Michal Marek [Tue, 11 Dec 2012 01:56:22 +0000 (12:26 +1030)]
MODSIGN: Fix kbuild output when using default extra_certificates
Reported-by: Peter Foley <pefoley2@verizon.net> Signed-off-by: Michal Marek <mmarek@suse.cz> Acked-by: Peter Foley <pefoley2@verizon.net> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Takashi Iwai [Tue, 11 Dec 2012 01:07:13 +0000 (11:37 +1030)]
MODSIGN: Avoid using .incbin in C source
Using the asm .incbin statement in C sources breaks any gcc wrapper which
assumes that preprocessed C source is self-contained. Use a separate .S
file to include the siging key and certificate.
Tested-by: Michal Marek <mmarek@suse.cz> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Acked-by: James Hogan <james.hogan@imgtec.com>
Rusty Russell [Mon, 10 Dec 2012 23:08:33 +0000 (09:38 +1030)]
modules: don't hand 0 to vmalloc.
In commit d0a21265dfb5fa8a David Rientjes unified various archs'
module_alloc implementation (including x86) and removed the graduitous
shortcut for size == 0.
Then, in commit de7d2b567d040e3b, Joe Perches added a warning for
zero-length vmallocs, which can happen without kallsyms on modules
with no init sections (eg. zlib_deflate).
Fix this once and for all; the module code has to handle zero length
anyway, so get it right at the caller and remove the now-gratuitous
checks within the arch-specific module_alloc implementations.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42608 Reported-by: Conrad Kostecki <ConiKost@gmx.de> Cc: David Rientjes <rientjes@google.com> Cc: Joe Perches <joe@perches.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Thu, 22 Nov 2012 02:00:25 +0000 (12:30 +1030)]
__UNIQUE_ID()
Jan Beulich points out __COUNTER__ (gcc 4.3 and above), so let's use
that to create unique ids. This is better than __LINE__ which we use
today, so provide a wrapper.
Stanislaw Gruszka <sgruszka@redhat.com> reported that some module parameters
start with a digit, so we need to prepend when we for the unique id.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Acked-by: Jan Beulich <jbeulich@suse.com>
Josh Boyer [Sun, 4 Nov 2012 22:39:24 +0000 (09:09 +1030)]
MODSIGN: Add modules_sign make target
If CONFIG_MODULE_SIG is set, and 'make modules_sign' is called then this
patch will cause the modules to get a signature appended. The make target
is intended to be run after 'make modules_install', and will modify the
modules in-place in the installed location. It can be used to produce
signed modules after they have been processed by distribution build
scripts.
Mimi Zohar [Tue, 16 Oct 2012 02:10:08 +0000 (12:40 +1030)]
ima: support new kernel module syscall
With the addition of the new kernel module syscall, which defines two
arguments - a file descriptor to the kernel module and a pointer to a NULL
terminated string of module arguments - it is now possible to measure and
appraise kernel modules like any other file on the file system.
This patch adds support to measure and appraise kernel modules in an
extensible and consistent manner.
To support filesystems without extended attribute support, additional
patches could pass the signature as the first parameter.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Kees Cook [Mon, 15 Oct 2012 21:02:07 +0000 (07:32 +1030)]
security: introduce kernel_module_from_file hook
Now that kernel module origins can be reasoned about, provide a hook to
the LSMs to make policy decisions about the module file. This will let
Chrome OS enforce that loadable kernel modules can only come from its
read-only hash-verified root filesystem. Other LSMs can, for example,
read extended attributes for signatures, etc.
Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Mon, 22 Oct 2012 07:39:41 +0000 (18:09 +1030)]
module: add flags arg to sys_finit_module()
Thanks to Michael Kerrisk for keeping us honest. These flags are actually
useful for eliminating the only case where kmod has to mangle a module's
internals: for overriding module versioning.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Acked-by: Lucas De Marchi <lucas.demarchi@profusion.mobi> Acked-by: Kees Cook <keescook@chromium.org>
Kees Cook [Mon, 15 Oct 2012 21:01:07 +0000 (07:31 +1030)]
module: add syscall to load module from fd
As part of the effort to create a stronger boundary between root and
kernel, Chrome OS wants to be able to enforce that kernel modules are
being loaded only from our read-only crypto-hash verified (dm_verity)
root filesystem. Since the init_module syscall hands the kernel a module
as a memory blob, no reasoning about the origin of the blob can be made.
Earlier proposals for appending signatures to kernel modules would not be
useful in Chrome OS, since it would involve adding an additional set of
keys to our kernel and builds for no good reason: we already trust the
contents of our root filesystem. We don't need to verify those kernel
modules a second time. Having to do signature checking on module loading
would slow us down and be redundant. All we need to know is where a
module is coming from so we can say yes/no to loading it.
If a file descriptor is used as the source of a kernel module, many more
things can be reasoned about. In Chrome OS's case, we could enforce that
the module lives on the filesystem we expect it to live on. In the case
of IMA (or other LSMs), it would be possible, for example, to examine
extended attributes that may contain signatures over the contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
James Hogan [Fri, 23 Nov 2012 12:08:16 +0000 (12:08 +0000)]
modsign: add symbol prefix to certificate list
Add the arch symbol prefix (if applicable) to the asm definition of
modsign_certificate_list and modsign_certificate_list_end. This uses the
recently defined SYMBOL_PREFIX which is derived from
CONFIG_SYMBOL_PREFIX.
This fixes the build of module signing on the blackfin and metag
architectures.
Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: David Howells <dhowells@redhat.com> Cc: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
James Hogan [Fri, 23 Nov 2012 12:08:15 +0000 (12:08 +0000)]
linux/kernel.h: define SYMBOL_PREFIX
Define SYMBOL_PREFIX to be the same as CONFIG_SYMBOL_PREFIX if set by
the architecture, or "" otherwise. This avoids the need for ugly #ifdefs
whenever symbols are referenced in asm blocks.
Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Joe Perches <joe@perches.com> Cc: Paul Gortmaker <paul.gortmaker@windriver.com> Cc: Jean Delvare <khali@linux-fr.org> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Linus Torvalds [Sun, 2 Dec 2012 01:55:13 +0000 (17:55 -0800)]
Merge branch 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
Pull late workqueue fixes from Tejun Heo:
"Unfortunately, I have two really late fixes. One was for a
long-standing bug and queued for 3.8 but I found out about a
regression introduced during 3.7-rc1 two days ago, so I'm sending out
the two fixes together.
