1. 21 Jan, 2016 6 commits
    • Randy Dunlap's avatar
      misc: ibmasm: fix build errors · 75339d82
      Randy Dunlap authored
      Fix build when CONFIG_SERIAL_8250=m and CONFIG_IBM_ASM=y.
      
      Fixes these build errors:
      
        drivers/built-in.o: In function `ibmasm_remove_one':
        module.c:(.text+0xf6874): undefined reference to `ibmasm_unregister_uart'
        drivers/built-in.o: In function `ibmasm_init_one':
        module.c:(.text+0xf6c37): undefined reference to `ibmasm_register_uart'
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Cc: Max Asbock <masbock@us.ibm.com>
      Cc: Vernon Mauery <vernux@us.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      75339d82
    • Junil Lee's avatar
      zsmalloc: fix migrate_zspage-zs_free race condition · c102f07c
      Junil Lee authored
      record_obj() in migrate_zspage() does not preserve handle's
      HANDLE_PIN_BIT, set by find_aloced_obj()->trypin_tag(), and implicitly
      (accidentally) un-pins the handle, while migrate_zspage() still performs
      an explicit unpin_tag() on the that handle.  This additional explicit
      unpin_tag() introduces a race condition with zs_free(), which can pin
      that handle by this time, so the handle becomes un-pinned.
      
      Schematically, it goes like this:
      
        CPU0                                        CPU1
        migrate_zspage
          find_alloced_obj
            trypin_tag
              set HANDLE_PIN_BIT                    zs_free()
                                                      pin_tag()
        obj_malloc() -- new object, no tag
        record_obj() -- remove HANDLE_PIN_BIT           set HANDLE_PIN_BIT
        unpin_tag()  -- remove zs_free's HANDLE_PIN_BIT
      
      The race condition may result in a NULL pointer dereference:
      
        Unable to handle kernel NULL pointer dereference at virtual address 00000000
        CPU: 0 PID: 19001 Comm: CookieMonsterCl Tainted:
        PC is at get_zspage_mapping+0x0/0x24
        LR is at obj_free.isra.22+0x64/0x128
        Call trace:
           get_zspage_mapping+0x0/0x24
           zs_free+0x88/0x114
           zram_free_page+0x64/0xcc
           zram_slot_free_notify+0x90/0x108
           swap_entry_free+0x278/0x294
           free_swap_and_cache+0x38/0x11c
           unmap_single_vma+0x480/0x5c8
           unmap_vmas+0x44/0x60
           exit_mmap+0x50/0x110
           mmput+0x58/0xe0
           do_exit+0x320/0x8dc
           do_group_exit+0x44/0xa8
           get_signal+0x538/0x580
           do_signal+0x98/0x4b8
           do_notify_resume+0x14/0x5c
      
      This patch keeps the lock bit in migration path and update value
      atomically.
      Signed-off-by: default avatarJunil Lee <junil0814.lee@lge.com>
      Signed-off-by: default avatarMinchan Kim <minchan@kernel.org>
      Acked-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
      Cc: <stable@vger.kernel.org> [4.1+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c102f07c
    • Guenter Roeck's avatar
      mm: arch: remove duplicate definitions of MADV_FREE · dcd6c87c
      Guenter Roeck authored
      Commits 21f55b01 ("arch/*/include/uapi/asm/mman.h: : let MADV_FREE
      have same value for all architectures") and ef58978f ("mm: define
      MADV_FREE for some arches") both defined MADV_FREE, but did not use the
      same values.  This results in build errors such as
      
        ./arch/alpha/include/uapi/asm/mman.h:53:0: error: "MADV_FREE" redefined
        ./arch/alpha/include/uapi/asm/mman.h:50:0: note: this is the location of the previous definition
      
      for the affected architectures.
      
