23 Jul, 2016
5 commits
-
With this command sequence:
modprobe plip
modprobe pps_parport
rmmod pps_parportthe partport_pps modules causes this crash:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: parport_detach+0x1d/0x60 [pps_parport]
Oops: 0000 [#1] SMP
...
Call Trace:
parport_unregister_driver+0x65/0xc0 [parport]
SyS_delete_module+0x187/0x210The sequence that builds up to this is:
1) plip is loaded and takes the parport device for exclusive use:
plip0: Parallel port at 0x378, using IRQ 7.
2) pps_parport then fails to grab the device:
pps_parport: parallel port PPS client
parport0: cannot grant exclusive access for device pps_parport
pps_parport: couldn't register with parport03) rmmod of pps_parport is then killed because it tries to access
pardev->name, but pardev (taken from port->cad) is NULL.So add a check for NULL in the test there too.
Link: http://lkml.kernel.org/r/20160714115245.12651-1-jslaby@suse.cz
Signed-off-by: Jiri Slaby
Acked-by: Rodolfo Giometti
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The curly braces are missing here so we print stuff unintentionally.
Fixes: 9da4714a2d44 ('slub: slabinfo update for cmpxchg handling')
Link: http://lkml.kernel.org/r/20160715211243.GE19522@mwanda
Signed-off-by: Dan Carpenter
Acked-by: Christoph Lameter
Cc: Sergey Senozhatsky
Cc: Colin Ian King
Cc: Laura Abbott
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There are no parentheses around this macro and it causes a problem when
we do:index = rand() % THRASH_SIZE;
Link: http://lkml.kernel.org/r/20160715210953.GC19522@mwanda
Signed-off-by: Dan Carpenter
Acked-by: Ross Zwisler
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
radix_tree_iter_retry() resets slot to NULL, but it doesn't reset tags.
Then NULL slot and non-zero iter.tags passed to radix_tree_next_slot()
leading to crash:RIP: radix_tree_next_slot include/linux/radix-tree.h:473
find_get_pages_tag+0x334/0x930 mm/filemap.c:1452
....
Call Trace:
pagevec_lookup_tag+0x3a/0x80 mm/swap.c:960
mpage_prepare_extent_to_map+0x321/0xa90 fs/ext4/inode.c:2516
ext4_writepages+0x10be/0x2b20 fs/ext4/inode.c:2736
do_writepages+0x97/0x100 mm/page-writeback.c:2364
__filemap_fdatawrite_range+0x248/0x2e0 mm/filemap.c:300
filemap_write_and_wait_range+0x121/0x1b0 mm/filemap.c:490
ext4_sync_file+0x34d/0xdb0 fs/ext4/fsync.c:115
vfs_fsync_range+0x10a/0x250 fs/sync.c:195
vfs_fsync fs/sync.c:209
do_fsync+0x42/0x70 fs/sync.c:219
SYSC_fdatasync fs/sync.c:232
SyS_fdatasync+0x19/0x20 fs/sync.c:230
entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207We must reset iterator's tags to bail out from radix_tree_next_slot()
and go to the slow-path in radix_tree_next_chunk().Fixes: 46437f9a554f ("radix-tree: fix race in gang lookup")
Link: http://lkml.kernel.org/r/1468495196-10604-1-git-send-email-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin
Reported-by: Dmitry Vyukov
Acked-by: Konstantin Khlebnikov
Cc: Matthew Wilcox
Cc: Hugh Dickins
Cc: Ross Zwisler
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The memory controller has quite a bit of state that usually outlives the
cgroup and pins its CSS until said state disappears. At the same time
it imposes a 16-bit limit on the CSS ID space to economically store IDs
in the wild. Consequently, when we use cgroups to contain frequent but
small and short-lived jobs that leave behind some page cache, we quickly
run into the 64k limitations of outstanding CSSs. Creating a new cgroup
fails with -ENOSPC while there are only a few, or even no user-visible
cgroups in existence.Although pinning CSSs past cgroup removal is common, there are only two
instances that actually need an ID after a cgroup is deleted: cache
shadow entries and swapout records.Cache shadow entries reference the ID weakly and can deal with the CSS
having disappeared when it's looked up later. They pose no hurdle.Swap-out records do need to pin the css to hierarchically attribute
swapins after the cgroup has been deleted; though the only pages that
remain swapped out after offlining are tmpfs/shmem pages. And those
references are under the user's control, so they are manageable.This patch introduces a private 16-bit memcg ID and switches swap and
cache shadow entries over to using that. This ID can then be recycled
after offlining when the CSS remains pinned only by objects that don't
specifically need it.This script demonstrates the problem by faulting one cache page in a new
cgroup and deleting it again:set -e
mkdir -p pages
for x in `seq 128000`; do
[ $((x % 1000)) -eq 0 ] && echo $x
mkdir /cgroup/foo
echo $$ >/cgroup/foo/cgroup.procs
echo trex >pages/$x
echo $$ >/cgroup/cgroup.procs
rmdir /cgroup/foo
doneWhen run on an unpatched kernel, we eventually run out of possible IDs
even though there are no visible cgroups:[root@ham ~]# ./cssidstress.sh
[...]
