25 Nov, 2015
4 commits
-
If a user key gets negatively instantiated, an error code is cached in the
payload area. A negatively instantiated key may be then be positively
instantiated by updating it with valid data. However, the ->update key
type method must be aware that the error code may be there.The following may be used to trigger the bug in the user key type:
keyctl request2 user user "" @u
keyctl add user user "a" @uwhich manifests itself as:
BUG: unable to handle kernel paging request at 00000000ffffff8a
IP: [] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
PGD 7cc30067 PUD 0
Oops: 0002 [#1] SMP
Modules linked in:
CPU: 3 PID: 2644 Comm: a.out Not tainted 4.3.0+ #49
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88003ddea700 ti: ffff88003dd88000 task.ti: ffff88003dd88000
RIP: 0010:[] [] __call_rcu.constprop.76+0x1f/0x280
[] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
RSP: 0018:ffff88003dd8bdb0 EFLAGS: 00010246
RAX: 00000000ffffff82 RBX: 0000000000000000 RCX: 0000000000000001
RDX: ffffffff81e3fe40 RSI: 0000000000000000 RDI: 00000000ffffff82
RBP: ffff88003dd8bde0 R08: ffff88007d2d2da0 R09: 0000000000000000
R10: 0000000000000000 R11: ffff88003e8073c0 R12: 00000000ffffff82
R13: ffff88003dd8be68 R14: ffff88007d027600 R15: ffff88003ddea700
FS: 0000000000b92880(0063) GS:ffff88007fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000ffffff8a CR3: 000000007cc5f000 CR4: 00000000000006e0
Stack:
ffff88003dd8bdf0 ffffffff81160a8a 0000000000000000 00000000ffffff82
ffff88003dd8be68 ffff88007d027600 ffff88003dd8bdf0 ffffffff810a39e5
ffff88003dd8be20 ffffffff812a31ab ffff88007d027600 ffff88007d027620
Call Trace:
[] kfree_call_rcu+0x15/0x20 kernel/rcu/tree.c:3136
[] user_update+0x8b/0xb0 security/keys/user_defined.c:129
[< inline >] __key_update security/keys/key.c:730
[] key_create_or_update+0x291/0x440 security/keys/key.c:908
[< inline >] SYSC_add_key security/keys/keyctl.c:125
[] SyS_add_key+0x101/0x1e0 security/keys/keyctl.c:60
[] entry_SYSCALL_64_fastpath+0x12/0x6a arch/x86/entry/entry_64.S:185Note the error code (-ENOKEY) in EDX.
A similar bug can be tripped by:
keyctl request2 trusted user "" @u
keyctl add trusted user "a" @uThis should also affect encrypted keys - but that has to be correctly
parameterised or it will fail with EINVAL before getting to the bit that
will crashes.Reported-by: Dmitry Vyukov
Signed-off-by: David Howells
Acked-by: Mimi Zohar
Signed-off-by: James Morris -
Pull device mapper fixes from Mike Snitzer:
"Two fixes for 4.4-rc1's DM ioctl changes that introduced the potential
for infinite recursion on ioctl (with DM multipath).And four stable fixes:
- A DM thin-provisioning fix to restore 'error_if_no_space' setting
when a thin-pool is made writable again (after having been out of
space).- A DM thin-provisioning fix to properly advertise discard support
for thin volumes that are stacked on a thin-pool whose underlying
data device doesn't support discards.- A DM ioctl fix to allow ctrl-c to break out of an ioctl retry loop
when DM multipath is configured to 'queue_if_no_path'.- A DM crypt fix for a possible hang on dm-crypt device removal"
* tag 'dm-4.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm thin: fix regression in advertised discard limits
dm crypt: fix a possible hang due to race condition on exit
dm mpath: fix infinite recursion in ioctl when no paths and !queue_if_no_path
dm: do not reuse dm_blk_ioctl block_device input as local variable
dm: fix ioctl retry termination with signal
dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition -
I got a crash during a "perf top" session that was caused by a race in
__task_pid_nr_ns() :pid_nr_ns() was inlined, but apparently compiler chose to read
task->pids[type].pid twice, and the pid->level dereference crashed
because we got a NULL pointer at the second read :if (pid && ns->level level) { // CRASH
Just use RCU API properly to solve this race, and not worry about "perf
top" crashing hosts :(get_task_pid() can benefit from same fix.
Signed-off-by: Eric Dumazet
Signed-off-by: Linus Torvalds -
Pull block layer fixes from Jens Axboe:
"A round of fixes/updates for the current series.This looks a little bigger than it is, but that's mainly because we
pushed the lightnvm enabled null_blk change out of the merge window so
it could be updated a bit. The rest of the volume is also mostly
lightnvm. In particular:- Lightnvm. Various fixes, additions, updates from Matias and
Javier, as well as from Wenwei Tao.- NVMe:
- Fix for potential arithmetic overflow from Keith.
- Also from Keith, ensure that we reap pending completions from
a completion queue before deleting it. Fixes kernel crashes
when resetting a device with IO pending.
