1. 15 Nov, 2014 5 commits
    • Linus Torvalds's avatar
      Merge branch 'parisc-3.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 555e5986
      Linus Torvalds authored
      Pull parisc updates from Helge Deller:
       "Changes include:
         - wire up the bpf syscall
         - remove CONFIG_64BIT usage from some userspace-exported header files
         - use compat functions for msgctl, shmat, shmctl and semtimedop
           syscalls"
      
      * 'parisc-3.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Avoid using CONFIG_64BIT in userspace exported headers
        parisc: Use compat layer for msgctl, shmat, shmctl and semtimedop syscalls
        parisc: Use BUILD_BUG() instead of undefined functions
        parisc: Wire up bpf syscall
      555e5986
    • Linus Torvalds's avatar
      Merge tag 'for-v3.18-rc' of git://git.infradead.org/battery-2.6 · ec7de656
      Linus Torvalds authored
      Pull power supply updates from Sebastian Reichel:
       "Power supply and reset changes for the v3.18-rc:
      
         - misc. charger-manager fixes
         - year 2038 fix in ab8500_fg
         - fix error handling of bq2415x_charger"
      
      * tag 'for-v3.18-rc' of git://git.infradead.org/battery-2.6:
        power: charger-manager: Fix accessing invalidated power supply after charger unbind
        power: charger-manager: Fix accessing invalidated power supply after fuel gauge unbind
        power: charger-manager: Avoid recursive thermal get_temp call
        power_supply: Add no_thermal property to prevent recursive get_temp calls
        power: bq2415x_charger: Fix memory leak on DTS parsing error
        power: bq2415x_charger: Properly handle ENODEV from power_supply_get_by_phandle
        power: ab8500_fg.c: use 64-bit time types
      ec7de656
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · e0611671
      Linus Torvalds authored
      Pull drm gixes from Dave Airlie:
       - exynos: infinite loop regressions fixed
       - i915: one regression
       - radeon: one race condition on monitor probing
       - noveau: two regressions
       - tegra: one vblank regression fix
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/tegra: dc: Add missing call to drm_vblank_on()
        drm/nouveau/nv50/disp: Fix modeset on G94
        drm/gk20a/fb: fix setting of large page size bit
        drm/radeon: add locking around atombios scratch space usage
        drm/i915: Fix obj->map_and_fenceable across tiling changes
        drm/exynos: fix possible infinite loop issue
        drm/exynos: g2d: fix null pointer dereference
        drm/exynos: resolve infinite loop issue on non multi-platform
        drm/exynos: resolve infinite loop issue on multi-platform
      e0611671
    • Kirill A. Shutemov's avatar
      kernel: use the gnu89 standard explicitly · 51b97e35
      Kirill A. Shutemov authored
      Sasha Levin reports:
       "gcc5 changes the default standard to c11, which makes kernel build
        unhappy
      
        Explicitly define the kernel standard to be gnu89 which should keep
        everything working exactly like it was before gcc5"
      
      There are multiple small issues with the new default, but the biggest
      issue seems to be that the old - and very useful - GNU extension to
      allow a cast in front of an initializer has gone away.
      
      Patch updated by Kirill:
       "I'm pretty sure all gcc versions you can build kernel with supports
        -std=gnu89.  cc-option is redunrant.
      
        We also need to adjust HOSTCFLAGS otherwise allmodconfig fails for me"
      
      Note by Andrew Pinski:
       "Yes it was reported and both problems relating to this extension has
        been added to gnu99 and gnu11.  Though there are other issues with the
        kernel dealing with extern inline have different semantics between
        gnu89 and gnu99/11"
      
      End result: we may be able to move up to a newer stdc model eventually,
      but right now the newer models have some annoying deficiencies, so the
      traditional "gnu89" model ends up being the preferred one.
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      Singed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      51b97e35
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-3.18-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 1afcb6ed
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
         - stable patches to fix NFSv4.x delegation reclaim error paths
         - fix a bug whereby we were advertising NFSv4.1 but using NFSv4.2
           features
         - fix a use-after-free problem with pNFS block layouts
         - fix a memory leak in the pNFS files O_DIRECT code
         - replace an intrusive and Oops-prone performance fix in the NFSv4
           atomic open code with a safer one-line version and revert the two
           original patches"
      
      * tag 'nfs-for-3.18-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        sunrpc: fix sleeping under rcu_read_lock in gss_stringify_acceptor
        NFS: Don't try to reclaim delegation open state if recovery failed
        NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are revoked
        NFSv4: Fix races between nfs_remove_bad_delegation() and delegation return
        NFSv4.1: nfs41_clear_delegation_stateid shouldn't trust NFS_DELEGATED_STATE
        NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired
        NFS: SEEK is an NFS v4.2 feature
        nfs: Fix use of uninitialized variable in nfs_getattr()
        nfs: Remove bogus assignment
        nfs: remove spurious WARN_ON_ONCE in write path
        pnfs/blocklayout: serialize GETDEVICEINFO calls
        nfs: fix pnfs direct write memory leak
        Revert "NFS: nfs4_do_open should add negative results to the dcache."
        Revert "NFS: remove BUG possibility in nfs4_open_and_get_state"
        NFSv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT
      1afcb6ed
  2. 14 Nov, 2014 35 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 56c381f9
      Linus Torvalds authored
      Pull input subsystem updates from Dmitry Torokhov:
       "Mostly small fixups to PS/2 tochpad drivers (ALPS, Elantech,
        Synaptics) to better deal with specific hardware"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: elantech - update the documentation
        Input: elantech - provide a sysfs knob for crc_enabled
        Input: elantech - report the middle button of the touchpad
        Input: alps - ignore bad data on Dell Latitudes E6440 and E7440
        Input: alps - allow up to 2 invalid packets without resetting device
        Input: alps - ignore potential bare packets when device is out of sync
        Input: elantech - fix crc_enabled for Fujitsu H730
        Input: elantech - use elantech_report_trackpoint for hardware v4 too
        Input: twl4030-pwrbutton - ensure a wakeup event is recorded.
        Input: synaptics - add min/max quirk for Lenovo T440s
      56c381f9
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 0861fd1c
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - fix EFI stub cache maintenance causing aborts during boot on certain
         platforms
      
