virtio-blk: Add bio-based IO path for virtio-blk · a98755c5
      Asias He 提交于
      This patch introduces bio-based IO path for virtio-blk.
      
      Compared to request-based IO path, bio-based IO path uses driver
      provided ->make_request_fn() method to bypasses the IO scheduler. It
      handles the bio to device directly without allocating a request in block
      layer. This reduces the IO path in guest kernel to achieve high IOPS
      and lower latency. The downside is that guest can not use the IO
      scheduler to merge and sort requests. However, this is not a big problem
      if the backend disk in host side uses faster disk device.
      
      When the bio-based IO path is not enabled, virtio-blk still uses the
      original request-based IO path, no performance difference is observed.
      
      Using a slow device e.g. normal SATA disk, the bio-based IO path for
      sequential read and write are slower than req-based IO path due to lack
      of merge in guest kernel. So we make the bio-based path optional.
      
      Performance evaluation:
      -----------------------------
      1) Fio test is performed in a 8 vcpu guest with ramdisk based guest using
      kvm tool.
      
      Short version:
       With bio-based IO path, sequential read/write, random read/write
       IOPS boost         : 28%, 24%, 21%, 16%
       Latency improvement: 32%, 17%, 21%, 16%
      
      Long version:
       With bio-based IO path:
        seq-read  : io=2048.0MB, bw=116996KB/s, iops=233991 , runt= 17925msec
        seq-write : io=2048.0MB, bw=100829KB/s, iops=201658 , runt= 20799msec
        rand-read : io=3095.7MB, bw=112134KB/s, iops=224268 , runt= 28269msec
        rand-write: io=3095.7MB, bw=96198KB/s,  iops=192396 , runt= 32952msec
          clat (usec): min=0 , max=2631.6K, avg=58716.99, stdev=191377.30
          clat (usec): min=0 , max=1753.2K, avg=66423.25, stdev=81774.35
          clat (usec): min=0 , max=2915.5K, avg=61685.70, stdev=120598.39
          clat (usec): min=0 , max=1933.4K, avg=76935.12, stdev=96603.45
        cpu : usr=74.08%, sys=703.84%, ctx=29661403, majf=21354, minf=22460954
        cpu : usr=70.92%, sys=702.81%, ctx=77219828, majf=13980, minf=27713137
        cpu : usr=72.23%, sys=695.37%, ctx=88081059, majf=18475, minf=28177648
        cpu : usr=69.69%, sys=654.13%, ctx=145476035, majf=15867, minf=26176375
       With request-based IO path:
        seq-read  : io=2048.0MB, bw=91074KB/s, iops=182147 , runt= 23027msec
        seq-write : io=2048.0MB, bw=80725KB/s, iops=161449 , runt= 25979msec
        rand-read : io=3095.7MB, bw=92106KB/s, iops=184211 , runt= 34416msec
        rand-write: io=3095.7MB, bw=82815KB/s, iops=165630 , runt= 38277msec
          clat (usec): min=0 , max=1932.4K, avg=77824.17, stdev=170339.49
          clat (usec): min=0 , max=2510.2K, avg=78023.96, stdev=146949.15
          clat (usec): min=0 , max=3037.2K, avg=74746.53, stdev=128498.27
          clat (usec): min=0 , max=1363.4K, avg=89830.75, stdev=114279.68
        cpu : usr=53.28%, sys=724.19%, ctx=37988895, majf=17531, minf=23577622
        cpu : usr=49.03%, sys=633.20%, ctx=205935380, majf=18197, minf=27288959
        cpu : usr=55.78%, sys=722.40%, ctx=101525058, majf=19273, minf=28067082
        cpu : usr=56.55%, sys=690.83%, ctx=228205022, majf=18039, minf=26551985
      
      2) Fio test is performed in a 8 vcpu guest with Fusion-IO based guest using
      kvm tool.
      
