1. 05 Oct, 2015 8 commits
    • Jiri Benc's avatar
      ipv4: fix reply_dst leakage on arp reply · 181a4224
      Jiri Benc authored
      There are cases when the created metadata reply is not used. Ensure the
      allocated memory is freed also in such cases.
      
      Fixes: 63d008a4 ("ipv4: send arp replies to the correct tunnel")
      Reported-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarJiri Benc <jbenc@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      181a4224
    • Eric Dumazet's avatar
      inet: fix race in reqsk_queue_unlink() · 2306c704
      Eric Dumazet authored
      reqsk_timer_handler() tests if icsk_accept_queue.listen_opt
      is NULL at its beginning.
      
      By the time it calls inet_csk_reqsk_queue_drop() and
      reqsk_queue_unlink(), listener might have been closed and
      inet_csk_listen_stop() had called reqsk_queue_yank_acceptq()
      which sets icsk_accept_queue.listen_opt to NULL
      
      We therefore need to correctly check listen_opt being NULL
      after holding syn_wait_lock for proper synchronization.
      
      Fixes: fa76ce73 ("inet: get rid of central tcp/dccp listener timer")
      Fixes: b357a364 ("inet: fix possible panic in reqsk_queue_unlink()")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2306c704
    • Raanan Avargil's avatar
      tcp/dccp: fix old style declarations · 8695a144
      Raanan Avargil authored
      I’m using the compilation flag -Werror=old-style-declaration, which
      requires that the “inline” word would come at the beginning of the code
      line.
      
      $ make drivers/net/ethernet/intel/e1000e/e1000e.ko
      ...
      include/net/inet_timewait_sock.h:116:1: error: ‘inline’ is not at
      beginning of declaration [-Werror=old-style-declaration]
      static void inline inet_twsk_schedule(struct inet_timewait_sock *tw, int
      timeo)
      
      include/net/inet_timewait_sock.h:121:1: error: ‘inline’ is not at
      beginning of declaration [-Werror=old-style-declaration]
      static void inline inet_twsk_reschedule(struct inet_timewait_sock *tw,
      int timeo)
      
      Fixes: ed2e9239 ("tcp/dccp: fix timewait races in timer handling")
      Signed-off-by: default avatarRaanan Avargil <raanan.avargil@intel.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8695a144
    • Vladimir Zapolskiy's avatar
      net: lpc_eth: fix warnings caused by enabling unprepared clock · 33a8316d
      Vladimir Zapolskiy authored
      If common clock framework is configured, the driver generates warnings,
      which are fixed by this change:
      
          WARNING: CPU: 0 PID: 1 at linux/drivers/clk/clk.c:727 clk_core_enable+0x2c/0xa4()
          Modules linked in:
          CPU: 0 PID: 1 Comm: swapper Not tainted 4.3.0-rc2+ #141
          Hardware name: LPC32XX SoC (Flattened Device Tree)
          Backtrace:
          [<>] (dump_backtrace) from [<>] (show_stack+0x18/0x1c)
          [<>] (show_stack) from [<>] (dump_stack+0x20/0x28)
          [<>] (dump_stack) from [<>] (warn_slowpath_common+0x90/0xb8)
          [<>] (warn_slowpath_common) from [<>] (warn_slowpath_null+0x24/0x2c)
          [<>] (warn_slowpath_null) from [<>] (clk_core_enable+0x2c/0xa4)
          [<>] (clk_core_enable) from [<>] (clk_enable+0x24/0x38)
          [<>] (clk_enable) from [<>] (lpc_eth_drv_probe+0xfc/0x99c)
          [<>] (lpc_eth_drv_probe) from [<>] (platform_drv_probe+0x50/0xa0)
          [<>] (platform_drv_probe) from [<>] (driver_probe_device+0x18c/0x408)
          [<>] (driver_probe_device) from [<>] (__driver_attach+0x70/0x94)
          [<>] (__driver_attach) from [<>] (bus_for_each_dev+0x74/0x98)
          [<>] (bus_for_each_dev) from [<>] (driver_attach+0x20/0x28)
          [<>] (driver_attach) from [<>] (bus_add_driver+0x11c/0x248)
          [<>] (bus_add_driver) from [<>] (driver_register+0xa4/0xe8)
          [<>] (driver_register) from [<>] (__platform_driver_register+0x50/0x64)
          [<>] (__platform_driver_register) from [<>] (lpc_eth_driver_init+0x18/0x20)
          [<>] (lpc_eth_driver_init) from [<>] (do_one_initcall+0x11c/0x1dc)
          [<>] (do_one_initcall) from [<>] (kernel_init_freeable+0x10c/0x1d4)
          [<>] (kernel_init_freeable) from [<>] (kernel_init+0x10/0xec)
          [<>] (kernel_init) from [<>] (ret_from_fork+0x14/0x24)
      Signed-off-by: default avatarVladimir Zapolskiy <vz@mleia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      33a8316d
    • David B. Robins's avatar
      net: usb: asix: Fix crash on skb alloc failure · f6194bcf
      David B. Robins authored
      If asix_rx_fixup_internal() fails to allocate rx->ax_skb, it will return
      but not clear rx->size. rx points to driver private data. A later call
      assumes that nonzero size means ax_skb was allocated and passes a null
      ax_skb to skb_put. Changed allocation failure return to clear size first.
      
