1. 08 Aug, 2018 3 commits
  2. 07 Aug, 2018 1 commit
    • Thomas Gleixner's avatar
      cpu/hotplug: Fix SMT supported evaluation · bc2d8d26
      Thomas Gleixner authored
      Josh reported that the late SMT evaluation in cpu_smt_state_init() sets
      cpu_smt_control to CPU_SMT_NOT_SUPPORTED in case that 'nosmt' was supplied
      on the kernel command line as it cannot differentiate between SMT disabled
      by BIOS and SMT soft disable via 'nosmt'. That wreckages the state and
      makes the sysfs interface unusable.
      
      Rework this so that during bringup of the non boot CPUs the availability of
      SMT is determined in cpu_smt_allowed(). If a newly booted CPU is not a
      'primary' thread then set the local cpu_smt_available marker and evaluate
      this explicitely right after the initial SMP bringup has finished.
      
      SMT evaulation on x86 is a trainwreck as the firmware has all the
      information _before_ booting the kernel, but there is no interface to query
      it.
      
      Fixes: 73d5e2b4 ("cpu/hotplug: detect SMT disabled by BIOS")
      Reported-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      bc2d8d26
  3. 05 Aug, 2018 13 commits
  4. 29 Jul, 2018 5 commits
    • Linus Torvalds's avatar
      Linux 4.18-rc7 · acb18725
      Linus Torvalds authored
      acb18725
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 3cfb6772
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Some miscellaneous ext4 fixes for 4.18; one fix is for a regression
        introduced in 4.18-rc4.
      
        Sorry for the late-breaking pull. I was originally going to wait for
        the next merge window, but Eric Whitney found a regression introduced
        in 4.18-rc4, so I decided to push out the regression plus the other
        fixes now. (The other commits have been baking in linux-next since
        early July)"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix check to prevent initializing reserved inodes
        ext4: check for allocation block validity with block group locked
        ext4: fix inline data updates with checksums enabled
        ext4: clear mmp sequence number when remounting read-only
        ext4: fix false negatives *and* false positives in ext4_check_descriptors()
      3cfb6772
    • Linus Torvalds's avatar
      squashfs: be more careful about metadata corruption · 01cfb793
      Linus Torvalds authored
      Anatoly Trosinenko reports that a corrupted squashfs image can cause a
      kernel oops.  It turns out that squashfs can end up being confused about
      negative fragment lengths.
      
      The regular squashfs_read_data() does check for negative lengths, but
      squashfs_read_metadata() did not, and the fragment size code just
      blindly trusted the on-disk value.  Fix both the fragment parsing and
      the metadata reading code.
      Reported-by: default avatarAnatoly Trosinenko <anatoly.trosinenko@gmail.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Phillip Lougher <phillip@squashfs.org.uk>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      01cfb793
    • Theodore Ts'o's avatar
      ext4: fix check to prevent initializing reserved inodes · 50122847
      Theodore Ts'o authored
      Commit 8844618d: "ext4: only look at the bg_flags field if it is
      valid" will complain if block group zero does not have the
      EXT4_BG_INODE_ZEROED flag set.  Unfortunately, this is not correct,
      since a freshly created file system has this flag cleared.  It gets
      almost immediately after the file system is mounted read-write --- but
      the following somewhat unlikely sequence will end up triggering a
      false positive report of a corrupted file system:
      
         mkfs.ext4 /dev/vdc
         mount -o ro /dev/vdc /vdc
         mount -o remount,rw /dev/vdc
      
      Instead, when initializing the inode table for block group zero, test
      to make sure that itable_unused count is not too large, since that is
      the case that will result in some or all of the reserved inodes
      getting cleared.
      
      This fixes the failures reported by Eric Whiteney when running
      generic/230 and generic/231 in the the nojournal test case.
      
      Fixes: 8844618d ("ext4: only look at the bg_flags field if it is valid")
      Reported-by: default avatarEric Whitney <enwlinux@gmail.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      50122847
    • Linus Torvalds's avatar
      Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random · a26fb01c
      Linus Torvalds authored
      Pull random fixes from Ted Ts'o:
       "In reaction to the fixes to address CVE-2018-1108, some Linux
        distributions that have certain systemd versions in some cases
        combined with patches to libcrypt for FIPS/FEDRAMP compliance, have
        led to boot-time stalls for some hardware.
      