- Various little lightnvm related tweaks from Matias.- Fixup flushes to go through the IO scheduler, for the cases where a
flush is not required. Fixes a case in CFQ where we would be
idling and not see this request, hence not break the idling. From
Jan Kara.- Use list_{first,prev,next} in elevator.c for cleaner code. From
Gelian Tang.- Fix for a warning trigger on btrfs and raid on single queue blk-mq
devices, where we would flush plug callbacks with preemption
disabled. From me.- A mac partition validation fix from Kees Cook.
- Two merge fixes from Ming, marked stable. A third part is adding a
new warning so we'll notice this quicker in the future, if we screw
up the accounting.- Cleanup of thread name/creation in mtip32xx from Rasmus Villemoes"
* 'for-linus' of git://git.kernel.dk/linux-block: (32 commits)
blk-merge: warn if figured out segment number is bigger than nr_phys_segments
blk-merge: fix blk_bio_segment_split
block: fix segment split
blk-mq: fix calling unplug callbacks with preempt disabled
mac: validate mac_partition is within sector
mtip32xx: use formatting capability of kthread_create_on_node
NVMe: reap completion entries when deleting queue
lightnvm: add free and bad lun info to show luns
lightnvm: keep track of block counts
nvme: lightnvm: use admin queues for admin cmds
lightnvm: missing free on init error
lightnvm: wrong return value and redundant free
null_blk: do not del gendisk with lightnvm
null_blk: use device addressing mode
null_blk: use ppa_cache pool
NVMe: Fix possible arithmetic overflow for max segments
blk-flush: Queue through IO scheduler when flush not required
null_blk: register as a LightNVM device
elevator: use list_{first,prev,next}_entry
lightnvm: cleanup queue before target removal
...
24 Nov, 2015
5 commits
-
We had seen lots of reports of this kind issue, so add one
warnning in blk-merge, then it can be triggered easily and
avoid to depend on warning/bug from drivers.Signed-off-by: Ming Lei
Signed-off-by: Jens Axboe -
Commit bdced438acd83a(block: setup bi_phys_segments after
splitting) introduces function of computing bio->bi_phys_segments
during bio splitting.Unfortunately both bio->bi_seg_front_size and bio->bi_seg_back_size
arn't computed, so too many physical segments may be obtained
for one request since both the two are used to check if one segment
across two bios can be possible.This patch fixes the issue by computing the two variables in
blk_bio_segment_split().Fixes: bdced438acd83a(block: setup bi_phys_segments after splitting)
Reported-by: Michael Ellerman
Reported-by: Mark Salter
Tested-by: Laurent Dufour
Tested-by: Mark Salter
Signed-off-by: Ming Lei
Signed-off-by: Jens Axboe -
Inside blk_bio_segment_split(), previous bvec pointer(bvprvp)
always points to the iterator local variable, which is obviously
wrong, so fix it by pointing to the local variable of 'bvprv'.Fixes: 5014c311baa2b(block: fix bogus compiler warnings in blk-merge.c)
Cc: stable@kernel.org #4.3
Reported-by: Michael Ellerman
Reported-by: Mark Salter
Tested-by: Laurent Dufour
Tested-by: Mark Salter
Signed-off-by: Ming Lei
Signed-off-by: Jens Axboe -
…/git/shuah/linux-kselftest
Pull kselftest fixes from Shuah Khan:
"This update consists of one minor documentation fix and a fix to an
existing test"* tag 'linux-kselftest-4.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
selftests/seccomp: Get page size from sysconf
tools:testing/selftests: fix typo in futex/README -
When establishing a thin device's discard limits we cannot rely on the
underlying thin-pool device's discard capabilities (which are inherited
from the thin-pool's underlying data device) given that DM thin devices
must provide discard support even when the thin-pool's underlying data
device doesn't support discards.Users were exposed to this thin device discard limits regression if
their thin-pool's underlying data device does _not_ support discards.