      Found testing board with AX88772B devices.
      Signed-off-by: default avatarDavid B. Robins <linux@davidrobins.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f6194bcf
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-4.3-20150930' of... · 74910ea4
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-4.3-20150930' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2015-09-30
      
      this is a pull request of a single patch for 4.3.
      
      The patch is by Stephane Grosjean and add support for the peak OEM PCI card to
      the peak_pci driver by adding its device ID.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      74910ea4
    • Geliang Tang's avatar
      amd-xgbe: fix potential memory leak in xgbe-debugfs · 9dc80a74
      Geliang Tang authored
      Added kfree() to avoid the memory leak when debugfs_create_dir() fails.
      Signed-off-by: default avatarGeliang Tang <geliangtang@163.com>
      Acked-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9dc80a74
    • Guillaume Nault's avatar
      ppp: don't override sk->sk_state in pppoe_flush_dev() · e6740165
      Guillaume Nault authored
      Since commit 2b018d57 ("pppoe: drop PPPOX_ZOMBIEs in pppoe_release"),
      pppoe_release() calls dev_put(po->pppoe_dev) if sk is in the
      PPPOX_ZOMBIE state. But pppoe_flush_dev() can set sk->sk_state to
      PPPOX_ZOMBIE _and_ reset po->pppoe_dev to NULL. This leads to the
      following oops:
      
