1. 04 8月, 2018 12 次提交
  2. 03 8月, 2018 21 次提交
  3. 02 8月, 2018 7 次提交
    • D
      Revert "net/ipv6: fix metrics leak" · e6aed040
      David S. Miller 提交于
      This reverts commit df18b504.
      
      This change causes other problems and use-after-free situations as
      found by syzbot.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e6aed040
    • L
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · 6b470376
      Linus Torvalds 提交于
      Pull ARM fix from Russell King:
       "Just a single fix this time around for recent binutils causing build
        problems when generating Thumb-2 code"
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
      6b470376
    • V
      net: don't declare IPv6 non-local bind helper if CONFIG_IPV6 undefined · db57dc7c
      Vincent Bernat 提交于
      Fixes: 83ba4645 ("net: add helpers checking if socket can be bound to nonlocal address")
      Signed-off-by: NVincent Bernat <vincent@bernat.im>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      db57dc7c
    • L
      mm: do not initialize TLB stack vma's with vma_init() · 8b11ec1b
      Linus Torvalds 提交于
      Commit 2c4541e2 ("mm: use vma_init() to initialize VMAs on stack and
      data segments") tried to initialize various left-over ad-hoc vma's
      "properly", but actually made things worse for the temporary vma's used
      for TLB flushing.
      
      vma_init() doesn't actually initialize all of the vma, just a few
      fields, so doing something like
      
         -       struct vm_area_struct vma = { .vm_mm = tlb->mm, };
         +       struct vm_area_struct vma;
         +
         +       vma_init(&vma, tlb->mm);
      
      was actually very bad: instead of having a nicely initialized vma with
      every field but "vm_mm" zeroed, you'd have an entirely uninitialized vma
      with only a couple of fields initialized.  And they weren't even fields
      that the code in question mostly cared about.
      
      The flush_tlb_range() function takes a "struct vma" rather than a
      "struct mm_struct", because a few architectures actually care about what
      kind of range it is - being able to only do an ITLB flush if it's a
      range that doesn't have data accesses enabled, for example.  And all the
      normal users already have the vma for doing the range invalidation.
      
      But a few people want to call flush_tlb_range() with a range they just
      made up, so they also end up using a made-up vma.  x86 just has a
      special "flush_tlb_mm_range()" function for this, but other
      architectures (arm and ia64) do the "use fake vma" thing instead, and
      thus got caught up in the vma_init() changes.
      
      At the same time, the TLB flushing code really doesn't care about most
      other fields in the vma, so vma_init() is just unnecessary and
      pointless.
      
      This fixes things by having an explicit "this is just an initializer for
      the TLB flush" initializer macro, which is used by the arm/arm64/ia64
      people who mis-use this interface with just a dummy vma.
      
      Fixes: 2c4541e2 ("mm: use vma_init() to initialize VMAs on stack and data segments")
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: Hugh Dickins <hughd@google.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8b11ec1b
    • H
      mm: delete historical BUG from zap_pmd_range() · 53406ed1
      Hugh Dickins 提交于
      Delete the old VM_BUG_ON_VMA() from zap_pmd_range(), which asserted
      that mmap_sem must be held when splitting an "anonymous" vma there.
      Whether that's still strictly true nowadays is not entirely clear,
      but the danger of sometimes crashing on the BUG is now fairly clear.
      
      Even with the new stricter rules for anonymous vma marking, the
      condition it checks for can possible trigger. Commit 44960f2a
      ("staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem
      pages") is good, and originally I thought it was safe from that
      VM_BUG_ON_VMA(), because the /dev/ashmem fd exposed to the user is
      disconnected from the vm_file in the vma, and madvise(,,MADV_REMOVE)
      insists on VM_SHARED.
      
      But after I read John's earlier mail, drawing attention to the
      vfs_fallocate() in there: I may be wrong, and I don't know if Android
      has THP in the config anyway, but it looks to me like an
      unmap_mapping_range() from ashmem's vfs_fallocate() could hit precisely
      the VM_BUG_ON_VMA(), once it's vma_is_anonymous().
      Signed-off-by: NHugh Dickins <hughd@google.com>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      53406ed1
    • D
      Merge tag 'rxrpc-next-20180801' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · b69ab96a
      David S. Miller 提交于
      David Howells says:
      
      ====================
      rxrpc: Development
      
      Here are some patches that add some more tracepoints to AF_RXRPC and fix
      some issues therein.  The most significant points are:
      
       (1) Display the call timeout information in /proc/net/rxrpc/calls.
      
       (2) Save the call's debug_id in the rxrpc_channel struct so that it can be
           used in traces after the rxrpc_call struct has been destroyed.
      
       (3) Increase the size of the kAFS Rx window from 32 to 63 to be about the
           same as the Auristor server.
      
       (4) Propose the terminal ACK for a client call after it has received all
           its data to be transmitted after a short interval so that it will get
           transmitted if not first superseded by a new call on the same channel.
      
       (5) Flush ACKs during the data reception if we detect that we've run out
           of data.[*]
      
       (6) Trace successful packet transmission and softirq to process context
           socket notification.
      
      [*] Note that on a uncontended gigabit network, rxrpc runs in to trouble
          with ACK packets getting batched together (up to ~32 at a time)
          somewhere between the IP transmit queue on the client and the ethernet
          receive queue on the server.
      
          I can see the kernel afs filesystem client and Auristor userspace
          server stalling occasionally on a 512MB single read.  Sticking
          tracepoints in the network driver at either end seems to show that,
          although the ACK transmissions made by the client are reasonably spaced
          timewise, the received ACKs come in batches from the network card on
          the server.
      
          I'm not sure what, if anything, can be done about this.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b69ab96a
    • Y
      rxrpc: Fix user call ID check in rxrpc_service_prealloc_one · c01f6c9b
      YueHaibing 提交于
      There just check the user call ID isn't already in use, hence should
      compare user_call_ID with xcall->user_call_ID, which is current
      node's user_call_ID.
      
      Fixes: 540b1c48 ("rxrpc: Fix deadlock between call creation and sendmsg/recvmsg")
      Suggested-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c01f6c9b