This regression caused all upper-layers that called the
blkdev_issue_discard() interface to not be able to issue discards to
thin devices (because discard_granularity was 0). This regression
wasn't caught earlier because the device-mapper-test-suite's extensive
'thin-provisioning' discard tests are only ever performed against
thin-pool's with data devices that support discards.Fix is to have thin_io_hints() test the pool's 'discard_enabled' feature
rather than inferring whether or not a thin device's discard support
should be enabled by looking at the thin-pool's discard_granularity.Fixes: 216076705 ("dm thin: disable discard support for thin devices if pool's is disabled")
Reported-by: Mike Gerber
Signed-off-by: Mike Snitzer
Cc: stable@vger.kernel.org # 4.1+
23 Nov, 2015
14 commits
-
Merge slub bulk allocator updates from Andrew Morton:
"This missed the merge window because I was waiting for some repairs to
come in. Nothing actually uses the bulk allocator yet and the changes
to other code paths are pretty small. And the net guys are waiting
for this so they can start merging the client code"More comments from Jesper Dangaard Brouer:
"The kmem_cache_alloc_bulk() call, in mm/slub.c, were included in
previous kernel. The present version contains a bug. Vladimir
Davydov noticed it contained a bug, when kernel is compiled with
CONFIG_MEMCG_KMEM (see commit 03ec0ed57ffc: "slub: fix kmem cgroup
bug in kmem_cache_alloc_bulk"). Plus the mem cgroup counterpart in
kmem_cache_free_bulk() were missing (see commit 033745189b1b "slub:
add missing kmem cgroup support to kmem_cache_free_bulk").I don't consider the fix stable-material because there are no in-tree
users of the API.But with known bugs (for memcg) I cannot start using the API in the
net-tree"* emailed patches from Andrew Morton :
slab/slub: adjust kmem_cache_alloc_bulk API
slub: add missing kmem cgroup support to kmem_cache_free_bulk
slub: fix kmem cgroup bug in kmem_cache_alloc_bulk
slub: optimize bulk slowpath free by detached freelist
slub: support for bulk free with SLUB freelists -
Pull tty/serial fixes from Greg KH:
"Here are a few small tty/serial driver fixes for 4.4-rc2 that resolve
some reported problems.All have been in linux-next, full details are in the shortlog below"
* tag 'tty-4.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
serial: export fsl8250_handle_irq
serial: 8250_mid: Add missing dependency
tty: audit: Fix audit source
serial: etraxfs-uart: Fix crash
serial: fsl_lpuart: Fix earlycon support
bcm63xx_uart: Use the device name when registering an interrupt
tty: Fix direct use of tty buffer work
tty: Fix tty_send_xchar() lock order inversion -
Pull staging/IIO fixes from Greg KH:
"Here are some staging and iio driver fixes for 4.4-rc2. All of these
are in response to issues that have been reported and have been in
linux-next for a while"* tag 'staging-4.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
Revert "Staging: wilc1000: coreconfigurator: Drop unneeded wrapper functions"
iio: adc: xilinx: Fix VREFN scale
iio: si7020: Swap data byte order
iio: adc: vf610_adc: Fix division by zero error
iio:ad7793: Fix ad7785 product ID
iio: ad5064: Fix ad5629/ad5669 shift
iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success
iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock
staging: iio: select IRQ_WORK for IIO_DUMMY_EVGEN
vf610_adc: Fix internal temperature calculation -
Pull USB fixes from Greg KH:
"Here are a number of USB fixes and new device ids for 4.4-rc2. All
have been in linux-next and the details are in the shortlog"* tag 'usb-4.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (28 commits)
usblp: do not set TASK_INTERRUPTIBLE before lock
USB: MAINTAINERS: cxacru
usb: kconfig: fix warning of select USB_OTG
USB: option: add XS Stick W100-2 from 4G Systems
xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices
usb: xhci: fix checking ep busy for CFC
xhci: Workaround to get Intel xHCI reset working more reliably
usb: chipidea: imx: fix a possible NULL dereference
usb: chipidea: usbmisc_imx: fix a possible NULL dereference
usb: chipidea: otg: gadget module load and unload support
usb: chipidea: debug: disable usb irq while role switch
ARM: dts: imx27.dtsi: change the clock information for usb
usb: chipidea: imx: refine clock operations to adapt for all platforms
usb: gadget: atmel_usba_udc: Expose correct device speed
usb: musb: enable usb_dma parameter
usb: phy: phy-mxs-usb: fix a possible NULL dereference
usb: dwc3: gadget: let us set lower max_speed
usb: musb: fix tx fifo flush handling
usb: gadget: f_loopback: fix the warning during the enumeration
usb: dwc2: host: Fix remote wakeup when not in DWC2_L2
... -
Pull MIPS fixes from Ralf Baechle:
- Fix a flood of annoying build warnings
- A number of fixes for Atheros 79xx platforms
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: ath79: Add a machine entry for booting OF machines
MIPS: ath79: Fix the size of the MISC INTC registers in ar9132.dtsi
MIPS: ath79: Fix the DDR control initialization on ar71xx and ar934x
MIPS: Fix flood of warnings about comparsion being always true. -
Pull parisc update from Helge Deller:
"This patchset adds Huge Page and HUGETLBFS support for parisc"Honestly, the hugepage support should have gone through in the merge
window, and is not really an rc-time fix. But it only touches
arch/parisc, and I cannot find it in myself to care. If one of the
three parisc users notices a breakage, I will point at Helge and make
rude farting noises.* 'parisc-4.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Map kernel text and data on huge pages
parisc: Add Huge Page and HUGETLBFS support
parisc: Use long branch to do_syscall_trace_exit
parisc: Increase initial kernel mapping to 32MB on 64bit kernel
parisc: Initialize the fault vector earlier in the boot process.