65000
mkdir: cannot create directory '/cgroup/foo': No space left on deviceAfter this patch, the IDs get released upon cgroup destruction and the
cache and css objects get released once memory reclaim kicks in.[hannes@cmpxchg.org: init the IDR]
Link: http://lkml.kernel.org/r/20160621154601.GA22431@cmpxchg.org
Fixes: b2052564e66d ("mm: memcontrol: continue cache reclaim from offlined groups")
Link: http://lkml.kernel.org/r/20160617162516.GD19084@cmpxchg.org
Signed-off-by: Johannes Weiner
Reported-by: John Garcia
Reviewed-by: Vladimir Davydov
Acked-by: Tejun Heo
Cc: Nikolay Borisov
Cc: [3.19+]
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
16 Jul, 2016
7 commits
-
Pull MTD fix from Brian Norris:
"Late MTD fix for v4.7:One regression in the Device Tree handling for OMAP NAND handling of
the ELM node. TI migrated to using the property name "ti,elm-id", but
forgot to keep compatibility with the old "elm_id" property.Also, might as well send out this MAINTAINERS fixup now"
* tag 'for-linus-20160715' of git://git.infradead.org/linux-mtd:
mtd: nand: omap2: Add check for old elm binding
MAINTAINERS: Add file patterns for mtd device tree bindings -
Pull input fixes from Dmitry Torokhov:
"A few last-minute updates for the input subsystem"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: ts4800-ts - add missing of_node_put after calling of_parse_phandle
Input: synaptics-rmi4 - use of_get_child_by_name() to fix refcount
Revert "Input: wacom_w8001 - drop use of ABS_MT_TOOL_TYPE"
Input: xpad - validate USB endpoint count during probe
Input: add SW_PEN_INSERTED define -
Pull workqueue fix from Tejun Heo:
"The optimization for setting unbound worker affinity masks collided
with recent scheduler changes triggering warning messages.This late pull request fixes the bug by removing the optimization"
* 'for-4.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: Fix setting affinity of unbound worker threads -
Without this check, the following XFS_I invocations would return bad
pointers when used on non-XFS inodes (perhaps pointers into preceding
allocator chunks).This could be used by an attacker to trick xfs_swap_extents into
performing locking operations on attacker-chosen structures in kernel
memory, potentially leading to code execution in the kernel. (I have
not investigated how likely this is to be usable for an attack in
practice.)Signed-off-by: Jann Horn
Cc: Andy Lutomirski
Cc: Dave Chinner
Signed-off-by: Linus Torvalds -
Fix a memory leak on probe error of the airspy usb device driver.