      Fixes: 21f55b01 ("arch/*/include/uapi/asm/mman.h: : let MADV_FREE have same value for all architectures")
      Fixes: ef58978f ("mm: define MADV_FREE for some arches")
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Cc: Chen Gang <gang.chen.5i5j@gmail.com>
      Cc: Minchan Kim <minchan@kernel.org>
      Acked-by: Helge Deller <deller@gmx.de>	[parisc]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      dcd6c87c
    • Kirill A. Shutemov's avatar
      fs/proc/task_mmu.c: add workaround for old compilers · f4be6153
      Kirill A. Shutemov authored
      For THP=n, HPAGE_PMD_NR in smaps_account() expands to BUILD_BUG().
      That's fine since this codepath is eliminated by modern compilers.
      
      But older compilers have not that efficient dead code elimination.  It
      causes problem at least with gcc 4.1.2 on m68k:
      
         fs/built-in.o: In function `smaps_account':
         task_mmu.c:(.text+0x4f8fa): undefined reference to `__compiletime_assert_471'
      
      Let's replace HPAGE_PMD_NR with 1 << compound_order(page).
      Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f4be6153
    • Kirill A. Shutemov's avatar
      thp: fix interrupt unsafe locking in split_huge_page() · 0b9b6fff
      Kirill A. Shutemov authored
      split_queue_lock can be taken from interrupt context in some cases, but
      I forgot to convert locking in split_huge_page() to interrupt-safe
      primitives.
      
      Let's fix this.
      
      lockdep output:
      
        ======================================================
        [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
        4.4.0+ #259 Tainted: G        W
        ------------------------------------------------------
        syz-executor/18183 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire:
         (split_queue_lock){+.+...}, at: free_transhuge_page+0x24/0x90 mm/huge_memory.c:3436
      
        and this task is already holding:
         (slock-AF_INET){+.-...}, at: spin_lock_bh include/linux/spinlock.h:307
         (slock-AF_INET){+.-...}, at: lock_sock_fast+0x45/0x120 net/core/sock.c:2462
        which would create a new lock dependency:
         (slock-AF_INET){+.-...} -> (split_queue_lock){+.+...}
      
        but this new dependency connects a SOFTIRQ-irq-safe lock:
         (slock-AF_INET){+.-...}
        ... which became SOFTIRQ-irq-safe at:
           mark_irqflags kernel/locking/lockdep.c:2799
           __lock_acquire+0xfd8/0x4700 kernel/locking/lockdep.c:3162
           lock_acquire+0x1dc/0x430 kernel/locking/lockdep.c:3585
           __raw_spin_lock include/linux/spinlock_api_smp.h:144
           _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
           spin_lock include/linux/spinlock.h:302
           udp_queue_rcv_skb+0x781/0x1550 net/ipv4/udp.c:1680
           flush_stack+0x50/0x330 net/ipv6/udp.c:799
           __udp4_lib_mcast_deliver+0x694/0x7f0 net/ipv4/udp.c:1798
           __udp4_lib_rcv+0x17dc/0x23e0 net/ipv4/udp.c:1888
           udp_rcv+0x21/0x30 net/ipv4/udp.c:2108
           ip_local_deliver_finish+0x2b3/0xa50 net/ipv4/ip_input.c:216
           NF_HOOK_THRESH include/linux/netfilter.h:226
           NF_HOOK include/linux/netfilter.h:249
           ip_local_deliver+0x1c4/0x2f0 net/ipv4/ip_input.c:257
           dst_input include/net/dst.h:498
           ip_rcv_finish+0x5ec/0x1730 net/ipv4/ip_input.c:365
           NF_HOOK_THRESH include/linux/netfilter.h:226
           NF_HOOK include/linux/netfilter.h:249
           ip_rcv+0x963/0x1080 net/ipv4/ip_input.c:455
           __netif_receive_skb_core+0x1620/0x2f80 net/core/dev.c:4154
           __netif_receive_skb+0x2a/0x160 net/core/dev.c:4189
           netif_receive_skb_internal+0x1b5/0x390 net/core/dev.c:4217
           napi_skb_finish net/core/dev.c:4542
           napi_gro_receive+0x2bd/0x3c0 net/core/dev.c:4572
           e1000_clean_rx_irq+0x4e2/0x1100 drivers/net/ethernet/intel/e1000e/netdev.c:1038
           e1000_clean+0xa08/0x24a0 drivers/net/ethernet/intel/e1000/e1000_main.c:3819
           napi_poll net/core/dev.c:5074
           net_rx_action+0x7eb/0xdf0 net/core/dev.c:5139
           __do_softirq+0x26a/0x920 kernel/softirq.c:273
           invoke_softirq kernel/softirq.c:350
           irq_exit+0x18f/0x1d0 kernel/softirq.c:391
           exiting_irq ./arch/x86/include/asm/apic.h:659
           do_IRQ+0x86/0x1a0 arch/x86/kernel/irq.c:252
           ret_from_intr+0x0/0x20 arch/x86/entry/entry_64.S:520
           arch_safe_halt ./arch/x86/include/asm/paravirt.h:117
           default_idle+0x52/0x2e0 arch/x86/kernel/process.c:304
           arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:295
           default_idle_call+0x48/0xa0 kernel/sched/idle.c:92
           cpuidle_idle_call kernel/sched/idle.c:156
           cpu_idle_loop kernel/sched/idle.c:252
           cpu_startup_entry+0x554/0x710 kernel/sched/idle.c:300
           rest_init+0x192/0x1a0 init/main.c:412
           start_kernel+0x678/0x69e init/main.c:683
           x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:195
           x86_64_start_kernel+0x158/0x167 arch/x86/kernel/head64.c:184
      
