1. 21 1月, 2016 12 次提交
    • J
      zsmalloc: fix migrate_zspage-zs_free race condition · c102f07c
      Junil Lee 提交于
      record_obj() in migrate_zspage() does not preserve handle's
      HANDLE_PIN_BIT, set by find_aloced_obj()->trypin_tag(), and implicitly
      (accidentally) un-pins the handle, while migrate_zspage() still performs
      an explicit unpin_tag() on the that handle.  This additional explicit
      unpin_tag() introduces a race condition with zs_free(), which can pin
      that handle by this time, so the handle becomes un-pinned.
      
      Schematically, it goes like this:
      
        CPU0                                        CPU1
        migrate_zspage
          find_alloced_obj
            trypin_tag
              set HANDLE_PIN_BIT                    zs_free()
                                                      pin_tag()
        obj_malloc() -- new object, no tag
        record_obj() -- remove HANDLE_PIN_BIT           set HANDLE_PIN_BIT
        unpin_tag()  -- remove zs_free's HANDLE_PIN_BIT
      
      The race condition may result in a NULL pointer dereference:
      
        Unable to handle kernel NULL pointer dereference at virtual address 00000000
        CPU: 0 PID: 19001 Comm: CookieMonsterCl Tainted:
        PC is at get_zspage_mapping+0x0/0x24
        LR is at obj_free.isra.22+0x64/0x128
        Call trace:
           get_zspage_mapping+0x0/0x24
           zs_free+0x88/0x114
           zram_free_page+0x64/0xcc
           zram_slot_free_notify+0x90/0x108
           swap_entry_free+0x278/0x294
           free_swap_and_cache+0x38/0x11c
           unmap_single_vma+0x480/0x5c8
           unmap_vmas+0x44/0x60
           exit_mmap+0x50/0x110
           mmput+0x58/0xe0
           do_exit+0x320/0x8dc
           do_group_exit+0x44/0xa8
           get_signal+0x538/0x580
           do_signal+0x98/0x4b8
           do_notify_resume+0x14/0x5c
      
      This patch keeps the lock bit in migration path and update value
      atomically.
      Signed-off-by: NJunil Lee <junil0814.lee@lge.com>
      Signed-off-by: NMinchan Kim <minchan@kernel.org>
      Acked-by: NVlastimil Babka <vbabka@suse.cz>
      Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
      Cc: <stable@vger.kernel.org> [4.1+]
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c102f07c
    • G
      mm: arch: remove duplicate definitions of MADV_FREE · dcd6c87c
      Guenter Roeck 提交于
      Commits 21f55b01 ("arch/*/include/uapi/asm/mman.h: : let MADV_FREE
      have same value for all architectures") and ef58978f ("mm: define
      MADV_FREE for some arches") both defined MADV_FREE, but did not use the
      same values.  This results in build errors such as
      
        ./arch/alpha/include/uapi/asm/mman.h:53:0: error: "MADV_FREE" redefined
        ./arch/alpha/include/uapi/asm/mman.h:50:0: note: this is the location of the previous definition
      
      for the affected architectures.
      
      Fixes: 21f55b01 ("arch/*/include/uapi/asm/mman.h: : let MADV_FREE have same value for all architectures")
      Fixes: ef58978f ("mm: define MADV_FREE for some arches")
      Signed-off-by: NGuenter Roeck <linux@roeck-us.net>
      Cc: Chen Gang <gang.chen.5i5j@gmail.com>
      Cc: Minchan Kim <minchan@kernel.org>
      Acked-by: Helge Deller <deller@gmx.de>	[parisc]
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      dcd6c87c
    • K
      fs/proc/task_mmu.c: add workaround for old compilers · f4be6153
      Kirill A. Shutemov 提交于
      For THP=n, HPAGE_PMD_NR in smaps_account() expands to BUILD_BUG().
      That's fine since this codepath is eliminated by modern compilers.
      