The first (long-standing) one is rescuer_thread() entering exit path
w/ TASK_INTERRUPTIBLE. It only triggers on workqueue destructions
which isn't very frequent and the exit path can usually survive being
called with TASK_INTERRUPT, so it was hidden pretty well. Apparently,
if you're reiserfs, this could lead to the exiting kthread sleeping
indefinitely holding a mutex, which is never good.
The fix is simple - restoring TASK_RUNNING before returning from the
kthread function.
The second one is introduced by the new mod_delayed_work().
mod_delayed_work() was missing special case handling for 0 delay.
Instead of queueing the work item immediately, it queued the timer
which expires on the closest next tick. Some users of the new
function converted from "[__]cancel_delayed_work() +
queue_delayed_work()" combination became unhappy with the extra delay.
Block unplugging led to noticeably higher number of context switches
and intel 6250 wireless failed to associate with WPA-Enterprise
network. The fix, again, is fairly simple. The 0 delay special case
logic from queue_delayed_work_on() should be moved to
__queue_delayed_work() which is shared by both queue_delayed_work_on()
and mod_delayed_work_on().
The first one is difficult to trigger and the failure mode for the
latter isn't completely catastrophic, so missing these two for 3.7
wouldn't make it a disastrous release, but both bugs are nasty and the
fixes are fairly safe"
* 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: mod_delayed_work_on() shouldn't queue timer on 0 delay
workqueue: exit rescuer_thread() as TASK_RUNNING
Tejun Heo [Sun, 2 Dec 2012 00:23:42 +0000 (16:23 -0800)]
workqueue: mod_delayed_work_on() shouldn't queue timer on 0 delay
8376fe22c7 ("workqueue: implement mod_delayed_work[_on]()")
implemented mod_delayed_work[_on]() using the improved
try_to_grab_pending(). The function is later used, among others, to
replace [__]candel_delayed_work() + queue_delayed_work() combinations.
Unfortunately, a delayed_work item w/ zero @delay is handled slightly
differently by mod_delayed_work_on() compared to
queue_delayed_work_on(). The latter skips timer altogether and
directly queues it using queue_work_on() while the former schedules
timer which will expire on the closest tick. This means, when @delay
is zero, that [__]cancel_delayed_work() + queue_delayed_work_on()
makes the target item immediately executable while
mod_delayed_work_on() may induce delay of upto a full tick.
This somewhat subtle difference breaks some of the converted users.
e.g. block queue plugging uses delayed_work for deferred processing
and uses mod_delayed_work_on() when the queue needs to be immediately
unplugged. The above problem manifested as noticeably higher number
of context switches under certain circumstances.
The difference in behavior was caused by missing special case handling
for 0 delay in mod_delayed_work_on() compared to
queue_delayed_work_on(). Joonsoo Kim posted a patch to add it -
("workqueue: optimize mod_delayed_work_on() when @delay == 0")[1].
The patch was queued for 3.8 but it was described as optimization and
I missed that it was a correctness issue.
As both queue_delayed_work_on() and mod_delayed_work_on() use
__queue_delayed_work() for queueing, it seems that the better approach
is to move the 0 delay special handling to the function instead of
duplicating it in mod_delayed_work_on().
Fix the problem by moving 0 delay special case handling from
queue_delayed_work_on() to __queue_delayed_work(). This replaces
Joonsoo's patch.
Mike Galbraith [Wed, 28 Nov 2012 06:17:18 +0000 (07:17 +0100)]
workqueue: exit rescuer_thread() as TASK_RUNNING
A rescue thread exiting TASK_INTERRUPTIBLE can lead to a task scheduling
off, never to be seen again. In the case where this occurred, an exiting
thread hit reiserfs homebrew conditional resched while holding a mutex,
bringing the box to its knees.
Linus Torvalds [Sat, 1 Dec 2012 21:29:55 +0000 (13:29 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
"A bunch of fixes; the last one is this cycle regression, the rest are
-stable fodder."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fix off-by-one in argument passed by iterate_fd() to callbacks
lookup_one_len: don't accept . and ..
cifs: get rid of blind d_drop() in readdir
nfs_lookup_revalidate(): fix a leak
don't do blind d_drop() in nfs_prime_dcache()
Linus Torvalds [Sat, 1 Dec 2012 21:08:36 +0000 (13:08 -0800)]
Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull RCU fix from Ingo Molnar:
"Fix leaking RCU extended quiescent state, which might trigger warnings
and mess up the extended quiescent state tracking logic into thinking
that we are in "RCU user mode" while we aren't."
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
rcu: Fix unrecovered RCU user mode in syscall_trace_leave()
Linus Torvalds [Sat, 1 Dec 2012 21:07:48 +0000 (13:07 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
"This is mostly about unbreaking architectures that took the UAPI
changes in the v3.7 cycle, plus misc fixes."
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf kvm: Fix building perf kvm on non x86 arches
perf kvm: Rename perf_kvm to perf_kvm_stat
perf: Make perf build for x86 with UAPI disintegration applied
perf powerpc: Use uapi/unistd.h to fix build error
tools: Pass the target in descend
tools: Honour the O= flag when tool build called from a higher Makefile
tools: Define a Makefile function to do subdir processing
x86: Export asm/{svm.h,vmx.h,perf_regs.h}
perf tools: Fix strbuf_addf() when the buffer needs to grow
perf header: Fix numa topology printing
perf, powerpc: Fix hw breakpoints returning -ENOSPC
Linus Torvalds [Sat, 1 Dec 2012 00:59:50 +0000 (16:59 -0800)]
Merge tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming
Pull C6X fixes from Mark Salter.
* tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming:
c6x: use generic kvm_para.h
c6x: remove internal kernel symbols from exported setup.h
c6x: fix misleading comment
c6x: run do_notify_resume with interrupts enabled
Linus Torvalds [Sat, 1 Dec 2012 00:58:55 +0000 (16:58 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal
Pull assorted signal-related fixes from Al Viro:
"uml regression fix (braino in sys_execve() patch) + a bunch of fucked
sigaltstack-on-rt_sigreturn uses, similar to sparc64 fix that went in
through davem's tree. m32r horrors not included - that one's waiting
for maintainer."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:
microblaze: rt_sigreturn is too trigger-happy about sigaltstack errors
score: do_sigaltstack() expects a userland pointer...
sh64: fix altstack switching on sigreturn
openrisk: fix altstack switching on sigreturn
um: get_safe_registers() should be done in flush_thread(), not start_thread()
Linus Torvalds [Sat, 1 Dec 2012 00:57:18 +0000 (16:57 -0800)]
Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Pull CIFS fixes from Steve French:
"Two low risk, small fixes, that fix cifs regressions introduced in
3.7."
* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
CIFS: Fix wrong buffer pointer usage in smb_set_file_info
cifs: fix writeback race with file that is growing
Pull target fix from Nicholas Bellinger:
"So just a single target fix for v3.7.0 this time around from Roland to
address a aborted command bug w/ tcm_qla2xxx fabric ports.
Also, there is one outstanding IBLOCK + virtio-blk bug that is still
being tracked down effecting v3.6.x, but AFAICT thus far this appears
to be a bug outside of target code."
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
target: Fix handling of aborted commands
Vincent Palatin [Fri, 30 Nov 2012 20:15:32 +0000 (12:15 -0800)]
x86, fpu: Avoid FPU lazy restore after suspend
When a cpu enters S3 state, the FPU state is lost.
After resuming for S3, if we try to lazy restore the FPU for a process running
on the same CPU, this will result in a corrupted FPU context.
Ensure that "fpu_owner_task" is properly invalided when (re-)initializing a CPU,
so nobody will try to lazy restore a state which doesn't exist in the hardware.
Tested with a 64-bit kernel on a 4-core Ivybridge CPU with eagerfpu=off,
by doing thousands of suspend/resume cycles with 4 processes doing FPU
operations running. Without the patch, a process is killed after a
few hundreds cycles by a SIGFPE.
Cc: Duncan Laurie <dlaurie@chromium.org> Cc: Olof Johansson <olofj@chromium.org> Cc: <stable@kernel.org> v3.4+ # for 3.4 need to replace this_cpu_write by percpu_write Signed-off-by: Vincent Palatin <vpalatin@chromium.org> Link: http://lkml.kernel.org/r/1354306532-1014-1-git-send-email-vpalatin@chromium.org Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Linus Torvalds [Fri, 30 Nov 2012 18:47:55 +0000 (10:47 -0800)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull DRM fixes from Dave Airlie:
"Just driver fixes, nothing major, except maybe the Ironlake rc6
disable:
- intel:
* revert ironlake rc6 - we still have one ilk regression, but this
gets rid of one big one
* turn off cloning
* a directed fix for Apple edp
- radeon: one modesetting fix
- exynos: minor fixes"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
radeon: fix pll/ctrc mapping on dce2 and dce3 hardware
Revert "drm/i915: enable rc6 on ilk again"
drm/i915: do not default to 18 bpp for eDP if missing from VBT
drm/exynos: Fix potential NULL pointer dereference in exynos_drm_encoder.c
drm/exynos: Make exynos4/5_fimd_driver_data static
drm/exynos: fix overlay updating issue
drm/exynos: remove unnecessary code.
drm/exynos: fix linux framebuffer address setting.
drm/i915: disable cloning on sdvo
Linus Torvalds [Fri, 30 Nov 2012 18:46:43 +0000 (10:46 -0800)]
Merge branch 'akpm' (Fixes from Andrew)
Merge misc fixes from Andrew Morton:
"Seven fixes, some of them fingers-crossed :("
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (7 patches)
drivers/rtc/rtc-tps65910.c: fix invalid pointer access on _remove()
mm: soft offline: split thp at the beginning of soft_offline_page()
mm: avoid waking kswapd for THP allocations when compaction is deferred or contended
revert "Revert "mm: remove __GFP_NO_KSWAPD""
mm: vmscan: fix endless loop in kswapd balancing
mm/vmemmap: fix wrong use of virt_to_page
mm: compaction: fix return value of capture_free_page()
Linus Torvalds [Fri, 30 Nov 2012 18:30:34 +0000 (10:30 -0800)]
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Arnd Bergmann:
"These are three fixes for the Marvell EBU family and one for the
Samsung s3c platforms. All of them are obvious should still make it
into 3.7."
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: Kirkwood: Update PCI-E fixup
Dove: Fix irq_to_pmu()
Dove: Attempt to fix PMU/RTC interrupts
ARM: S3C24XX: Fix potential NULL pointer dereference error
Linus Torvalds [Fri, 30 Nov 2012 18:28:09 +0000 (10:28 -0800)]
Merge tag 'ixp4xx-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM ixp4xx bug fixes from Arnd Bergmann:
"These were originally prepared by Krzysztof Halasa but not submitted
in time for v3.7 due to some confusion about how ixp4xx patches should
be handled. Jason Cooper thankfully offered to help out sending the
patches upstream through arm-soc now, but given the timing, we could
as well delay them for 3.8."
* tag 'ixp4xx-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
IXP4xx: use __iomem for MMIO
IXP4xx: map CPU config registers within VMALLOC region.
IXP4xx: Always ioremap() Queue Manager MMIO region at boot.
ixp4xx: Declare MODULE_FIRMWARE usage
IXP4xx crypto: MOD_AES{128,192,256} already include key size.
WAN: Remove redundant HDLC info printed by IXP4xx HSS driver.
IXP4xx: Remove time limit for PCI TRDY to enable use of slow devices.
IXP4xx: ixp4xx_crypto driver requires Queue Manager and NPE drivers.
IXP4xx: HW pseudo-random generator is available on IXP45x/46x only.
IXP4xx: Fix off-by-one bug in Goramo MultiLink platform.
IXP4xx: Fix Goramo MultiLink platform compilation.
Kim, Milo [Thu, 29 Nov 2012 21:54:36 +0000 (13:54 -0800)]
drivers/rtc/rtc-tps65910.c: fix invalid pointer access on _remove()
The tps65910_rtc data is registered as the platform driver data in
_probe(= ). Therefore the tps65910_rtc should be used on unregistering
the rtc device. And device pointer should be retrieved from the
platform_device structure.
