08 Dec, 2016
1 commit
-
Variable rc is reset in the loop, and its value will be non-negative
during the second and after repeat of the loop. If it fails to allocate
memory then, it may return a non-negative integer, which indicates no
error. This patch fixes the bug, assigning "-ENOMEM" to rc when
kzalloc() or alloc_page() returns NULL, and removing the initialization
of rc outside of the loop.Signed-off-by: Pan Bian
Reviewed-by: Juergen Gross
Signed-off-by: Juergen Gross
06 Jul, 2016
1 commit
-
Replace explicit computation of vma page count by a call to
vma_pages().Signed-off-by: Muhammad Falak R Wani
Reviewed-by: Boris Ostrovsky
Signed-off-by: David Vrabel
11 Sep, 2015
2 commits
-
Merge third patch-bomb from Andrew Morton:
- even more of the rest of MM
- lib/ updates
- checkpatch updates
- small changes to a few scruffy filesystems
- kmod fixes/cleanups
- kexec updates
- a dma-mapping cleanup series from hch
* emailed patches from Andrew Morton : (81 commits)
dma-mapping: consolidate dma_set_mask
dma-mapping: consolidate dma_supported
dma-mapping: cosolidate dma_mapping_error
dma-mapping: consolidate dma_{alloc,free}_noncoherent
dma-mapping: consolidate dma_{alloc,free}_{attrs,coherent}
mm: use vma_is_anonymous() in create_huge_pmd() and wp_huge_pmd()
mm: make sure all file VMAs have ->vm_ops set
mm, mpx: add "vm_flags_t vm_flags" arg to do_mmap_pgoff()
mm: mark most vm_operations_struct const
namei: fix warning while make xmldocs caused by namei.c
ipc: convert invalid scenarios to use WARN_ON
zlib_deflate/deftree: remove bi_reverse()
lib/decompress_unlzma: Do a NULL check for pointer
lib/decompressors: use real out buf size for gunzip with kernel
fs/affs: make root lookup from blkdev logical size
sysctl: fix int -> unsigned long assignments in INT_MIN case
kexec: export KERNEL_IMAGE_SIZE to vmcoreinfo
kexec: align crash_notes allocation to make it be inside one physical page
kexec: remove unnecessary test in kimage_alloc_crash_control_pages()
kexec: split kexec_load syscall from kexec core code
... -
With two exceptions (drm/qxl and drm/radeon) all vm_operations_struct
structs should be constant.Signed-off-by: Kirill A. Shutemov
Reviewed-by: Oleg Nesterov
Cc: "H. Peter Anvin"
Cc: Andy Lutomirski
Cc: Dave Hansen
Cc: Ingo Molnar
Cc: Minchan Kim
Cc: Thomas Gleixner
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
09 Sep, 2015
1 commit
-
Based on include/xen/mm.h [1], Linux is mistakenly using MFN when GFN
is meant, I suspect this is because the first support for Xen was for
PV. This resulted in some misimplementation of helpers on ARM and
confused developers about the expected behavior.For instance, with pfn_to_mfn, we expect to get an MFN based on the name.
Although, if we look at the implementation on x86, it's returning a GFN.For clarity and avoid new confusion, replace any reference to mfn with
gfn in any helpers used by PV drivers. The x86 code will still keep some
reference of pfn_to_mfn which may be used by all kind of guests
No changes as been made in the hypercall field, even
though they may be invalid, in order to keep the same as the defintion
in xen repo.Note that page_to_mfn has been renamed to xen_page_to_gfn to avoid a
name to close to the KVM function gfn_to_page.Take also the opportunity to simplify simple construction such
as pfn_to_mfn(page_to_pfn(page)) into xen_page_to_gfn. More complex clean up
will come in follow-up patches.[1] http://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=e758ed14f390342513405dd766e874934573e6cb
Signed-off-by: Julien Grall
Reviewed-by: Stefano Stabellini
Acked-by: Dmitry Torokhov
Acked-by: Wei Liu
Signed-off-by: David Vrabel
04 Sep, 2014
2 commits
-
If a gref could not be added (perhaps because the limit has been
reached or there are no more grant references available), the undo
path may crash because __del_gref() frees the gref while it is being
used for a list iteration.A comment suggests that using list_for_each_entry() is safe since the
gref isn't removed from the list being iterated over, but it is freed
and thus list_for_each_entry_safe() must be used.Also, explicitly delete the gref from the local per-file list, even
though this is not strictly necessary.Signed-off-by: David Vrabel
Reviewed-by: Boris Ostrovsky -
Only set gref->gref_id if foreign access was successfully granted and
the grant ref is valid.If gref->gref_id == -ENOSPC the test in __del_gref() would incorrectly
attempt to end foreign access (because grant_ref_t is unsigned).Signed-off-by: David Vrabel
Reported-by: Dave Scott
Reviewed-by: Boris Ostrovsky
28 Jun, 2013
1 commit
-
Convert printks to pr_ (excludes printk(KERN_DEBUG...)