The problem is triggered when more than 64 usb devices register with
v4l2 of type VFL_TYPE_SDR or VFL_TYPE_SUBDEV.The memory leak is caused by the probe function of the airspy driver
mishandeling errors and not freeing the corresponding control structures
when an error occours registering the device to v4l2 core.A badusb device can emulate 64 of these devices, and then through
continual emulated connect/disconnect of the 65th device, cause the
kernel to run out of RAM and crash the kernel, thus causing a local DOS
vulnerability.Fixes CVE-2016-5400
Signed-off-by: James Patrick-Evans
Reviewed-by: Kees Cook
Cc: stable@vger.kernel.org # 3.17+
Signed-off-by: Linus Torvalds -
In commit 2c1ea4c700af ("EDAC, sb_edac: Use cpu family/model in driver
detection") I broke Knights Landing because I failed to notice that it
called a wrapper macro "sbridge_get_all_devices_knl" instead of
"sbridge_get_all_devices" like all the other types.Now that we include the processor type in the pci_id_table structure we
can skip the wrappers and just have the sbridge_get_all_devices() check
the type to decide whether to allow duplicate devices and controllers to
have registers spread across buses.Fixes: 2c1ea4c700af ("EDAC, sb_edac: Use cpu family/model in driver detection")
Tested-by: Lukasz Odzioba
Acked-by: Aristeu Rozanski
Signed-off-by: Tony Luck
Signed-off-by: Linus Torvalds -
of_node_put needs to be called when the device node which is got
from of_parse_phandle has finished using.Signed-off-by: Peter Chen
Signed-off-by: Dmitry Torokhov
15 Jul, 2016
28 commits
-
Merge misc fixes from Andrew Morton:
"20 fixes"* emailed patches from Andrew Morton :
m32r: fix build warning about putc
mm: workingset: printk missing log level, use pr_info()
mm: thp: refix false positive BUG in page_move_anon_rmap()
mm: rmap: call page_check_address() with sync enabled to avoid racy check
mm: thp: move pmd check inside ptl for freeze_page()
vmlinux.lds: account for destructor sections
gcov: add support for gcc version >= 6
mm, meminit: ensure node is online before checking whether pages are uninitialised
mm, meminit: always return a valid node from early_pfn_to_nid
kasan/quarantine: fix bugs on qlist_move_cache()
uapi: export lirc.h header
madvise_free, thp: fix madvise_free_huge_pmd return value after splitting
Revert "scripts/gdb: add documentation example for radix tree"
Revert "scripts/gdb: add a Radix Tree Parser"
scripts/gdb: Perform path expansion to lx-symbol's arguments
scripts/gdb: add constants.py to .gitignore
scripts/gdb: rebuild constants.py on dependancy change
scripts/gdb: silence 'nothing to do' message
kasan: add newline to messages
mm, compaction: prevent VM_BUG_ON when terminating freeing scanner -
Pull rdma fixes from Doug Ledford:
"Round three of 4.7 rc fixes:
- two fixes for hfi1
- two fixes for i40iw
- one omission correction in the port table counter arrays"* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
i40iw: Enable remote access rights for stag allocation
i40iw: do not print unitialized variables in error message
IB core: Add port_xmit_wait counter
IB/hfi1: Fix sleep inside atomic issue in init_asic_data
IB/hfi1: Correct issues with sc5 computation -
Pull i2c fixes from Wolfram Sang:
"Four driver bugfixes for the I2C subsystem"* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: mux: reg: wrong condition checked for of_address_to_resource return value
i2c: tegra: Correct error path in probe
i2c: remove __init from i2c_register_board_info()
i2c: qup: Fix wrong value of index variable -
Pull drm vmware fixes from Dave Airlie:
"These are some fixes for the vmware graphics driver, that fix some
black screen issues on at least Ubuntu 16.04, I think VMware would
like to get these in so stable can pick them up ASAP"* tag 'drm-fixes-for-v4.7-rc8-vmware' of git://people.freedesktop.org/~airlied/linux:
