1. 04 Dec, 2012 3 commits
  2. 03 Dec, 2012 8 commits
    • Linus Torvalds's avatar
      Linux 3.7-rc8 · b69f0859
      Linus Torvalds authored
      b69f0859
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac · b52c6402
      Linus Torvalds authored
      Pull EDAC fixes from Mauro Carvalho Chehab:
       "One EDAC core fix, and a few driver fixes (i7300, i9275x, i7core)."
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac:
        i7core_edac: fix panic when accessing sysfs files
        i7300_edac: Fix error flag testing
        edac: Fix the dimm filling for csrows-based layouts
        i82975x_edac: Fix dimm label initialization
      b52c6402
    • Linus Torvalds's avatar
      Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media · 4ba00329
      Linus Torvalds authored
      Pull media fixes from Mauro Carvalho Chehab:
       "Some driver fixes for s5p/exynos (mostly race fixes)"
      
      * 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
        [media] s5p-mfc: Handle multi-frame input buffer
        [media] s5p-mfc: Bug fix of timestamp/timecode copy mechanism
        [media] exynos-gsc: Add missing video device vfl_dir flag initialization
        [media] exynos-gsc: Fix settings for input and output image RGB type
        [media] exynos-gsc: Don't use mutex_lock_interruptible() in device release()
        [media] fimc-lite: Don't use mutex_lock_interruptible() in device release()
        [media] s5p-fimc: Don't use mutex_lock_interruptible() in device release()
        [media] s5p-fimc: Prevent race conditions during subdevs registration
      4ba00329
    • Al Viro's avatar
      [parisc] open(2) compat bug · 25a3bc6b
      Al Viro authored
      In commit 9d73fc2d ("open*(2) compat fixes (s390, arm64)") I said:
      >
      > 	The usual rules for open()/openat()/open_by_handle_at() are
      > 1) native 32bit - don't force O_LARGEFILE in flags
      > 2) native 64bit - force O_LARGEFILE in flags
      > 3) compat on 64bit host - as for native 32bit
      > 4) native 32bit ABI for 64bit system (mips/n32, x86/x32) - as for native 64bit
      >
      > There are only two exceptions - s390 compat has open() forcing O_LARGEFILE and
      > arm64 compat has open_by_handle_at() doing the same thing.  The same binaries
      > on native host (s390/31 and arm resp.) will *not* force O_LARGEFILE, so IMO
      > both are emulation bugs.
      
      Three exceptions, actually - parisc open() is another case like that.
      Native 32bit won't force O_LARGEFILE, the same binary on parisc64 will.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      25a3bc6b
    • Mike Galbraith's avatar
      Revert "sched, autogroup: Stop going ahead if autogroup is disabled" · fd8ef117
      Mike Galbraith authored
      This reverts commit 800d4d30.
      
      Between commits 8323f26c ("sched: Fix race in task_group()") and
      800d4d30 ("sched, autogroup: Stop going ahead if autogroup is
      disabled"), autogroup is a wreck.
      
      With both applied, all you have to do to crash a box is disable
      autogroup during boot up, then reboot..  boom, NULL pointer dereference
      due to commit 800d4d30 not allowing autogroup to move things, and
      commit 8323f26c making that the only way to switch runqueues:
      
