1. 03 Aug, 2018 9 commits
  2. 02 Aug, 2018 21 commits
  3. 01 Aug, 2018 10 commits
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · 6b470376
      Linus Torvalds authored
      Pull ARM fix from Russell King:
       "Just a single fix this time around for recent binutils causing build
        problems when generating Thumb-2 code"
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
      6b470376
    • Vincent Bernat's avatar
      net: don't declare IPv6 non-local bind helper if CONFIG_IPV6 undefined · db57dc7c
      Vincent Bernat authored
      Fixes: 83ba4645 ("net: add helpers checking if socket can be bound to nonlocal address")
      Signed-off-by: default avatarVincent Bernat <vincent@bernat.im>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      db57dc7c
    • Linus Torvalds's avatar
      mm: do not initialize TLB stack vma's with vma_init() · 8b11ec1b
      Linus Torvalds authored
      Commit 2c4541e2 ("mm: use vma_init() to initialize VMAs on stack and
      data segments") tried to initialize various left-over ad-hoc vma's
      "properly", but actually made things worse for the temporary vma's used
      for TLB flushing.
      
      vma_init() doesn't actually initialize all of the vma, just a few
      fields, so doing something like
      
         -       struct vm_area_struct vma = { .vm_mm = tlb->mm, };
         +       struct vm_area_struct vma;
         +
         +       vma_init(&vma, tlb->mm);
      
      was actually very bad: instead of having a nicely initialized vma with
      every field but "vm_mm" zeroed, you'd have an entirely uninitialized vma
      with only a couple of fields initialized.  And they weren't even fields
      that the code in question mostly cared about.
      
      The flush_tlb_range() function takes a "struct vma" rather than a
      "struct mm_struct", because a few architectures actually care about what
      kind of range it is - being able to only do an ITLB flush if it's a
      range that doesn't have data accesses enabled, for example.  And all the
      normal users already have the vma for doing the range invalidation.
      
      But a few people want to call flush_tlb_range() with a range they just
      made up, so they also end up using a made-up vma.  x86 just has a
      special "flush_tlb_mm_range()" function for this, but other
      architectures (arm and ia64) do the "use fake vma" thing instead, and
      thus got caught up in the vma_init() changes.
      
      At the same time, the TLB flushing code really doesn't care about most
      other fields in the vma, so vma_init() is just unnecessary and
      pointless.
      
      This fixes things by having an explicit "this is just an initializer for
      the TLB flush" initializer macro, which is used by the arm/arm64/ia64
      people who mis-use this interface with just a dummy vma.
      
      Fixes: 2c4541e2 ("mm: use vma_init() to initialize VMAs on stack and data segments")
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: Hugh Dickins <hughd@google.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8b11ec1b
    • Hugh Dickins's avatar
      mm: delete historical BUG from zap_pmd_range() · 53406ed1
      Hugh Dickins authored
      Delete the old VM_BUG_ON_VMA() from zap_pmd_range(), which asserted
      that mmap_sem must be held when splitting an "anonymous" vma there.
      Whether that's still strictly true nowadays is not entirely clear,
      but the danger of sometimes crashing on the BUG is now fairly clear.
      
      Even with the new stricter rules for anonymous vma marking, the
      condition it checks for can possible trigger. Commit 44960f2a
      ("staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem
      pages") is good, and originally I thought it was safe from that
      VM_BUG_ON_VMA(), because the /dev/ashmem fd exposed to the user is
      disconnected from the vm_file in the vma, and madvise(,,MADV_REMOVE)
      insists on VM_SHARED.
      
      But after I read John's earlier mail, drawing attention to the
      vfs_fallocate() in there: I may be wrong, and I don't know if Android
      has THP in the config anyway, but it looks to me like an
      unmap_mapping_range() from ashmem's vfs_fallocate() could hit precisely
      the VM_BUG_ON_VMA(), once it's vma_is_anonymous().
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      53406ed1
    • David S. Miller's avatar
      Merge tag 'rxrpc-next-20180801' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · b69ab96a
      David S. Miller authored
      David Howells says:
      
      ====================
      rxrpc: Development
      
      Here are some patches that add some more tracepoints to AF_RXRPC and fix
      some issues therein.  The most significant points are:
      
       (1) Display the call timeout information in /proc/net/rxrpc/calls.
      
       (2) Save the call's debug_id in the rxrpc_channel struct so that it can be
           used in traces after the rxrpc_call struct has been destroyed.
      
       (3) Increase the size of the kAFS Rx window from 32 to 63 to be about the
           same as the Auristor server.
      
       (4) Propose the terminal ACK for a client call after it has received all
           its data to be transmitted after a short interval so that it will get
           transmitted if not first superseded by a new call on the same channel.
      
       (5) Flush ACKs during the data reception if we detect that we've run out
           of data.[*]
      
       (6) Trace successful packet transmission and softirq to process context
           socket notification.
      
      [*] Note that on a uncontended gigabit network, rxrpc runs in to trouble
          with ACK packets getting batched together (up to ~32 at a time)
          somewhere between the IP transmit queue on the client and the ethernet
          receive queue on the server.
      
          I can see the kernel afs filesystem client and Auristor userspace
          server stalling occasionally on a 512MB single read.  Sticking
          tracepoints in the network driver at either end seems to show that,
          although the ACK transmissions made by the client are reasonably spaced
          timewise, the received ACKs come in batches from the network card on
          the server.
      
          I'm not sure what, if anything, can be done about this.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b69ab96a
    • YueHaibing's avatar
      rxrpc: Fix user call ID check in rxrpc_service_prealloc_one · c01f6c9b
      YueHaibing authored
      There just check the user call ID isn't already in use, hence should
      compare user_call_ID with xcall->user_call_ID, which is current
      node's user_call_ID.
      