      But older compilers have not that efficient dead code elimination.  It
      causes problem at least with gcc 4.1.2 on m68k:
      
         fs/built-in.o: In function `smaps_account':
         task_mmu.c:(.text+0x4f8fa): undefined reference to `__compiletime_assert_471'
      
      Let's replace HPAGE_PMD_NR with 1 << compound_order(page).
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reported-by: NGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f4be6153
    • K
      thp: fix interrupt unsafe locking in split_huge_page() · 0b9b6fff
      Kirill A. Shutemov 提交于
      split_queue_lock can be taken from interrupt context in some cases, but
      I forgot to convert locking in split_huge_page() to interrupt-safe
      primitives.
      
      Let's fix this.
      
      lockdep output:
      
        ======================================================
        [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
        4.4.0+ #259 Tainted: G        W
        ------------------------------------------------------
        syz-executor/18183 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire:
         (split_queue_lock){+.+...}, at: free_transhuge_page+0x24/0x90 mm/huge_memory.c:3436
      
        and this task is already holding:
         (slock-AF_INET){+.-...}, at: spin_lock_bh include/linux/spinlock.h:307
         (slock-AF_INET){+.-...}, at: lock_sock_fast+0x45/0x120 net/core/sock.c:2462
        which would create a new lock dependency:
         (slock-AF_INET){+.-...} -> (split_queue_lock){+.+...}
      
        but this new dependency connects a SOFTIRQ-irq-safe lock:
         (slock-AF_INET){+.-...}
        ... which became SOFTIRQ-irq-safe at:
           mark_irqflags kernel/locking/lockdep.c:2799
           __lock_acquire+0xfd8/0x4700 kernel/locking/lockdep.c:3162
           lock_acquire+0x1dc/0x430 kernel/locking/lockdep.c:3585
           __raw_spin_lock include/linux/spinlock_api_smp.h:144
           _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
           spin_lock include/linux/spinlock.h:302
           udp_queue_rcv_skb+0x781/0x1550 net/ipv4/udp.c:1680
           flush_stack+0x50/0x330 net/ipv6/udp.c:799
           __udp4_lib_mcast_deliver+0x694/0x7f0 net/ipv4/udp.c:1798
           __udp4_lib_rcv+0x17dc/0x23e0 net/ipv4/udp.c:1888
           udp_rcv+0x21/0x30 net/ipv4/udp.c:2108
           ip_local_deliver_finish+0x2b3/0xa50 net/ipv4/ip_input.c:216
           NF_HOOK_THRESH include/linux/netfilter.h:226
           NF_HOOK include/linux/netfilter.h:249
           ip_local_deliver+0x1c4/0x2f0 net/ipv4/ip_input.c:257
           dst_input include/net/dst.h:498
           ip_rcv_finish+0x5ec/0x1730 net/ipv4/ip_input.c:365
           NF_HOOK_THRESH include/linux/netfilter.h:226
           NF_HOOK include/linux/netfilter.h:249
           ip_rcv+0x963/0x1080 net/ipv4/ip_input.c:455
           __netif_receive_skb_core+0x1620/0x2f80 net/core/dev.c:4154
           __netif_receive_skb+0x2a/0x160 net/core/dev.c:4189
           netif_receive_skb_internal+0x1b5/0x390 net/core/dev.c:4217
           napi_skb_finish net/core/dev.c:4542
           napi_gro_receive+0x2bd/0x3c0 net/core/dev.c:4572
           e1000_clean_rx_irq+0x4e2/0x1100 drivers/net/ethernet/intel/e1000e/netdev.c:1038
           e1000_clean+0xa08/0x24a0 drivers/net/ethernet/intel/e1000/e1000_main.c:3819
           napi_poll net/core/dev.c:5074
           net_rx_action+0x7eb/0xdf0 net/core/dev.c:5139
           __do_softirq+0x26a/0x920 kernel/softirq.c:273
           invoke_softirq kernel/softirq.c:350
           irq_exit+0x18f/0x1d0 kernel/softirq.c:391
           exiting_irq ./arch/x86/include/asm/apic.h:659
           do_IRQ+0x86/0x1a0 arch/x86/kernel/irq.c:252
           ret_from_intr+0x0/0x20 arch/x86/entry/entry_64.S:520
           arch_safe_halt ./arch/x86/include/asm/paravirt.h:117
           default_idle+0x52/0x2e0 arch/x86/kernel/process.c:304
           arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:295
           default_idle_call+0x48/0xa0 kernel/sched/idle.c:92
           cpuidle_idle_call kernel/sched/idle.c:156
           cpu_idle_loop kernel/sched/idle.c:252
           cpu_startup_entry+0x554/0x710 kernel/sched/idle.c:300
           rest_init+0x192/0x1a0 init/main.c:412
           start_kernel+0x678/0x69e init/main.c:683
           x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:195
           x86_64_start_kernel+0x158/0x167 arch/x86/kernel/head64.c:184
      