        BUG: unable to handle kernel NULL pointer dereference at           (null)
        IP: [<ffffffff81063ac0>] effective_load.isra.43+0x50/0x90
        Pid: 7047, comm: systemd-user-se Not tainted 3.6.8-smp #7 MEDIONPC MS-7502/MS-7502
        RIP: effective_load.isra.43+0x50/0x90
        Process systemd-user-se (pid: 7047, threadinfo ffff880221dde000, task ffff88022618b3a0)
        Call Trace:
          select_task_rq_fair+0x255/0x780
          try_to_wake_up+0x156/0x2c0
          wake_up_state+0xb/0x10
          signal_wake_up+0x28/0x40
          complete_signal+0x1d6/0x250
          __send_signal+0x170/0x310
          send_signal+0x40/0x80
          do_send_sig_info+0x47/0x90
          group_send_sig_info+0x4a/0x70
          kill_pid_info+0x3a/0x60
          sys_kill+0x97/0x1a0
          ? vfs_read+0x120/0x160
          ? sys_read+0x45/0x90
          system_call_fastpath+0x16/0x1b
        Code: 49 0f af 41 50 31 d2 49 f7 f0 48 83 f8 01 48 0f 46 c6 48 2b 07 48 8b bf 40 01 00 00 48 85 ff 74 3a 45 31 c0 48 8b 8f 50 01 00 00 <48> 8b 11 4c 8b 89 80 00 00 00 49 89 d2 48 01 d0 45 8b 59 58 4c
        RIP  [<ffffffff81063ac0>] effective_load.isra.43+0x50/0x90
         RSP <ffff880221ddfbd8>
        CR2: 0000000000000000
      Signed-off-by: default avatarMike Galbraith <efault@gmx.de>
      Acked-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Yong Zhang <yong.zhang0@gmail.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: stable@vger.kernel.org # 2.6.39+
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fd8ef117
    • Linus Torvalds's avatar
      Merge branch 'block-dev' · d3594ea2
      Linus Torvalds authored
      Merge 'block-dev' branch.
      
      I was going to just mark everything here for stable and leave it to the
      3.8 merge window, but having decided on doing another -rc, I migth as
      well merge it now.
      
      This removes the bd_block_size_semaphore semaphore that was added in
      this release to fix a race condition between block size changes and
      block IO, and replaces it with atomicity guaratees in fs/buffer.c
      instead, along with simplifying fs/block-dev.c.
      
      This removes more lines than it adds, makes the code generally simpler,
      and avoids the latency/rt issues that the block size semaphore
      introduced for mount.
      
      I'm not happy with the timing, but it wouldn't be much better doing this
      during the merge window and then having some delayed back-port of it
      into stable.
      
      * block-dev:
        blkdev_max_block: make private to fs/buffer.c
        direct-io: don't read inode->i_blkbits multiple times
        blockdev: remove bd_block_size_semaphore again
        fs/buffer.c: make block-size be per-page and protected by the page lock
      d3594ea2
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 7e5530af
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) 8139cp leaks memory in error paths, from Francois Romieu.
      
       2) do_tcp_sendpages() cannot handle order > 0 pages, but they can
          certainly arrive there now, fix from Eric Dumazet.
      
       3) Race condition and sysfs fixes in bonding from Nikolay Aleksandrov.
      
       4) Remain-on-Channel fix in mac80211 from Felix Liao.
      
       5) CCK rate calculation fix in iwlwifi, from Emmanuel Grumbach.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        8139cp: fix coherent mapping leak in error path.
        tcp: fix crashes in do_tcp_sendpages()
        bonding: fix race condition in bonding_store_slaves_active
        bonding: make arp_ip_target parameter checks consistent with sysfs
        bonding: fix miimon and arp_interval delayed work race conditions
        mac80211: fix remain-on-channel (non-)cancelling
        iwlwifi: fix the basic CCK rates calculation
      7e5530af
    • Linus Torvalds's avatar
      Merge tag 'md-3.7-fixes' of git://neil.brown.name/md · 4ccc8045
      Linus Torvalds authored
      Pull md bugfix from NeilBrown:
       "Single bugfix for raid1/raid10.
      
        Fixes a recently introduced deadlock."
      
      * tag 'md-3.7-fixes' of git://neil.brown.name/md:
        md/raid1{,0}: fix deadlock in bitmap_unplug.
      4ccc8045
  3. 02 Dec, 2012 5 commits
    • Al Viro's avatar
      open*(2) compat fixes (s390, arm64) · 9d73fc2d
      Al Viro authored
      The usual rules for open()/openat()/open_by_handle_at() are
       1) native 32bit - don't force O_LARGEFILE in flags
       2) native 64bit - force O_LARGEFILE in flags
       3) compat on 64bit host - as for native 32bit
       4) native 32bit ABI for 64bit system (mips/n32, x86/x32) - as for
          native 64bit
      
      There are only two exceptions - s390 compat has open() forcing
      O_LARGEFILE and arm64 compat has open_by_handle_at() doing the same
      thing.  The same binaries on native host (s390/31 and arm resp.) will
      *not* force O_LARGEFILE, so IMO both are emulation bugs.
      