       - handle byte stores in __clear_user without panicking
      
       - fix race condition in aarch64_insn_patch_text_sync() (instruction
         patching)
      
       - Couple of type fixes
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: ARCH_PFN_OFFSET should be unsigned long
        Correct the race condition in aarch64_insn_patch_text_sync()
        arm64: __clear_user: handle exceptions on strb
        arm64: Fix data type for physical address
        arm64: efi: Fix stub cache maintenance
      0861fd1c
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v3.18-3' of... · 5ae93760
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v3.18-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
      
      Pull x86 platform drivers fixlets from Darren Hart:
       "Just two patches to remove hp_accel events from the keyboard bus
        stream via an i8042 filter"
      
      * tag 'platform-drivers-x86-v3.18-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
        platform: hp_accel: Add SERIO_I8042 as a dependency since it now includes i8042.h/serio.h
        platform: hp_accel: add a i8042 filter to remove HPQ6000 data from kb bus stream
      5ae93760
    • Linus Torvalds's avatar
      Merge branch 'for-3.18-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata · e57c641f
      Linus Torvalds authored
      Pull libata fixes from Tejun Heo:
       "The most notable is the revert of lock splitting optimization in ahci.
        This also made the IRQ handling threaded even when there's only one
        IRQ in use.  The conversion missed IRFQ_SHARED leading to screaming
        IRQs problem in some cases and the threaded IRQ handling showed
        performance regression in some LKP test cases.  The changes are
        reverted for now.  It'll probably be retried once threaded IRQ
        handling is removed from ahci.
      
        Other than that, there's one fix for ahci and several patches adding
        device IDs"
      
      * 'for-3.18-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
        ahci: fix AHCI parameters not taken into account
        ata: sata_rcar: Add r8a7793 device support
        ahci: Add Device IDs for Intel Sunrise Point PCH
        ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks
        Revert "AHCI: Optimize single IRQ interrupt processing"
        Revert "AHCI: Do not acquire ata_host::lock from single IRQ handler"
        ata: sata_rcar: Disable DIPM mode for r8a7790 ES1
      e57c641f
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 6f0d7a9e
      Linus Torvalds authored
      Pull block layer fixes from Jens Axboe:
       "Four small fixes that should be merged for the current 3.18-rc series.
        This pull request contains:
      
         - a minor bugfix for computation of best IO priority given two
           merging requests.  From Jan Kara.
      
         - the final (final) merge count issue that has been plaguing
           virtio-blk.  From Ming Lei.
      
         - enable parallel reinit notify for blk-mq queues, to combine the
           cost of an RCU grace period across lots of devices.  From Tejun
           Heo.
      
         - an error handling fix for the SCSI_IOCTL_SEND_COMMAND ioctl.  From
           Tony Battersby"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        block: blk-merge: fix blk_recount_segments()
        scsi: Fix more error handling in SCSI_IOCTL_SEND_COMMAND
        blk-mq: make mq_queue_reinit_notify() freeze queues in parallel
        block: Fix computation of merged request priority
      6f0d7a9e
    • Linus Torvalds's avatar
      Merge tag 'pm+acpi-3.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 78646f62
      Linus Torvalds authored
      Pull ACPI and power management fixes from Rafael Wysocki:
       "These are three regression fixes, two recent (generic power domains,
        suspend-to-idle) and one older (cpufreq), an ACPI blacklist entry for
        one more machine having problems with Windows 8 compatibility, a minor
        cpufreq driver fix (cpufreq-dt) and a fixup for new callback
        definitions (generic power domains).
      
        Specifics:
      
         - Fix a crash in the suspend-to-idle code path introduced by a recent
           commit that forgot to check a pointer against NULL before
           dereferencing it (Dmitry Eremin-Solenikov).
      
         - Fix a boot crash on Exynos5 introduced by a recent commit making
           that platform use generic Device Tree bindings for power domains
           which exposed a weakness in the generic power domains framework
           leading to that crash (Ulf Hansson).
      
         - Fix a crash during system resume on systems where cpufreq depends
           on Operation Performance Points (OPP) for functionality, but
           CONFIG_OPP is not set.  This leads the cpufreq driver registration
           to fail, but the resume code attempts to restore the pre-suspend
           cpufreq configuration (which does not exist) nevertheless and
           crashes.  From Geert Uytterhoeven.
      
         - Add a new ACPI blacklist entry for Dell Vostro 3546 that has
           problems if it is reported as Windows 8 compatible to the BIOS
           (Adam Lee).
      
         - Fix swapped arguments in an error message in the cpufreq-dt driver
           (Abhilash Kesavan).
      