        to a SOFTIRQ-irq-unsafe lock:
         (split_queue_lock){+.+...}
         which became SOFTIRQ-irq-unsafe at:
           mark_irqflags kernel/locking/lockdep.c:2817
           __lock_acquire+0x146e/0x4700 kernel/locking/lockdep.c:3162
           lock_acquire+0x1dc/0x430 kernel/locking/lockdep.c:3585
           __raw_spin_lock include/linux/spinlock_api_smp.h:144
           _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
           spin_lock include/linux/spinlock.h:302
           split_huge_page_to_list+0xcc0/0x1c50 mm/huge_memory.c:3399
           split_huge_page include/linux/huge_mm.h:99
           queue_pages_pte_range+0xa38/0xef0 mm/mempolicy.c:507
           walk_pmd_range mm/pagewalk.c:50
           walk_pud_range mm/pagewalk.c:90
           walk_pgd_range mm/pagewalk.c:116
           __walk_page_range+0x653/0xcd0 mm/pagewalk.c:204
           walk_page_range+0xfe/0x2b0 mm/pagewalk.c:281
           queue_pages_range+0xfb/0x130 mm/mempolicy.c:687
           migrate_to_node mm/mempolicy.c:1004
           do_migrate_pages+0x370/0x4e0 mm/mempolicy.c:1109
           SYSC_migrate_pages mm/mempolicy.c:1453
           SyS_migrate_pages+0x640/0x730 mm/mempolicy.c:1374
           entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185
      
        other info that might help us debug this:
      
         Possible interrupt unsafe locking scenario:
      
               CPU0                    CPU1
               ----                    ----
          lock(split_queue_lock);
                                       local_irq_disable();
                                       lock(slock-AF_INET);
                                       lock(split_queue_lock);
          <Interrupt>
            lock(slock-AF_INET);
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reported-by: NDmitry Vyukov <dvyukov@google.com>
      Acked-by: NDavid Rientjes <rientjes@google.com>
      Reviewed-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0b9b6fff
    • J
      lib/libcrc32c.c: fix build warning · 290e0e0f
      Jean Delvare 提交于
      Fix the following build warning:
      
        lib/libcrc32c.c:42:5: warning: no previous prototype for "crc32c" [-Wmissing-prototypes]
         u32 crc32c(u32 crc, const void *address, unsigned int length)
             ^
      Signed-off-by: NJean Delvare <jdelvare@suse.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      290e0e0f
    • L
      Merge tag 'dmaengine-fix-4.5-rc1' of git://git.infradead.org/users/vkoul/slave-dma · 9fa68606
      Linus Torvalds 提交于
      Pull dmaengine fixes from Vinod Koul:
       "Here is my second pull request for this window:
      
        A few driver fixes have piled up and one missed rcar bindings patch
        which got somehow lost in for-linus branch so cherry-picked that one.
      