drm/vmwgfx: Fix error paths when mapping framebuffer
drm/vmwgfx: Fix corner case screen target management
drm/vmwgfx: Delay pinning fbdev framebuffer until after mode set
drm/vmwgfx: Check pin count before attempting to move a buffer
drm/ttm: Make ttm_bo_mem_compat available
drm/vmwgfx: Add an option to change assumed FB bpp
drm/vmwgfx: Work around mode set failure in 2D VMs
drm/vmwgfx: Add a check to handle host message failure -
Pull drm fixes from Dave Airlie:
"These are just some i915 and amdgpu fixes that shows up, the amdgpu
ones are polaris fixes, and the i915 one is a major regression fix"* tag 'drm-fixes-for-v4.7-rc8' of git://people.freedesktop.org/~airlied/linux:
drm/amdgpu: fix power distribution issue for Polaris10 XT
drm/amdgpu: Add a missing register to Polaris golden setting
drm/i915: Ignore panel type from OpRegion on SKL
drm/i915: Update ifdeffery for mutex->owner -
Pull scheduler fix from Ingo Molnar:
"Fix a CPU hotplug related corruption of the load average that got
introduced in this merge window"* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/core: Correct off by one bug in load migration calculation -
We were getting build warning:
arch/m32r/boot/compressed/m32r_sio.c:11:13:
warning: conflicting types for built-in function 'putc'Here putc is used as a static function so lets just rename it to avoid
the conflict with the builtin putc.Link: http://lkml.kernel.org/r/1466977046-24724-1-git-send-email-sudipm.mukherjee@gmail.com
Signed-off-by: Sudip Mukherjee
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 612e44939c3c ("mm: workingset: eviction buckets for bigmem/lowbit
machines") added a printk without a log level. Quieten it by using
pr_info().Link: http://lkml.kernel.org/r/1466982072-29836-2-git-send-email-anton@ozlabs.org
Signed-off-by: Anton Blanchard
Acked-by: Johannes Weiner
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The VM_BUG_ON_PAGE in page_move_anon_rmap() is more trouble than it's
worth: the syzkaller fuzzer hit it again. It's still wrong for some THP
cases, because linear_page_index() was never intended to apply to
addresses before the start of a vma.That's easily fixed with a signed long cast inside linear_page_index();
and Dmitry has tested such a patch, to verify the false positive. But
why extend linear_page_index() just for this case? when the avoidance in
page_move_anon_rmap() has already grown ugly, and there's no reason for
the check at all (nothing else there is using address or index).Remove address arg from page_move_anon_rmap(), remove VM_BUG_ON_PAGE,
remove CONFIG_DEBUG_VM PageTransHuge adjustment.And one more thing: should the compound_head(page) be done inside or
outside page_move_anon_rmap()? It's usually pushed down to the lowest
level nowadays (and mm/memory.c shows no other explicit use of it), so I
think it's better done in page_move_anon_rmap() than by caller.Fixes: 0798d3c022dc ("mm: thp: avoid false positive VM_BUG_ON_PAGE in page_move_anon_rmap()")
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1607120444540.12528@eggly.anvils
Signed-off-by: Hugh Dickins
Reported-by: Dmitry Vyukov
Acked-by: Kirill A. Shutemov
Cc: Mika Westerberg
Cc: Andrea Arcangeli
Cc: Rik van Riel
Cc: [4.5+]
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The previous patch addresses the race between split_huge_pmd_address()
and someone changing the pmd. The fix is only for splitting of normal
thp (i.e. pmd-mapped thp,) and for splitting of pte-mapped thp there
still is the similar race.For splitting pte-mapped thp, the pte's conversion is done by
try_to_unmap_one(TTU_MIGRATION). This function checks
page_check_address() to get the target pte, but it can return NULL under
some race, leading to VM_BUG_ON() in freeze_page(). Fortunately,
page_check_address() already has an argument to decide whether we do a
quick/racy check or not, so let's flip it when called from