      Fixes: 540b1c48 ("rxrpc: Fix deadlock between call creation and sendmsg/recvmsg")
      Suggested-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c01f6c9b
    • Linus Torvalds's avatar
      Merge tag 'mmc-v4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 9a97ebf7
      Linus Torvalds authored
      Pull MMC fix from Ulf Hansson:
       "MMC host: mxcmmc: Fix build error for powerpc"
      
      * tag 'mmc-v4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: mxcmmc: Fix missing parentheses and brace
      9a97ebf7
    • Linus Torvalds's avatar
      Merge tag 'pm-urgent-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · f390b7bf
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These fix the scope of a recent intel_pstate driver optimization used
        incorrectly on some systems due to processor identification ambiguity
        and fix a few issues in the turbostat utility, including three recent
        regressions.
      
        Specifics:
      
         - Use ACPI FADT preferred PM Profile to distinguish Skylake desktop
           processors from some server ones with the same model number in
           order to limit the scope of the recent IO-wait boost optimization
           to servers, as intended (Srinivas Pandruvada).
      
         - Fix several issues in the turbostat utility:
            * Fix the -S option on 1-CPU systems (Len Brown).
            * Fix computations using incorrect processor core counts (Artem
              Bityutskiy).
            * Fix the x2apic debug message (Len Brown).
            * Fix logical node enumeration to allow for non-sequential
              physical nodes (Prarit Bhargava).
            * Fix reported family on modern AMD processors (Calvin Walton).
            * Clarify the RAPL column information in the man page (Len Brown)"
      
      * tag 'pm-urgent-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms
        tools/power turbostat: version 18.07.27
        tools/power turbostat: Read extended processor family from CPUID
        tools/power turbostat: Fix logical node enumeration to allow for non-sequential physical nodes
        tools/power turbostat: fix x2apic debug message output file
        tools/power turbostat: fix bogus summary values
        tools/power turbostat: fix -S on UP systems
        tools/power turbostat: Update turbostat(8) RAPL throttling column description
      f390b7bf
    • Linus Torvalds's avatar
      squashfs metadata 2: electric boogaloo · cdbb65c4
      Linus Torvalds authored
      Anatoly continues to find issues with fuzzed squashfs images.
      
      This time, corrupt, missing, or undersized data for the page filling
      wasn't checked for, because the squashfs_{copy,read}_cache() functions
      did the squashfs_copy_data() call without checking the resulting data
      size.
      
      Which could result in the page cache pages being incompletely filled in,
      and no error indication to the user space reading garbage data.
      
      So make a helper function for the "fill in pages" case, because the
      exact same incomplete sequence existed in two places.
      
      [ I should have made a squashfs branch for these things, but I didn't
        intend to start doing them in the first place.
      
        My historical connection through cramfs is why I got into looking at
        these issues at all, and every time I (continue to) think it's a
        one-off.
      
        Because _this_ time is always the last time. Right?   - Linus ]
      Reported-by: default avatarAnatoly Trosinenko <anatoly.trosinenko@gmail.com>
      Tested-by: default avatarWilly Tarreau <w@1wt.eu>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Phillip Lougher <phillip@squashfs.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cdbb65c4
    • John Stultz's avatar
      staging: ashmem: Fix SIGBUS crash when traversing mmaped ashmem pages · 44960f2a
      John Stultz authored
      Amit Pundir and Youling in parallel reported crashes with recent
      mainline kernels running Android:
      
        F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
        F DEBUG   : Build fingerprint: 'Android/db410c32_only/db410c32_only:Q/OC-MR1/102:userdebug/test-key
        F DEBUG   : Revision: '0'
        F DEBUG   : ABI: 'arm'
        F DEBUG   : pid: 2261, tid: 2261, name: zygote  >>> zygote <<<
        F DEBUG   : signal 7 (SIGBUS), code 2 (BUS_ADRERR), fault addr 0xec00008
        ... <snip> ...
        F DEBUG   : backtrace:
        F DEBUG   :     #00 pc 00001c04  /system/lib/libc.so (memset+48)
        F DEBUG   :     #01 pc 0010c513  /system/lib/libart.so (create_mspace_with_base+82)
        F DEBUG   :     #02 pc 0015c601  /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateMspace(void*, unsigned int, unsigned int)+40)
        F DEBUG   :     #03 pc 0015c3ed  /system/lib/libart.so (art::gc::space::DlMallocSpace::CreateFromMemMap(art::MemMap*, std::__1::basic_string<char, std::__ 1::char_traits<char>, std::__1::allocator<char>> const&, unsigned int, unsigned int, unsigned int, unsigned int, bool)+36)
        ...
      
      This was bisected back to commit bfd40eaf ("mm: fix
      vma_is_anonymous() false-positives").
      
      create_mspace_with_base() in the trace above, utilizes ashmem, and with
      ashmem, for shared mappings we use shmem_zero_setup(), which sets the
      vma->vm_ops to &shmem_vm_ops.  But for private ashmem mappings nothing
      sets the vma->vm_ops.
      
      Looking at the problematic patch, it seems to add a requirement that one
      call vma_set_anonymous() on a vma, otherwise the dummy_vm_ops will be
      used.  Using the dummy_vm_ops seem to triggger SIGBUS when traversing
      unmapped pages.
      
      Thus, this patch adds a call to vma_set_anonymous() for ashmem private
      mappings and seems to avoid the reported problem.
      
      Fixes: bfd40eaf ("mm: fix vma_is_anonymous() false-positives")
      Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Joel Fernandes <joelaf@google.com>
      Cc: Colin Cross <ccross@google.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Reported-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Reported-by: default avatarYouling 257 <youling257@gmail.com>
      Signed-off-by: default avatarJohn Stultz <john.stultz@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      44960f2a