      Objections? The fix is obvious...
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9d73fc2d
    • Linus Torvalds's avatar
      Merge branch 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq · 3c46f3d6
      Linus Torvalds authored
      Pull  late workqueue fixes from Tejun Heo:
       "Unfortunately, I have two really late fixes.  One was for a
        long-standing bug and queued for 3.8 but I found out about a
        regression introduced during 3.7-rc1 two days ago, so I'm sending out
        the two fixes together.
      
        The first (long-standing) one is rescuer_thread() entering exit path
        w/ TASK_INTERRUPTIBLE.  It only triggers on workqueue destructions
        which isn't very frequent and the exit path can usually survive being
        called with TASK_INTERRUPT, so it was hidden pretty well.  Apparently,
        if you're reiserfs, this could lead to the exiting kthread sleeping
        indefinitely holding a mutex, which is never good.
      
        The fix is simple - restoring TASK_RUNNING before returning from the
        kthread function.
      
        The second one is introduced by the new mod_delayed_work().
        mod_delayed_work() was missing special case handling for 0 delay.
        Instead of queueing the work item immediately, it queued the timer
        which expires on the closest next tick.  Some users of the new
        function converted from "[__]cancel_delayed_work() +
        queue_delayed_work()" combination became unhappy with the extra delay.
      
        Block unplugging led to noticeably higher number of context switches
        and intel 6250 wireless failed to associate with WPA-Enterprise
        network.  The fix, again, is fairly simple.  The 0 delay special case
        logic from queue_delayed_work_on() should be moved to
        __queue_delayed_work() which is shared by both queue_delayed_work_on()
        and mod_delayed_work_on().
      
        The first one is difficult to trigger and the failure mode for the
        latter isn't completely catastrophic, so missing these two for 3.7
        wouldn't make it a disastrous release, but both bugs are nasty and the
        fixes are fairly safe"
      
      * 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
        workqueue: mod_delayed_work_on() shouldn't queue timer on 0 delay
        workqueue: exit rescuer_thread() as TASK_RUNNING
      3c46f3d6
    • françois romieu's avatar
      8139cp: fix coherent mapping leak in error path. · 892a925e
      françois romieu authored
      cp_open
      [...]
              rc = cp_alloc_rings(cp);
              if (rc)
                      return rc;
      
      cp_alloc_rings
      [...]
              mem = dma_alloc_coherent(&cp->pdev->dev, CP_RING_BYTES,
                                       &cp->ring_dma, GFP_KERNEL);
      
      - cp_alloc_rings never frees the coherent mapping it allocates
      - neither do cp_open when cp_alloc_rings fails
      Signed-off-by: default avatarFrancois Romieu <romieu@fr.zoreil.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      892a925e
    • Eric Dumazet's avatar
      tcp: fix crashes in do_tcp_sendpages() · 64022d0b
      Eric Dumazet authored
      Recent network changes allowed high order pages being used
      for skb fragments.
      
      This uncovered a bug in do_tcp_sendpages() which was assuming its caller
      provided an array of order-0 page pointers.
      
      We only have to deal with a single page in this function, and its order
      is irrelevant.
      Reported-by: default avatarWilly Tarreau <w@1wt.eu>
      Tested-by: default avatarWilly Tarreau <w@1wt.eu>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      64022d0b
    • Tejun Heo's avatar
      workqueue: mod_delayed_work_on() shouldn't queue timer on 0 delay · 8852aac2
      Tejun Heo authored
      8376fe22 ("workqueue: implement mod_delayed_work[_on]()")
      implemented mod_delayed_work[_on]() using the improved
      try_to_grab_pending().  The function is later used, among others, to
      replace [__]candel_delayed_work() + queue_delayed_work() combinations.
      