      Short version:
       With bio-based IO path, sequential read/write, random read/write
       IOPS boost         : 11%, 11%, 13%, 10%
       Latency improvement: 10%, 10%, 12%, 10%
      Long Version:
       With bio-based IO path:
        read : io=2048.0MB, bw=58920KB/s, iops=117840 , runt= 35593msec
        write: io=2048.0MB, bw=64308KB/s, iops=128616 , runt= 32611msec
        read : io=3095.7MB, bw=59633KB/s, iops=119266 , runt= 53157msec
        write: io=3095.7MB, bw=62993KB/s, iops=125985 , runt= 50322msec
          clat (usec): min=0 , max=1284.3K, avg=128109.01, stdev=71513.29
          clat (usec): min=94 , max=962339 , avg=116832.95, stdev=65836.80
          clat (usec): min=0 , max=1846.6K, avg=128509.99, stdev=89575.07
          clat (usec): min=0 , max=2256.4K, avg=121361.84, stdev=82747.25
        cpu : usr=56.79%, sys=421.70%, ctx=147335118, majf=21080, minf=19852517
        cpu : usr=61.81%, sys=455.53%, ctx=143269950, majf=16027, minf=24800604
        cpu : usr=63.10%, sys=455.38%, ctx=178373538, majf=16958, minf=24822612
        cpu : usr=62.04%, sys=453.58%, ctx=226902362, majf=16089, minf=23278105
       With request-based IO path:
        read : io=2048.0MB, bw=52896KB/s, iops=105791 , runt= 39647msec
        write: io=2048.0MB, bw=57856KB/s, iops=115711 , runt= 36248msec
        read : io=3095.7MB, bw=52387KB/s, iops=104773 , runt= 60510msec
        write: io=3095.7MB, bw=57310KB/s, iops=114619 , runt= 55312msec
          clat (usec): min=0 , max=1532.6K, avg=142085.62, stdev=109196.84
          clat (usec): min=0 , max=1487.4K, avg=129110.71, stdev=114973.64
          clat (usec): min=0 , max=1388.6K, avg=145049.22, stdev=107232.55
          clat (usec): min=0 , max=1465.9K, avg=133585.67, stdev=110322.95
        cpu : usr=44.08%, sys=590.71%, ctx=451812322, majf=14841, minf=17648641
        cpu : usr=48.73%, sys=610.78%, ctx=418953997, majf=22164, minf=26850689
        cpu : usr=45.58%, sys=581.16%, ctx=714079216, majf=21497, minf=22558223
        cpu : usr=48.40%, sys=599.65%, ctx=656089423, majf=16393, minf=23824409
      
      3) Fio test is performed in a 8 vcpu guest with normal SATA based guest
      using kvm tool.
      
      Short version:
       With bio-based IO path, sequential read/write, random read/write
       IOPS boost         : -10%, -10%, 4.4%, 0.5%
       Latency improvement: -12%, -15%, 2.5%, 0.8%
      Long Version:
       With bio-based IO path:
        read : io=124812KB, bw=36537KB/s, iops=9060 , runt=  3416msec
        write: io=169180KB, bw=24406KB/s, iops=6065 , runt=  6932msec
        read : io=256200KB, bw=2089.3KB/s, iops=520 , runt=122630msec
        write: io=257988KB, bw=1545.7KB/s, iops=384 , runt=166910msec
          clat (msec): min=1 , max=1527 , avg=28.06, stdev=89.54
          clat (msec): min=2 , max=344 , avg=41.12, stdev=38.70
          clat (msec): min=8 , max=1984 , avg=490.63, stdev=207.28
          clat (msec): min=33 , max=4131 , avg=659.19, stdev=304.71
        cpu          : usr=4.85%, sys=17.15%, ctx=31593, majf=0, minf=7
        cpu          : usr=3.04%, sys=11.45%, ctx=39377, majf=0, minf=0
        cpu          : usr=0.47%, sys=1.59%, ctx=262986, majf=0, minf=16
        cpu          : usr=0.47%, sys=1.46%, ctx=337410, majf=0, minf=0
      
       With request-based IO path:
        read : io=150120KB, bw=40420KB/s, iops=10037 , runt=  3714msec
        write: io=194932KB, bw=27029KB/s, iops=6722 , runt=  7212msec
        read : io=257136KB, bw=2001.1KB/s, iops=498 , runt=128443msec
        write: io=258276KB, bw=1537.2KB/s, iops=382 , runt=168028msec
          clat (msec): min=1 , max=1542 , avg=24.84, stdev=32.45
          clat (msec): min=3 , max=628 , avg=35.62, stdev=39.71
          clat (msec): min=8 , max=2540 , avg=503.28, stdev=236.97
          clat (msec): min=41 , max=4398 , avg=653.88, stdev=302.61
        cpu          : usr=3.91%, sys=15.75%, ctx=26968, majf=0, minf=23
        cpu          : usr=2.50%, sys=10.56%, ctx=19090, majf=0, minf=0
        cpu          : usr=0.16%, sys=0.43%, ctx=20159, majf=0, minf=16
        cpu          : usr=0.18%, sys=0.53%, ctx=81364, majf=0, minf=0
      