parisc: Add defines for Huge page support
parisc: Drop unused MADV_xxxK_PAGES flags from asm/mman.h
parisc: Drop definition of start_thread_som for HP-UX SOM binaries
parisc: Fix wrong comment regarding first pmd entry flags -
Pull perf tool fixes from Thomas Gleixner:
"A couple of fixes for perf tools:- Build system updates
- Plug a memory leak in an error path of perf probe
- Tear down probes correctly when adding fails
- Fixes to the perf symbol handling
- Fix ordering of event processing in buildid-list
- Fix per DSO filtering in the histogram browser"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf probe: Clear probe_trace_event when add_probe_trace_event() fails
perf probe: Fix memory leaking on failure by clearing all probe_trace_events
perf inject: Also re-pipe lost_samples event
perf buildid-list: Requires ordered events
perf symbols: Fix dso lookup by long name and missing buildids
perf symbols: Allow forcing reading of non-root owned files by root
perf hists browser: The dso can be obtained from popup_action->ms.map->dso
perf hists browser: Fix 'd' hotkey action to filter by DSO
perf symbols: Rebuild rbtree when adjusting symbols for kcore
tools: Add a "make all" rule
tools: Actually install tmon in the install rule -
Pull x86 fixes from Thomas Gleixner:
"This update contains:- MPX updates for handling 32bit processes
- A fix for a long standing bug in 32bit signal frame handling
related to FPU/XSAVE state- Handle get_xsave_addr() correctly in KVM
- Fix SMAP check under paravirtualization
- Add a comment to the static function trace entry to avoid further
confusion about the difference to dynamic tracing"* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/cpu: Fix SMAP check in PVOPS environments
x86/ftrace: Add comment on static function tracing
x86/fpu: Fix get_xsave_addr() behavior under virtualization
x86/fpu: Fix 32-bit signal frame handling
x86/mpx: Fix 32-bit address space calculation
x86/mpx: Do proper get_user() when running 32-bit binaries on 64-bit kernels -
Adjust kmem_cache_alloc_bulk API before we have any real users.
Adjust API to return type 'int' instead of previously type 'bool'. This
is done to allow future extension of the bulk alloc API.A future extension could be to allow SLUB to stop at a page boundary, when
specified by a flag, and then return the number of objects.The advantage of this approach, would make it easier to make bulk alloc
run without local IRQs disabled. With an approach of cmpxchg "stealing"
the entire c->freelist or page->freelist. To avoid overshooting we would
stop processing at a slab-page boundary. Else we always end up returning
some objects at the cost of another cmpxchg.To keep compatible with future users of this API linking against an older
kernel when using the new flag, we need to return the number of allocated
objects with this API change.Signed-off-by: Jesper Dangaard Brouer
Cc: Vladimir Davydov
Acked-by: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Initial implementation missed support for kmem cgroup support in
kmem_cache_free_bulk() call, add this.If CONFIG_MEMCG_KMEM is not enabled, the compiler should be smart enough
to not add any asm code.Incoming bulk free objects can belong to different kmem cgroups, and
object free call can happen at a later point outside memcg context. Thus,
we need to keep the orig kmem_cache, to correctly verify if a memcg object
match against its "root_cache" (s->memcg_params.root_cache).Signed-off-by: Jesper Dangaard Brouer
Reviewed-by: Vladimir Davydov
Cc: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The call slab_pre_alloc_hook() interacts with kmemgc and is not allowed to
be called several times inside the bulk alloc for loop, due to the call to
memcg_kmem_get_cache().This would result in hitting the VM_BUG_ON in __memcg_kmem_get_cache.
As suggested by Vladimir Davydov, change slab_post_alloc_hook() to be able
to handle an array of objects.A subtle detail is, loop iterator "i" in slab_post_alloc_hook() must have
same type (size_t) as size argument. This helps the compiler to easier
realize that it can remove the loop, when all debug statements inside loop
evaluates to nothing. Note, this is only an issue because the kernel is
compiled with GCC option: -fno-strict-overflowIn slab_alloc_node() the compiler inlines and optimizes the invocation of
slab_post_alloc_hook(s, flags, 1, &object) by removing the loop and access
object directly.Signed-off-by: Jesper Dangaard Brouer
Reported-by: Vladimir Davydov
Suggested-by: Vladimir Davydov
Reviewed-by: Vladimir Davydov
Cc: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This change focus on improving the speed of object freeing in the
"slowpath" of kmem_cache_free_bulk.The calls slab_free (fastpath) and __slab_free (slowpath) have been
extended with support for bulk free, which amortize the overhead of
the (locked) cmpxchg_double.To use the new bulking feature, we build what I call a detached
freelist. The detached freelist takes advantage of three properties:1) the free function call owns the object that is about to be freed,
thus writing into this memory is synchronization-free.2) many freelist's can co-exist side-by-side in the same slab-page
each with a separate head pointer.3) it is the visibility of the head pointer that needs synchronization.
Given these properties, the brilliant part is that the detached
freelist can be constructed without any need for synchronization. The
freelist is constructed directly in the page objects, without any
synchronization needed. The detached freelist is allocated on the
stack of the function call kmem_cache_free_bulk. Thus, the freelist
head pointer is not visible to other CPUs.All objects in a SLUB freelist must belong to the same slab-page.
Thus, constructing the detached freelist is about matching objects
that belong to the same slab-page. The bulk free array is scanned is
a progressive manor with a limited look-ahead facility.Kmem debug support is handled in call of slab_free().