This patch fixes the below oops:
Unable to handle kernel NULL pointer dereference at virtual address 00000008
Modules linked in: rtc_tps65910(-)
CPU: 0 Not tainted (3.7.0-rc7-next-20121128-g6b1f974-dirty #7)
PC is at tps65910_rtc_alarm_irq_enable+0x20/0x2c [rtc_tps65910]
(tps65910_rtc_alarm_irq_enable+0x20/0x2c [rtc_tps65910])
(tps65910_rtc_remove+0x18/0x28 [rtc_tps65910])
(platform_drv_remove+0x18/0x1c)
(__device_release_driver+0x70/0xcc)
(driver_detach+0xb4/0xb8)
(bus_remove_driver+0x7c/0xc0)
(sys_delete_module+0x148/0x21c)
Signed-off-by: Milo(Woogyom) Kim <milo.kim@ti.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Thu, 29 Nov 2012 21:54:30 +0000 (13:54 -0800)]
mm: avoid waking kswapd for THP allocations when compaction is deferred or contended
With "mm: vmscan: scale number of pages reclaimed by reclaim/compaction
based on failures" reverted, Zdenek Kabelac reported the following
Hmm, so it's just took longer to hit the problem and observe
kswapd0 spinning on my CPU again - it's not as endless like before -
but still it easily eats minutes - it helps to turn off Firefox
or TB (memory hungry apps) so kswapd0 stops soon - and restart
those apps again. (And I still have like >1GB of cached memory)
The sysrq+m indicates the system has no swap so it'll never reclaim
anonymous pages as part of reclaim/compaction. That is one part of the
problem but not the root cause as file-backed pages could also be
reclaimed.
The likely underlying problem is that kswapd is woken up or kept awake
for each THP allocation request in the page allocator slow path.
If compaction fails for the requesting process then compaction will be
deferred for a time and direct reclaim is avoided. However, if there
are a storm of THP requests that are simply rejected, it will still be
the the case that kswapd is awake for a prolonged period of time as
pgdat->kswapd_max_order is updated each time. This is noticed by the
main kswapd() loop and it will not call kswapd_try_to_sleep(). Instead
it will loopp, shrinking a small number of pages and calling
shrink_slab() on each iteration.
This patch defers when kswapd gets woken up for THP allocations. For
!THP allocations, kswapd is always woken up. For THP allocations,
kswapd is woken up iff the process is willing to enter into direct
reclaim/compaction.
[akpm@linux-foundation.org: fix typo in comment] Signed-off-by: Mel Gorman <mgorman@suse.de> Cc: Zdenek Kabelac <zkabelac@redhat.com> Cc: Seth Jennings <sjenning@linux.vnet.ibm.com> Cc: Jiri Slaby <jirislaby@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Robert Jennings <rcj@linux.vnet.ibm.com> Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu> Cc: Glauber Costa <glommer@gmail.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrew Morton [Thu, 29 Nov 2012 21:54:27 +0000 (13:54 -0800)]
revert "Revert "mm: remove __GFP_NO_KSWAPD""
It apepars that this patch was innocent, and we hope that "mm: avoid
waking kswapd for THP allocations when compaction is deferred or
contended" will fix the final kswapd-spinning cause.
Johannes Weiner [Thu, 29 Nov 2012 21:54:23 +0000 (13:54 -0800)]
mm: vmscan: fix endless loop in kswapd balancing
Kswapd does not in all places have the same criteria for a balanced
zone. Zones are only being reclaimed when their high watermark is
breached, but compaction checks loop over the zonelist again when the
zone does not meet the low watermark plus two times the size of the
allocation. This gets kswapd stuck in an endless loop over a small
zone, like the DMA zone, where the high watermark is smaller than the
compaction requirement.
Add a function, zone_balanced(), that checks the watermark, and, for
higher order allocations, if compaction has enough free memory. Then
use it uniformly to check for balanced zones.
This makes sure that when the compaction watermark is not met, at least
reclaim happens and progress is made - or the zone is declared
unreclaimable at some point and skipped entirely.
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Reported-by: George Spelvin <linux@horizon.com> Reported-by: Johannes Hirte <johannes.hirte@fem.tu-ilmenau.de> Reported-by: Tomas Racek <tracek@redhat.com> Tested-by: Johannes Hirte <johannes.hirte@fem.tu-ilmenau.de> Reviewed-by: Rik van Riel <riel@redhat.com> Cc: Mel Gorman <mel@csn.ul.ie> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jianguo Wu [Thu, 29 Nov 2012 21:54:21 +0000 (13:54 -0800)]
mm/vmemmap: fix wrong use of virt_to_page
I enable CONFIG_DEBUG_VIRTUAL and CONFIG_SPARSEMEM_VMEMMAP, when doing
memory hotremove, there is a kernel BUG at arch/x86/mm/physaddr.c:20.
It is caused by free_section_usemap()->virt_to_page(), virt_to_page() is
only used for kernel direct mapping address, but sparse-vmemmap uses
vmemmap address, so it is going wrong here.
Mel Gorman [Thu, 29 Nov 2012 21:54:20 +0000 (13:54 -0800)]
mm: compaction: fix return value of capture_free_page()
Commit ef6c5be658f6 ("fix incorrect NR_FREE_PAGES accounting (appears
like memory leak)") fixes a NR_FREE_PAGE accounting leak but missed the
return value which was also missed by this reviewer until today.
That return value is used by compaction when adding pages to a list of
isolated free pages and without this follow-up fix, there is a risk of
free list corruption.
Signed-off-by: Mel Gorman <mgorman@suse.de> Cc: Dave Hansen <dave@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro [Fri, 30 Nov 2012 03:57:33 +0000 (22:57 -0500)]
fix off-by-one in argument passed by iterate_fd() to callbacks
Noticed by Pavel Roskin; the thing in his patch I disagree with
was compensating for that shite in callbacks instead of fixing
it once in the iterator itself.
Al Viro [Fri, 30 Nov 2012 03:04:36 +0000 (22:04 -0500)]
nfs_lookup_revalidate(): fix a leak
We are leaking fattr and fhandle if we decide that dentry is not to
be invalidated, after all (e.g. happens to be a mountpoint). Just
free both before that...
This would have been ok to delay to 3.8 according to Kukjin, but since
it's an obvious bug fix and a potential NULL pointer dereference, it
seem appropriate for a late 3.7 submission.