      Unfortunately, a delayed_work item w/ zero @delay is handled slightly
      differently by mod_delayed_work_on() compared to
      queue_delayed_work_on().  The latter skips timer altogether and
      directly queues it using queue_work_on() while the former schedules
      timer which will expire on the closest tick.  This means, when @delay
      is zero, that [__]cancel_delayed_work() + queue_delayed_work_on()
      makes the target item immediately executable while
      mod_delayed_work_on() may induce delay of upto a full tick.
      
      This somewhat subtle difference breaks some of the converted users.
      e.g. block queue plugging uses delayed_work for deferred processing
      and uses mod_delayed_work_on() when the queue needs to be immediately
      unplugged.  The above problem manifested as noticeably higher number
      of context switches under certain circumstances.
      
      The difference in behavior was caused by missing special case handling
      for 0 delay in mod_delayed_work_on() compared to
      queue_delayed_work_on().  Joonsoo Kim posted a patch to add it -
      ("workqueue: optimize mod_delayed_work_on() when @delay == 0")[1].
      The patch was queued for 3.8 but it was described as optimization and
      I missed that it was a correctness issue.
      
      As both queue_delayed_work_on() and mod_delayed_work_on() use
      __queue_delayed_work() for queueing, it seems that the better approach
      is to move the 0 delay special handling to the function instead of
      duplicating it in mod_delayed_work_on().
      
      Fix the problem by moving 0 delay special case handling from
      queue_delayed_work_on() to __queue_delayed_work().  This replaces
      Joonsoo's patch.
      
      [1] http://thread.gmane.org/gmane.linux.kernel/1379011/focus=1379012Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Reported-and-tested-by: default avatarAnders Kaseorg <andersk@MIT.EDU>
      Reported-and-tested-by: default avatarZlatko Calusic <zlatko.calusic@iskon.hr>
      LKML-Reference: <alpine.DEB.2.00.1211280953350.26602@dr-wily.mit.edu>
      LKML-Reference: <50A78AA9.5040904@iskon.hr>
      Cc: Joonsoo Kim <js1304@gmail.com>
      8852aac2
  4. 01 Dec, 2012 11 commits
  5. 30 Nov, 2012 13 commits
    • Vincent Palatin's avatar
      x86, fpu: Avoid FPU lazy restore after suspend · 644c1541
      Vincent Palatin authored
      When a cpu enters S3 state, the FPU state is lost.
      After resuming for S3, if we try to lazy restore the FPU for a process running
      on the same CPU, this will result in a corrupted FPU context.
      
      Ensure that "fpu_owner_task" is properly invalided when (re-)initializing a CPU,
      so nobody will try to lazy restore a state which doesn't exist in the hardware.
      
      Tested with a 64-bit kernel on a 4-core Ivybridge CPU with eagerfpu=off,
      by doing thousands of suspend/resume cycles with 4 processes doing FPU
      operations running. Without the patch, a process is killed after a
      few hundreds cycles by a SIGFPE.
      
      Cc: Duncan Laurie <dlaurie@chromium.org>
      Cc: Olof Johansson <olofj@chromium.org>
      Cc: <stable@kernel.org> v3.4+ # for 3.4 need to replace this_cpu_write by percpu_write
      Signed-off-by: default avatarVincent Palatin <vpalatin@chromium.org>
      Link: http://lkml.kernel.org/r/1354306532-1014-1-git-send-email-vpalatin@chromium.orgSigned-off-by: default avatarH. Peter Anvin <hpa@linux.intel.com>
      644c1541
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · cc19528b
      Linus Torvalds authored
      Pull DRM fixes from Dave Airlie:
       "Just driver fixes, nothing major, except maybe the Ironlake rc6
        disable:
      