      How to use:
      -----------------------------
      Add 'virtio_blk.use_bio=1' to kernel cmdline or 'modprobe virtio_blk
      use_bio=1' to enable ->make_request_fn() based I/O path.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Shaohua Li <shli@kernel.org>
      Cc: "Michael S. Tsirkin" <mst@redhat.com>
      Cc: kvm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Cc: virtualization@lists.linux-foundation.org
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NMinchan Kim <minchan.kim@gmail.com>
      Signed-off-by: NAsias He <asias@redhat.com>
      Acked-by: NRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      a98755c5
    • A
      virtio: console: fix error handling in init() function · 33e1afc3
      Alexey Khoroshilov 提交于
      If register_virtio_driver() fails, virtio-ports class is not destroyed.
      The patch adds error handling of register_virtio_driver().
      
      Found by Linux Driver Verification project (linuxtesting.org).
      Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru>
      Acked-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      33e1afc3
    • Y
      tools: Fix pthread flag for Makefile of trace-agent used by virtio-trace · 5b8fa822
      Yoshihiro YUNOMAE 提交于
      pthread flag should not be -lpthread but -pthread using gcc. The -lpthread
      links the external multithread library. On the other hand, the -pthread manages
      both the gcc's preprocessor and linker to be able to compile with pthread.
      Signed-off-by: NYoshihiro YUNOMAE <yoshihiro.yunomae.ez@hitachi.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      5b8fa822
    • Y
      tools: Add guest trace agent as a user tool · 108fc825
      Yoshihiro YUNOMAE 提交于
      This patch adds a user tool, "trace agent" for sending trace data of a guest to
      a Host in low overhead. This agent has the following functions:
       - splice a page of ring-buffer to read_pipe without memory copying
       - splice the page from write_pipe to virtio-console without memory copying
       - write trace data to stdout by using -o option
       - controlled by start/stop orders from a Host
      
      Changes in v2:
       - Cleanup (change fprintf() to pr_err() and an include guard)
      Signed-off-by: NYoshihiro YUNOMAE <yoshihiro.yunomae.ez@hitachi.com>
      Acked-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      108fc825
    • M
      virtio/console: Allocate scatterlist according to the current pipe size · 8ca84a50
      Masami Hiramatsu 提交于
      Allocate scatterlist according to the current pipe size.
      This allows splicing bigger buffer if the pipe size has
      been changed by fcntl.
      
      Changes in v2:
       - Just a minor fix for avoiding a confliction with previous patch.
      Signed-off-by: NMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Acked-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      8ca84a50
    • M
      ftrace: Allow stealing pages from pipe buffer · d55cb6cf
      Masami Hiramatsu 提交于
      Use generic steal operation on pipe buffer to allow stealing
      ring buffer's read page from pipe buffer.
      
      Note that this could reduce the performance of splice on the
      splice_write side operation without affinity setting.
      Since the ring buffer's read pages are allocated on the
      tracing-node, but the splice user does not always execute
      splice write side operation on the same node. In this case,
      the page will be accessed from the another node.
      Thus, it is strongly recommended to assign the splicing
      thread to corresponding node.
      Signed-off-by: NMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Acked-by: NSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      d55cb6cf
    • M
      virtio/console: Wait until the port is ready on splice · efe75d24
      Masami Hiramatsu 提交于
      Wait if the port is not connected or full on splice
      like as write is doing.
      Signed-off-by: NMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Acked-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      efe75d24
    • M
      virtio/console: Add a failback for unstealable pipe buffer · ec8fc870
      Masami Hiramatsu 提交于
      Add a failback memcpy path for unstealable pipe buffer.
      If buf->ops->steal() fails, virtio-serial tries to
      copy the page contents to an allocated page, instead
      of just failing splice().
      Signed-off-by: NMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Acked-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      ec8fc870
    • M
      virtio/console: Add splice_write support · eb5e89fc
      Masami Hiramatsu 提交于
      Enable to use splice_write from pipe to virtio-console port.
      This steals pages from pipe and directly send it to host.
      
      Note that this may accelerate only the guest to host path.
      
      Changes in v2:
       - Use GFP_KERNEL instead of GFP_ATOMIC in syscall context function.
      Signed-off-by: NMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Acked-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      eb5e89fc
  2. 19 9月, 2012 2 次提交
  3. 18 9月, 2012 18 次提交
    • L
      Merge branch 'for-3.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq · 4651afbb
      Linus Torvalds 提交于
      Pull another workqueue fix from Tejun Heo:
       "Unfortunately, yet another late fix.  This too is discovered and fixed
        by Lai.  This bug was introduced during this merge window by commit
        25511a47 ("workqueue: reimplement CPU online rebinding to handle
        idle workers") which started using WORKER_REBIND flag for idle rebind
        too.
      
        The bug is relatively easy to trigger if the CPU rapidly goes through
        off, on and then off (and stay off).  The fix is on the safer side.
        This hasn't been on linux-next yet but I'm pushing early so that it
        can get more exposure before v3.6 release."
      
      * 'for-3.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
        workqueue: always clear WORKER_REBIND in busy_worker_rebind_fn()
      4651afbb
    • L
      workqueue: always clear WORKER_REBIND in busy_worker_rebind_fn() · 960bd11b
      Lai Jiangshan 提交于
      busy_worker_rebind_fn() didn't clear WORKER_REBIND if rebinding failed
      (CPU is down again).  This used to be okay because the flag wasn't
      used for anything else.
      
      However, after 25511a47 "workqueue: reimplement CPU online rebinding
      to handle idle workers", WORKER_REBIND is also used to command idle
      workers to rebind.  If not cleared, the worker may confuse the next
      CPU_UP cycle by having REBIND spuriously set or oops / get stuck by
      prematurely calling idle_worker_rebind().
      
        WARNING: at /work/os/wq/kernel/workqueue.c:1323 worker_thread+0x4cd/0x5
       00()
        Hardware name: Bochs
        Modules linked in: test_wq(O-)
        Pid: 33, comm: kworker/1:1 Tainted: G           O 3.6.0-rc1-work+ #3
        Call Trace:
         [<ffffffff8109039f>] warn_slowpath_common+0x7f/0xc0
         [<ffffffff810903fa>] warn_slowpath_null+0x1a/0x20
         [<ffffffff810b3f1d>] worker_thread+0x4cd/0x500
         [<ffffffff810bc16e>] kthread+0xbe/0xd0
         [<ffffffff81bd2664>] kernel_thread_helper+0x4/0x10
        ---[ end trace e977cf20f4661968 ]---
        BUG: unable to handle kernel NULL pointer dereference at           (null)
        IP: [<ffffffff810b3db0>] worker_thread+0x360/0x500
        PGD 0
        Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
        Modules linked in: test_wq(O-)
        CPU 0
        Pid: 33, comm: kworker/1:1 Tainted: G        W  O 3.6.0-rc1-work+ #3 Bochs Bochs
        RIP: 0010:[<ffffffff810b3db0>]  [<ffffffff810b3db0>] worker_thread+0x360/0x500
        RSP: 0018:ffff88001e1c9de0  EFLAGS: 00010086
        RAX: 0000000000000000 RBX: ffff88001e633e00 RCX: 0000000000004140
        RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
        RBP: ffff88001e1c9ea0 R08: 0000000000000000 R09: 0000000000000001
        R10: 0000000000000002 R11: 0000000000000000 R12: ffff88001fc8d580
        R13: ffff88001fc8d590 R14: ffff88001e633e20 R15: ffff88001e1c6900
        FS:  0000000000000000(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
        CR2: 0000000000000000 CR3: 00000000130e8000 CR4: 00000000000006f0
        DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
        Process kworker/1:1 (pid: 33, threadinfo ffff88001e1c8000, task ffff88001e1c6900)
        Stack:
         ffff880000000000 ffff88001e1c9e40 0000000000000001 ffff88001e1c8010
         ffff88001e519c78 ffff88001e1c9e58 ffff88001e1c6900 ffff88001e1c6900
         ffff88001e1c6900 ffff88001e1c6900 ffff88001fc8d340 ffff88001fc8d340
        Call Trace:
         [<ffffffff810bc16e>] kthread+0xbe/0xd0
         [<ffffffff81bd2664>] kernel_thread_helper+0x4/0x10
        Code: b1 00 f6 43 48 02 0f 85 91 01 00 00 48 8b 43 38 48 89 df 48 8b 00 48 89 45 90 e8 ac f0 ff ff 3c 01 0f 85 60 01 00 00 48 8b 53 50 <8b> 02 83 e8 01 85 c0 89 02 0f 84 3b 01 00 00 48 8b 43 38 48 8b
        RIP  [<ffffffff810b3db0>] worker_thread+0x360/0x500
         RSP <ffff88001e1c9de0>
        CR2: 0000000000000000
      