Pull networking fixes from David Miller:
"Some more fixes trickled in over the past few days:
1) PIM device names can overflow the IFNAMSIZ buffer unless we
properly limit the allowed indexes, fix from Eric Dumazet.
2) Under heavy load we can OOPS in icmp reply processing due to an
unchecked inet_putpeer() call. Fix from Neal Cardwell.
3) SCTP round trip calculations need to use 64-bit math to avoid
overflows, fix from Schoch Christian.
4) Fix a memory leak and an error return flub in SCTP and IRDA
triggerable by userspace. Fix from Tommi Rantala and found by the
syscall fuzzer (trinity).
5) MLX4 driver gives bogus size to memcpy() call, fix from Amir
Vadai.
6) Fix length calculation in VHOST descriptor translation, from
Michael S Tsirkin.
7) Ambassador ATM driver loops forever while loading firmware, fix
from Dan Carpenter.
8) Over MTU packets in openvswitch warn about wrong device, fix from
Jesse Gross.
9) Netfilter IPSET's netlink code can overrun a string buffer because
it's not properly limited to IFNAMSIZ. Fix from Florian Westphal.
10) PCAN USB driver sets wrong timestamp in SKB, from Oliver Hartkopp.
11) Make sure the RX ifindex always has a valid value in the CAN BCM
driver, even if we haven't received a frame yet. Fix also from
Oliver Hartkopp."
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
team: fix hw_features setup
atm: forever loop loading ambassador firmware
vhost: fix length for cross region descriptor
irda: irttp: fix memory leak in irttp_open_tsap() error path
net: qmi_wwan: add Huawei E173
net/mlx4_en: Can set maxrate only for TC0
sctp: Error in calculation of RTTvar
sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall
sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails
net: ipmr: limit MRT_TABLE identifiers
ipv4: avoid passing NULL to inet_putpeer() in icmpv4_xrlim_allow()
can: bcm: initialize ifindex for timeouts without previous frame reception
can: peak_usb: fix hwtstamp assignment
netfilter: ipset: fix netiface set name overflow
openvswitch: Store flow key len if ARP opcode is not request or reply.
openvswitch: Print device when warning about over MTU packets.
Al Viro [Thu, 20 Sep 2012 20:38:34 +0000 (16:38 -0400)]
sh64: fix altstack switching on sigreturn
incidentally, declaring a local variable as __user (!) to make
sparse STFU is really sick. Especially since sparse had been
100% right - it *is* a bug.
Dan Carpenter [Tue, 27 Nov 2012 07:29:35 +0000 (07:29 +0000)]
atm: forever loop loading ambassador firmware
There was a forever loop introduced here when we converted this to
request_firmware() back in 2008.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
If a single descriptor crosses a region, the
second chunk length should be decremented
by size translated so far, instead it includes
the full descriptor length.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Tommi Rantala [Mon, 26 Nov 2012 04:16:44 +0000 (04:16 +0000)]
irda: irttp: fix memory leak in irttp_open_tsap() error path
Cleanup the memory we allocated earlier in irttp_open_tsap() when we hit
this error path. The leak goes back to at least 1da177e4
("Linux-2.6.12-rc2").
Discovered with Trinity (the syscall fuzzer).
Signed-off-by: Tommi Rantala <tt.rantala@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Bjørn Mork [Sun, 25 Nov 2012 06:03:59 +0000 (06:03 +0000)]
net: qmi_wwan: add Huawei E173
The Huawei E173 is a QMI/wwan device which normally appear
as 12d1:1436 in Linux. The descriptors displayed in that
mode will be picked up by cdc_ether. But the modem has
another mode with a different device ID and a slightly
different set of descriptors. This is the mode used by
Windows like this:
3Modem: USB\VID_12D1&PID_140C&MI_00\6&3A1D2012&0&0000
Networkcard: USB\VID_12D1&PID_140C&MI_01\6&3A1D2012&0&0001
Appli.Inter: USB\VID_12D1&PID_140C&MI_02\6&3A1D2012&0&0002
PC UI Inter: USB\VID_12D1&PID_140C&MI_03\6&3A1D2012&0&0003
Reported-by: Thomas Schäfer <tschaefer@t-online.de> Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net>
Schoch Christian [Wed, 28 Nov 2012 05:18:29 +0000 (05:18 +0000)]
sctp: Error in calculation of RTTvar
The calculation of RTTVAR involves the subtraction of two unsigned
numbers which
may causes rollover and results in very high values of RTTVAR when RTT > SRTT.
With this patch it is possible to set RTOmin = 1 to get the minimum of RTO at
4 times the clock granularity.
Change Notes:
v2)
*Replaced abs() by abs64() and long by __s64, changed patch
description.
Signed-off-by: Christian Schoch <e0326715@student.tuwien.ac.at> CC: Vlad Yasevich <vyasevich@gmail.com> CC: Sridhar Samudrala <sri@us.ibm.com> CC: Neil Horman <nhorman@tuxdriver.com> CC: linux-sctp@vger.kernel.org Acked-by: Vlad Yasevich <vyasevich@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Noticed while running Trinity (the syscall fuzzer).
Signed-off-by: Tommi Rantala <tt.rantala@gmail.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Tommi Rantala [Tue, 27 Nov 2012 04:01:46 +0000 (04:01 +0000)]
sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails
Trinity (the syscall fuzzer) discovered a memory leak in SCTP,
reproducible e.g. with the sendto() syscall by passing invalid
user space pointer in the second argument:
Will Deacon [Fri, 23 Nov 2012 17:55:30 +0000 (18:55 +0100)]
ARM: 7586/1: sp804: set cpumask to cpu_possible_mask for clock event device
The SP804 driver statically initialises the cpumask of the clock event
device to be cpu_all_mask, which is derived from the compile-time
constant NR_CPUS. This breaks SMP_ON_UP systems where the interrupt
controller handling the sp804 doesn't have the irq_set_affinity callback
on the irq_chip, because the common timer code fails to identify the
device as cpu-local and ends up treating it as a broadcast device
instead.
This patch fixes the problem by using cpu_possible_mask at runtime,
which will correctly represent the possible CPUs when SMP_ON_UP is being
used.
Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Jerome Glisse [Tue, 27 Nov 2012 21:12:29 +0000 (16:12 -0500)]
radeon: fix pll/ctrc mapping on dce2 and dce3 hardware
This fix black screen on resume issue that some people are
experiencing. There is a bug in the atombios code regarding
pll/crtc mapping. The atombios code reverse the logic for
the pll and crtc mapping.
agd5f: drop unnecessary crtc id check, cc stable in case
we miss 3.7.
This fixes the root cause that was worked around by commits:
drm/radeon: allocate PPLLs from low to high
drm/radeon/dce3: switch back to old pll allocation order for discrete
Signed-off-by: Jerome Glisse <jglisse@redhat.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org
Linus Torvalds [Tue, 27 Nov 2012 20:27:37 +0000 (12:27 -0800)]
Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
"For some media fixes:
- dvb_usb_v2: some fixes at the core
- Some fixes on some embedded drivers: soc_camera, adv7604, omap3isp,
exynos/s5p
- Several Exynos4/5 camera fixes
- a fix at stv0900 driver
- a few USB ID additions to detect more variants of rtl28xxu-based
sticks"
* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (25 commits)
[media] rtl28xxu: 0ccd:00d7 TerraTec Cinergy T Stick+
[media] rtl28xxu: 1d19:1102 Dexatek DK mini DVB-T Dongle
[media] mt9v022: fix the V4L2_CID_EXPOSURE control
[media] mx2_camera: fix missing unlock on error in mx2_start_streaming()
[media] media: omap1_camera: fix const cropping related warnings
[media] media: mx1_camera: use the default .set_crop() implementation
[media] media: mx2_camera: fix const cropping related warnings
[media] media: mx3_camera: fix const cropping related warnings
[media] media: pxa_camera: fix const cropping related warnings
[media] media: sh_mobile_ceu_camera: fix const cropping related warnings
[media] media: sh_vou: fix const cropping related warnings
[media] adv7604: restart STDI once if format is not found
[media] adv7604: use presets where possible
[media] adv7604: Replace prim_mode by mode
[media] adv7604: cleanup references
[media] dvb_usb_v2: switch interruptible mutex to normal
[media] dvb_usb_v2: fix pid_filter callback error logging
[media] exynos-gsc: change driver compatible string
[media] omap3isp: Fix warning caused by bad subdev events operations prototypes
[media] omap3isp: video: Fix warning caused by bad vidioc_s_crop prototype
...
Jeff Layton [Mon, 26 Nov 2012 14:48:41 +0000 (09:48 -0500)]
cifs: fix writeback race with file that is growing
Commit eddb079deb4 created a regression in the writepages codepath.
Previously, whenever it needed to check the size of the file, it did so
by consulting the inode->i_size field directly. With that patch, the
i_size was fetched once on entry into the writepages code and that value
was used henceforth.
If the file is changing size though (for instance, if someone is writing
to it or has truncated it), then that value is likely to be wrong. This
can lead to data corruption. Pages past the EOF at the time that the
writepages call was issued may be silently dropped and ignored because
cifs_writepages wrongly assumes that the file must have been truncated
in the interim.
Fix cifs_writepages to properly fetch the size from the inode->i_size
field instead to properly account for this possibility.
Original bug report is here:
https://bugzilla.kernel.org/show_bug.cgi?id=50991
Reported-and-Tested-by: Maxim Britov <ungifted01@gmail.com> Reviewed-by: Suresh Jayaraman <sjayaraman@suse.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <smfrench@gmail.com>
H. Peter Anvin [Tue, 27 Nov 2012 16:54:36 +0000 (08:54 -0800)]
x86-32: Unbreak booting on some 486 clones
There appear to have been some 486 clones, including the "enhanced"
version of Am486, which have CPUID but not CR4. These 486 clones had
only the FPU flag, if any, unlike the Intel 486s with CPUID, which
also had VME and therefore needed CR4.
Therefore, look at the basic CPUID flags and require at least one bit
other than bit 0 before we modify CR4.
Thanks to Christian Ludloff of sandpile.org for confirming this as a
problem.
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Dave Airlie [Tue, 27 Nov 2012 04:40:13 +0000 (14:40 +1000)]
Merge branch 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel
Daniel writes:
- Unbreak mbp retina, this time with a much more fine-grained approach
(since the previous "completely ignore edp vbt bpp value" regressed some
machines even after fixing a bug in our dp bw code).
- Disable cloning on sdvo. It just doesn't work (yeah took us a while to
figure out), leading to jittery outputs in the best case.
- Revert rc6 for ilk again. It seems to help a few of the gpu hang
reporters at least, and it's definitely the best we've got.
Head-against-the-wall-banging is still ongoing for what really breaks
(and how we can reproduce the non-rc6 hangs and how to reproduce on
gen4).
* 'drm-intel-fixes' of git://people.freedesktop.org/~danvet/drm-intel:
Revert "drm/i915: enable rc6 on ilk again"
drm/i915: do not default to 18 bpp for eDP if missing from VBT
drm/i915: disable cloning on sdvo
Linus Torvalds [Tue, 27 Nov 2012 02:33:33 +0000 (18:33 -0800)]
Merge branch 'akpm' (Fixes from Andrew)
Merge misc fixes from Andrew Morton:
"8 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (8 patches)
futex: avoid wake_futex() for a PI futex_q
watchdog: using u64 in get_sample_period()
writeback: put unused inodes to LRU after writeback completion
mm: vmscan: check for fatal signals iff the process was throttled
Revert "mm: remove __GFP_NO_KSWAPD"
proc: check vma->vm_file before dereferencing
UAPI: strip the _UAPI prefix from header guards during header installation
include/linux/bug.h: fix sparse warning related to BUILD_BUG_ON_INVALID
Linus Torvalds [Tue, 27 Nov 2012 01:46:36 +0000 (17:46 -0800)]
Merge tag 'tty-3.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull TTY fix from Greg Kroah-Hartman:
"Here is a single fix for a reported regression in 3.7-rc5 for the tty
layer. This fix has been in the linux-next tree and solves the
reported problem.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>"
* tag 'tty-3.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
tty vt: Fix a regression in command line edition
Linus Torvalds [Tue, 27 Nov 2012 01:45:16 +0000 (17:45 -0800)]
Merge tag 'mfd-for-linus-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6
Pull MFD fixes from Samuel Ortiz:
- A twl fix preventing a buffer overflow.
- A wm5102 register patch fix.
- A wm5110 error misreport fix.