         - Fix up the prototypes of new callbacks in struct generic_pm_domain
           to make them more useful.  Users of those callbacks will be added
           in 3.19 and it's better for them to be based on the correct struct
           definition in mainline from the start.  From Ulf Hansson and Kevin
           Hilman"
      
      * tag 'pm+acpi-3.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM / Domains: Fix initial default state of the need_restore flag
        PM / sleep: Fix entering suspend-to-IDLE if no freeze_oops is set
        PM / Domains: Change prototype for the attach and detach callbacks
        cpufreq: Avoid crash in resume on SMP without OPP
        cpufreq: cpufreq-dt: Fix arguments in clock failure error message
        ACPI / blacklist: blacklist Win8 OSI for Dell Vostro 3546
      78646f62
    • Linus Torvalds's avatar
      Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 · f720d7df
      Linus Torvalds authored
      Pull firewire fix from Stefan Richter:
       "IEEE 1394 (FireWire) subsystem fix: The character device file
        interface for raw 1394 I/O took uninitialized kernel stack as
        substitute for missing ioctl() argument data.  This could partially
        show up in subsequent read() output"
      
      * tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
        firewire: cdev: prevent kernel stack leaking into ioctl arguments
      f720d7df
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 3865efcb
      Linus Torvalds authored
      Pull vfs fix from Al Viro:
       "Fix for a really embarrassing braino in iov_iter.  Kudos to paulus..."
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        Fix thinko in iov_iter_single_seg_count
      3865efcb
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-domains', 'pm-sleep' and 'pm-cpufreq' · 31689497
      Rafael J. Wysocki authored
      * pm-domains:
        PM / Domains: Fix initial default state of the need_restore flag
        PM / Domains: Change prototype for the attach and detach callbacks
      
      * pm-sleep:
        PM / sleep: Fix entering suspend-to-IDLE if no freeze_oops is set
      
      * pm-cpufreq:
        cpufreq: Avoid crash in resume on SMP without OPP
        cpufreq: cpufreq-dt: Fix arguments in clock failure error message
      31689497
    • Rafael J. Wysocki's avatar
      Merge branch 'acpi-blacklist' · a9b70711
      Rafael J. Wysocki authored
      * acpi-blacklist:
        ACPI / blacklist: blacklist Win8 OSI for Dell Vostro 3546
      a9b70711
    • Stefan Richter's avatar
      firewire: cdev: prevent kernel stack leaking into ioctl arguments · eaca2d8e
      Stefan Richter authored
      Found by the UC-KLEE tool:  A user could supply less input to
      firewire-cdev ioctls than write- or write/read-type ioctl handlers
      expect.  The handlers used data from uninitialized kernel stack then.
      
      This could partially leak back to the user if the kernel subsequently
      generated fw_cdev_event_'s (to be read from the firewire-cdev fd)
      which notably would contain the _u64 closure field which many of the
      ioctl argument structures contain.
      
      The fact that the handlers would act on random garbage input is a
      lesser issue since all handlers must check their input anyway.
      
      The fix simply always null-initializes the entire ioctl argument buffer
      regardless of the actual length of expected user input.  That is, a
      runtime overhead of memset(..., 40) is added to each firewirew-cdev
      ioctl() call.  [Comment from Clemens Ladisch:  This part of the stack is
      most likely to be already in the cache.]
      
      Remarks:
        - There was never any leak from kernel stack to the ioctl output
          buffer itself.  IOW, it was not possible to read kernel stack by a
          read-type or write/read-type ioctl alone; the leak could at most
          happen in combination with read()ing subsequent event data.
        - The actual expected minimum user input of each ioctl from
          include/uapi/linux/firewire-cdev.h is, in bytes:
          [0x00] = 32, [0x05] =  4, [0x0a] = 16, [0x0f] = 20, [0x14] = 16,
          [0x01] = 36, [0x06] = 20, [0x0b] =  4, [0x10] = 20, [0x15] = 20,
          [0x02] = 20, [0x07] =  4, [0x0c] =  0, [0x11] =  0, [0x16] =  8,
          [0x03] =  4, [0x08] = 24, [0x0d] = 20, [0x12] = 36, [0x17] = 12,
          [0x04] = 20, [0x09] = 24, [0x0e] =  4, [0x13] = 40, [0x18] =  4.
      Reported-by: default avatarDavid Ramos <daramos@stanford.edu>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
      eaca2d8e
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · b23dc5a7
      Linus Torvalds authored
      Pull virtio bugfix from Michael S Tsirkin:
       "This fixes a crash in virtio console multi-channel mode that got
        introduced in -rc1"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        virtio_console: move early VQ enablement
      b23dc5a7
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 5cf52037
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) sunhme driver lacks DMA mapping error checks, based upon a report by
          Meelis Roos.
      
       2) Fix memory leak in mvpp2 driver, from Sudip Mukherjee.
      
       3) DMA memory allocation sizes are wrong in systemport ethernet driver,
          fix from Florian Fainelli.
      
       4) Fix use after free in mac80211 defragmentation code, from Johannes
          Berg.
      
       5) Some networking uapi headers missing from Kbuild file, from Stephen
          Hemminger.
      
       6) TUN driver gets csum_start offset wrong when VLAN accel is enabled,
          and macvtap has a similar bug, from Herbert Xu.
      
       7) Adjust several tunneling drivers to set dev->iflink after registry,
          because registry sets that to -1 overwriting whatever we did.  From
          Steffen Klassert.
      
       8) Geneve forgets to set inner tunneling type, causing GSO segmentation
          to fail on some NICs.  From Jesse Gross.
      
       9) Fix several locking bugs in stmmac driver, from Fabrice Gasnier and
          Giuseppe CAVALLARO.
      
      10) Fix spurious timeouts with NewReno on low traffic connections, from
          Marcelo Leitner.
      
      11) Fix descriptor updates in enic driver, from Govindarajulu
          Varadarajan.
      
      12) PPP calls bpf_prog_create() with locks held, which isn't kosher.
          Fix from Takashi Iwai.
      
      13) Fix NULL deref in SCTP with malformed INIT packets, from Daniel
          Borkmann.
      
      14) psock_fanout selftest accesses past the end of the mmap ring, fix
          from Shuah Khan.
      
      15) Fix PTP timestamping for VLAN packets, from Richard Cochran.
      
      16) netlink_unbind() calls in netlink pass wrong initial argument, from
          Hiroaki SHIMODA.
      
      17) vxlan socket reuse accidently reuses a socket when the address
          family is different, so we have to explicitly check this, from
          Marcelo Lietner.
      