      [  570.140800] BUG: unable to handle kernel NULL pointer dereference at 00000000000004e0
      [  570.142931] IP: [<ffffffffa018c701>] pppoe_release+0x50/0x101 [pppoe]
      [  570.144601] PGD 3d119067 PUD 3dbc1067 PMD 0
      [  570.144601] Oops: 0000 [#1] SMP
      [  570.144601] Modules linked in: l2tp_ppp l2tp_netlink l2tp_core ip6_udp_tunnel udp_tunnel pppoe pppox ppp_generic slhc loop crc32c_intel ghash_clmulni_intel jitterentropy_rng sha256_generic hmac drbg ansi_cprng aesni_intel aes_x86_64 ablk_helper cryptd lrw gf128mul glue_helper acpi_cpufreq evdev serio_raw processor button ext4 crc16 mbcache jbd2 virtio_net virtio_blk virtio_pci virtio_ring virtio
      [  570.144601] CPU: 1 PID: 15738 Comm: ppp-apitest Not tainted 4.2.0 #1
      [  570.144601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
      [  570.144601] task: ffff88003d30d600 ti: ffff880036b60000 task.ti: ffff880036b60000
      [  570.144601] RIP: 0010:[<ffffffffa018c701>]  [<ffffffffa018c701>] pppoe_release+0x50/0x101 [pppoe]
      [  570.144601] RSP: 0018:ffff880036b63e08  EFLAGS: 00010202
      [  570.144601] RAX: 0000000000000000 RBX: ffff880034340000 RCX: 0000000000000206
      [  570.144601] RDX: 0000000000000006 RSI: ffff88003d30dd20 RDI: ffff88003d30dd20
      [  570.144601] RBP: ffff880036b63e28 R08: 0000000000000001 R09: 0000000000000000
      [  570.144601] R10: 00007ffee9b50420 R11: ffff880034340078 R12: ffff8800387ec780
      [  570.144601] R13: ffff8800387ec7b0 R14: ffff88003e222aa0 R15: ffff8800387ec7b0
      [  570.144601] FS:  00007f5672f48700(0000) GS:ffff88003fc80000(0000) knlGS:0000000000000000
      [  570.144601] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  570.144601] CR2: 00000000000004e0 CR3: 0000000037f7e000 CR4: 00000000000406a0
      [  570.144601] Stack:
      [  570.144601]  ffffffffa018f240 ffff8800387ec780 ffffffffa018f240 ffff8800387ec7b0
      [  570.144601]  ffff880036b63e48 ffffffff812caabe ffff880039e4e000 0000000000000008
      [  570.144601]  ffff880036b63e58 ffffffff812cabad ffff880036b63ea8 ffffffff811347f5
      [  570.144601] Call Trace:
      [  570.144601]  [<ffffffff812caabe>] sock_release+0x1a/0x75
      [  570.144601]  [<ffffffff812cabad>] sock_close+0xd/0x11
      [  570.144601]  [<ffffffff811347f5>] __fput+0xff/0x1a5
      [  570.144601]  [<ffffffff811348cb>] ____fput+0x9/0xb
      [  570.144601]  [<ffffffff81056682>] task_work_run+0x66/0x90
      [  570.144601]  [<ffffffff8100189e>] prepare_exit_to_usermode+0x8c/0xa7
      [  570.144601]  [<ffffffff81001a26>] syscall_return_slowpath+0x16d/0x19b
      [  570.144601]  [<ffffffff813babb1>] int_ret_from_sys_call+0x25/0x9f
      [  570.144601] Code: 48 8b 83 c8 01 00 00 a8 01 74 12 48 89 df e8 8b 27 14 e1 b8 f7 ff ff ff e9 b7 00 00 00 8a 43 12 a8 0b 74 1c 48 8b 83 a8 04 00 00 <48> 8b 80 e0 04 00 00 65 ff 08 48 c7 83 a8 04 00 00 00 00 00 00
      [  570.144601] RIP  [<ffffffffa018c701>] pppoe_release+0x50/0x101 [pppoe]
      [  570.144601]  RSP <ffff880036b63e08>
      [  570.144601] CR2: 00000000000004e0
      [  570.200518] ---[ end trace 46956baf17349563 ]---
      
      pppoe_flush_dev() has no reason to override sk->sk_state with
      PPPOX_ZOMBIE. pppox_unbind_sock() already sets sk->sk_state to
      PPPOX_DEAD, which is the correct state given that sk is unbound and
      po->pppoe_dev is NULL.
      
      Fixes: 2b018d57 ("pppoe: drop PPPOX_ZOMBIEs in pppoe_release")
      Tested-by: default avatarOleksii Berezhniak <core@irc.lg.ua>
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e6740165
  2. 02 Oct, 2015 17 commits
    • Linus Torvalds's avatar
      Merge tag 'mmc-v4.3-rc3' of git://git.linaro.org/people/ulf.hansson/mmc · 36f8dafe
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "Here are some mmc fixes intended for v4.3 rc4:
      
        MMC core:
         - Allow users of mmc_of_parse() to succeed when CONFIG_GPIOLIB is
           unset
         - Prevent infinite loop of re-tuning for CRC-errors for CMD19 and
           CMD21
      
         MMC host:
         - pxamci: Fix issues with card detect
         - sunxi: Fix clk-delay settings"
      
      * tag 'mmc-v4.3-rc3' of git://git.linaro.org/people/ulf.hansson/mmc:
        mmc: core: fix dead loop of mmc_retune
        mmc: pxamci: fix card detect with slot-gpio API
        mmc: sunxi: Fix clk-delay settings
        mmc: core: Don't return an error for CD/WP GPIOs when GPIOLIB is unset
      36f8dafe
    • Linus Torvalds's avatar
      Merge git://git.infradead.org/intel-iommu · 8c25ab8b
      Linus Torvalds authored
      Pull IOVA fixes from David Woodhouse:
       "The main fix here is the first one, fixing the over-allocation of
         size-aligned requests.  The other patches simply make the existing
        IOVA code available to users other than the Intel VT-d driver, with no
        functional change.
      