      There was no reason to keep WORKER_REBIND on failure in the first
      place - WORKER_UNBOUND is guaranteed to be set in such cases
      preventing incorrectly activating concurrency management.  Always
      clear WORKER_REBIND.
      
      tj: Updated comment and description.
      Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
      Signed-off-by: NTejun Heo <tj@kernel.org>
      960bd11b
    • L
      Merge branch 'akpm' (Andrew's patch-bomb) · 08077ca8
      Linus Torvalds 提交于
      Merge fixes from Andrew Morton:
       "13 patches.  12 are fixes and one is a little preparatory thing for
        Andi."
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (13 commits)
        memory hotplug: fix section info double registration bug
        mm/page_alloc: fix the page address of higher page's buddy calculation
        drivers/rtc/rtc-twl.c: ensure all interrupts are disabled during probe
        compiler.h: add __visible
        pid-namespace: limit value of ns_last_pid to (0, max_pid)
        include/net/sock.h: squelch compiler warning in sk_rmem_schedule()
        slub: consider pfmemalloc_match() in get_partial_node()
        slab: fix starting index for finding another object
        slab: do ClearSlabPfmemalloc() for all pages of slab
        nbd: clear waiting_queue on shutdown
        MAINTAINERS: fix TXT maintainer list and source repo path
        mm/ia64: fix a memory block size bug
        memory hotplug: reset pgdat->kswapd to NULL if creating kernel thread fails
      08077ca8
    • Q
      memory hotplug: fix section info double registration bug · f14851af
      qiuxishi 提交于
      There may be a bug when registering section info.  For example, on my
      Itanium platform, the pfn range of node0 includes the other nodes, so
      other nodes' section info will be double registered, and memmap's page
      count will equal to 3.
      
        node0: start_pfn=0x100,    spanned_pfn=0x20fb00, present_pfn=0x7f8a3, => 0x000100-0x20fc00
        node1: start_pfn=0x80000,  spanned_pfn=0x80000,  present_pfn=0x80000, => 0x080000-0x100000
        node2: start_pfn=0x100000, spanned_pfn=0x80000,  present_pfn=0x80000, => 0x100000-0x180000
        node3: start_pfn=0x180000, spanned_pfn=0x80000,  present_pfn=0x80000, => 0x180000-0x200000
      
        free_all_bootmem_node()
      	register_page_bootmem_info_node()
      		register_page_bootmem_info_section()
      
      When hot remove memory, we can't free the memmap's page because
      page_count() is 2 after put_page_bootmem().
      
        sparse_remove_one_section()
      	free_section_usemap()
      		free_map_bootmem()
      			put_page_bootmem()
      
      [akpm@linux-foundation.org: add code comment]
      Signed-off-by: NXishi Qiu <qiuxishi@huawei.com>
      Signed-off-by: NJiang Liu <jiang.liu@huawei.com>
      Acked-by: NMel Gorman <mgorman@suse.de>
      Cc: "Luck, Tony" <tony.luck@intel.com>
      Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f14851af
    • L
      mm/page_alloc: fix the page address of higher page's buddy calculation · 0ba8f2d5
      Li Haifeng 提交于
      The heuristic method for buddy has been introduced since commit
      43506fad ("mm/page_alloc.c: simplify calculation of combined index
      of adjacent buddy lists").  But the page address of higher page's buddy
      was wrongly calculated, which will lead page_is_buddy to fail for ever.
      IOW, the heuristic method would be disabled with the wrong page address
      of higher page's buddy.
      