Notice kmem_cache_free_bulk no longer need to disable IRQs. This
only slowed down single free bulk with approx 3 cycles.Performance data:
Benchmarked[1] obj size 256 bytes on CPU i7-4790K @ 4.00GHzSLUB fastpath single object quick reuse: 47 cycles(tsc) 11.931 ns
To get stable and comparable numbers, the kernel have been booted with
"slab_merge" (this also improve performance for larger bulk sizes).Performance data, compared against fallback bulking:
bulk - fallback bulk - improvement with this patch
1 - 62 cycles(tsc) 15.662 ns - 49 cycles(tsc) 12.407 ns- improved 21.0%
2 - 55 cycles(tsc) 13.935 ns - 30 cycles(tsc) 7.506 ns - improved 45.5%
3 - 53 cycles(tsc) 13.341 ns - 23 cycles(tsc) 5.865 ns - improved 56.6%
4 - 52 cycles(tsc) 13.081 ns - 20 cycles(tsc) 5.048 ns - improved 61.5%
8 - 50 cycles(tsc) 12.627 ns - 18 cycles(tsc) 4.659 ns - improved 64.0%
16 - 49 cycles(tsc) 12.412 ns - 17 cycles(tsc) 4.495 ns - improved 65.3%
30 - 49 cycles(tsc) 12.484 ns - 18 cycles(tsc) 4.533 ns - improved 63.3%
32 - 50 cycles(tsc) 12.627 ns - 18 cycles(tsc) 4.707 ns - improved 64.0%
34 - 96 cycles(tsc) 24.243 ns - 23 cycles(tsc) 5.976 ns - improved 76.0%
48 - 83 cycles(tsc) 20.818 ns - 21 cycles(tsc) 5.329 ns - improved 74.7%
64 - 74 cycles(tsc) 18.700 ns - 20 cycles(tsc) 5.127 ns - improved 73.0%
128 - 90 cycles(tsc) 22.734 ns - 27 cycles(tsc) 6.833 ns - improved 70.0%
158 - 99 cycles(tsc) 24.776 ns - 30 cycles(tsc) 7.583 ns - improved 69.7%
250 - 104 cycles(tsc) 26.089 ns - 37 cycles(tsc) 9.280 ns - improved 64.4%Performance data, compared current in-kernel bulking:
bulk - curr in-kernel - improvement with this patch
1 - 46 cycles(tsc) - 49 cycles(tsc) - improved (cycles:-3) -6.5%
2 - 27 cycles(tsc) - 30 cycles(tsc) - improved (cycles:-3) -11.1%
3 - 21 cycles(tsc) - 23 cycles(tsc) - improved (cycles:-2) -9.5%
4 - 18 cycles(tsc) - 20 cycles(tsc) - improved (cycles:-2) -11.1%
8 - 17 cycles(tsc) - 18 cycles(tsc) - improved (cycles:-1) -5.9%
16 - 18 cycles(tsc) - 17 cycles(tsc) - improved (cycles: 1) 5.6%
30 - 18 cycles(tsc) - 18 cycles(tsc) - improved (cycles: 0) 0.0%
32 - 18 cycles(tsc) - 18 cycles(tsc) - improved (cycles: 0) 0.0%
34 - 78 cycles(tsc) - 23 cycles(tsc) - improved (cycles:55) 70.5%
48 - 60 cycles(tsc) - 21 cycles(tsc) - improved (cycles:39) 65.0%
64 - 49 cycles(tsc) - 20 cycles(tsc) - improved (cycles:29) 59.2%
128 - 69 cycles(tsc) - 27 cycles(tsc) - improved (cycles:42) 60.9%
158 - 79 cycles(tsc) - 30 cycles(tsc) - improved (cycles:49) 62.0%
250 - 86 cycles(tsc) - 37 cycles(tsc) - improved (cycles:49) 57.0%Performance with normal SLUB merging is significantly slower for
larger bulking. This is believed to (primarily) be an effect of not
having to share the per-CPU data-structures, as tuning per-CPU size
can achieve similar performance.bulk - slab_nomerge - normal SLUB merge
1 - 49 cycles(tsc) - 49 cycles(tsc) - merge slower with cycles:0
2 - 30 cycles(tsc) - 30 cycles(tsc) - merge slower with cycles:0
3 - 23 cycles(tsc) - 23 cycles(tsc) - merge slower with cycles:0
4 - 20 cycles(tsc) - 20 cycles(tsc) - merge slower with cycles:0
8 - 18 cycles(tsc) - 18 cycles(tsc) - merge slower with cycles:0
16 - 17 cycles(tsc) - 17 cycles(tsc) - merge slower with cycles:0
30 - 18 cycles(tsc) - 23 cycles(tsc) - merge slower with cycles:5
32 - 18 cycles(tsc) - 22 cycles(tsc) - merge slower with cycles:4
34 - 23 cycles(tsc) - 22 cycles(tsc) - merge slower with cycles:-1
48 - 21 cycles(tsc) - 22 cycles(tsc) - merge slower with cycles:1
64 - 20 cycles(tsc) - 48 cycles(tsc) - merge slower with cycles:28
128 - 27 cycles(tsc) - 57 cycles(tsc) - merge slower with cycles:30
158 - 30 cycles(tsc) - 59 cycles(tsc) - merge slower with cycles:29
250 - 37 cycles(tsc) - 56 cycles(tsc) - merge slower with cycles:19Joint work with Alexander Duyck.