         - intel:
           * revert ironlake rc6 - we still have one ilk regression, but this
             gets rid of one big one
           * turn off cloning
           * a directed fix for Apple edp
         - radeon: one modesetting fix
         - exynos: minor fixes"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        radeon: fix pll/ctrc mapping on dce2 and dce3 hardware
        Revert "drm/i915: enable rc6 on ilk again"
        drm/i915: do not default to 18 bpp for eDP if missing from VBT
        drm/exynos: Fix potential NULL pointer dereference in exynos_drm_encoder.c
        drm/exynos: Make exynos4/5_fimd_driver_data static
        drm/exynos: fix overlay updating issue
        drm/exynos: remove unnecessary code.
        drm/exynos: fix linux framebuffer address setting.
        drm/i915: disable cloning on sdvo
      cc19528b
    • Linus Torvalds's avatar
      Merge branch 'akpm' (Fixes from Andrew) · 50a53bbe
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "Seven fixes, some of them fingers-crossed :("
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (7 patches)
        drivers/rtc/rtc-tps65910.c: fix invalid pointer access on _remove()
        mm: soft offline: split thp at the beginning of soft_offline_page()
        mm: avoid waking kswapd for THP allocations when compaction is deferred or contended
        revert "Revert "mm: remove __GFP_NO_KSWAPD""
        mm: vmscan: fix endless loop in kswapd balancing
        mm/vmemmap: fix wrong use of virt_to_page
        mm: compaction: fix return value of capture_free_page()
      50a53bbe
    • Linus Torvalds's avatar
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 73efd00d
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "These are three fixes for the Marvell EBU family and one for the
        Samsung s3c platforms.  All of them are obvious should still make it
        into 3.7."
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ARM: Kirkwood: Update PCI-E fixup
        Dove: Fix irq_to_pmu()
        Dove: Attempt to fix PMU/RTC interrupts
        ARM: S3C24XX: Fix potential NULL pointer dereference error
      73efd00d
    • Linus Torvalds's avatar
      Merge tag 'ixp4xx-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 90bf80a1
      Linus Torvalds authored
      Pull ARM ixp4xx bug fixes from Arnd Bergmann:
       "These were originally prepared by Krzysztof Halasa but not submitted
        in time for v3.7 due to some confusion about how ixp4xx patches should
        be handled.  Jason Cooper thankfully offered to help out sending the
        patches upstream through arm-soc now, but given the timing, we could
        as well delay them for 3.8."
      
      * tag 'ixp4xx-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        IXP4xx: use __iomem for MMIO
        IXP4xx: map CPU config registers within VMALLOC region.
        IXP4xx: Always ioremap() Queue Manager MMIO region at boot.
        ixp4xx: Declare MODULE_FIRMWARE usage
        IXP4xx crypto: MOD_AES{128,192,256} already include key size.
        WAN: Remove redundant HDLC info printed by IXP4xx HSS driver.
        IXP4xx: Remove time limit for PCI TRDY to enable use of slow devices.
        IXP4xx: ixp4xx_crypto driver requires Queue Manager and NPE drivers.
        IXP4xx: HW pseudo-random generator is available on IXP45x/46x only.
        IXP4xx: Fix off-by-one bug in Goramo MultiLink platform.
        IXP4xx: Fix Goramo MultiLink platform compilation.
      90bf80a1
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 50a561ca
      Linus Torvalds authored
      Pull final ARM fix from Russell King:
       "One final fix, spotted by Will, to do with what happens when we boot a
        SMP kernel on UP."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: 7586/1: sp804: set cpumask to cpu_possible_mask for clock event device
      50a561ca
    • Kim, Milo's avatar
      drivers/rtc/rtc-tps65910.c: fix invalid pointer access on _remove() · 1430e178
      Kim, Milo authored
      The tps65910_rtc data is registered as the platform driver data in
      _probe(= ).  Therefore the tps65910_rtc should be used on unregistering
      the rtc device.  And device pointer should be retrieved from the
      platform_device structure.
      
      This patch fixes the below oops:
      
       Unable to handle kernel NULL pointer dereference at virtual address 00000008
       Modules linked in: rtc_tps65910(-)
       CPU: 0    Not tainted  (3.7.0-rc7-next-20121128-g6b1f974-dirty #7)
       PC is at tps65910_rtc_alarm_irq_enable+0x20/0x2c [rtc_tps65910]
           (tps65910_rtc_alarm_irq_enable+0x20/0x2c [rtc_tps65910])
           (tps65910_rtc_remove+0x18/0x28 [rtc_tps65910])
           (platform_drv_remove+0x18/0x1c)
           (__device_release_driver+0x70/0xcc)
           (driver_detach+0xb4/0xb8)
           (bus_remove_driver+0x7c/0xc0)
           (sys_delete_module+0x148/0x21c)
      Signed-off-by: default avatarMilo(Woogyom) Kim <milo.kim@ti.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1430e178
    • Naoya Horiguchi's avatar
      mm: soft offline: split thp at the beginning of soft_offline_page() · 783657a7
      Naoya Horiguchi authored
      When we try to soft-offline a thp tail page, put_page() is called on the
      tail page unthinkingly and VM_BUG_ON is triggered in put_compound_page().
      