      Calculating the page address of higher page's buddy should be based
      higher_page with the offset between index of higher page and index of
      higher page's buddy.
      Signed-off-by: NHaifeng Li <omycle@gmail.com>
      Signed-off-by: NGavin Shan <shangw@linux.vnet.ibm.com>
      Reviewed-by: NMichal Hocko <mhocko@suse.cz>
      Cc: KyongHo Cho <pullip.cho@samsung.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Minchan Kim <minchan.kim@gmail.com>
      Cc: Johannes Weiner <jweiner@redhat.com>
      Cc: <stable@vger.kernel.org>	[2.6.38+]
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0ba8f2d5
    • K
      drivers/rtc/rtc-twl.c: ensure all interrupts are disabled during probe · 8dcebaa9
      Kevin Hilman 提交于
      On some platforms, bootloaders are known to do some interesting RTC
      programming.  Without going into the obscurities as to why this may be
      the case, suffice it to say the the driver should not make any
      assumptions about the state of the RTC when the driver loads.  In
      particular, the driver probe should be sure that all interrupts are
      disabled until otherwise programmed.
      
      This was discovered when finding bursty I2C traffic every second on
      Overo platforms.  This I2C overhead was keeping the SoC from hitting
      deep power states.  The cause was found to be the RTC firing every
      second on the I2C-connected TWL PMIC.
      
      Special thanks to Felipe Balbi for suggesting to look for a rogue driver
      as the source of the I2C traffic rather than the I2C driver itself.
      
      Special thanks to Steve Sakoman for helping track down the source of the
      continuous RTC interrups on the Overo boards.
      Signed-off-by: NKevin Hilman <khilman@ti.com>
      Cc: Felipe Balbi <balbi@ti.com>
      Tested-by: NSteve Sakoman <steve@sakoman.com>
      Cc: Alessandro Zummo <a.zummo@towertech.it>
      Tested-by: NShubhrajyoti Datta <omaplinuxkernel@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8dcebaa9
    • A
      compiler.h: add __visible · 9a858dc7
      Andi Kleen 提交于
      gcc 4.6+ has support for a externally_visible attribute that prevents the
      optimizer from optimizing unused symbols away.  Add a __visible macro to
      use it with that compiler version or later.
      
      This is used (at least) by the "Link Time Optimization" patchset.
      Signed-off-by: NAndi Kleen <ak@linux.intel.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      9a858dc7
    • A
      pid-namespace: limit value of ns_last_pid to (0, max_pid) · 579035dc
      Andrew Vagin 提交于
      The kernel doesn't check the pid for negative values, so if you try to
      write -2 to /proc/sys/kernel/ns_last_pid, you will get a kernel panic.
      
      The crash happens because the next pid is -1, and alloc_pidmap() will
      try to access to a nonexistent pidmap.
      
        map = &pid_ns->pidmap[pid/BITS_PER_PAGE];
      Signed-off-by: NAndrew Vagin <avagin@openvz.org>
      Acked-by: NCyrill Gorcunov <gorcunov@openvz.org>
      Acked-by: NOleg Nesterov <oleg@redhat.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Pavel Emelyanov <xemul@parallels.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      579035dc
    • C
      include/net/sock.h: squelch compiler warning in sk_rmem_schedule() · 35c448a8
      Chuck Lever 提交于
      This warning:
      
        In file included from linux/include/linux/tcp.h:227:0,
                         from linux/include/linux/ipv6.h:221,
                         from linux/include/net/ipv6.h:16,
                         from linux/include/linux/sunrpc/clnt.h:26,
                         from linux/net/sunrpc/stats.c:22:
        linux/include/net/sock.h: In function `sk_rmem_schedule':
        linux/nfs-2.6/include/net/sock.h:1339:13: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
      
      is seen with gcc (GCC) 4.6.3 20120306 (Red Hat 4.6.3-2) using the
      -Wextra option.
      
      Commit c76562b6 ("netvm: prevent a stream-specific deadlock")
      accidentally replaced the "size" parameter of sk_rmem_schedule() with an
      unsigned int.  This changes the semantics of the comparison in the
      return statement.
      
      In sk_wmem_schedule we have syntactically the same comparison, but
      "size" is a signed integer.  In addition, __sk_mem_schedule() takes a
      signed integer for its "size" parameter, so there is an implicit type
      conversion in sk_rmem_schedule() anyway.
      