      18) Fix missing include in nft_reject_bridge.c breaking the build on ppc
          and other architectures, from Guenter Roeck.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits)
        vxlan: Do not reuse sockets for a different address family
        smsc911x: power-up phydev before doing a software reset.
        lib: rhashtable - Remove weird non-ASCII characters from comments
        net/smsc911x: Fix delays in the PHY enable/disable routines
        net/smsc911x: Fix rare soft reset timeout issue due to PHY power-down mode
        netlink: Properly unbind in error conditions.
        net: ptp: fix time stamp matching logic for VLAN packets.
        cxgb4 : dcb open-lldp interop fixes
        selftests/net: psock_fanout seg faults in sock_fanout_read_ring()
        net: bcmgenet: apply MII configuration in bcmgenet_open()
        net: bcmgenet: connect and disconnect from the PHY state machine
        net: qualcomm: Fix dependency
        ixgbe: phy: fix uninitialized status in ixgbe_setup_phy_link_tnx
        net: phy: Correctly handle MII ioctl which changes autonegotiation.
        ipv6: fix IPV6_PKTINFO with v4 mapped
        net: sctp: fix memory leak in auth key management
        net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet
        net: ppp: Don't call bpf_prog_create() in ppp_lock
        net/mlx4_en: Advertize encapsulation offloads features only when VXLAN tunnel is set
        cxgb4 : Fix bug in DCB app deletion
        ...
      5cf52037
    • Ulrik De Bie's avatar
      Input: elantech - update the documentation · c6c748ef
      Ulrik De Bie authored
      A chapter is added to describe the trackpoint packets.
      
      A section is added to describe the behaviour of the knob crc_enabled in
      sysfs.
      
      The introduction of the documentation only mentioned v1/v2, but in the
      last part it already contains explanation of v3 and v4. The introduction
      is updated.
      Signed-off-by: default avatarUlrik De Bie <ulrik.debie-os@e2big.org>
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      c6c748ef
    • Ulrik De Bie's avatar
      Input: elantech - provide a sysfs knob for crc_enabled · 2d9eb81f
      Ulrik De Bie authored
      The detection of crc_enabled is known to fail for Fujitsu H730. A DMI
      blacklist is added for that, but it can be expected that other laptops will
      pop up with this.
      
      Here a sysfs knob is provided to alter the behaviour of crc_enabled.
      Writing 0 or 1 to it sets the variable to 0 or 1. Reading it will show the
      crc_enabled variable (0 or 1).
      Reported-by: default avatarStefan Valouch <stefan@valouch.com>
      Signed-off-by: default avatarUlrik De Bie <ulrik.debie-os@e2big.org>
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      2d9eb81f
    • Ulrik De Bie's avatar
      Input: elantech - report the middle button of the touchpad · f386474e
      Ulrik De Bie authored
      In the past, no elantech was known with 3 touchpad mouse buttons.
      Fujitsu H730 is the first known elantech with a middle button. This commit
      enables this middle button. For backwards compatibility, the Fujitsu is
      detected via DMI, and only for this one 3 buttons will be announced.
      Reported-by: default avatarStefan Valouch <stefan@valouch.com>
      Signed-off-by: default avatarUlrik De Bie <ulrik.debie-os@e2big.org>
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      f386474e
    • Pali Rohár's avatar
      Input: alps - ignore bad data on Dell Latitudes E6440 and E7440 · a7ef82ae
      Pali Rohár authored
      Sometimes on Dell Latitude laptops psmouse/alps driver receive invalid ALPS
      protocol V3 packets with bit7 set in last byte. More often it can be
      reproduced on Dell Latitude E6440 or E7440 with closed lid and pushing
      cover above touchpad.
      
      If bit7 in last packet byte is set then it is not valid ALPS packet. I was
      told that ALPS devices never send these packets. It is not know yet who
      send those packets, it could be Dell EC, bug in BIOS and also bug in
      touchpad firmware...
      
      With this patch alps driver does not process those invalid packets, but
      instead of reporting PSMOUSE_BAD_DATA, getting into out of sync state,
      getting back in sync with the next byte and spam dmesg we return
      PSMOUSE_FULL_PACKET. If driver is truly out of sync we'll fail the checks
      on the next byte and report PSMOUSE_BAD_DATA then.
      Signed-off-by: default avatarPali Rohár <pali.rohar@gmail.com>
      Tested-by: default avatarPali Rohár <pali.rohar@gmail.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      a7ef82ae
    • Linus Torvalds's avatar
      Merge branch 'akpm' (fixes from Andrew Morton) · 971ad4e4
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "15 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        MAINTAINERS: add IIO include files
        kernel/panic.c: update comments for print_tainted
        mem-hotplug: reset node present pages when hot-adding a new pgdat
        mem-hotplug: reset node managed pages when hot-adding a new pgdat
        mm/debug-pagealloc: correct freepage accounting and order resetting
        fanotify: fix notification of groups with inode & mount marks
        mm, compaction: prevent infinite loop in compact_zone
        mm: alloc_contig_range: demote pages busy message from warn to info
        mm/slab: fix unalignment problem on Malta with EVA due to slab merge
        mm/page_alloc: restrict max order of merging on isolated pageblock
        mm/page_alloc: move freepage counting logic to __free_one_page()
        mm/page_alloc: add freepage on isolate pageblock to correct buddy list
        mm/page_alloc: fix incorrect isolation behavior by rechecking migratetype
        mm/compaction: skip the range until proper target pageblock is met
        zram: avoid kunmap_atomic() of a NULL pointer
      971ad4e4
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client · b0ab3f19
      Linus Torvalds authored
      Pull Ceph fixes from Sage Weil:
       "There is an overflow bug fix for cephfs from Zheng, a fix for handling
        large authentication ticket buffers in libceph from Ilya, and a few
        fixes for the request handling code from Ilya that affect RBD volumes"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
        libceph: change from BUG to WARN for __remove_osd() asserts
        libceph: clear r_req_lru_item in __unregister_linger_request()
        libceph: unlink from o_linger_requests when clearing r_osd
        libceph: do not crash on large auth tickets
        ceph: fix flush tid comparision
      b0ab3f19
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · 6b07974a
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
      