        I concede the latter really *should* have been submitted during the
        merge window, but since it's basically risk-free and people are
        waiting to build on top of it and it's my fault I didn't get it in, I
        (and they) would be grateful if you'd take it"
      
      * git://git.infradead.org/intel-iommu:
        iommu: Make the iova library a module
        iommu: iova: Export symbols
        iommu: iova: Move iova cache management to the iova library
        iommu/iova: Avoid over-allocating when size-aligned
      8c25ab8b
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · bde17b90
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "12 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        dmapool: fix overflow condition in pool_find_page()
        thermal: avoid division by zero in power allocator
        memcg: remove pcp_counter_lock
        kprobes: use _do_fork() in samples to make them work again
        drivers/input/joystick/Kconfig: zhenhua.c needs BITREVERSE
        memcg: make mem_cgroup_read_stat() unsigned
        memcg: fix dirty page migration
        dax: fix NULL pointer in __dax_pmd_fault()
        mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault
        mm/slab: fix unexpected index mapping result of kmalloc_size(INDEX_NODE+1)
        userfaultfd: remove kernel header include from uapi header
        arch/x86/include/asm/efi.h: fix build failure
      bde17b90
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-4.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 1bca1000
      Linus Torvalds authored
      Pull power management and ACPI fixes from Rafael Wysocki:
       "These are fixes mostly, for a few changes made in this cycle (the
        intel_idle driver, the OPP library, the ACPI EC driver, turbostat) and
        for some issues that have just been discovered (ACPI PCI IRQ
        management, PCI power management documentation, turbostat), with a
        couple of cleanups on top of them.
      
        Specifics:
      
         - intel_idle driver fixup for the recently added Skylake chips
           support (Len Brown).
      
         - Operating Performance Points (OPP) library fix related to the
           recently added support for new DT bindings and a fix for a typo in
           a comment (Viresh Kumar, Stephen Boyd).
      
         - ACPI EC driver fix for a recently introduced memory leak in an
           error code path (Lv Zheng).
      
         - ACPI PCI IRQ management fix for the issue where an ISA IRQ is
           shared with a PCI device which requires it to be configured in a
           different way and may cause an interrupt storm to happen as a
           result with an extra ACPI SCI IRQ handling simplification on top of
           it (Jiang Liu).
      
         - Update of the PCI power management documentation that became
           outdated and started to actively confuse the readers to make it
           actually reflect the code (Rafael J Wysocki).
      
         - turbostat fixes including an IVB Xeon regression fix (related to
           the --debug command line option), Skylake adjustment for the TSC
           running at a frequency that doesn't match the base one exactly, and
           a Knights Landing quirk to account for the fact that it only
           updates APERF and MPERF every 1024 clock cycles plus bumping up the
           turbostat version number (Len Brown, Hubert Chrzaniuk)"
      
      * tag 'pm+acpi-4.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        tools/power turbosat: update version number
        tools/power turbostat: SKL: Adjust for TSC difference from base frequency
        tools/power turbostat: KNL workaround for %Busy and Avg_MHz
        tools/power turbostat: IVB Xeon: fix --debug regression
        ACPI / PCI: Remove duplicated penalty on SCI IRQ
        ACPI, PCI, irq: Do not share PCI IRQ with ISA IRQ
        ACPI / EC: Fix a memory leak issue in acpi_ec_query()
        PM / OPP: Fix typo modifcation -> modification
        PCI / PM: Update runtime PM documentation for PCI devices
        PM / OPP: of_property_count_u32_elems() can return errors
        intel_idle: Skylake Client Support - updated
      1bca1000
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 3deaa4f5
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
      1) Fix regression in SKB partial checksum handling, from Pravin B
         Shalar.
      
      2) Fix VLAN inside of VXLAN handling in i40e driver, from Jesse
         Brandeburg.
      