      Revert the "size" parameter back to a signed integer so that the
      semantics of the expressions in both sk_[rw]mem_schedule() are exactly
      the same.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: NMel Gorman <mgorman@suse.de>
      Cc: David Miller <davem@davemloft.net>
      Cc: Joonsoo Kim <js1304@gmail.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      35c448a8
    • J
      slub: consider pfmemalloc_match() in get_partial_node() · 8ba00bb6
      Joonsoo Kim 提交于
      get_partial() is currently not checking pfmemalloc_match() meaning that
      it is possible for pfmemalloc pages to leak to non-pfmemalloc users.
      This is a problem in the following situation.  Assume that there is a
      request from normal allocation and there are no objects in the per-cpu
      cache and no node-partial slab.
      
      In this case, slab_alloc enters the slow path and new_slab_objects() is
      called which may return a PFMEMALLOC page.  As the current user is not
      allowed to access PFMEMALLOC page, deactivate_slab() is called
      ([5091b74a: mm: slub: optimise the SLUB fast path to avoid pfmemalloc
      checks]) and returns an object from PFMEMALLOC page.
      
      Next time, when we get another request from normal allocation,
      slab_alloc() enters the slow-path and calls new_slab_objects().  In
      new_slab_objects(), we call get_partial() and get a partial slab which
      was just deactivated but is a pfmemalloc page.  We extract one object
      from it and re-deactivate.
      
        "deactivate -> re-get in get_partial -> re-deactivate" occures repeatedly.
      
      As a result, access to PFMEMALLOC page is not properly restricted and it
      can cause a performance degradation due to frequent deactivation.
      deactivation frequently.
      
      This patch changes get_partial_node() to take pfmemalloc_match() into
      account and prevents the "deactivate -> re-get in get_partial()
      scenario.  Instead, new_slab() is called.
      Signed-off-by: NJoonsoo Kim <js1304@gmail.com>
      Acked-by: NDavid Rientjes <rientjes@google.com>
      Signed-off-by: NMel Gorman <mgorman@suse.de>
      Cc: David Miller <davem@davemloft.net>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8ba00bb6
    • J
      slab: fix starting index for finding another object · d014dc2e
      Joonsoo Kim 提交于
      In array cache, there is a object at index 0, check it.
      Signed-off-by: NJoonsoo Kim <js1304@gmail.com>
      Signed-off-by: NMel Gorman <mgorman@suse.de>
      Cc: David Miller <davem@davemloft.net>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d014dc2e
    • M
      slab: do ClearSlabPfmemalloc() for all pages of slab · 30c29bea
      Mel Gorman 提交于
      Right now, we call ClearSlabPfmemalloc() for first page of slab when we
      clear SlabPfmemalloc flag.  This is fine for most swap-over-network use
      cases as it is expected that order-0 pages are in use.  Unfortunately it
      is possible that that __ac_put_obj() checks SlabPfmemalloc on a tail
      page and while this is harmless, it is sloppy.  This patch ensures that
      the head page is always used.
      
      This problem was originally identified by Joonsoo Kim.
      
      [js1304@gmail.com: Original implementation and problem identification]
      Signed-off-by: NMel Gorman <mgorman@suse.de>
      Cc: David Miller <davem@davemloft.net>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: Joonsoo Kim <js1304@gmail.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      30c29bea
    • P
      nbd: clear waiting_queue on shutdown · fded4e09
      Paul Clements 提交于
      Fix a serious but uncommon bug in nbd which occurs when there is heavy
      I/O going to the nbd device while, at the same time, a failure (server,
      network) or manual disconnect of the nbd connection occurs.
      
      There is a small window between the time that the nbd_thread is stopped
      and the socket is shutdown where requests can continue to be queued to
      nbd's internal waiting_queue.  When this happens, those requests are
      never completed or freed.
      
      The fix is to clear the waiting_queue on shutdown of the nbd device, in
      the same way that the nbd request queue (queue_head) is already being
      cleared.
      Signed-off-by: NPaul Clements <paul.clements@steeleye.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      fded4e09
    • G
      MAINTAINERS: fix TXT maintainer list and source repo path · e9b7d7c8
      Gang Wei 提交于
      Signed-off-by: NGang Wei <gang.wei@intel.com>
      Cc: Richard L Maliszewski <richard.l.maliszewski@intel.com>
      Cc: Gang Wei <gang.wei@intel.com>
      Cc: Shane Wang <shane.wang@intel.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e9b7d7c8
    • J
      mm/ia64: fix a memory block size bug · 05cf9639
      Jianguo Wu 提交于
      I found following definition in include/linux/memory.h, in my IA64
      platform, SECTION_SIZE_BITS is equal to 32, and MIN_MEMORY_BLOCK_SIZE
      will be 0.
      