       - fix for an oops in HID core upon repeated subdriver insertion/removal
         under certain circumstances, by Benjamin Tissoires
      
       - quirk for another Elan Touchscreen device, by Adel Gadllah
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        HID: core: cleanup .claimed field on disconnect
        HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103
      6b07974a
    • Daniel Baluta's avatar
      MAINTAINERS: add IIO include files · 8fe671fc
      Daniel Baluta authored
      Files under include/linux/iio were not reported as part of the IIO
      subsystem.
      Signed-off-by: default avatarDaniel Baluta <daniel.baluta@intel.com>
      Reported-by: default avatarCristina Ciocan <cristina.ciocan@intel.com>
      Reviewed-by: default avatarJingoo Han <jg1.han@samsung.com>
      Cc: Hartmut Knaack <knaack.h@gmx.de>
      Cc: Lars-Peter Clausen <lars@metafoo.de>
      Cc: Peter Meerwald <pmeerw@pmeerw.net>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8fe671fc
    • Xie XiuQi's avatar
      kernel/panic.c: update comments for print_tainted · bc53a3f4
      Xie XiuQi authored
      Commit 69361eef ("panic: add TAINT_SOFTLOCKUP") added the 'L' flag,
      but failed to update the comments for print_tainted().  So, update the
      comments.
      Signed-off-by: default avatarXie XiuQi <xiexiuqi@huawei.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bc53a3f4
    • Tang Chen's avatar
      mem-hotplug: reset node present pages when hot-adding a new pgdat · 0bd85420
      Tang Chen authored
      When memory is hot-added, all the memory is in offline state.  So clear
      all zones' present_pages because they will be updated in online_pages()
      and offline_pages().  Otherwise, /proc/zoneinfo will corrupt:
      
      When the memory of node2 is offline:
      
        # cat /proc/zoneinfo
        ......
        Node 2, zone   Movable
        ......
              spanned  8388608
              present  8388608
              managed  0
      
      When we online memory on node2:
      
        # cat /proc/zoneinfo
        ......
        Node 2, zone   Movable
        ......
              spanned  8388608
              present  16777216
              managed  8388608
      Signed-off-by: default avatarTang Chen <tangchen@cn.fujitsu.com>
      Reviewed-by: default avatarYasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Cc: <stable@vger.kernel.org>	[3.16+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0bd85420
    • Tang Chen's avatar
      mem-hotplug: reset node managed pages when hot-adding a new pgdat · f784a3f1
      Tang Chen authored
      In free_area_init_core(), zone->managed_pages is set to an approximate
      value for lowmem, and will be adjusted when the bootmem allocator frees
      pages into the buddy system.
      
      But free_area_init_core() is also called by hotadd_new_pgdat() when
      hot-adding memory.  As a result, zone->managed_pages of the newly added
      node's pgdat is set to an approximate value in the very beginning.
      
      Even if the memory on that node has node been onlined,
      /sys/device/system/node/nodeXXX/meminfo has wrong value:
      
        hot-add node2 (memory not onlined)
        cat /sys/device/system/node/node2/meminfo
        Node 2 MemTotal:       33554432 kB
        Node 2 MemFree:               0 kB
        Node 2 MemUsed:        33554432 kB
        Node 2 Active:                0 kB
      
      This patch fixes this problem by reset node managed pages to 0 after
      hot-adding a new node.
      
      1. Move reset_managed_pages_done from reset_node_managed_pages() to
         reset_all_zones_managed_pages()
      2. Make reset_node_managed_pages() non-static
      3. Call reset_node_managed_pages() in hotadd_new_pgdat() after pgdat
         is initialized
      Signed-off-by: default avatarTang Chen <tangchen@cn.fujitsu.com>
      Signed-off-by: default avatarYasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Cc: <stable@vger.kernel.org>	[3.16+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f784a3f1
    • Joonsoo Kim's avatar
      mm/debug-pagealloc: correct freepage accounting and order resetting · 57cbc87e
      Joonsoo Kim authored
      One thing I did in this patch is fixing freepage accounting.  If we
      clear guard page and link it onto isolate buddy list, we should not
      increase freepage count.  This patch adds conditional branch to skip
      counting in this case.  Without this patch, this overcounting happens
      frequently if guard order is set and CMA is used.
      
      Another thing fixed in this patch is the target to reset order.  In
      __free_one_page(), we check the buddy page whether it is a guard page or
      not.  And, if so, we should clear guard attribute on the buddy page and
      reset order of it to 0.  But, current code resets original page's order
      rather than buddy one's.  Maybe, this doesn't have any problem, because
      whole merged page's order will be re-assigned soon.  But, it is better
      to correct code.
      Signed-off-by: default avatarJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Cc: Gioh Kim <gioh.kim@lge.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      57cbc87e
    • Jan Kara's avatar
      fanotify: fix notification of groups with inode & mount marks · 8edc6e16
      Jan Kara authored
      fsnotify() needs to merge inode and mount marks lists when notifying
      groups about events so that ignore masks from inode marks are reflected
      in mount mark notifications and groups are notified in proper order
      (according to priorities).
      
      Currently the sorting of the lists done by fsnotify_add_inode_mark() /
      fsnotify_add_vfsmount_mark() and fsnotify() differed which resulted
      ignore masks not being used in some cases.
      
      Fix the problem by always using the same comparison function when
      sorting / merging the mark lists.
      
      Thanks to Heinrich Schuchardt for improvements of my patch.
      