        The reaction by some distros and Linux sysadmins has been to install
        packages that try to do complicated things with the CPU and hope that
        leads to randomness.
      
        To mitigate this, if RDRAND is available, mix it into entropy provided
        by userspace. It won't hurt, and it will probably help"
      
      * tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
        random: mix rdrand with entropy sent in from userspace
      a26fb01c
  5. 28 Jul, 2018 3 commits
  6. 27 Jul, 2018 15 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20180727' of git://git.kernel.dk/linux-block · eb181a81
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Bigger than usual at this time, mostly due to the O_DIRECT corruption
        issue and the fact that I was on vacation last week. This contains:
      
         - NVMe pull request with two fixes for the FC code, and two target
           fixes (Christoph)
      
         - a DIF bio reset iteration fix (Greg Edwards)
      
         - two nbd reply and requeue fixes (Josef)
      
         - SCSI timeout fixup (Keith)
      
         - a small series that fixes an issue with bio_iov_iter_get_pages(),
           which ended up causing corruption for larger sized O_DIRECT writes
           that ended up racing with buffered writes (Martin Wilck)"
      
      * tag 'for-linus-20180727' of git://git.kernel.dk/linux-block:
        block: reset bi_iter.bi_done after splitting bio
        block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs
        blkdev: __blkdev_direct_IO_simple: fix leak in error case
        block: bio_iov_iter_get_pages: fix size of last iovec
        nvmet: only check for filebacking on -ENOTBLK
        nvmet: fixup crash on NULL device path
        scsi: set timed out out mq requests to complete
        blk-mq: export setting request completion state
        nvme: if_ready checks to fail io to deleting controller
        nvmet-fc: fix target sgl list on large transfers
        nbd: handle unexpected replies better
        nbd: don't requeue the same request twice.
      eb181a81
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 864af0d4
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "11 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        kvm, mm: account shadow page tables to kmemcg
        zswap: re-check zswap_is_full() after do zswap_shrink()
        include/linux/eventfd.h: include linux/errno.h
        mm: fix vma_is_anonymous() false-positives
        mm: use vma_init() to initialize VMAs on stack and data segments
        mm: introduce vma_init()
        mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL
        ipc/sem.c: prevent queue.status tearing in semop
        mm: disallow mappings that conflict for devm_memremap_pages()
        kasan: only select SLUB_DEBUG with SYSFS=y
        delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
      864af0d4
    • Linus Torvalds's avatar
      Merge tag 'pci-v4.18-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 1a3d8691
      Linus Torvalds authored
      Pull PCI fix from Bjorn Helgaas:
       "Fix a use-after-free error in fatal error recovery (Thomas Tai)"
      
      * tag 'pci-v4.18-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI/AER: Work around use-after-free in pcie_do_fatal_recovery()
      1a3d8691
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 6284c99c
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "Inevitably, after saying that I hoped we would be done on the fixes
        front, a couple of issues have cropped up over the last week. Next
        time I'll stay schtum.
      
        We've fixed an over-eager BUILD_BUG_ON() which Arnd ran into with
        arndconfig, as well as ensuring that KPTI really is disabled on
        Thunder-X1, where the cure is worse than the disease (this regressed
        when we reworked the heterogeneous CPU feature checking).
      
        Summary:
      
         - Fix disabling of kpti on Thunder-X machines
      
         - Fix premature BUILD_BUG_ON() found with randconfig"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
        arm64: Check for errata before evaluating cpu features
      6284c99c
    • Rafał Miłecki's avatar
      Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" · d5ea019f
      Rafał Miłecki authored
      This reverts commit 2a027b47 ("MIPS: BCM47XX: Enable 74K Core
      ExternalSync for PCIe erratum").
      
      Enabling ExternalSync caused a regression for BCM4718A1 (used e.g. in
      Netgear E3000 and ASUS RT-N16): it simply hangs during PCIe
      initialization. It's likely that BCM4717A1 is also affected.
      