[1] https://github.com/netoptimizer/prototype-kernel/blob/master/kernel/mm/slab_bulk_test01.c
[akpm@linux-foundation.org: BUG_ON -> WARN_ON;return]
Signed-off-by: Jesper Dangaard Brouer
Signed-off-by: Alexander Duyck
Acked-by: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Make it possible to free a freelist with several objects by adjusting API
of slab_free() and __slab_free() to have head, tail and an objects counter
(cnt).Tail being NULL indicate single object free of head object. This allow
compiler inline constant propagation in slab_free() and
slab_free_freelist_hook() to avoid adding any overhead in case of single
object free.This allows a freelist with several objects (all within the same
slab-page) to be free'ed using a single locked cmpxchg_double in
__slab_free() and with an unlocked cmpxchg_double in slab_free().Object debugging on the free path is also extended to handle these
freelists. When CONFIG_SLUB_DEBUG is enabled it will also detect if
objects don't belong to the same slab-page.These changes are needed for the next patch to bulk free the detached
freelists it introduces and constructs.Micro benchmarking showed no performance reduction due to this change,
when debugging is turned off (compiled with CONFIG_SLUB_DEBUG).Signed-off-by: Jesper Dangaard Brouer
Signed-off-by: Alexander Duyck
Acked-by: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
22 Nov, 2015
11 commits
-
Adjust the linker script and map_pages() to map kernel text and data on
physical 1MB huge/large pages.Signed-off-by: Helge Deller
-
This patch adds huge page support to allow userspace to allocate huge
pages and to use hugetlbfs filesystem on 32- and 64-bit Linux kernels.
A later patch will add kernel support to map kernel text and data on
huge pages.The only requirement is, that the kernel needs to be compiled for a
PA8X00 CPU (PA2.0 architecture). Older PA1.X CPUs do not support
variable page sizes. 64bit Kernels are compiled for PA2.0 by default.Technically on parisc multiple physical huge pages may be needed to
emulate standard 2MB huge pages.Signed-off-by: Helge Deller
-
Use the 22bit instead of the 17bit branch instruction on a 64bit kernel
to reach the do_syscall_trace_exit function from the gateway page.
A huge page enabled kernel may need the additional branch distance bits.Signed-off-by: Helge Deller
-
For the 64bit kernel the initially 16 MB kernel memory might become too
small if you build a kernel with many modules built-in and with kernel
text and data areas mapped on huge pages.This patch increases the initial mapping to 32MB for 64bit kernels and
keeps 16MB for 32bit kernels.Signed-off-by: Helge Deller
-
A fault vector on parisc needs to be 2K aligned. Furthermore the
checksum of the fault vector needs to sum up to 0 which is being
calculated and written at runtime.Up to now we aligned both PA20 and PA11 fault vectors on the same 4K
page in order to easily write the checksum after having mapped the
kernel read-only (by mapping this page only as read-write).
But when we want to map the kernel text and data on huge pages this
makes things harder.
So, simplify it by aligning both fault vectors on 2K boundries and write
the checksum before we map the page read-only.Signed-off-by: Helge Deller
-
Huge pages on parisc will have the same size as one pmd table, which
is on a 64bit kernel 2MB on a kernel with 4K kernel page sizes, and
on a 32bit kernel 4MB when used with 4K kernel pages.Since parisc does not physically supports 2MB huge page sizes, emulate
it with two consecutive 1MB page sizes instead. Keeping the same huge
page size as one pmd will allow us to add transparent huge page support
later on.Bit 21 in the pte flags was unused and will now be used to mark a page
as huge page (_PAGE_HPAGE_BIT).Signed-off-by: Helge Deller
-
Drop the MADV_xxK_PAGES flags, which were never used and were from a proposed
API which was never integrated into the generic Linux kernel code.Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller -
Merge misc fixes from Andrew Morton:
"A bunch of fixes"* emailed patches from Andrew Morton :
slub: mark the dangling ifdef #else of CONFIG_SLUB_DEBUG
slub: avoid irqoff/on in bulk allocation