freeze_page().Link: http://lkml.kernel.org/r/1466990929-7452-2-git-send-email-n-horiguchi@ah.jp.nec.com
Signed-off-by: Naoya Horiguchi
Cc: Kirill A. Shutemov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
I found a race condition triggering VM_BUG_ON() in freeze_page(), when
running a testcase with 3 processes:
- process 1: keep writing thp,
- process 2: keep clearing soft-dirty bits from virtual address of process 1
- process 3: call migratepages for process 1,The kernel message is like this:
kernel BUG at /src/linux-dev/mm/huge_memory.c:3096!
invalid opcode: 0000 [#1] SMP
Modules linked in: cfg80211 rfkill crc32c_intel ppdev serio_raw pcspkr virtio_balloon virtio_console parport_pc parport pvpanic acpi_cpufreq tpm_tis tpm i2c_piix4 virtio_blk virtio_net ata_generic pata_acpi floppy virtio_pci virtio_ring virtio
CPU: 0 PID: 28863 Comm: migratepages Not tainted 4.6.0-v4.6-160602-0827-+ #2
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff880037320000 ti: ffff88007cdd0000 task.ti: ffff88007cdd0000
RIP: 0010:[] [] split_huge_page_to_list+0x496/0x590
RSP: 0018:ffff88007cdd3b70 EFLAGS: 00010202
RAX: 0000000000000001 RBX: ffff88007c7b88c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000700000200 RDI: ffffea0003188000
RBP: ffff88007cdd3bb8 R08: 0000000000000001 R09: 00003ffffffff000
R10: ffff880000000000 R11: ffffc000001fffff R12: ffffea0003188000
R13: ffffea0003188000 R14: 0000000000000000 R15: 0400000000000080
FS: 00007f8ec241d740(0000) GS:ffff88007dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8ec1f3ed20 CR3: 000000003707b000 CR4: 00000000000006f0
Call Trace:
? list_del+0xd/0x30
queue_pages_pte_range+0x4d1/0x590
__walk_page_range+0x204/0x4e0
walk_page_range+0x71/0xf0
queue_pages_range+0x75/0x90
? queue_pages_hugetlb+0x190/0x190
? new_node_page+0xc0/0xc0
? change_prot_numa+0x40/0x40
migrate_to_node+0x71/0xd0
do_migrate_pages+0x1c3/0x210
SyS_migrate_pages+0x261/0x290
entry_SYSCALL_64_fastpath+0x1a/0xa4
Code: e8 b0 87 fb ff 0f 0b 48 c7 c6 30 32 9f 81 e8 a2 87 fb ff 0f 0b 48 c7 c6 b8 46 9f 81 e8 94 87 fb ff 0f 0b 85 c0 0f 84 3e fd ff ff 0b 85 c0 0f 85 a6 00 00 00 48 8b 75 c0 4c 89 f7 41 be f0 ff
RIP split_huge_page_to_list+0x496/0x590I'm not sure of the full scenario of the reproduction, but my debug
showed that split_huge_pmd_address(freeze=true) returned without running
main code of pmd splitting because pmd_present(*pmd) in precheck somehow
returned 0. If this happens, the subsequent try_to_unmap() fails and
returns non-zero (because page_mapcount() still > 0), and finally
VM_BUG_ON() fires. This patch tries to fix it by prechecking pmd state
inside ptl.Link: http://lkml.kernel.org/r/1466990929-7452-1-git-send-email-n-horiguchi@ah.jp.nec.com
Signed-off-by: Naoya Horiguchi
Signed-off-by: Kirill A. Shutemov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
If CONFIG_KASAN is enabled and gcc is configured with
--disable-initfini-array and/or gold linker is used, gcc emits
.ctors/.dtors and .text.startup/.text.exit sections instead of
.init_array/.fini_array. .dtors section is not explicitly accounted in
the linker script and messes vvar/percpu layout.We want:
ffffffff822bfd80 D _edata
ffffffff822c0000 D __vvar_beginning_hack
ffffffff822c0000 A __vvar_page
ffffffff822c0080 0000000000000098 D vsyscall_gtod_data
ffffffff822c1000 A __init_begin
ffffffff822c1000 D init_per_cpu__irq_stack_union
ffffffff822c1000 A __per_cpu_load
ffffffff822d3000 D init_per_cpu__gdt_pageWe got:
ffffffff8279a600 D _edata
ffffffff8279b000 A __vvar_page
ffffffff8279c000 A __init_begin
ffffffff8279c000 D init_per_cpu__irq_stack_union
ffffffff8279c000 A __per_cpu_load
ffffffff8279e000 D __vvar_beginning_hack
ffffffff8279e080 0000000000000098 D vsyscall_gtod_data
ffffffff827ae000 D init_per_cpu__gdt_pageThis happens because __vvar_page and .vvar get different addresses in
arch/x86/kernel/vmlinux.lds.S:. = ALIGN(PAGE_SIZE);