- Arizona fixes: Use the right array size when adding subdevices,
correctly report underclocked events, synchronize register cache
after reset.
- A twl4030 fix for preventing the system to hang from an interrupt
flood.
* tag 'mfd-for-linus-3.7' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6:
mfd: twl4030: Fix chained irq handling on resume from suspend
mfd: arizona: Sync regcache after reset
mfd: arizona: Correctly report when AIF2/AIF1 is underclocked
mfd: arizona: Use correct array for ARRAY_SIZE in mfd_add_devices call
mfd: wm5110: Disable control interface error report for WM5110 rev B
mfd: wm5102: Update register patch for latest evaluation
mfd: twl-core: Fix chip ID for the twl6030-pwm module
Linus Torvalds [Tue, 27 Nov 2012 01:43:10 +0000 (17:43 -0800)]
Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM fixes from Russell King:
"Not much here, just a couple minor/cosmetic fixes and a patch for the
decompressor which fixes problems with modern GCC and CPUs."
* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
ARM: 7583/1: decompressor: Enable unaligned memory access for v6 and above
ARM: 7572/1: proc-v6.S: fix comment
ARM: 7570/1: quiet down the non make -s output
Linus Torvalds [Tue, 27 Nov 2012 01:42:07 +0000 (17:42 -0800)]
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull ext3 regression fix from Jan Kara:
"Fix an ext3 regression introduced during 3.7 merge window. It leads
to deadlock if you stress the filesystem in the right way (luckily
only if blocksize < pagesize)."
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
jbd: Fix lock ordering bug in journal_unmap_buffer()
Darren Hart [Tue, 27 Nov 2012 00:29:56 +0000 (16:29 -0800)]
futex: avoid wake_futex() for a PI futex_q
Dave Jones reported a bug with futex_lock_pi() that his trinity test
exposed. Sometime between queue_me() and taking the q.lock_ptr, the
lock_ptr became NULL, resulting in a crash.
While futex_wake() is careful to not call wake_futex() on futex_q's with
a pi_state or an rt_waiter (which are either waiting for a
futex_unlock_pi() or a PI futex_requeue()), futex_wake_op() and
futex_requeue() do not perform the same test.
Update futex_wake_op() and futex_requeue() to test for q.pi_state and
q.rt_waiter and abort with -EINVAL if detected. To ensure any future
breakage is caught, add a WARN() to wake_futex() if the same condition
is true.
This fix has seen 3 hours of testing with "trinity -c futex" on an
x86_64 VM with 4 CPUS.
[akpm@linux-foundation.org: tidy up the WARN()] Signed-off-by: Darren Hart <dvhart@linux.intel.com> Reported-by: Dave Jones <davej@redat.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: John Kacur <jkacur@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jan Kara [Tue, 27 Nov 2012 00:29:51 +0000 (16:29 -0800)]
writeback: put unused inodes to LRU after writeback completion
Commit 169ebd90131b ("writeback: Avoid iput() from flusher thread")
removed iget-iput pair from inode writeback. As a side effect, inodes
that are dirty during iput_final() call won't be ever added to inode LRU
(iput_final() doesn't add dirty inodes to LRU and later when the inode
is cleaned there's noone to add the inode there). Thus inodes are
effectively unreclaimable until someone looks them up again.
The practical effect of this bug is limited by the fact that inodes are
pinned by a dentry for long enough that the inode gets cleaned. But
still the bug can have nasty consequences leading up to OOM conditions
under certain circumstances. Following can easily reproduce the
problem:
for (( i = 0; i < 1000; i++ )); do
mkdir $i
for (( j = 0; j < 1000; j++ )); do
touch $i/$j
echo 2 > /proc/sys/vm/drop_caches
done
done
then one needs to run 'sync; ls -lR' to make inodes reclaimable again.
We fix the issue by inserting unused clean inodes into the LRU after
writeback finishes in inode_sync_complete().
Signed-off-by: Jan Kara <jack@suse.cz> Reported-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Cc: Wu Fengguang <fengguang.wu@intel.com> Cc: Dave Chinner <david@fromorbit.com> Cc: <stable@vger.kernel.org> [3.5+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Tue, 27 Nov 2012 00:29:48 +0000 (16:29 -0800)]
mm: vmscan: check for fatal signals iff the process was throttled
Commit 5515061d22f0 ("mm: throttle direct reclaimers if PF_MEMALLOC
reserves are low and swap is backed by network storage") introduced a
check for fatal signals after a process gets throttled for network
storage. The intention was that if a process was throttled and got
killed that it should not trigger the OOM killer. As pointed out by
Minchan Kim and David Rientjes, this check is in the wrong place and too
broad. If a system is in am OOM situation and a process is exiting, it
can loop in __alloc_pages_slowpath() and calling direct reclaim in a
loop. As the fatal signal is pending it returns 1 as if it is making
forward progress and can effectively deadlock.
This patch moves the fatal_signal_pending() check after throttling to
throttle_direct_reclaim() where it belongs. If the process is killed
while throttled, it will return immediately without direct reclaim
except now it will have TIF_MEMDIE set and will use the PFMEMALLOC
reserves.
Minchan pointed out that it may be better to direct reclaim before
returning to avoid using the reserves because there may be pages that
can easily reclaim that would avoid using the reserves. However, we do
no such targetted reclaim and there is no guarantee that suitable pages
are available. As it is expected that this throttling happens when
swap-over-NFS is used there is a possibility that the process will
instead swap which may allocate network buffers from the PFMEMALLOC
reserves. Hence, in the swap-over-nfs case where a process can be
throtted and be killed it can use the reserves to exit or it can
potentially use reserves to swap a few pages and then exit. This patch
takes the option of using the reserves if necessary to allow the process
exit quickly.
If this patch passes review it should be considered a -stable candidate
for 3.6.