to be more consistent throughout the xen subsystem.Add pr_fmt with KBUILD_MODNAME or "xen:" KBUILD_MODNAME
Coalesce formats and add missing word spaces
Add missing newlines
Align arguments and reflow to 80 columns
Remove DRV_NAME from formats as pr_fmt adds the same contentThis does change some of the prefixes of these messages
but it also does make them more consistent.Signed-off-by: Joe Perches
Signed-off-by: Konrad Rzeszutek Wilk
09 Oct, 2012
1 commit
-
A long time ago, in v2.4, VM_RESERVED kept swapout process off VMA,
currently it lost original meaning but still has some effects:| effect | alternative flags
-+------------------------+---------------------------------------------
1| account as reserved_vm | VM_IO
2| skip in core dump | VM_IO, VM_DONTDUMP
3| do not merge or expand | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAP
4| do not mlock | VM_IO, VM_DONTEXPAND, VM_HUGETLB, VM_PFNMAPThis patch removes reserved_vm counter from mm_struct. Seems like nobody
cares about it, it does not exported into userspace directly, it only
reduces total_vm showed in proc.Thus VM_RESERVED can be replaced with VM_IO or pair VM_DONTEXPAND | VM_DONTDUMP.
remap_pfn_range() and io_remap_pfn_range() set VM_IO|VM_DONTEXPAND|VM_DONTDUMP.
remap_vmalloc_range() set VM_DONTEXPAND | VM_DONTDUMP.[akpm@linux-foundation.org: drivers/vfio/pci/vfio_pci.c fixup]
Signed-off-by: Konstantin Khlebnikov
Cc: Alexander Viro
Cc: Carsten Otte
Cc: Chris Metcalf
Cc: Cyrill Gorcunov
Cc: Eric Paris
Cc: H. Peter Anvin
Cc: Hugh Dickins
Cc: Ingo Molnar
Cc: James Morris
Cc: Jason Baron
Cc: Kentaro Takeda
Cc: Matt Helsley
Cc: Nick Piggin
Cc: Oleg Nesterov
Cc: Peter Zijlstra
Cc: Robert Richter
Cc: Suresh Siddha
Cc: Tetsuo Handa
Cc: Venkatesh Pallipadi
Acked-by: Linus Torvalds
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
04 Jan, 2012
1 commit
-
Error handling code following a kmalloc should free the allocated data.
Out_unlock is used on both success and failure, so free vm_priv before
jumping to that label.A simplified version of the semantic match that finds the problem is as
follows: (http://coccinelle.lip6.fr)//
@r exists@
local idexpression x;
statement S;
identifier f1;
position p1,p2;
expression *ptr != NULL;
@@x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
}
x->f1
...>
(
return \(0\|\|ptr\);
|
return@p2 ...;
)@script:python@
p1 << r.p1;
p2 << r.p2;
@@print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
//Signed-off-by: Julia Lawall
[v1: Altered the description a bit]
Signed-off-by: Konrad Rzeszutek Wilk
21 Dec, 2011
1 commit
-
* commit 'v3.2-rc3': (412 commits)
Linux 3.2-rc3
virtio-pci: make reset operation safer
virtio-mmio: Correct the name of the guest features selector
virtio: add HAS_IOMEM dependency to MMIO platform bus driver
eCryptfs: Extend array bounds for all filename chars
eCryptfs: Flush file in vma close
eCryptfs: Prevent file create race condition
regulator: TPS65910: Fix VDD1/2 voltage selector count
i2c: Make i2cdev_notifier_call static
i2c: Delete ANY_I2C_BUS
i2c: Fix device name for 10-bit slave address
i2c-algo-bit: Generate correct i2c address sequence for 10-bit target
drm: integer overflow in drm_mode_dirtyfb_ioctl()
Revert "of/irq: of_irq_find_parent: check for parent equal to child"
drivers/gpu/vga/vgaarb.c: add missing kfree
drm/radeon/kms/atom: unify i2c gpio table handling
drm/radeon/kms: fix up gpio i2c mask bits for r4xx for real
ttm: Don't return the bo reserved on error path
mount_subtree() pointless use-after-free
iio: fix a leak due to improper use of anon_inode_getfd()
...