__vvar_page = .;.vvar : AT(ADDR(.vvar) - LOAD_OFFSET) {
/* work around gold bug 13023 */
__vvar_beginning_hack = .;Discard .dtors/.fini_array/.text.exit, since we don't call dtors.
Merge .text.startup into init text.Link: http://lkml.kernel.org/r/1467386363-120030-1-git-send-email-dvyukov@google.com
Signed-off-by: Dmitry Vyukov
Reviewed-by: Andrey Ryabinin
Cc: [4.0+]
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Link: http://lkml.kernel.org/r/20160701130914.GA23225@styxhp
Signed-off-by: Florian Meier
Reviewed-by: Peter Oberparleiter
Tested-by: Peter Oberparleiter
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
early_page_uninitialised looks up an arbitrary PFN. While a machine
without node 0 will boot with "mm, page_alloc: Always return a valid
node from early_pfn_to_nid", it works because it assumes that nodes are
always in PFN order. This is not guaranteed so this patch adds
robustness by always checking if the node being checked is online.Link: http://lkml.kernel.org/r/1468008031-3848-4-git-send-email-mgorman@techsingularity.net
Signed-off-by: Mel Gorman
Acked-by: David Rientjes
Cc: [4.2+]
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
early_pfn_to_nid can return node 0 if a PFN is invalid on machines that
has no node 0. A machine with only node 1 was observed to crash with
the following message:BUG: unable to handle kernel paging request at 000000000002a3c8
PGD 0
Modules linked in:
Hardware name: Supermicro H8DSP-8/H8DSP-8, BIOS 080011 06/30/2006
task: ffffffff81c0d500 ti: ffffffff81c00000 task.ti: ffffffff81c00000
RIP: reserve_bootmem_region+0x6a/0xef
CR2: 000000000002a3c8 CR3: 0000000001c06000 CR4: 00000000000006b0
Call Trace:
free_all_bootmem+0x4b/0x12a
mem_init+0x70/0xa3
start_kernel+0x25b/0x49bThe problem is that early_page_uninitialised uses the early_pfn_to_nid
helper which returns node 0 for invalid PFNs. No caller of
early_pfn_to_nid cares except early_page_uninitialised. This patch has
early_pfn_to_nid always return a valid node.Link: http://lkml.kernel.org/r/1468008031-3848-3-git-send-email-mgorman@techsingularity.net
Signed-off-by: Mel Gorman
Acked-by: David Rientjes
Cc: [4.2+]
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There are two bugs on qlist_move_cache(). One is that qlist's tail
isn't set properly. curr->next can be NULL since it is singly linked
list and NULL value on tail is invalid if there is one item on qlist.
Another one is that if cache is matched, qlist_put() is called and it
will set curr->next to NULL. It would cause to stop the loop
prematurely.These problems come from complicated implementation so I'd like to
re-implement it completely. Implementation in this patch is really
simple. Iterate all qlist_nodes and put them to appropriate list.Unfortunately, I got this bug sometime ago and lose oops message. But,
the bug looks trivial and no need to attach oops.Fixes: 55834c59098d ("mm: kasan: initial memory quarantine implementation")
Link: http://lkml.kernel.org/r/1467766348-22419-1-git-send-email-iamjoonsoo.kim@lge.com
Signed-off-by: Joonsoo Kim
Reviewed-by: Dmitry Vyukov
Acked-by: Andrey Ryabinin
Acked-by: Alexander Potapenko
Cc: Kuthonuzo Luruo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This header contains the userspace API for lirc.
This is a fixup for commit b7be755733dc ("[media] bz#75751: Move
internal header file lirc.h to uapi/"). It moved the header to the
right place, but it forgot to add it at Kbuild. So, despite being at
uapi, it is not copied to the right place.Fixes: b7be755733dc44c72 ("[media] bz#75751: Move internal header file lirc.h to uapi/")
Link: http://lkml.kernel.org/r/320c765d32bfc82c582e336d52ffe1026c73c644.1468439021.git.mchehab@s-opensource.com
Signed-off-by: Mauro Carvalho Chehab
Cc: Alec Leamas
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
madvise_free_huge_pmd should return 0 if the fallback PTE operations are
required. In madvise_free_huge_pmd, if part pages of THP are discarded,
the THP will be split and fallback PTE operations should be used if
splitting succeeds. But the original code will make fallback PTE
operations skipped, after splitting succeeds. Fix that via make
madvise_free_huge_pmd return 0 after splitting successfully, so that the
fallback PTE operations will be done.Link: http://lkml.kernel.org/r/1467135452-16688-1-git-send-email-ying.huang@intel.com
Signed-off-by: "Huang, Ying"
Acked-by: Minchan Kim
Cc: "Kirill A. Shutemov"
Cc: Vlastimil Babka
Cc: Jerome Marchand
Cc: Andrea Arcangeli
Cc: Ebru Akagunduz
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This reverts commit 9b5580359a84 ("scripts/gdb: add documentation
example for radix tree")The python implementation of radix tree was merged at the same time as a
refactoring of the radix tree implementation and doesn't work. The
feature is being reverted, thus we revert the documentation as well.Link: http://lkml.kernel.org/r/1467127337-11135-7-git-send-email-kieran@bingham.xyz
Signed-off-by: Kieran Bingham