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=87721Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Reported-by: default avatarHeinrich Schuchardt <xypron.glpk@gmx.de>
      Tested-by: default avatarHeinrich Schuchardt <xypron.glpk@gmx.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8edc6e16
    • Vlastimil Babka's avatar
      mm, compaction: prevent infinite loop in compact_zone · 1d5bfe1f
      Vlastimil Babka authored
      Several people have reported occasionally seeing processes stuck in
      compact_zone(), even triggering soft lockups, in 3.18-rc2+.
      
      Testing a revert of commit e14c720e ("mm, compaction: remember
      position within pageblock in free pages scanner") fixed the issue,
      although the stuck processes do not appear to involve the free scanner.
      
      Finally, by code inspection, the bug was found in isolate_migratepages()
      which uses a slightly different condition to detect if the migration and
      free scanners have met, than compact_finished().  That has not been a
      problem until commit e14c720e allowed the free scanner position
      between individual invocations to be in the middle of a pageblock.
      
      In a relatively rare case, the migration scanner position can end up at
      the beginning of a pageblock, with the free scanner position in the
      middle of the same pageblock.  If it's the migration scanner's turn,
      isolate_migratepages() exits immediately (without updating the
      position), while compact_finished() decides to continue compaction,
      resulting in a potentially infinite loop.  The system can recover only
      if another process creates enough high-order pages to make the watermark
      checks in compact_finished() pass.
      
      This patch fixes the immediate problem by bumping the migration
      scanner's position to meet the free scanner in isolate_migratepages(),
      when both are within the same pageblock.  This causes compact_finished()
      to terminate properly.  A more robust check in compact_finished() is
      planned as a cleanup for better future maintainability.
      
      Fixes: e14c720e ("mm, compaction: remember position within pageblock in free pages scanner)
      Signed-off-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Reported-by: default avatarP. Christeas <xrg@linux.gr>
      Tested-by: default avatarP. Christeas <xrg@linux.gr>
      Link: http://marc.info/?l=linux-mm&m=141508604232522&w=2Reported-by: default avatarNorbert Preining <preining@logic.at>
      Tested-by: default avatarNorbert Preining <preining@logic.at>
      Link: https://lkml.org/lkml/2014/11/4/904Reported-by: default avatarPavel Machek <pavel@ucw.cz>
      Link: https://lkml.org/lkml/2014/11/7/164
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Mel Gorman <mel@csn.ul.ie>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1d5bfe1f
    • Michal Nazarewicz's avatar
      mm: alloc_contig_range: demote pages busy message from warn to info · dae803e1
      Michal Nazarewicz authored
      Having test_pages_isolated failure message as a warning confuses users
      into thinking that it is more serious than it really is.  In reality, if
      called via CMA, allocation will be retried so a single
      test_pages_isolated failure does not prevent allocation from succeeding.
      
      Demote the warning message to an info message and reformat it such that
      the text "failed" does not appear and instead a less worrying "PFNS
      busy" is used.
      
      This message is trivially reproducible on a 10GB x86 machine on 3.16.y
      kernels configured with CONFIG_DMA_CMA.
      Signed-off-by: default avatarMichal Nazarewicz <mina86@mina86.com>
      Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
      Cc: Peter Hurley <peter@hurleysoftware.com>
      Cc: Minchan Kim <minchan@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dae803e1
    • Joonsoo Kim's avatar
      mm/slab: fix unalignment problem on Malta with EVA due to slab merge · 95069ac8
      Joonsoo Kim authored
      Unlike SLUB, sometimes, object isn't started at the beginning of the
      slab in SLAB.  This causes the unalignment problem after slab merging is
      supported by commit 12220dea ("mm/slab: support slab merge").
      
      Following is the report from Markos that fail to boot on Malta with EVA.
      
          Calibrating delay loop... 19.86 BogoMIPS (lpj=99328)
          pid_max: default: 32768 minimum: 301
          Mount-cache hash table entries: 4096 (order: 0, 16384 bytes)
          Mountpoint-cache hash table entries: 4096 (order: 0, 16384 bytes)
          Kernel bug detected[#1]:
          CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.17.0-05639-g12220dea #1631
          task: 1f04f5d8 ti: 1f050000 task.ti: 1f050000
          epc   : 80141190 alloc_unbound_pwq+0x234/0x304
              Not tainted
          ra    : 80141184 alloc_unbound_pwq+0x228/0x304
          Process swapper/0 (pid: 1, threadinfo=1f050000, task=1f04f5d8, tls=00000000)
          Call Trace:
            alloc_unbound_pwq+0x234/0x304
            apply_workqueue_attrs+0x11c/0x294
            __alloc_workqueue_key+0x23c/0x470
            init_workqueues+0x320/0x400
            do_one_initcall+0xe8/0x23c
            kernel_init_freeable+0x9c/0x224
            kernel_init+0x10/0x100
            ret_from_kernel_thread+0x14/0x1c
          [ end trace cb88537fdc8fa200 ]
          Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
      
      alloc_unbound_pwq() allocates slab object from pool_workqueue.  This
      kmem_cache requires 256 bytes alignment, but, current merging code
      doesn't honor that, and merge it with kmalloc-256.  kmalloc-256 requires
      only cacheline size alignment so that above failure occurs.  However, in
      x86, kmalloc-256 is luckily aligned in 256 bytes, so the problem didn't
      happen on it.
      
      To fix this problem, this patch introduces alignment mismatch check in
      find_mergeable().  This will fix the problem.
      Signed-off-by: default avatarJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Reported-by: default avatarMarkos Chandras <Markos.Chandras@imgtec.com>
      Tested-by: default avatarMarkos Chandras <Markos.Chandras@imgtec.com>
      Acked-by: default avatarChristoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      95069ac8
    • Joonsoo Kim's avatar
      mm/page_alloc: restrict max order of merging on isolated pageblock · 3c605096
      Joonsoo Kim authored
      Current pageblock isolation logic could isolate each pageblock
      individually.  This causes freepage accounting problem if freepage with
      pageblock order on isolate pageblock is merged with other freepage on
      normal pageblock.  We can prevent merging by restricting max order of
      merging to pageblock order if freepage is on isolate pageblock.
      