      3) Cure softlockups during accept() in SCTP, from Karl Heiss.
      
      4) MSG_PEEK should return multiple SKBs worth of data in AF_UNIX, from
         Aaron Conole.
      
      5) IPV6 erroneously ignores output interface specifier in lookup key for
         route lookups, fix from David Ahern.
      
      6) In Marvell DSA driver, forward unknown frames to CPU port, from
         Andrew Lunn.
      
      7) Mission flow flag initializations in some code paths, from David
         Ahern.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        net: Initialize flow flags in input path
        net: dsa: fix preparation of a port STP update
        testptp: Silence compiler warnings on ppc64
        net/mlx4: Handle return codes in mlx4_qp_attach_common
        dsa: mv88e6xxx: Enable forwarding for unknown to the CPU port
        skbuff: Fix skb checksum partial check.
        net: ipv6: Add RT6_LOOKUP_F_IFACE flag if oif is set
        net sysfs: Print link speed as signed integer
        bna: fix error handling
        af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag
        af_unix: Convert the unix_sk macro to an inline function for type safety
        net: sctp: Don't use 64 kilobyte lookup table for four elements
        l2tp: protect tunnel->del_work by ref_count
        net/ibm/emac: bump version numbers for correct work with ethtool
        sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
        sctp: Whitespace fix
        i40e/i40evf: check for stopped admin queue
        i40e: fix VLAN inside VXLAN
        r8169: fix handling rtl_readphy result
        net: hisilicon: fix handling platform_get_irq result
      3deaa4f5
    • Robin Murphy's avatar
      dmapool: fix overflow condition in pool_find_page() · 676bd991
      Robin Murphy authored
      If a DMA pool lies at the very top of the dma_addr_t range (as may
      happen with an IOMMU involved), the calculated end address of the pool
      wraps around to zero, and page lookup always fails.
      
      Tweak the relevant calculation to be overflow-proof.
      Signed-off-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Marek Szyprowski <m.szyprowski@samsung.com>
      Cc: Sumit Semwal <sumit.semwal@linaro.org>
      Cc: Sakari Ailus <sakari.ailus@iki.fi>
      Cc: Russell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      676bd991
    • Andrea Arcangeli's avatar
      thermal: avoid division by zero in power allocator · 44241628
      Andrea Arcangeli authored
      During boot I get a div by zero Oops regression starting in v4.3-rc3.
      Signed-off-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Reviewed-by: default avatarJavi Merino <javi.merino@arm.com>
      Cc: Zhang Rui <rui.zhang@intel.com>
      Cc: Eduardo Valentin <edubezval@gmail.com>
      Cc: Daniel Kurtz <djkurtz@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      44241628
    • Greg Thelen's avatar
      memcg: remove pcp_counter_lock · ef510194
      Greg Thelen authored
      Commit 733a572e ("memcg: make mem_cgroup_read_{stat|event}() iterate
      possible cpus instead of online") removed the last use of the per memcg
      pcp_counter_lock but forgot to remove the variable.
      
      Kill the vestigial variable.
      Signed-off-by: default avatarGreg Thelen <gthelen@google.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ef510194
    • Petr Mladek's avatar
      kprobes: use _do_fork() in samples to make them work again · 54aea454
      Petr Mladek authored
      Commit 3033f14a ("clone: support passing tls argument via C rather
      than pt_regs magic") introduced _do_fork() that allowed to pass @tls
      parameter.
      
      The old do_fork() is defined only for architectures that are not ready
      to use this way and do not define HAVE_COPY_THREAD_TLS.
      
      Let's use _do_fork() in the kprobe examples to make them work again on
      all architectures.
      Signed-off-by: default avatarPetr Mladek <pmladek@suse.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Thiago Macieira <thiago.macieira@intel.com>
      Cc: Jiri Kosina <jkosina@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      54aea454
    • Andrew Morton's avatar
      drivers/input/joystick/Kconfig: zhenhua.c needs BITREVERSE · 09a59a9d
      Andrew Morton authored
      It uses bitrev8(), so it must ensure that lib/bitrev.o gets included in
      vmlinux.
      
      Cc: Fengguang Wu <fengguang.wu@gmail.com>
      Cc: yalin wang <yalin.wang2010@gmail.com>
      Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      09a59a9d
    • Greg Thelen's avatar
      memcg: make mem_cgroup_read_stat() unsigned · 484ebb3b
      Greg Thelen authored
      mem_cgroup_read_stat() returns a page count by summing per cpu page
      counters.  The summing is racy wrt.  updates, so a transient negative
      sum is possible.  Callers don't want negative values:
      
       - mem_cgroup_wb_stats() doesn't want negative nr_dirty or nr_writeback.
         This could confuse dirty throttling.
      
       - oom reports and memory.stat shouldn't show confusing negative usage.
      
       - tree_usage() already avoids negatives.
      
      Avoid returning negative page counts from mem_cgroup_read_stat() and
      convert it to unsigned.
      
      [akpm@linux-foundation.org: fix old typo while we're in there]
      Signed-off-by: default avatarGreg Thelen <gthelen@google.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: <stable@vger.kernel.org>	[4.2+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      484ebb3b
    • Greg Thelen's avatar
      memcg: fix dirty page migration · 0610c25d
      Greg Thelen authored
      The problem starts with a file backed dirty page which is charged to a
      memcg.  Then page migration is used to move oldpage to newpage.
      
      Migration:
       - copies the oldpage's data to newpage
       - clears oldpage.PG_dirty
       - sets newpage.PG_dirty
       - uncharges oldpage from memcg
       - charges newpage to memcg
      
      Clearing oldpage.PG_dirty decrements the charged memcg's dirty page
      count.
      
      However, because newpage is not yet charged, setting newpage.PG_dirty
      does not increment the memcg's dirty page count.  After migration
      completes newpage.PG_dirty is eventually cleared, often in
      account_page_cleaned().  At this time newpage is charged to a memcg so
      the memcg's dirty page count is decremented which causes underflow
      because the count was not previously incremented by migration.  This
      underflow causes balance_dirty_pages() to see a very large unsigned
      number of dirty memcg pages which leads to aggressive throttling of
      buffered writes by processes in non root memcg.
      
      This issue:
       - can harm performance of non root memcg buffered writes.
       - can report too small (even negative) values in
         memory.stat[(total_)dirty] counters of all memcg, including the root.
      
      To avoid polluting migrate.c with #ifdef CONFIG_MEMCG checks, introduce
      page_memcg() and set_page_memcg() helpers.
      
      Test:
          0) setup and enter limited memcg
          mkdir /sys/fs/cgroup/test
          echo 1G > /sys/fs/cgroup/test/memory.limit_in_bytes
          echo $$ > /sys/fs/cgroup/test/cgroup.procs
      
          1) buffered writes baseline
          dd if=/dev/zero of=/data/tmp/foo bs=1M count=1k
          sync
          grep ^dirty /sys/fs/cgroup/test/memory.stat
      
          2) buffered writes with compaction antagonist to induce migration
          yes 1 > /proc/sys/vm/compact_memory &
          rm -rf /data/tmp/foo
          dd if=/dev/zero of=/data/tmp/foo bs=1M count=1k
          kill %
          sync
          grep ^dirty /sys/fs/cgroup/test/memory.stat
      
          3) buffered writes without antagonist, should match baseline
          rm -rf /data/tmp/foo
          dd if=/dev/zero of=/data/tmp/foo bs=1M count=1k
          sync
          grep ^dirty /sys/fs/cgroup/test/memory.stat
      
                             (speed, dirty residue)
                   unpatched                       patched
          1) 841 MB/s 0 dirty pages          886 MB/s 0 dirty pages
          2) 611 MB/s -33427456 dirty pages  793 MB/s 0 dirty pages
          3) 114 MB/s -33427456 dirty pages  891 MB/s 0 dirty pages
      
          Notice that unpatched baseline performance (1) fell after
          migration (3): 841 -> 114 MB/s.  In the patched kernel, post
          migration performance matches baseline.
      
      Fixes: c4843a75 ("memcg: add per cgroup dirty page accounting")
      Signed-off-by: default avatarGreg Thelen <gthelen@google.com>
      Reported-by: default avatarDave Hansen <dave.hansen@intel.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Cc: <stable@vger.kernel.org>	[4.2+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0610c25d
    • Ross Zwisler's avatar
      dax: fix NULL pointer in __dax_pmd_fault() · 8346c416
      Ross Zwisler authored
      Commit 46c043ed ("mm: take i_mmap_lock in unmap_mapping_range() for
      DAX") moved some code in __dax_pmd_fault() that was responsible for
      zeroing newly allocated PMD pages.  The new location didn't properly set
      up 'kaddr', so when run this code resulted in a NULL pointer BUG.
      
      Fix this by getting the correct 'kaddr' via bdev_direct_access().
      Signed-off-by: default avatarRoss Zwisler <ross.zwisler@linux.intel.com>
      Reported-by: default avatarDan Williams <dan.j.williams@intel.com>
      Reviewed-by: default avatarDan Williams <dan.j.williams@intel.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Matthew Wilcox <willy@linux.intel.com>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Cc: Dave Chinner <david@fromorbit.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8346c416
    • Mel Gorman's avatar
      mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault · 2f84a899
      Mel Gorman authored
      SunDong reported the following on
      
        https://bugzilla.kernel.org/show_bug.cgi?id=103841
      
      	I think I find a linux bug, I have the test cases is constructed. I
      	can stable recurring problems in fedora22(4.0.4) kernel version,
      	arch for x86_64.  I construct transparent huge page, when the parent
      	and child process with MAP_SHARE, MAP_PRIVATE way to access the same
      	huge page area, it has the opportunity to lead to huge page copy on
      	write failure, and then it will munmap the child corresponding mmap
      	area, but then the child mmap area with VM_MAYSHARE attributes, child
      	process munmap this area can trigger VM_BUG_ON in set_vma_resv_flags
      	functions (vma - > vm_flags & VM_MAYSHARE).
      
      There were a number of problems with the report (e.g.  it's hugetlbfs that
      triggers this, not transparent huge pages) but it was fundamentally
      correct in that a VM_BUG_ON in set_vma_resv_flags() can be triggered that
      looks like this
      
      	 vma ffff8804651fd0d0 start 00007fc474e00000 end 00007fc475e00000
      	 next ffff8804651fd018 prev ffff8804651fd188 mm ffff88046b1b1800
      	 prot 8000000000000027 anon_vma           (null) vm_ops ffffffff8182a7a0
      	 pgoff 0 file ffff88106bdb9800 private_data           (null)
      	 flags: 0x84400fb(read|write|shared|mayread|maywrite|mayexec|mayshare|dontexpand|hugetlb)
      	 ------------
      	 kernel BUG at mm/hugetlb.c:462!
      	 SMP
      	 Modules linked in: xt_pkttype xt_LOG xt_limit [..]
      	 CPU: 38 PID: 26839 Comm: map Not tainted 4.0.4-default #1
      	 Hardware name: Dell Inc. PowerEdge R810/0TT6JF, BIOS 2.7.4 04/26/2012
      	 set_vma_resv_flags+0x2d/0x30
      
      The VM_BUG_ON is correct because private and shared mappings have
      different reservation accounting but the warning clearly shows that the
      VMA is shared.
      
      When a private COW fails to allocate a new page then only the process
      that created the VMA gets the page -- all the children unmap the page.
      If the children access that data in the future then they get killed.
      
      The problem is that the same file is mapped shared and private.  During
      the COW, the allocation fails, the VMAs are traversed to unmap the other
      private pages but a shared VMA is found and the bug is triggered.  This
      patch identifies such VMAs and skips them.
      Signed-off-by: default avatarMel Gorman <mgorman@techsingularity.net>
      Reported-by: default avatarSunDong <sund_sky@126.com>
      Reviewed-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: David Rientjes <rientjes@google.com>
      Reviewed-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2f84a899
    • Joonsoo Kim's avatar
      mm/slab: fix unexpected index mapping result of kmalloc_size(INDEX_NODE+1) · 03a2d2a3
      Joonsoo Kim authored
      Commit description is copied from the original post of this bug:
      
        http://comments.gmane.org/gmane.linux.kernel.mm/135349
      
      Kernels after v3.9 use kmalloc_size(INDEX_NODE + 1) to get the next
      larger cache size than the size index INDEX_NODE mapping.  In kernels
      3.9 and earlier we used malloc_sizes[INDEX_L3 + 1].cs_size.
      