      I didn't notice that earlier as the only BCM47XX devices with PCIe I
      own are:
      1) BCM4706 with 2 x 14e4:4331
      2) BCM4706 with 14e4:4360 and 14e4:4331
      it appears that BCM4706 is unaffected.
      
      While BCM5300X-ES300-RDS.pdf seems to document that erratum and its
      workarounds (according to quotes provided by Tokunori) it seems not even
      Broadcom follows them.
      
      According to the provided info Broadcom should define CONF7_ES in their
      SDK's mipsinc.h and implement workaround in the si_mips_init(). Checking
      both didn't reveal such code. It *could* mean Broadcom also had some
      problems with the given workaround.
      Signed-off-by: default avatarRafał Miłecki <rafal@milecki.pl>
      Signed-off-by: default avatarPaul Burton <paul.burton@mips.com>
      Reported-by: default avatarMichael Marley <michael@michaelmarley.com>
      Patchwork: https://patchwork.linux-mips.org/patch/20032/
      URL: https://bugs.openwrt.org/index.php?do=details&task_id=1688
      Cc: Tokunori Ikegami <ikegami@allied-telesis.co.jp>
      Cc: Hauke Mehrtens <hauke@hauke-m.de>
      Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>
      Cc: James Hogan <jhogan@kernel.org>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      d5ea019f
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2018-07-27' of git://anongit.freedesktop.org/drm/drm · 3c9fdefe
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Not much happening this week which is good: two imx display fixes and
        one i915 quirk addition"
      
      * tag 'drm-fixes-2018-07-27' of git://anongit.freedesktop.org/drm/drm:
        drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.
        gpu: ipu-csi: Check for field type alternate
        drm/imx: imx-ldb: check if channel is enabled before printing warning
        drm/imx: imx-ldb: disable LDB on driver bind
      3c9fdefe
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 49b1622b
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
      
       - a couple of new device IDs added to Elan i2c touchpad controller
         driver
      
       - another entry in i8042 reset quirk list
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
        Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
        MAINTAINERS: Add file patterns for serio device tree bindings
        Input: elan_i2c - add ACPI ID for lenovo ideapad 330
      49b1622b
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 3ebb6fb0
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
       "Various fixes to the tracing infrastructure:
      
         - Fix double free when the reg() call fails in
           event_trigger_callback()
      
         - Fix anomoly of snapshot causing tracing_on flag to change
      
         - Add selftest to test snapshot and tracing_on affecting each other
      
         - Fix setting of tracepoint flag on error that prevents probes from
           being deleted.
      
         - Fix another possible double free that is similar to
           event_trigger_callback()
      
         - Quiet a gcc warning of a false positive unused variable
      
         - Fix crash of partial exposed task->comm to trace events"
      
      * tag 'trace-v4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        kthread, tracing: Don't expose half-written comm when creating kthreads
        tracing: Quiet gcc warning about maybe unused link variable
        tracing: Fix possible double free in event_enable_trigger_func()
        tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
        selftests/ftrace: Add snapshot and tracing_on test case
        ring_buffer: tracing: Inherit the tracing setting to next ring buffer
        tracing: Fix double free of event_trigger_data
      3ebb6fb0
    • Linus Torvalds's avatar
      Merge tag 'xfs-4.18-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · f636d300
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
      
       - Fix some uninitialized variable errors
      
       - Fix an incorrect check in metadata verifiers
      
      * tag 'xfs-4.18-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: properly handle free inodes in extent hint validators
        xfs: Initialize variables in xfs_alloc_get_rec before using them
      f636d300
    • Greg Edwards's avatar
      block: reset bi_iter.bi_done after splitting bio · 5151842b
      Greg Edwards authored
      After the bio has been updated to represent the remaining sectors, reset
      bi_done so bio_rewind_iter() does not rewind further than it should.
      
      This resolves a bio_integrity_process() failure on reads where the
      original request was split.
      
      Fixes: 63573e35 ("bio-integrity: Restore original iterator on verify stage")
      Signed-off-by: default avatarGreg Edwards <gedwards@ddn.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      5151842b
    • Shakeel Butt's avatar
      kvm, mm: account shadow page tables to kmemcg · d97e5e61
      Shakeel Butt authored
      The size of kvm's shadow page tables corresponds to the size of the
      guest virtual machines on the system.  Large VMs can spend a significant
      amount of memory as shadow page tables which can not be left as system
      memory overhead.  So, account shadow page tables to the kmemcg.
      