        #define MIN_MEMORY_BLOCK_SIZE     (1 << SECTION_SIZE_BITS)
      
      Because MIN_MEMORY_BLOCK_SIZE is int type and length of 32bits,
      so MIN_MEMORY_BLOCK_SIZE(1 << 32) will will equal to 0.
      Actually when SECTION_SIZE_BITS >= 31, MIN_MEMORY_BLOCK_SIZE will be wrong.
      This will cause wrong system memory infomation in sysfs.
      I think it should be:
      
        #define MIN_MEMORY_BLOCK_SIZE     (1UL << SECTION_SIZE_BITS)
      
      And "echo offline > memory0/state" will cause following call trace:
      
        kernel BUG at mm/memory_hotplug.c:885!
        sh[6455]: bugcheck! 0 [1]
        Pid: 6455, CPU 0, comm:                   sh
        psr : 0000101008526030 ifs : 8000000000000fa4 ip  : [<a0000001008c40f0>]    Not tainted (3.6.0-rc1)
        ip is at offline_pages+0x210/0xee0
        Call Trace:
          show_stack+0x80/0xa0
          show_regs+0x640/0x920
          die+0x190/0x2c0
          die_if_kernel+0x50/0x80
          ia64_bad_break+0x3d0/0x6e0
          ia64_native_leave_kernel+0x0/0x270
          offline_pages+0x210/0xee0
          alloc_pages_current+0x180/0x2a0
      Signed-off-by: NJianguo Wu <wujianguo@huawei.com>
      Signed-off-by: NJiang Liu <jiang.liu@huawei.com>
      Cc: "Luck, Tony" <tony.luck@intel.com>
      Reviewed-by: NMichal Hocko <mhocko@suse.cz>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      05cf9639
    • W
      memory hotplug: reset pgdat->kswapd to NULL if creating kernel thread fails · 18b48d58
      Wen Congyang 提交于
      If kthread_run() fails, pgdat->kswapd contains errno.  When we stop this
      thread, we only check whether pgdat->kswapd is NULL and access it.  If
      it contains errno, it will cause page fault.  Reset pgdat->kswapd to
      NULL when creating kernel thread fails can avoid this problem.
      Signed-off-by: NWen Congyang <wency@cn.fujitsu.com>
      Reviewed-by: NMinchan Kim <minchan@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      18b48d58
    • L
      Merge tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband · 2ade0b7f
      Linus Torvalds 提交于
      Pull InfiniBand/RDMA fixes from Roland Dreier:
       - A couple more IPoIB fixes for regressions introduced by path database
         conversion
       - Minor other fixes to low-level drivers (cxgb4, mlx4, qib, ocrdma)
      
      * tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
        IB/qib: Fix failure of compliance test C14-024#06_LocalPortNum
        RDMA/ocrdma: Fix CQE expansion of unsignaled WQE
        mlx4_core: Fix integer overflows so 8TBs of memory registration works
        IPoIB: Fix AB-BA deadlock when deleting neighbours
        IPoIB: Fix memory leak in the neigh table deletion flow
        RDMA/cxgb4: Move dereference below NULL test
      2ade0b7f
    • F
      fs/proc: fix potential unregister_sysctl_table hang · 6bf61045
      Francesco Ruggeri 提交于
      The unregister_sysctl_table() function hangs if all references to its
      ctl_table_header structure are not dropped.
      
      This can happen sometimes because of a leak in proc_sys_lookup():
      proc_sys_lookup() gets a reference to the table via lookup_entry(), but
      it does not release it when a subsequent call to sysctl_follow_link()
      fails.
      
      This patch fixes this leak by making sure the reference is always
      dropped on return.
      
      See also commit 076c3eed ("sysctl: Rewrite proc_sys_lookup
      introducing find_entry and lookup_entry") which reorganized this code in
      3.4.
      
      Tested in Linux 3.4.4.
      Signed-off-by: NFrancesco Ruggeri <fruggeri@aristanetworks.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6bf61045