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This reverts commit e127a73d41ac ("scripts/gdb: add a Radix Tree
Parser")The python implementation of radix-tree was merged at the same time as
the radix-tree system was heavily reworked from commit e9256efcc8e3
("radix-tree: introduce radix_tree_empty") to 3bcadd6fa6c4 ("radix-tree:
free up the bottom bit of exceptional entries for reuse") and no longer
functions, but also prevents other gdb scripts from loading.This functionality has not yet hit a release, so simply remove it for
nowLink: http://lkml.kernel.org/r/1467127337-11135-6-git-send-email-kieran@bingham.xyz
Signed-off-by: Kieran Bingham
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Python doesn't do automatic expansion of paths. In case one passes path
of the from ~/foo/bar the gdb scripts won't automatically expand that
and as a result the symbols files won't be loaded.Fix this by explicitly expanding all paths which begin with "~"
Link: http://lkml.kernel.org/r/1467127337-11135-5-git-send-email-kieran@bingham.xyz
Signed-off-by: Nikolay Borisov
Signed-off-by: Kieran Bingham
Reviewed-by: Jan Kiszka
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Since scripts/gdb/linux/constants.py is autogenerated, this should have
been added to .gitignore when it was introduced.Fixes: f197d75fcad1 ("scripts/gdb: provide linux constants")
Link: http://lkml.kernel.org/r/1467127337-11135-4-git-send-email-kieran@bingham.xyz
Signed-off-by: Omar Sandoval
Signed-off-by: Kieran Bingham
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The autogenerated constants.py file was only being built on the initial
call, and if the constants.py.in file changed. As we are utilising the
CPP hooks, we can successfully use the call if_changed_dep rules to
determine when to rebuild the file based on it's inclusions.Link: http://lkml.kernel.org/r/1467127337-11135-3-git-send-email-kieran@bingham.xyz
Signed-off-by: Kieran Bingham
Reported-by: Jan Kiszka
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The constants.py generation, involves a rule to link into the main
makefile. This rule has no command and generates a spurious warning
message in the build logs when CONFIG_SCRIPTS_GDB is enabled.Fix simply by giving a no-op action
Link: http://lkml.kernel.org/r/1467127337-11135-2-git-send-email-kieran@bingham.xyz
Signed-off-by: Kieran Bingham
Reported-by: Jan Kiszka
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Currently GPF messages with KASAN look as follows:
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
Add newlines.
Link: http://lkml.kernel.org/r/1467294357-98002-1-git-send-email-dvyukov@google.com
Signed-off-by: Dmitry Vyukov
Acked-by: Andrey Ryabinin
Cc: Alexander Potapenko
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
It's possible to isolate some freepages in a pageblock and then fail
split_free_page() due to the low watermark check. In this case, we hit
VM_BUG_ON() because the freeing scanner terminated early without a
contended lock or enough freepages.This should never have been a VM_BUG_ON() since it's not a fatal
condition. It should have been a VM_WARN_ON() at best, or even handled
gracefully.Regardless, we need to terminate anytime the full pageblock scan was not
done. The logic belongs in isolate_freepages_block(), so handle its
state gracefully by terminating the pageblock loop and making a note to
restart at the same pageblock next time since it was not possible to
complete the scan this time.[rientjes@google.com: don't rescan pages in a pageblock]
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1607111244150.83138@chino.kir.corp.google.com
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1606291436300.145590@chino.kir.corp.google.com
Signed-off-by: David Rientjes
Reported-by: Minchan Kim
Tested-by: Minchan Kim
Cc: Joonsoo Kim
Cc: Hugh Dickins
Cc: Mel Gorman
Cc: Vlastimil Babka
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
A bunch of vmwgfx fixes that fix a black screen issue on latest distros/hw combos.
* 'drm-vmwgfx-fixes' of git://people.freedesktop.org/~syeh/repos_linux:
drm/vmwgfx: Fix error paths when mapping framebuffer
drm/vmwgfx: Fix corner case screen target management
drm/vmwgfx: Delay pinning fbdev framebuffer until after mode set
drm/vmwgfx: Check pin count before attempting to move a buffer
drm/ttm: Make ttm_bo_mem_compat available
drm/vmwgfx: Add an option to change assumed FB bpp
drm/vmwgfx: Work around mode set failure in 2D VMs
drm/vmwgfx: Add a check to handle host message failure -
I've also realized that a pile of hang fixes for kbl landed in next, and
no one thought of backporting it to 4.7 - kbl has lost prelim_hw_support
tagging in 4.7-rc1 already. Mika is prepping a topic branch for those,
will send you a separate pull request since it's quite a bit (but should
be all well restricted to kbl code, so similar to polaris in amdgpu).* tag 'drm-intel-fixes-2016-07-14' of git://anongit.freedesktop.org/drm-intel:
drm/i915: Ignore panel type from OpRegion on SKL
drm/i915: Update ifdeffery for mutex->owner