slub: create new ___slab_alloc function that can be called with irqs disabled
mm: fix up sparse warning in gfpflags_allow_blocking
ocfs2: fix umask ignored issue
PM/OPP: add entry in MAINTAINERS
kernel/panic.c: turn off locks debug before releasing console lock
kernel/signal.c: unexport sigsuspend()
kasan: fix kmemleak false-positive in kasan_module_alloc()
fat: fix fake_offset handling on error path
mm/hugetlbfs: fix bugs in fallocate hole punch of areas with holes
mm/page-writeback.c: initialize m_dirty to avoid compile warning
various: fix pci_set_dma_mask return value checking
mm: loosen MADV_NOHUGEPAGE to enable Qemu postcopy on s390
mm: vmalloc: don't remove inexistent guard hole in remove_vm_area()
tools/vm/page-types.c: support KPF_IDLE
ncpfs: don't allow negative timeouts
configfs: allow dynamic group creation
MAINTAINERS: add Moritz as reviewer for FPGA Manager Framework
slab.h: sprinkle __assume_aligned attributes -
Pull timer fixes from Thomas Gleixner:
"Two timer fixlets from Arnd:- Use proper constant size in the FSL timer driver
- Prevent a build error for legacy platforms"* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
clocksource: Disallow drivers for ARCH_USES_GETTIMEOFFSET
clocksource/fsl: Avoid harmless 64-bit warnings -
Pull irq fixes from Thomas Gleixner:
"Three fixes for the ARM GIC interrupt controller from Marc addressing
various shortcomings versus boot initialization and suspend/resume"* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irqchip/gic: Add save/restore of the active state
irqchip/gic: Clear enable bits before restoring them
irqchip/gic: Make sure all interrupts are deactivated at boot -
Pull MTD fixes from Brian Norris:
- MAINTAINERS updates for brcmnand driver
- Fix reboot hangs seen when multiple NAND flash chips are registered
with the same controller- Fix build issues on jz4740 NAND driver; the error was introduced in
4.3, so I guess nobody really cared, but we might as well fix it* tag 'for-linus-20151120' of git://git.infradead.org/linux-mtd:
MAINTAINERS: brcmnand: Add co-maintainer for Broadcom SoCs
MAINTAINERS: brcmnand: Add Broadcom internal mailing-list
mtd: nand: fix shutdown/reboot for multi-chip systems
mtd: jz4740_nand: fix build on jz4740 after removing gpio.h
21 Nov, 2015
6 commits
-
Liu reported that running certain parts of xfstests threw the
following error:BUG: sleeping function called from invalid context at mm/page_alloc.c:3190
in_atomic(): 1, irqs_disabled(): 0, pid: 6, name: kworker/u16:0
3 locks held by kworker/u16:0/6:
#0: ("writeback"){++++.+}, at: [] process_one_work+0x173/0x730
#1: ((&(&wb->dwork)->work)){+.+.+.}, at: [] process_one_work+0x173/0x730
#2: (&type->s_umount_key#44){+++++.}, at: [] trylock_super+0x25/0x60
CPU: 5 PID: 6 Comm: kworker/u16:0 Tainted: G OE 4.3.0+ #3
Hardware name: Red Hat KVM, BIOS Bochs 01/01/2011
Workqueue: writeback wb_workfn (flush-btrfs-108)
ffffffff81a3abab ffff88042e282ba8 ffffffff8130191b ffffffff81a3abab
0000000000000c76 ffff88042e282ba8 ffff88042e27c180 ffff88042e282bd8
ffffffff8108ed95 ffff880400000004 0000000000000000 0000000000000c76
Call Trace:
[] dump_stack+0x4f/0x74
[] ___might_sleep+0x185/0x240
[] __might_sleep+0x52/0x90
[] __alloc_pages_nodemask+0x268/0x410
[] ? sched_clock_local+0x1c/0x90
[] ? local_clock+0x21/0x40
[] ? __lock_release+0x420/0x510
[] ? __lock_acquired+0x16c/0x3c0
[] alloc_pages_current+0xc5/0x210
[] ? rbio_is_full+0x55/0x70 [btrfs]
[] ? mark_held_locks+0x78/0xa0
[] ? _raw_spin_unlock_irqrestore+0x40/0x60
[] full_stripe_write+0x5a/0xc0 [btrfs]
[] __raid56_parity_write+0x39/0x60 [btrfs]
[] run_plug+0x11b/0x140 [btrfs]
[] btrfs_raid_unplug+0x23/0x70 [btrfs]
[] blk_flush_plug_list+0x82/0x1f0
[] blk_sq_make_request+0x1f9/0x740
[] ? generic_make_request_checks+0x222/0x7c0
[] ? blk_queue_enter+0x124/0x310
[] ? blk_queue_enter+0x92/0x310
[] generic_make_request+0x172/0x2c0
[] ? generic_make_request+0x164/0x2c0
[] submit_bio+0x70/0x140
[] ? rbio_add_io_page+0x99/0x150 [btrfs]
[] finish_rmw+0x4d9/0x600 [btrfs]
[] full_stripe_write+0x9c/0xc0 [btrfs]
[] raid56_parity_write+0xef/0x160 [btrfs]
[] btrfs_map_bio+0xe3/0x2d0 [btrfs]
[] btrfs_submit_bio_hook+0x8d/0x1d0 [btrfs]
[] submit_one_bio+0x74/0xb0 [btrfs]
[] submit_extent_page+0xe5/0x1c0 [btrfs]