Signed-off-by: Mel Gorman <mgorman@suse.de> Cc: David Rientjes <rientjes@google.com> Cc: Luigi Semenzato <semenzato@google.com> Cc: Dan Magenheimer <dan.magenheimer@oracle.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Sonny Rao <sonnyrao@google.com> Cc: Minchan Kim <minchan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Tue, 27 Nov 2012 00:29:45 +0000 (16:29 -0800)]
Revert "mm: remove __GFP_NO_KSWAPD"
With "mm: vmscan: scale number of pages reclaimed by reclaim/compaction
based on failures" reverted, Zdenek Kabelac reported the following
Hmm, so it's just took longer to hit the problem and observe
kswapd0 spinning on my CPU again - it's not as endless like before -
but still it easily eats minutes - it helps to turn off Firefox
or TB (memory hungry apps) so kswapd0 stops soon - and restart
those apps again. (And I still have like >1GB of cached memory)
The sysrq+m indicates the system has no swap so it'll never reclaim
anonymous pages as part of reclaim/compaction. That is one part of the
problem but not the root cause as file-backed pages could also be
reclaimed.
The likely underlying problem is that kswapd is woken up or kept awake
for each THP allocation request in the page allocator slow path.
If compaction fails for the requesting process then compaction will be
deferred for a time and direct reclaim is avoided. However, if there
are a storm of THP requests that are simply rejected, it will still be
the the case that kswapd is awake for a prolonged period of time as
pgdat->kswapd_max_order is updated each time. This is noticed by the
main kswapd() loop and it will not call kswapd_try_to_sleep(). Instead
it will loopp, shrinking a small number of pages and calling
shrink_slab() on each iteration.
The temptation is to supply a patch that checks if kswapd was woken for
THP and if so ignore pgdat->kswapd_max_order but it'll be a hack and not
backed up by proper testing. As 3.7 is very close to release and this
is not a bug we should release with, a safer path is to revert "mm:
remove __GFP_NO_KSWAPD" for now and revisit it with the view to ironing
out the balance_pgdat() logic in general.
Commit 7b540d0646ce ("proc_map_files_readdir(): don't bother with
grabbing files") switched proc_map_files_readdir() to use @f_mode
directly instead of grabbing @file reference, but same time the test for
@vm_file presence was lost leading to nil dereference. The patch brings
the test back.
The all proc_map_files feature is CONFIG_CHECKPOINT_RESTORE wrapped
(which is set to 'n' by default) so the bug doesn't affect regular
kernels.
The regression is 3.7-rc1 only as far as I can tell.
[gorcunov@openvz.org: provided changelog] Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Acked-by: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells [Tue, 27 Nov 2012 00:29:39 +0000 (16:29 -0800)]
UAPI: strip the _UAPI prefix from header guards during header installation
Strip the _UAPI prefix from header guards during header installation so
that any userspace dependencies aren't affected. glibc, for example,
checks for linux/types.h, linux/kernel.h, linux/compiler.h and
linux/list.h by their guards - though the last two aren't actually
exported.
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -Wall -Werror -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fno-delete-null-pointer-checks -fstack-protector -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -c child.c -fPIC -DPIC -o .libs/child.o
In file included from cli.c:20:0:
common.h:152:8: error: redefinition of 'struct sysinfo'
In file included from /usr/include/linux/kernel.h:4:0,
from /usr/include/linux/sysctl.h:25,
from /usr/include/sys/sysctl.h:43,
from common.h:50,
from cli.c:20:
/usr/include/linux/sysinfo.h:7:8: note: originally defined here
Reported-by: Tomasz Torcz <tomek@pipebreaker.pl> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Josh Boyer <jwboyer@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Tushar Behera [Tue, 27 Nov 2012 00:29:38 +0000 (16:29 -0800)]
include/linux/bug.h: fix sparse warning related to BUILD_BUG_ON_INVALID
Commit baf05aa9271b ("bug: introduce BUILD_BUG_ON_INVALID() macro")
introduces this macro only when _CHECKER_ is not defined. Define a
silent macro in the else condition to fix following sparse warning:
mm/filemap.c:395:9: error: undefined identifier 'BUILD_BUG_ON_INVALID'
mm/filemap.c:396:9: error: undefined identifier 'BUILD_BUG_ON_INVALID'
mm/filemap.c:397:9: error: undefined identifier 'BUILD_BUG_ON_INVALID'
include/linux/mm.h:419:9: error: undefined identifier 'BUILD_BUG_ON_INVALID'
include/linux/mm.h:419:9: error: not a function <noident>
Signed-off-by: Tushar Behera <tushar.behera@linaro.org> Acked-by: Konstantin Khlebnikov <khlebnikov@openvz.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In __emulate_1op_rax_rdx, we use "+a" and "+d" which are input/output
constraints, and *then* use "a" and "d" as input constraints. This is
incorrect, but happens to work on some versions of gcc.
However, it breaks gcc with -O0 and icc, and may break on future
versions of gcc.
Mark Salter [Mon, 26 Nov 2012 23:14:00 +0000 (18:14 -0500)]
c6x: fix misleading comment
A comment in entry.S incorrectly stated that interrupt vectors
called __do_IRQ() and that int6 vector was used for syscalls.
Both statements are incorrect for the current kernel, so this
patch cleans up the wording to reflect current reality.
Mark Salter [Mon, 26 Nov 2012 23:06:13 +0000 (18:06 -0500)]
c6x: run do_notify_resume with interrupts enabled
C6x was mistakenly running do_notify_resume with interrupts disabled.
This would triggerlead to a warning in local_bh_enable() because interrupts
were disabled:
------------[ cut here ]------------
WARNING: at /es/linux/linux-next/kernel/softirq.c:160 local_bh_enable+0x5c/0x10c()
Modules linked in:
Oliver Hartkopp [Mon, 26 Nov 2012 21:24:23 +0000 (22:24 +0100)]
can: bcm: initialize ifindex for timeouts without previous frame reception
Set in the rx_ifindex to pass the correct interface index in the case of a
message timeout detection. Usually the rx_ifindex value is set at receive
time. But when no CAN frame has been received the RX_TIMEOUT notification
did not contain a valid value.
Cc: linux-stable <stable@vger.kernel.org> Reported-by: Andre Naujoks <nautsch2@googlemail.com> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Oliver Hartkopp [Wed, 21 Nov 2012 21:43:59 +0000 (22:43 +0100)]
can: peak_usb: fix hwtstamp assignment
The skb->tstamp is set to the hardware timestamp when available in the USB
urb message. This leads to user visible timestamps which contain the 'uptime'
of the USB adapter - and not the usual system generated timestamp.
Fix this wrong assignment by applying the available hardware timestamp to the
skb_shared_hwtstamps data structure - which is intended for this purpose.
Cc: linux-stable <stable@vger.kernel.org> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>