      A side-effect of this change is that there could be non-merged buddy
      freepage even if finishing pageblock isolation, because undoing
      pageblock isolation is just to move freepage from isolate buddy list to
      normal buddy list rather than to consider merging.  So, the patch also
      makes undoing pageblock isolation consider freepage merge.  When
      un-isolation, freepage with more than pageblock order and it's buddy are
      checked.  If they are on normal pageblock, instead of just moving, we
      isolate the freepage and free it in order to get merged.
      Signed-off-by: default avatarJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Cc: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
      Cc: Tang Chen <tangchen@cn.fujitsu.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Cc: Wen Congyang <wency@cn.fujitsu.com>
      Cc: Marek Szyprowski <m.szyprowski@samsung.com>
      Cc: Michal Nazarewicz <mina86@mina86.com>
      Cc: Laura Abbott <lauraa@codeaurora.org>
      Cc: Heesub Shin <heesub.shin@samsung.com>
      Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
      Cc: Ritesh Harjani <ritesh.list@gmail.com>
      Cc: Gioh Kim <gioh.kim@lge.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3c605096
    • Joonsoo Kim's avatar
      mm/page_alloc: move freepage counting logic to __free_one_page() · 8f82b55d
      Joonsoo Kim authored
      All the caller of __free_one_page() has similar freepage counting logic,
      so we can move it to __free_one_page().  This reduce line of code and
      help future maintenance.
      
      This is also preparation step for "mm/page_alloc: restrict max order of
      merging on isolated pageblock" which fix the freepage counting problem
      on freepage with more than pageblock order.
      Signed-off-by: default avatarJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Cc: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
      Cc: Tang Chen <tangchen@cn.fujitsu.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Cc: Wen Congyang <wency@cn.fujitsu.com>
      Cc: Marek Szyprowski <m.szyprowski@samsung.com>
      Cc: Michal Nazarewicz <mina86@mina86.com>
      Cc: Laura Abbott <lauraa@codeaurora.org>
      Cc: Heesub Shin <heesub.shin@samsung.com>
      Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
      Cc: Ritesh Harjani <ritesh.list@gmail.com>
      Cc: Gioh Kim <gioh.kim@lge.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8f82b55d
    • Joonsoo Kim's avatar
      mm/page_alloc: add freepage on isolate pageblock to correct buddy list · 51bb1a40
      Joonsoo Kim authored
      In free_pcppages_bulk(), we use cached migratetype of freepage to
      determine type of buddy list where freepage will be added.  This
      information is stored when freepage is added to pcp list, so if
      isolation of pageblock of this freepage begins after storing, this
      cached information could be stale.  In other words, it has original
      migratetype rather than MIGRATE_ISOLATE.
      
      There are two problems caused by this stale information.
      
      One is that we can't keep these freepages from being allocated.
      Although this pageblock is isolated, freepage will be added to normal
      buddy list so that it could be allocated without any restriction.  And
      the other problem is incorrect freepage accounting.  Freepages on
      isolate pageblock should not be counted for number of freepage.
      
      Following is the code snippet in free_pcppages_bulk().
      
          /* MIGRATE_MOVABLE list may include MIGRATE_RESERVEs */
          __free_one_page(page, page_to_pfn(page), zone, 0, mt);
          trace_mm_page_pcpu_drain(page, 0, mt);
          if (likely(!is_migrate_isolate_page(page))) {
              __mod_zone_page_state(zone, NR_FREE_PAGES, 1);
              if (is_migrate_cma(mt))
                  __mod_zone_page_state(zone, NR_FREE_CMA_PAGES, 1);
          }
      
      As you can see above snippet, current code already handle second
      problem, incorrect freepage accounting, by re-fetching pageblock
      migratetype through is_migrate_isolate_page(page).
      
      But, because this re-fetched information isn't used for
      __free_one_page(), first problem would not be solved.  This patch try to
      solve this situation to re-fetch pageblock migratetype before
      __free_one_page() and to use it for __free_one_page().
      
      In addition to move up position of this re-fetch, this patch use
      optimization technique, re-fetching migratetype only if there is isolate
      pageblock.  Pageblock isolation is rare event, so we can avoid
      re-fetching in common case with this optimization.
      
      This patch also correct migratetype of the tracepoint output.
      Signed-off-by: default avatarJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Acked-by: default avatarMinchan Kim <minchan@kernel.org>
      Acked-by: default avatarMichal Nazarewicz <mina86@mina86.com>
      Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Cc: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
      Cc: Tang Chen <tangchen@cn.fujitsu.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Cc: Wen Congyang <wency@cn.fujitsu.com>
      Cc: Marek Szyprowski <m.szyprowski@samsung.com>
      Cc: Laura Abbott <lauraa@codeaurora.org>
      Cc: Heesub Shin <heesub.shin@samsung.com>
      Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
      Cc: Ritesh Harjani <ritesh.list@gmail.com>
      Cc: Gioh Kim <gioh.kim@lge.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      51bb1a40
    • Joonsoo Kim's avatar
      mm/page_alloc: fix incorrect isolation behavior by rechecking migratetype · ad53f92e
      Joonsoo Kim authored
      Before describing bugs itself, I first explain definition of freepage.
      
       1. pages on buddy list are counted as freepage.
       2. pages on isolate migratetype buddy list are *not* counted as freepage.
       3. pages on cma buddy list are counted as CMA freepage, too.
      
      Now, I describe problems and related patch.
      
      Patch 1: There is race conditions on getting pageblock migratetype that
      it results in misplacement of freepages on buddy list, incorrect
      freepage count and un-availability of freepage.
      