        to a SOFTIRQ-irq-unsafe lock:
         (split_queue_lock){+.+...}
         which became SOFTIRQ-irq-unsafe at:
           mark_irqflags kernel/locking/lockdep.c:2817
           __lock_acquire+0x146e/0x4700 kernel/locking/lockdep.c:3162
           lock_acquire+0x1dc/0x430 kernel/locking/lockdep.c:3585
           __raw_spin_lock include/linux/spinlock_api_smp.h:144
           _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
           spin_lock include/linux/spinlock.h:302
           split_huge_page_to_list+0xcc0/0x1c50 mm/huge_memory.c:3399
           split_huge_page include/linux/huge_mm.h:99
           queue_pages_pte_range+0xa38/0xef0 mm/mempolicy.c:507
           walk_pmd_range mm/pagewalk.c:50
           walk_pud_range mm/pagewalk.c:90
           walk_pgd_range mm/pagewalk.c:116
           __walk_page_range+0x653/0xcd0 mm/pagewalk.c:204
           walk_page_range+0xfe/0x2b0 mm/pagewalk.c:281
           queue_pages_range+0xfb/0x130 mm/mempolicy.c:687
           migrate_to_node mm/mempolicy.c:1004
           do_migrate_pages+0x370/0x4e0 mm/mempolicy.c:1109
           SYSC_migrate_pages mm/mempolicy.c:1453
           SyS_migrate_pages+0x640/0x730 mm/mempolicy.c:1374
           entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185
      
        other info that might help us debug this:
      
         Possible interrupt unsafe locking scenario:
      
               CPU0                    CPU1
               ----                    ----
          lock(split_queue_lock);
                                       local_irq_disable();
                                       lock(slock-AF_INET);
                                       lock(split_queue_lock);
          <Interrupt>
            lock(slock-AF_INET);
      Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Reviewed-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0b9b6fff
    • Jean Delvare's avatar
      lib/libcrc32c.c: fix build warning · 290e0e0f
      Jean Delvare authored
      Fix the following build warning:
      
        lib/libcrc32c.c:42:5: warning: no previous prototype for "crc32c" [-Wmissing-prototypes]
         u32 crc32c(u32 crc, const void *address, unsigned int length)
             ^
      Signed-off-by: default avatarJean Delvare <jdelvare@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      290e0e0f
  2. 20 Jan, 2016 24 commits
  3. 19 Jan, 2016 10 commits