      This patch splits thp before going into the main body of soft-offlining.
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Andi Kleen <andi.kleen@intel.com>
      Cc: Wu Fengguang <fengguang.wu@intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      783657a7
    • Mel Gorman's avatar
      mm: avoid waking kswapd for THP allocations when compaction is deferred or contended · 782fd304
      Mel Gorman authored
      With "mm: vmscan: scale number of pages reclaimed by reclaim/compaction
      based on failures" reverted, Zdenek Kabelac reported the following
      
        Hmm,  so it's just took longer to hit the problem and observe
        kswapd0 spinning on my CPU again - it's not as endless like before -
        but still it easily eats minutes - it helps to turn off  Firefox
        or TB  (memory hungry apps) so kswapd0 stops soon - and restart
        those apps again.  (And I still have like >1GB of cached memory)
      
        kswapd0         R  running task        0    30      2 0x00000000
        Call Trace:
          preempt_schedule+0x42/0x60
          _raw_spin_unlock+0x55/0x60
          put_super+0x31/0x40
          drop_super+0x22/0x30
          prune_super+0x149/0x1b0
          shrink_slab+0xba/0x510
      
      The sysrq+m indicates the system has no swap so it'll never reclaim
      anonymous pages as part of reclaim/compaction.  That is one part of the
      problem but not the root cause as file-backed pages could also be
      reclaimed.
      
      The likely underlying problem is that kswapd is woken up or kept awake
      for each THP allocation request in the page allocator slow path.
      
      If compaction fails for the requesting process then compaction will be
      deferred for a time and direct reclaim is avoided.  However, if there
      are a storm of THP requests that are simply rejected, it will still be
      the the case that kswapd is awake for a prolonged period of time as
      pgdat->kswapd_max_order is updated each time.  This is noticed by the
      main kswapd() loop and it will not call kswapd_try_to_sleep().  Instead
      it will loopp, shrinking a small number of pages and calling
      shrink_slab() on each iteration.
      
      This patch defers when kswapd gets woken up for THP allocations.  For
      !THP allocations, kswapd is always woken up.  For THP allocations,
      kswapd is woken up iff the process is willing to enter into direct
      reclaim/compaction.
      
      [akpm@linux-foundation.org: fix typo in comment]
      Signed-off-by: default avatarMel Gorman <mgorman@suse.de>
      Cc: Zdenek Kabelac <zkabelac@redhat.com>
      Cc: Seth Jennings <sjenning@linux.vnet.ibm.com>
      Cc: Jiri Slaby <jirislaby@gmail.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Robert Jennings <rcj@linux.vnet.ibm.com>
      Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Cc: Glauber Costa <glommer@gmail.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      782fd304
    • Andrew Morton's avatar
      revert "Revert "mm: remove __GFP_NO_KSWAPD"" · a5091539
      Andrew Morton authored
      It apepars that this patch was innocent, and we hope that "mm: avoid
      waking kswapd for THP allocations when compaction is deferred or
      contended" will fix the final kswapd-spinning cause.
      
      Cc: Zdenek Kabelac <zkabelac@redhat.com>
      Cc: Seth Jennings <sjenning@linux.vnet.ibm.com>
      Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Cc: Jiri Slaby <jirislaby@gmail.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Robert Jennings <rcj@linux.vnet.ibm.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a5091539
    • Johannes Weiner's avatar
      mm: vmscan: fix endless loop in kswapd balancing · 60cefed4
      Johannes Weiner authored
      Kswapd does not in all places have the same criteria for a balanced
      zone.  Zones are only being reclaimed when their high watermark is
      breached, but compaction checks loop over the zonelist again when the
      zone does not meet the low watermark plus two times the size of the
      allocation.  This gets kswapd stuck in an endless loop over a small
      zone, like the DMA zone, where the high watermark is smaller than the
      compaction requirement.
      
      Add a function, zone_balanced(), that checks the watermark, and, for
      higher order allocations, if compaction has enough free memory.  Then
      use it uniformly to check for balanced zones.
      
      This makes sure that when the compaction watermark is not met, at least
      reclaim happens and progress is made - or the zone is declared
      unreclaimable at some point and skipped entirely.
      Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Reported-by: default avatarGeorge Spelvin <linux@horizon.com>
      Reported-by: default avatarJohannes Hirte <johannes.hirte@fem.tu-ilmenau.de>
      Reported-by: default avatarTomas Racek <tracek@redhat.com>
      Tested-by: default avatarJohannes Hirte <johannes.hirte@fem.tu-ilmenau.de>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Cc: Mel Gorman <mel@csn.ul.ie>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      60cefed4
    • Jianguo Wu's avatar
      mm/vmemmap: fix wrong use of virt_to_page · ae64ffca
      Jianguo Wu authored
      I enable CONFIG_DEBUG_VIRTUAL and CONFIG_SPARSEMEM_VMEMMAP, when doing
      memory hotremove, there is a kernel BUG at arch/x86/mm/physaddr.c:20.
      
      It is caused by free_section_usemap()->virt_to_page(), virt_to_page() is
      only used for kernel direct mapping address, but sparse-vmemmap uses
      vmemmap address, so it is going wrong here.
      
        ------------[ cut here ]------------
        kernel BUG at arch/x86/mm/physaddr.c:20!
        invalid opcode: 0000 [#1] SMP
        Modules linked in: acpihp_drv acpihp_slot edd cpufreq_conservative cpufreq_userspace cpufreq_powersave acpi_cpufreq mperf fuse vfat fat loop dm_mod coretemp kvm crc32c_intel ipv6 ixgbe igb iTCO_wdt i7core_edac edac_core pcspkr iTCO_vendor_support ioatdma microcode joydev sr_mod i2c_i801 dca lpc_ich mfd_core mdio tpm_tis i2c_core hid_generic tpm cdrom sg tpm_bios rtc_cmos button ext3 jbd mbcache usbhid hid uhci_hcd ehci_hcd usbcore usb_common sd_mod crc_t10dif processor thermal_sys hwmon scsi_dh_alua scsi_dh_hp_sw scsi_dh_rdac scsi_dh_emc scsi_dh ata_generic ata_piix libata megaraid_sas scsi_mod
        CPU 39
        Pid: 6454, comm: sh Not tainted 3.7.0-rc1-acpihp-final+ #45 QCI QSSC-S4R/QSSC-S4R
        RIP: 0010:[<ffffffff8103c908>]  [<ffffffff8103c908>] __phys_addr+0x88/0x90
        RSP: 0018:ffff8804440d7c08  EFLAGS: 00010006
        RAX: 0000000000000006 RBX: ffffea0012000000 RCX: 000000000000002c
        ...
      Signed-off-by: default avatarJianguo Wu <wujianguo@huawei.com>
      Signed-off-by: default avatarJiang Liu <jiang.liu@huawei.com>
      Reviewd-by: default avatarWen Congyang <wency@cn.fujitsu.com>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Reviewed-by: default avatarYasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Reviewed-by: default avatarMichal Hocko <mhocko@suse.cz>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ae64ffca
    • Mel Gorman's avatar
      mm: compaction: fix return value of capture_free_page() · 58d00209
      Mel Gorman authored
      Commit ef6c5be6 ("fix incorrect NR_FREE_PAGES accounting (appears
      like memory leak)") fixes a NR_FREE_PAGE accounting leak but missed the
      return value which was also missed by this reviewer until today.
      
      That return value is used by compaction when adding pages to a list of
      isolated free pages and without this follow-up fix, there is a risk of
      free list corruption.
      Signed-off-by: default avatarMel Gorman <mgorman@suse.de>
      Cc: Dave Hansen <dave@linux.vnet.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      58d00209