[] __extent_writepage_io+0x408/0x4c0 [btrfs]
[] ? alloc_dummy_extent_buffer+0x140/0x140 [btrfs]
[] __extent_writepage+0x218/0x3a0 [btrfs]
[] ? mark_held_locks+0x78/0xa0
[] extent_write_cache_pages.clone.0+0x2f9/0x400 [btrfs]
[] extent_writepages+0x52/0x70 [btrfs]
[] ? btrfs_set_inode_index+0x70/0x70 [btrfs]
[] btrfs_writepages+0x27/0x30 [btrfs]
[] do_writepages+0x23/0x40
[] __writeback_single_inode+0x89/0x4d0
[] ? writeback_sb_inodes+0x260/0x480
[] ? writeback_sb_inodes+0x260/0x480
[] ? writeback_sb_inodes+0x15f/0x480
[] writeback_sb_inodes+0x2d2/0x480
[] ? down_read_trylock+0x57/0x60
[] ? trylock_super+0x25/0x60
[] ? rcu_read_lock_sched_held+0x4f/0x90
[] __writeback_inodes_wb+0x8c/0xc0
[] wb_writeback+0x2b5/0x500
[] ? mark_held_locks+0x78/0xa0
[] ? __local_bh_enable_ip+0x68/0xc0
[] ? wb_do_writeback+0x62/0x310
[] wb_do_writeback+0xc1/0x310
[] ? set_worker_desc+0x79/0x90
[] wb_workfn+0x92/0x330
[] process_one_work+0x223/0x730
[] ? process_one_work+0x173/0x730
[] ? worker_thread+0x18f/0x430
[] worker_thread+0x11d/0x430
[] ? maybe_create_worker+0xf0/0xf0
[] ? maybe_create_worker+0xf0/0xf0
[] kthread+0xef/0x110
[] ? schedule_tail+0x1e/0xd0
[] ? __init_kthread_worker+0x70/0x70
[] ret_from_fork+0x3f/0x70
[] ? __init_kthread_worker+0x70/0x70The issue is that we've got the software context pinned while
calling blk_flush_plug_list(), which flushes callbacks that
are allowed to sleep. btrfs and raid has such callbacks.Flip the checks around a bit, so we can enable preempt a bit
earlier and flush plugs without having preempt disabled.This only affects blk-mq driven devices, and only those that
register a single queue.Reported-by: Liu Bo
Tested-by: Liu Bo
Cc: stable@kernel.org
Signed-off-by: Jens Axboe -
fsl8250_handle_irq is now used by the of_serial driver, and that fails
if it is a loadable module:ERROR: "fsl8250_handle_irq" [drivers/tty/serial/of_serial.ko] undefined!
This exports the symbol to avoid randconfig errors.
Signed-off-by: Arnd Bergmann
Fixes: d43b54d269d2 ("serial: Enable Freescale 16550 workaround on arm")
Cc: Scott Wood
Signed-off-by: Jeff Mahoney
Signed-off-by: Greg Kroah-Hartman -
8250_mid uses rational_best_approximation() function, so the
driver needs to select CONFIG_RATIONAL option.This fixes build error when CONFIG_RATIONAL is not enabled:
drivers/built-in.o: In function `mid8250_set_termios':
8250_mid.c:(.text+0x10169a): undefined reference to `rational_best_approximation'Reported-by: Randy Dunlap
Signed-off-by: Heikki Krogerus
Acked-by: Andy Shevchenko
Signed-off-by: Arnd Bergmann
Signed-off-by: Greg Kroah-Hartman -
The data to audit/record is in the 'from' buffer (ie., the input
read buffer).Fixes: 72586c6061ab ("n_tty: Fix auditing support for cannonical mode")
Cc: stable # 4.1+
Cc: Miloslav Trmač
Signed-off-by: Peter Hurley
Acked-by: Laura Abbott
Signed-off-by: Greg Kroah-Hartman -
Since commit 7d8c70d8048c ("serial: mctrl-gpio: rename init function"),
crisv32 either do not build or crash as follows.Unable to handle kernel NULL pointer dereference
Linux 4.3.0-rc7-next-20151101 #1 Sun Nov 1 11:41:28 PST 2015
...
Call Trace: [] show_stack+0x0/0x9e
[] printk+0x0/0x2c
[] show_registers+0x14a/0x1c2
[] printk+0x0/0x2c
[] die_if_kernel+0x7c/0x9e
[] do_page_fault+0x32e/0x3e6
[] of_get_property+0x0/0x2c
[] of_irq_parse_raw+0x12a/0x376
[] of_get_property+0x0/0x2c
[] get_page_from_freelist+0x73e/0x856
[] of_get_property+0x0/0x2c
[] d_mmu_refill+0x10a/0x112
[] devm_kmalloc+0x40/0x56
[] add_dr+0xc/0x1c
[] devm_add_action+0x2/0x4e
[] mctrl_gpio_init_noauto+0x1c/0x76
[] mctrl_gpio_init+0x22/0x110The function call in the etraxfs-uart driver was not renamed,
possibly due to interference with commit 7b9c5162c182 ("serial:
etraxfs-uart: use mctrl_gpio helpers for handling modem signals").Fixes: 7d8c70d8048c ("serial: mctrl-gpio: rename init function")
Signed-off-by: Guenter Roeck
Acked-by: Uwe Kleine-König
Acked-by: Niklas Cassel
Signed-off-by: Greg Kroah-Hartman -
Earlycon support for Freescale lpuart should only be enabled when
console support is enabled.Fixes: 1d59b382f1c4 ("serial: fsl_lpuart: add earlycon support")
Acked-by: Stefan Agner
Signed-off-by: Peter Hurley
Acked-by: Arnd Bergmann
Signed-off-by: Greg Kroah-Hartman