      [shakeelb@google.com: replace (GFP_KERNEL|__GFP_ACCOUNT) with GFP_KERNEL_ACCOUNT]
        Link: http://lkml.kernel.org/r/20180629140224.205849-1-shakeelb@google.com
      Link: http://lkml.kernel.org/r/20180627181349.149778-1-shakeelb@google.comSigned-off-by: default avatarShakeel Butt <shakeelb@google.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Peter Feiner <pfeiner@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d97e5e61
    • Li Wang's avatar
      zswap: re-check zswap_is_full() after do zswap_shrink() · 16e536ef
      Li Wang authored
      /sys/../zswap/stored_pages keeps rising in a zswap test with
      "zswap.max_pool_percent=0" parameter.  But it should not compress or
      store pages any more since there is no space in the compressed pool.
      
      Reproduce steps:
        1. Boot kernel with "zswap.enabled=1"
        2. Set the max_pool_percent to 0
            # echo 0 > /sys/module/zswap/parameters/max_pool_percent
        3. Do memory stress test to see if some pages have been compressed
            # stress --vm 1 --vm-bytes $mem_available"M" --timeout 60s
        4. Watching the 'stored_pages' number increasing or not
      
      The root cause is:
      
        When zswap_max_pool_percent is set to 0 via kernel parameter,
        zswap_is_full() will always return true due to zswap_shrink().  But if
        the shinking is able to reclain a page successfully the code then
        proceeds to compressing/storing another page, so the value of
        stored_pages will keep changing.
      
      To solve the issue, this patch adds a zswap_is_full() check again after
        zswap_shrink() to make sure it's now under the max_pool_percent, and to
        not compress/store if we reached the limit.
      
      Link: http://lkml.kernel.org/r/20180530103936.17812-1-liwang@redhat.comSigned-off-by: default avatarLi Wang <liwang@redhat.com>
      Acked-by: default avatarDan Streetman <ddstreet@ieee.org>
      Cc: Seth Jennings <sjenning@redhat.com>
      Cc: Huang Ying <huang.ying.caritas@gmail.com>
      Cc: Yu Zhao <yuzhao@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      16e536ef
    • Arnd Bergmann's avatar
      include/linux/eventfd.h: include linux/errno.h · fa3fc2ad
      Arnd Bergmann authored
      The new gasket staging driver ran into a randconfig build failure when
      CONFIG_EVENTFD is disabled:
      
        In file included from drivers/staging/gasket/gasket_interrupt.h:11,
                         from drivers/staging/gasket/gasket_interrupt.c:4:
        include/linux/eventfd.h: In function 'eventfd_ctx_fdget':
        include/linux/eventfd.h:51:9: error: implicit declaration of function 'ERR_PTR' [-Werror=implicit-function-declaration]
      
      I can't see anything wrong with including eventfd.h before err.h, so the
      easiest fix is to make it possible to do this by including the file
      where it is needed.
      
      Link: http://lkml.kernel.org/r/20180724110737.3985088-1-arnd@arndb.de
      Fixes: 9a69f508 ("drivers/staging: Gasket driver framework + Apex driver")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Eric Biggers <ebiggers@google.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fa3fc2ad
    • Kirill A. Shutemov's avatar
      mm: fix vma_is_anonymous() false-positives · bfd40eaf
      Kirill A. Shutemov authored
      vma_is_anonymous() relies on ->vm_ops being NULL to detect anonymous
      VMA.  This is unreliable as ->mmap may not set ->vm_ops.
      