      However, sometimes we can't get the right output we expected via
      kmalloc_size(INDEX_NODE + 1), causing a BUG().
      
      The mapping table in the latest kernel is like:
          index = {0,   1,  2 ,  3,  4,   5,   6,   n}
           size = {0,   96, 192, 8, 16,  32,  64,   2^n}
      The mapping table before 3.10 is like this:
          index = {0 , 1 , 2,   3,  4 ,  5 ,  6,   n}
          size  = {32, 64, 96, 128, 192, 256, 512, 2^(n+3)}
      
      The problem on my mips64 machine is as follows:
      
      (1) When configured DEBUG_SLAB && DEBUG_PAGEALLOC && DEBUG_LOCK_ALLOC
          && DEBUG_SPINLOCK, the sizeof(struct kmem_cache_node) will be "150",
          and the macro INDEX_NODE turns out to be "2": #define INDEX_NODE
          kmalloc_index(sizeof(struct kmem_cache_node))
      
      (2) Then the result of kmalloc_size(INDEX_NODE + 1) is 8.
      
      (3) Then "if(size >= kmalloc_size(INDEX_NODE + 1)" will lead to "size
          = PAGE_SIZE".
      
      (4) Then "if ((size >= (PAGE_SIZE >> 3))" test will be satisfied and
          "flags |= CFLGS_OFF_SLAB" will be covered.
      
      (5) if (flags & CFLGS_OFF_SLAB)" test will be satisfied and will go to
          "cachep->slabp_cache = kmalloc_slab(slab_size, 0u)", and the result
          here may be NULL while kernel bootup.
      
      (6) Finally,"BUG_ON(ZERO_OR_NULL_PTR(cachep->slabp_cache));" causes the
          BUG info as the following shows (may be only mips64 has this problem):
      
      This patch fixes the problem of kmalloc_size(INDEX_NODE + 1) and removes
      the BUG by adding 'size >= 256' check to guarantee that all necessary
      small sized slabs are initialized regardless sequence of slab size in
      mapping table.
      
      Fixes: e3366016 ("slab: Use common kmalloc_index/kmalloc_size...")
      Signed-off-by: default avatarJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Reported-by: default avatarLiuhailong <liu.hailong6@zte.com.cn>
      Acked-by: default avatarChristoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      03a2d2a3
    • Andre Przywara's avatar
      userfaultfd: remove kernel header include from uapi header · 9ff42d10
      Andre Przywara authored
      As include/uapi/linux/userfaultfd.h is a user visible header file, it
      should not include kernel-exclusive header files.
      
      So trying to build the userfaultfd test program from the selftests
      directory fails, since it contains a reference to linux/compiler.h.  As
      it turns out, that header is not really needed there, so we can simply
      remove it to fix that issue.
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Shuah Khan <shuahkh@osg.samsung.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9ff42d10
    • Andrey Ryabinin's avatar
      arch/x86/include/asm/efi.h: fix build failure · a523841e
      Andrey Ryabinin authored
      With KMEMCHECK=y, KASAN=n:
      
        arch/x86/platform/efi/efi.c:673:3: error: implicit declaration of function `memcpy' [-Werror=implicit-function-declaration]
        arch/x86/platform/efi/efi_64.c:139:2: error: implicit declaration of function `memcpy' [-Werror=implicit-function-declaration]
        arch/x86/include/asm/desc.h:121:2: error: implicit declaration of function `memcpy' [-Werror=implicit-function-declaration]
      
      Don't #undef memcpy if KASAN=n.
      
      Fixes: 769a8089 ("x86, efi, kasan: #undef memset/memcpy/memmove per arch")
      Signed-off-by: default avatarAndrey Ryabinin <ryabinin.a.a@gmail.com>
      Reported-by: default avatarIngo Molnar <mingo@kernel.org>
      Reported-by: default avatarSedat Dilek <sedat.dilek@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a523841e
  3. 01 Oct, 2015 13 commits
  4. 30 Sep, 2015 2 commits