        Fixes are for dw, at_hdmac, edma"
      
      * tag 'dmaengine-fix-4.5-rc1' of git://git.infradead.org/users/vkoul/slave-dma:
        dmaengine: rcar-dmac: Document SoC specific bindings
        dmaengine: at_xdmac: fix resume for cyclic transfers
        dmaengine: dw: fix cyclic transfer callbacks
        dmaengine: dw: fix cyclic transfer setup
        dmaengine: edma: Fix paRAM slot allocation for entry channel 0
      9fa68606
    • L
      Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild · 90bf353b
      Linus Torvalds 提交于
      Pull misc kbuild updates from Michal Marek:
       - Fix for make O=... perf-tar*
       - make tags revamp and fix for the fallout.  Patch for warnings about
         line breaks inside DEFINE_PER_CPU macros is pending
       - New coccinelle test
      
      * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
        coccinelle: tests: unsigned value cannot be lesser than zero
        tags: Unify emacs and exuberant rules
        tags: Drop the _PE rule
        tags: Do not try to index defconfigs
        tags: Process Kconfig files in a single pass
        tags: Fix erroneous pattern match in a comment
        aic7xxx: Avoid name collision with <linux/list.h>
        tags: Treat header files as C code
        package Makefile: fix perf-tar targets when outdir is set
        scripts/tags.sh: Teach tags about more powerpc macros
      90bf353b
    • L
      Merge branch 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild · af75d517
      Linus Torvalds 提交于
      Pull kconfig updates from Michal Marek:
       - Fix for make xconfig segfault
       - Handle long strings in config symbol values
       - Fix for mixing boolean and kconfig ternary type
      
      * 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
        kconfig: fix qconf segfault by deleting heap objects
        kconfig: return 'false' instead of 'no' in bool function
        kconfig: allow kconfig to handle longer path names
      af75d517
    • L
      Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild · d9569f00
      Linus Torvalds 提交于
      Pull kbuild updates from Michal Marek:
       - Make <modname>-m in makefiles work like <modname>-y and fix the
         fallout
       - Minor genksyms fix
       - Fix race with make -j install modules_install
       - Move -Wsign-compare from make W=1 to W=2
       - Other minor fixes
      
      * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
        kbuild: Demote 'sign-compare' warning to W=2
        Makefile: revert "Makefile: Document ability to make file.lst and file.S" partially
        kbuild: Do not run modules_install and install in paralel
        genksyms: Handle string literals with spaces in reference files
        fixdep: constify strrcmp arguments
        ath10k: Fix build with CONFIG_THERMAL=m
        Revert "drm: Hack around CONFIG_AGP=m build failures"
        kbuild: Allow to specify composite modules with modname-m
        staging/ad7606: Actually build the interface modules
      d9569f00
    • D
      FRV: Mark architecture orphaned · 0cf0305f
      David Howells 提交于
      Mark the FRV architecture orphaned in the MAINTAINERS file.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0cf0305f
    • S
      MAINTAINERS: Update mailing list for Renesas SoC Development · 4a121096
      Simon Horman 提交于
      Update the mailing list used for development of support for
      Renesas SoCs and related drivers.
      
      Up until now the linux-sh mailing list has been used, however,
      Renesas SoCs are now much wider than the SH architecture and there
      is some desire from some for the linux-sh list to refocus on
      discussion of the work on the SH architecture.
      Signed-off-by: NSimon Horman <horms+renesas@verge.net.au>
      Acked-by: NYoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
      Acked-by: NMagnus Damm <damm@opensource.se>
      Acked-by: NGeert Uytterhoeven <geert+renesas@glider.be>
      Acked-by: NWolfram Sang <wsa+renesas@sang-engineering.com>
      Acked-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Acked-by: NRich Felker <dalias@libc.org>
      Acked-by: NSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4a121096
    • A
      mm: avoid uninitialized variable in tracepoint · 629d9d1c
      Arnd Bergmann 提交于
      A newly added tracepoint in the hugepage code uses a variable in the
      error handling that is not initialized at that point:
      
      include/trace/events/huge_memory.h:81:230: error: 'isolated' may be used uninitialized in this function [-Werror=maybe-uninitialized]
      
      The result is relatively harmless, as the trace data will in rare
      cases contain incorrect data.
      
      This works around the problem by adding an explicit initialization.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Fixes: 7d2eba05 ("mm: add tracepoint for scanning pages")
      Reviewed-by: NEbru Akagunduz <ebru.akagunduz@gmail.com>
      Acked-by: NDavid Rientjes <rientjes@google.com>
      Cc: Kirill A. Shutemov <kirill@shutemov.name>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      629d9d1c
  2. 20 1月, 2016 28 次提交