      False-positive vma_is_anonymous() may lead to crashes:
      
      	next ffff8801ce5e7040 prev ffff8801d20eca50 mm ffff88019c1e13c0
      	prot 27 anon_vma ffff88019680cdd8 vm_ops 0000000000000000
      	pgoff 0 file ffff8801b2ec2d00 private_data 0000000000000000
      	flags: 0xff(read|write|exec|shared|mayread|maywrite|mayexec|mayshare)
      	------------[ cut here ]------------
      	kernel BUG at mm/memory.c:1422!
      	invalid opcode: 0000 [#1] SMP KASAN
      	CPU: 0 PID: 18486 Comm: syz-executor3 Not tainted 4.18.0-rc3+ #136
      	Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
      	01/01/2011
      	RIP: 0010:zap_pmd_range mm/memory.c:1421 [inline]
      	RIP: 0010:zap_pud_range mm/memory.c:1466 [inline]
      	RIP: 0010:zap_p4d_range mm/memory.c:1487 [inline]
      	RIP: 0010:unmap_page_range+0x1c18/0x2220 mm/memory.c:1508
      	Call Trace:
      	 unmap_single_vma+0x1a0/0x310 mm/memory.c:1553
      	 zap_page_range_single+0x3cc/0x580 mm/memory.c:1644
      	 unmap_mapping_range_vma mm/memory.c:2792 [inline]
      	 unmap_mapping_range_tree mm/memory.c:2813 [inline]
      	 unmap_mapping_pages+0x3a7/0x5b0 mm/memory.c:2845
      	 unmap_mapping_range+0x48/0x60 mm/memory.c:2880
      	 truncate_pagecache+0x54/0x90 mm/truncate.c:800
      	 truncate_setsize+0x70/0xb0 mm/truncate.c:826
      	 simple_setattr+0xe9/0x110 fs/libfs.c:409
      	 notify_change+0xf13/0x10f0 fs/attr.c:335
      	 do_truncate+0x1ac/0x2b0 fs/open.c:63
      	 do_sys_ftruncate+0x492/0x560 fs/open.c:205
      	 __do_sys_ftruncate fs/open.c:215 [inline]
      	 __se_sys_ftruncate fs/open.c:213 [inline]
      	 __x64_sys_ftruncate+0x59/0x80 fs/open.c:213
      	 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
      	 entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Reproducer:
      
      	#include <stdio.h>
      	#include <stddef.h>
      	#include <stdint.h>
      	#include <stdlib.h>
      	#include <string.h>
      	#include <sys/types.h>
      	#include <sys/stat.h>
      	#include <sys/ioctl.h>
      	#include <sys/mman.h>
      	#include <unistd.h>
      	#include <fcntl.h>
      
      	#define KCOV_INIT_TRACE			_IOR('c', 1, unsigned long)
      	#define KCOV_ENABLE			_IO('c', 100)
      	#define KCOV_DISABLE			_IO('c', 101)
      	#define COVER_SIZE			(1024<<10)
      
      	#define KCOV_TRACE_PC  0
      	#define KCOV_TRACE_CMP 1
      
      	int main(int argc, char **argv)
      	{
      		int fd;
      		unsigned long *cover;
      
      		system("mount -t debugfs none /sys/kernel/debug");
      		fd = open("/sys/kernel/debug/kcov", O_RDWR);
      		ioctl(fd, KCOV_INIT_TRACE, COVER_SIZE);
      		cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long),
      				PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
      		munmap(cover, COVER_SIZE * sizeof(unsigned long));
      		cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long),
      				PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
      		memset(cover, 0, COVER_SIZE * sizeof(unsigned long));
      		ftruncate(fd, 3UL << 20);
      		return 0;
      	}
      
      This can be fixed by assigning anonymous VMAs own vm_ops and not relying
      on it being NULL.
      
      If ->mmap() failed to set ->vm_ops, mmap_region() will set it to
      dummy_vm_ops.  This way we will have non-NULL ->vm_ops for all VMAs.
      
      Link: http://lkml.kernel.org/r/20180724121139.62570-4-kirill.shutemov@linux.intel.comSigned-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reported-by: syzbot+3f84280d52be9b7083cc@syzkaller.appspotmail.com
      Acked-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Reviewed-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bfd40eaf
    • Kirill A. Shutemov's avatar
      mm: use vma_init() to initialize VMAs on stack and data segments · 2c4541e2
      Kirill A. Shutemov authored
      Make sure to initialize all VMAs properly, not only those which come
      from vm_area_cachep.
      
      Link: http://lkml.kernel.org/r/20180724121139.62570-3-kirill.shutemov@linux.intel.comSigned-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Acked-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Reviewed-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2c4541e2