      Patch 2: Freepages on pcp list could have stale cached information to
      determine migratetype of buddy list to go.  This causes misplacement of
      freepages on buddy list and incorrect freepage count.
      
      Patch 4: Merging between freepages on different migratetype of
      pageblocks will cause freepages accouting problem.  This patch fixes it.
      
      Without patchset [3], above problem doesn't happens on my CMA allocation
      test, because CMA reserved pages aren't used at all.  So there is no
      chance for above race.
      
      With patchset [3], I did simple CMA allocation test and get below
      result:
      
       - Virtual machine, 4 cpus, 1024 MB memory, 256 MB CMA reservation
       - run kernel build (make -j16) on background
       - 30 times CMA allocation(8MB * 30 = 240MB) attempts in 5 sec interval
       - Result: more than 5000 freepage count are missed
      
      With patchset [3] and this patchset, I found that no freepage count are
      missed so that I conclude that problems are solved.
      
      On my simple memory offlining test, these problems also occur on that
      environment, too.
      
      This patch (of 4):
      
      There are two paths to reach core free function of buddy allocator,
      __free_one_page(), one is free_one_page()->__free_one_page() and the
      other is free_hot_cold_page()->free_pcppages_bulk()->__free_one_page().
      Each paths has race condition causing serious problems.  At first, this
      patch is focused on first type of freepath.  And then, following patch
      will solve the problem in second type of freepath.
      
      In the first type of freepath, we got migratetype of freeing page
      without holding the zone lock, so it could be racy.  There are two cases
      of this race.
      
       1. pages are added to isolate buddy list after restoring orignal
          migratetype
      
          CPU1                                   CPU2
      
          get migratetype => return MIGRATE_ISOLATE
          call free_one_page() with MIGRATE_ISOLATE
      
                                      grab the zone lock
                                      unisolate pageblock
                                      release the zone lock
      
          grab the zone lock
          call __free_one_page() with MIGRATE_ISOLATE
          freepage go into isolate buddy list,
          although pageblock is already unisolated
      
      This may cause two problems.  One is that we can't use this page anymore
      until next isolation attempt of this pageblock, because freepage is on
      isolate buddy list.  The other is that freepage accouting could be wrong
      due to merging between different buddy list.  Freepages on isolate buddy
      list aren't counted as freepage, but ones on normal buddy list are
      counted as freepage.  If merge happens, buddy freepage on normal buddy
      list is inevitably moved to isolate buddy list without any consideration
      of freepage accouting so it could be incorrect.
      
       2. pages are added to normal buddy list while pageblock is isolated.
          It is similar with above case.
      
      This also may cause two problems.  One is that we can't keep these
      freepages from being allocated.  Although this pageblock is isolated,
      freepage would be added to normal buddy list so that it could be
      allocated without any restriction.  And the other problem is same as
      case 1, that it, incorrect freepage accouting.
      
      This race condition would be prevented by checking migratetype again
      with holding the zone lock.  Because it is somewhat heavy operation and
      it isn't needed in common case, we want to avoid rechecking as much as
      possible.  So this patch introduce new variable, nr_isolate_pageblock in
      struct zone to check if there is isolated pageblock.  With this, we can
      avoid to re-check migratetype in common case and do it only if there is
      isolated pageblock or migratetype is MIGRATE_ISOLATE.  This solve above
      mentioned problems.
      
      Changes from v3:
      Add one more check in free_one_page() that checks whether migratetype is
      MIGRATE_ISOLATE or not. Without this, abovementioned case 1 could happens.
      Signed-off-by: default avatarJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Acked-by: default avatarMinchan Kim <minchan@kernel.org>
      Acked-by: default avatarMichal Nazarewicz <mina86@mina86.com>
      Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Cc: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
      Cc: Tang Chen <tangchen@cn.fujitsu.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Cc: Wen Congyang <wency@cn.fujitsu.com>
      Cc: Marek Szyprowski <m.szyprowski@samsung.com>
      Cc: Laura Abbott <lauraa@codeaurora.org>
      Cc: Heesub Shin <heesub.shin@samsung.com>
      Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
      Cc: Ritesh Harjani <ritesh.list@gmail.com>
      Cc: Gioh Kim <gioh.kim@lge.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ad53f92e
    • Joonsoo Kim's avatar
      mm/compaction: skip the range until proper target pageblock is met · 58420016
      Joonsoo Kim authored
      Commit 7d49d886 ("mm, compaction: reduce zone checking frequency in
      the migration scanner") has a side-effect that changes the iteration
      range calculation.  Before the change, block_end_pfn is calculated using
      start_pfn, but now it blindly adds pageblock_nr_pages to the previous
      value.
      
      This causes the problem that isolation_start_pfn is larger than
      block_end_pfn when we isolate the page with more than pageblock order.
      In this case, isolation would fail due to an invalid range parameter.
      
      To prevent this, this patch implements skipping the range until a proper
      target pageblock is met.  Without this patch, CMA with more than
      pageblock order always fails but with this patch it will succeed.
      Signed-off-by: default avatarJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Michal Nazarewicz <mina86@mina86.com>
      Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      58420016
    • Weijie Yang's avatar
      zram: avoid kunmap_atomic() of a NULL pointer · c4065152
      Weijie Yang authored
      zram could kunmap_atomic() a NULL pointer in a rare situation: a zram
      page becomes a full-zeroed page after a partial write io.  The current
      code doesn't handle this case and performs kunmap_atomic() on a NULL
      pointer, which panics the kernel.
      
      This patch fixes this issue.
      Signed-off-by: default avatarWeijie Yang <weijie.yang@samsung.com>
      Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Cc: Dan Streetman <ddstreet@ieee.org>
      Cc: Nitin Gupta <ngupta@vflare.org>
      Cc: Weijie Yang <weijie.yang.kh@gmail.com>
      Acked-by: default avatarJerome Marchand <jmarchan@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c4065152