17 Dec, 2011
2 commits
-
When a multi-page mapping of gntalloc is created, the reference counts
of all pages in the vma are incremented. However, the vma open/close
operations only adjusted the reference count of the first page in the
mapping, leaking the other pages. Store a struct in the vm_private_data
to track the original page count to properly free the pages when the
last reference to the vma is closed.Reported-by: Anil Madhavapeddy
Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk -
gnttab_end_foreign_access_ref does not return the grant reference it is
passed to the free list; gnttab_free_grant_reference needs to be
explicitly called. While gnttab_end_foreign_access provides a wrapper
for this, it is unsuitable because it does not return errors.Reported-by: Anil Madhavapeddy
Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk
22 Nov, 2011
2 commits
-
When using the unmap notify ioctl, the event channel used for
notification needs to be reserved to avoid it being deallocated prior to
sending the notification.Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk -
The event channel release function cannot be called under a spinlock
because it can attempt to acquire a mutex due to the event channel
reference acquired when setting up unmap notifications.Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk
17 Nov, 2011
2 commits
-
gref->gref_id is unsigned so the error handling didn't work.
gnttab_grant_foreign_access() returns an int type, so we can add a
cast here, and it doesn't cause any problems.
gnttab_grant_foreign_access() can return a variety of errors
including -ENOSPC, -ENOSYS and -ENOMEM.CC: stable@kernel.org
Signed-off-by: Dan Carpenter
Signed-off-by: Konrad Rzeszutek Wilk -
On 32 bit systems a high value of op.count could lead to an integer
overflow in the kzalloc() and gref_ids would be smaller than
expected. If the you triggered another integer overflow in
"if (gref_size + op.count > limit)" then you'd probably get memory
corruption inside add_grefs().CC: stable@kernel.org
Signed-off-by: Dan Carpenter
Signed-off-by: Konrad Rzeszutek Wilk
10 Mar, 2011
1 commit
-
The only time when granted pages need to be treated specially is when
using Xen's PTE modification for grant mappings owned by another domain
(that is, only gntdev on PV guests). Otherwise, the area does not
require VM_DONTCOPY and VM_PFNMAP, since it can be accessed just like
any other page of RAM.Since the vm_operations_struct close operations decrement reference
counts, a corresponding open function that increments them is required
now that it is possible to have multiple references to a single area.We are careful in the gntdev to check if we can remove those flags. The
reason that we need to be careful in gntdev on PV guests is because we are
not changing the PFN/MFN mapping on PV; instead, we change the application's
page tables to point to the other domain's memory. This means that the vma
cannot be copied without using another grant mapping hypercall; it also
requires special handling on unmap, which is the reason for gntdev's
dependency on the MMU notifier.For gntalloc, this is not a concern - the pages are owned by the domain
using the gntalloc device, and can be mapped and unmapped in the same manner
as any other page of memory.Acked-by: Ian Campbell
Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk
[v2: Added in git commit "We are.." from email correspondence]
15 Feb, 2011
2 commits
-
This ioctl allows the users of a shared page to be notified when
the other end exits abnormally.[v2: updated description in structs]
Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk -
This allows a userspace application to allocate a shared page for
implementing inter-domain communication or device drivers. These
shared pages can be mapped using the gntdev device or by the kernel
in another domain.Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk