commit 28093f9f34cedeaea0f481c58446d9dac6dd620f upstream.
In gather_pte_stats() a THP pmd is cast into a pte, which is wrong
because the layouts may differ depending on the architecture. On s390
this will lead to inaccurate numa_maps accounting in /proc because of
misguided pte_present() and pte_dirty() checks on the fake pte.
On other architectures pte_present() and pte_dirty() may work by chance,
but there may be an issue with direct-access (dax) mappings w/o
underlying struct pages when HAVE_PTE_SPECIAL is set and THP is
available. In vm_normal_page() the fake pte will be checked with
pte_special() and because there is no "special" bit in a pmd, this will
always return false and the VM_PFNMAP | VM_MIXEDMAP checking will be
skipped. On dax mappings w/o struct pages, an invalid struct page
pointer would then be returned that can crash the kernel.
This patch fixes the numa_maps THP handling by introducing new "_pmd"
variants of the can_gather_numa_stats() and vm_normal_page() functions.
Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3486b85a29c1741db99d0c522211c82d2b7a56d0 upstream.
Khugepaged detects own VMAs by checking vm_file and vm_ops but this way
it cannot distinguish private /dev/zero mappings from other special
mappings like /dev/hpet which has no vm_ops and popultes PTEs in mmap.
This fixes false-positive VM_BUG_ON and prevents installing THP where
they are not expected.
Link: http://lkml.kernel.org/r/CACT4Y+ZmuZMV5CjSFOeXviwQdABAgT7T+StKfTqan9YDtgEi5g@mail.gmail.com
Fixes: 78f11a2557 ("mm: thp: fix /dev/zero MAP_PRIVATE and vm_flags cleanups")
Signed-off-by: Konstantin Khlebnikov <koct9i@gmail.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 264a0ae164bc0e9144bebcd25ff030d067b1a878 upstream.
Hello,
So, this ended up a lot simpler than I originally expected. I tested
it lightly and it seems to work fine. Petr, can you please test these
two patches w/o the lru drain drop patch and see whether the problem
is gone?
Thanks.
------ 8< ------
If charge moving is used, memcg performs relabeling of the affected
pages from its ->attach callback which is called under both
cgroup_threadgroup_rwsem and thus can't create new kthreads. This is
fragile as various operations may depend on workqueues making forward
progress which relies on the ability to create new kthreads.
There's no reason to perform charge moving from ->attach which is deep
in the task migration path. Move it to ->post_attach which is called
after the actual migration is finished and cgroup_threadgroup_rwsem is
dropped.
* move_charge_struct->mm is added and ->can_attach is now responsible
for pinning and recording the target mm. mem_cgroup_clear_mc() is
updated accordingly. This also simplifies mem_cgroup_move_task().
* mem_cgroup_move_task() is now called from ->post_attach instead of
->attach.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@kernel.org>
Debugged-and-tested-by: Petr Mladek <pmladek@suse.com>
Reported-by: Cyril Hrubis <chrubis@suse.cz>
Reported-by: Johannes Weiner <hannes@cmpxchg.org>
Fixes: 1ed1328792 ("sched, cgroup: replace signal_struct->group_rwsem with a global percpu_rwsem")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 376bf125ac781d32e202760ed7deb1ae4ed35d31 upstream.
This change is primarily an attempt to make it easier to realize the
optimizations the compiler performs in-case CONFIG_MEMCG_KMEM is not
enabled.
Performance wise, even when CONFIG_MEMCG_KMEM is compiled in, the
overhead is zero. This is because, as long as no process have enabled
kmem cgroups accounting, the assignment is replaced by asm-NOP
operations. This is possible because memcg_kmem_enabled() uses a
static_key_false() construct.
It also helps readability as it avoid accessing the p[] array like:
p[size - 1] which "expose" that the array is processed backwards inside
helper function build_detached_freelist().
Lastly this also makes the code more robust, in error case like passing
NULL pointers in the array. Which were previously handled before commit
033745189b ("slub: add missing kmem cgroup support to
kmem_cache_free_bulk").
Fixes: 033745189b ("slub: add missing kmem cgroup support to kmem_cache_free_bulk")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Vladimir Davydov <vdavydov@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Since this commit 48c96a3685 ("mm/page_owner: keep track
of page owners") doesn't enable the page_owner by default
even though CONFIG_PAGE_OWNER is enabled.
Add configuration option CONFIG_PAGE_OWNER_ENABLE_DEFAULT to
allow user to enable it by default through the defconfig file.
CRs-Fixed: 1006743
Change-Id: I9b565a34e2068bf575974eaf3dc9f7820bdd7a96
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
Since commit 031bc5743f ("mm/debug-pagealloc: make debug-pagealloc
boottime configurable") CONFIG_DEBUG_PAGEALLOC is by default not adding
any page debugging.
This resulted in several unnoticed bugs, e.g.
https://lkml.kernel.org/g/<569F5E29.3090107@de.ibm.com>
or
https://lkml.kernel.org/g/<56A20F30.4050705@de.ibm.com>
as this behaviour change was not even documented in Kconfig.
Let's provide a new Kconfig symbol that allows to change the default
back to enabled, e.g. for debug kernels. This also makes the change
obvious to kernel packagers.
Let's also change the Kconfig description for CONFIG_DEBUG_PAGEALLOC, to
indicate that there are two stages of overhead.
CRs-Fixed: 1006743
Change-Id: I52c36765837cc873877b9398371ffd840d485a81
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git-commit: ea6eabb05b26bd3d6f60b29b77a03bc61479fc0f
Git-repo: git://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
Fixes compile time failures because of not protecting
CMA related elements with CONFIG_CMA.
Change-Id: I930b7c0ffdce0f1bfc4f8a582a698be16ed44d1f
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
commit 6f25a14a7053b69917e2ebea0d31dd444cd31fd5 upstream.
It is incorrect to use next_node to find a target node, it will return
MAX_NUMNODES or invalid node. This will lead to crash in buddy system
allocation.
Fixes: c8721bbbdd ("mm: memory-hotplug: enable memory hotplug to handle hugepage")
Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Joonsoo Kim <js1304@gmail.com>
Cc: David Rientjes <rientjes@google.com>
Cc: "Laura Abbott" <lauraa@codeaurora.org>
Cc: Hui Zhu <zhuhui@xiaomi.com>
Cc: Wang Xiaoqiang <wangxq10@lzu.edu.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a cma pcp list in order to increase cma memory utilization.
Increased cma memory utilization will improve overall memory
utilization because free cma pages are ignored when memory reclaim
is done with gfp mask GFP_KERNEL.
Since most memory reclaim is done by kswapd, which uses a gfp mask
of GFP_KERNEL, by increasing cma memory utilization we are therefore
ensuring that less aggressive memory reclaim takes place.
Increased cma memory utilization will improve performance,
for example it will increase app concurrency.
Change-Id: I809589a25c6abca51f1c963f118adfc78e955cf9
Signed-off-by: Liam Mark <lmark@codeaurora.org>
CMA pages are designed to be used as fallback for movable allocations
and cannot be used for non-movable allocations. If CMA pages are
utilized poorly, non-movable allocations may end up getting starved if
all regular movable pages are allocated and the only pages left are
CMA. Always using CMA pages first creates unacceptable performance
problems. As a midway alternative, use CMA pages for certain
userspace allocations. The userspace pages can be migrated or dropped
quickly which giving decent utilization.
Change-Id: I6165dda01b705309eebabc6dfa67146b7a95c174
CRs-Fixed: 452508
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Heesub Shin <heesub.shin@samsung.com
[lauraa@codeaurora.org: Missing CONFIG_CMA guards, add commit text]
Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
[lmark@codeaurora.org: resolve conflicts relating to
MIGRATE_HIGHATOMIC and some other trivial merge conflicts]
Signed-off-by: Liam Mark <lmark@codeaurora.org>
The lowmem_shrink function discounts all the swap cache pages from
the file cache count. The zone aware code also discounts all file
cache pages from a certain zone. This results in some swap cache
pages being discounted twice, which can result in the low memory
killer being unnecessarily aggressive.
Fix the low memory killer to only discount the swap cache pages
once.
Change-Id: I650bbfbf0fbbabd01d82bdb3502b57ff59c3e14f
Signed-off-by: Liam Mark <lmark@codeaurora.org>
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
In certain memory configurations there can be a large number of
CMA pages which are not suitable to satisfy certain memory
requests.
This large number of unsuitable pages can cause the
lowmemorykiller to not kill any tasks because the
lowmemorykiller counts all free pages.
In order to ensure the lowmemorykiller properly evaluates the
free memory only count the free CMA pages if they are suitable
for satisfying the memory request.
Change-Id: I7f06d53e2d8cfe7439e5561fe6e5209ce73b1c90
CRs-fixed: 437016
Signed-off-by: Liam Mark <lmark@codeaurora.org>
commit d9dddbf556674bf125ecd925b24e43a5cf2a568a upstream.
Hanjun Guo has reported that a CMA stress test causes broken accounting of
CMA and free pages:
> Before the test, I got:
> -bash-4.3# cat /proc/meminfo | grep Cma
> CmaTotal: 204800 kB
> CmaFree: 195044 kB
>
>
> After running the test:
> -bash-4.3# cat /proc/meminfo | grep Cma
> CmaTotal: 204800 kB
> CmaFree: 6602584 kB
>
> So the freed CMA memory is more than total..
>
> Also the the MemFree is more than mem total:
>
> -bash-4.3# cat /proc/meminfo
> MemTotal: 16342016 kB
> MemFree: 22367268 kB
> MemAvailable: 22370528 kB
Laura Abbott has confirmed the issue and suspected the freepage accounting
rewrite around 3.18/4.0 by Joonsoo Kim. Joonsoo had a theory that this is
caused by unexpected merging between MIGRATE_ISOLATE and MIGRATE_CMA
pageblocks:
> CMA isolates MAX_ORDER aligned blocks, but, during the process,
> partialy isolated block exists. If MAX_ORDER is 11 and
> pageblock_order is 9, two pageblocks make up MAX_ORDER
> aligned block and I can think following scenario because pageblock
> (un)isolation would be done one by one.
>
> (each character means one pageblock. 'C', 'I' means MIGRATE_CMA,
> MIGRATE_ISOLATE, respectively.
>
> CC -> IC -> II (Isolation)
> II -> CI -> CC (Un-isolation)
>
> If some pages are freed at this intermediate state such as IC or CI,
> that page could be merged to the other page that is resident on
> different type of pageblock and it will cause wrong freepage count.
This was supposed to be prevented by CMA operating on MAX_ORDER blocks,
but since it doesn't hold the zone->lock between pageblocks, a race
window does exist.
It's also likely that unexpected merging can occur between
MIGRATE_ISOLATE and non-CMA pageblocks. This should be prevented in
__free_one_page() since commit 3c605096d3 ("mm/page_alloc: restrict
max order of merging on isolated pageblock"). However, we only check
the migratetype of the pageblock where buddy merging has been initiated,
not the migratetype of the buddy pageblock (or group of pageblocks)
which can be MIGRATE_ISOLATE.
Joonsoo has suggested checking for buddy migratetype as part of
page_is_buddy(), but that would add extra checks in allocator hotpath
and bloat-o-meter has shown significant code bloat (the function is
inline).
This patch reduces the bloat at some expense of more complicated code.
The buddy-merging while-loop in __free_one_page() is initially bounded
to pageblock_border and without any migratetype checks. The checks are
placed outside, bumping the max_order if merging is allowed, and
returning to the while-loop with a statement which can't be possibly
considered harmful.
This fixes the accounting bug and also removes the arguably weird state
in the original commit 3c605096d3 where buddies could be left
unmerged.
Fixes: 3c605096d3 ("mm/page_alloc: restrict max order of merging on isolated pageblock")
Link: https://lkml.org/lkml/2016/3/2/280
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Hanjun Guo <guohanjun@huawei.com>
Tested-by: Hanjun Guo <guohanjun@huawei.com>
Acked-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Debugged-by: Laura Abbott <labbott@redhat.com>
Debugged-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
Cc: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b6e6edcfa40561e9c8abe5eecf1c96f8e5fd9c6f upstream.
Setting the original memory.limit_in_bytes hardlimit is subject to a
race condition when the desired value is below the current usage. The
code tries a few times to first reclaim and then see if the usage has
dropped to where we would like it to be, but there is no locking, and
the workload is free to continue making new charges up to the old limit.
Thus, attempting to shrink a workload relies on pure luck and hope that
the workload happens to cooperate.
To fix this in the cgroup2 memory.max knob, do it the other way round:
set the limit first, then try enforcement. And if reclaim is not able
to succeed, trigger OOM kills in the group. Keep going until the new
limit is met, we run out of OOM victims and there's only unreclaimable
memory left, or the task writing to memory.max is killed. This allows
users to shrink groups reliably, and the behavior is consistent with
what happens when new charges are attempted in excess of memory.max.
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Vladimir Davydov <vdavydov@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 588083bb37a3cea8533c392370a554417c8f29cb upstream.
When setting memory.high below usage, nothing happens until the next
charge comes along, and then it will only reclaim its own charge and not
the now potentially huge excess of the new memory.high. This can cause
groups to stay in excess of their memory.high indefinitely.
To fix that, when shrinking memory.high, kick off a reclaim cycle that
goes after the delta.
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Vladimir Davydov <vdavydov@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The 0-day build bot reports the following build error, seen if SDCARD_FS
is built as module.
ERROR: "do_munmap" undefined!
Fixes: 84a1b7d3d3 ("Included sdcardfs source code for kernel 3.0")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
This reverts commit 022c1f3696f2 ("debug-pagealloc:
Panic on pagealloc corruption"). Kernel panic is seen
on MSM8937 with 32 bit mode, revert this patch till
root cause is identified.
Change-Id: I66f1bab7f8c836b8b7167ec05141656f34c3702c
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
vmstat events currently count pgpgout, but that includes
only the writebacks, and not the reclaim of clean
pages. Add an event to count clean page evictions. This is
helpful to evaluate page thrashing cases.
Change-Id: Icfb797877a544a58c289074bdc290dfbc1384514
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
It's sometimes useful to know the physical address which
has beencorrupted, especially in systems with multiple
bus masters and DMA engines the capability of writing
to memory. It's may also be useful for identifying the
location of failures of memory cells in cases of
device-specific corruption. So print the physical
start address of the page to help in these scenarios.
Change-Id: I081edd8b1c06913c0057a6cb9dda18077cfbdc30
Signed-off-by: Matt Wagantall <mattw@codeaurora.org>
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
Sometime back a piece of code was added to activate
pages in pageout which failed to writeback. This was
done for the case of failed write to zram, with the
intention of reducing further zram writes. But this
does not make much sense because there can anyway be
other pages which the reclaim path can pick to swap
out.
And this particular logic has a problem. When a write
fails, the page is unlocked. Its locked again before
activating the page, but the page which is now in
swapcache can be brought back with its original mapping
through a fault, which can happen during this period.
This can result in random bugs, for e.g. when shrink_page_list
try to do try_to_free_swap. Here is one such case.
In this case PageSwapCache was cleared by the fault path.
"
zram: Error allocating memory for compressed page: 91433, size=4096
Write-error on swap-device (254:0:731464)
page:de866e80 count:3 mapcount:1 mapping:d5368941 index:0xb2ce5
flags: 0x80018(uptodate|dirty|swapbacked)
page dumped because: VM_BUG_ON_PAGE(!PageSwapCache(page))
"
CRs-Fixed: 988207
Change-Id: I26738d0f8dd3e2dfdb24c25edac24a7d968eeba0
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Currently, we just print the pagealloc corruption warnings and
proceed. Sometimes, we are getting multiple errors printed down
the line. It will be good to get the device state as early as
possible when we get the first pagealloc error.
Change-Id: I79155ac8a039b30a3a98d5dd1384d3923082712f
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
The following deadlock is observed.
Core 2 waiting on mapping->tree_lock which is taken by core 6
do_raw_spin_lock
raw_spin_lock_irq
atomic_cmpxchg
page_freeze_refs
__remove_mapping
shrink_page_list
shrink_inactive_list
shrink_list
shrink_lruvec
shrink_zone
shrink_zones
do_try_to_free_pages
try_to_free_pages(?, ?, ?, ?)
__perform_reclaim
__alloc_pages_direct_reclaim
__alloc_pages_slowpath
__alloc_pages_nodemask
alloc_kmem_pages_node
alloc_thread_info_node
dup_task_struct
copy_process.part.56
do_fork
sys_clone
el0_svc_naked
Core 6 after taking mapping->tree_lock is waiting on zbud pool lock
which is held by core 5
zbud_alloc
zcache_store_page
__cleancache_put_page
cleancache_put_page
__delete_from_page_cache
spin_unlock_irq
__remove_mapping
shrink_page_list
shrink_inactive_list
shrink_list
shrink_lruvec
shrink_zone
bitmap_zero
__nodes_clear
kswapd_shrink_zone.constprop.58
balance_pgdat
kswapd_try_to_sleep
kswapd
kthread
ret_from_fork
Core 5 after taking zbud pool lock from zbud_free received an IRQ, and
after IRQ exit, softirqs were scheduled and end_page_writeback tried to
lock on mapping->tree_lock which is already held by Core 6. Deadlock.
do_raw_spin_lock
raw_spin_lock_irqsave
test_clear_page_writeba
end_page_writeback
ext4_finish_bio
ext4_end_bio
bio_endio
blk_update_request
end_clone_bio
bio_endio
blk_update_request
blk_update_bidi_request
blk_end_bidi_request
blk_end_request
mmc_blk_cmdq_complete_r
mmc_cmdq_softirq_done
blk_done_softirq
static_key_count
static_key_false
trace_softirq_exit
__do_softirq()
tick_irq_exit
irq_exit()
set_irq_regs
__handle_domain_irq
gic_handle_irq
el1_irq
exception
__list_del_entry
list_del
zbud_free
zcache_load_page
__cleancache_get_page(?
So protect zbud_alloc/free/reclaim with spink_lock_bh
CRs-Fixed: 986783
Change-Id: Ib0605b38e7371c29316ed81e43549a0b9503d531
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Deadlock is observed in zcache reclaim paths due to
different locking sequence.
Core#0: Core#1:
|spin_bug() |do_raw_write_lock()
|do_raw_spin_lock() |_raw_write_lock_irqsave()
|_raw_spin_lock_irqsave() |zcache_rbnode_isolate()
|zcache_flush_inode() |zcache_load_delete_zaddr()
|__cleancache_invalidate_inode() |zcache_evict_zpage()
|truncate_inode_pages_range() |zbud_reclaim_page()
|truncate_inode_pages() |zcache_scan()
|truncate_inode_pages_final() |shrink_slab_node()
|ext4_evict_inode() |shrink_slab()
|evict() |try_to_free_pages()
|dispose_list() |__alloc_pages_nodemask()
|prune_icache_sb() |alloc_kmem_pages_node()
|super_cache_scan() |copy_process.part.52()
|shrink_slab_node() |do_fork()
|shrink_slab() |sys_clone()
|kswapd_shrink_zone.constprop |el0_svc()
|balance_pgdat()
|kswapd()
|kthread()
|ret_from_fork()
The deadlock happens because alternate sequence are
followed while taking
zpool->rb_lock (protects zpool rb tree), and
rbnode->ra_lock (protects radix tree maintained by rbtree node)
Fix the sequence of locks being taken to avoid deadlock.
Change-Id: I32db23268f63eb8eb5aee30e4462c190e2e02f48
Signed-off-by: Shiraz Hashim <shashim@codeaurora.org>
zbud_alloc if returns free object from pool must also
initialize it to 0 when asked to do so. The same is
already taken care if a fresh object is allocated.
CRs-fixed: 979234
Change-Id: Id171edf131df321385fcdcd7660d06da97689e3e
Signed-off-by: Shiraz Hashim <shashim@codeaurora.org>
Exposes drop_pagecache_sb (required by eCryptfs cache wiping)
Adds truncate_inode_pages_fill_zero (required by eCryptfs cache wiping),
which not only truncates pages but also fills them with 0, so that the
cached data can no longer be retrieved.
Change-Id: Icfc18a2c8cdc922e71ee17add6459a1355e77ba6
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
[gbroner@codeaurora.org: fix merge conflict]
Signed-off-by: Gilad Broner <gbroner@codeaurora.org>
If we detect that there is nothing to do just set the flag and do not
check if it was already set before. Races really do not matter. If the
flag is set by any code then the shepherd will start dealing with the
situation and reenable the vmstat workers when necessary again.
Since commit 0eb77e988032 ("vmstat: make vmstat_updater deferrable again
and shut down on idle") quiet_vmstat might update cpu_stat_off and mark
a particular cpu to be handled by vmstat_shepherd. This might trigger a
VM_BUG_ON in vmstat_update because the work item might have been
sleeping during the idle period and see the cpu_stat_off updated after
the wake up. The VM_BUG_ON is therefore misleading and no more
appropriate. Moreover it doesn't really suite any protection from real
bugs because vmstat_shepherd will simply reschedule the vmstat_work
anytime it sees a particular cpu set or vmstat_update would do the same
from the worker context directly. Even when the two would race the
result wouldn't be incorrect as the counters update is fully idempotent.
Change-Id: I4b46e471024ff4cac2b32234dffb3dfcf91713b6
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Christoph Lameter <cl@linux.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-commit: 587198ba5206cdf0d30855f7361af950a4172cd6
[shashim@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Shiraz Hashim <shashim@codeaurora.org>
Currently the vmstat updater is not deferrable as a result of commit
ba4877b9ca ("vmstat: do not use deferrable delayed work for
vmstat_update"). This in turn can cause multiple interruptions of the
applications because the vmstat updater may run at
Make vmstate_update deferrable again and provide a function that folds
the differentials when the processor is going to idle mode thus
addressing the issue of the above commit in a clean way.
Note that the shepherd thread will continue scanning the differentials
from another processor and will reenable the vmstat workers if it
detects any changes.
Change-Id: Idf256cfacb40b4dc8dbb6795cf06b34e8fec7a06
Fixes: ba4877b9ca ("vmstat: do not use deferrable delayed work for vmstat_update")
Signed-off-by: Christoph Lameter <cl@linux.com>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-commit: 0eb77e9880321915322d42913c3b53241739c8aa
[shashim@codeaurora.org: resolve minor merge conflicts]
Signed-off-by: Shiraz Hashim <shashim@codeaurora.org>
[satyap: resolve trivial merge conflicts]
Signed-off-by: Satya Durga Srinivasu Prabhala <satyap@codeaurora.org>
cma regions can be allocated for secure use cases where
the virtual mapping is removed. kmemleak scan can try to
scan through this mapping causing mmu faults. Hence free
cma regions from kmemleak scan.
Change-Id: I2cc66423ec9ec539905cc8d07bbc40fa43e695bd
Signed-off-by: Shiraz Hashim <shashim@codeaurora.org>
no-map-fixup feature for dma-removed reserve region does a
late memblock remove. This late removal is a slight
deviation from conventional memblock flow. That leads to a
race between pfn_valid->memblock_search, and
memblock_remove.
To fix this, use a read seqlock in memblock_search, which
would ensure minimum overhead in search path. And export
two APIs to let code doing late memblock remove apply
write seqlock. write seqlock would ensure that search
retries if the list is updated concurrently.
The two exported APIs which should be called before
and after modifying memblock regions, late in boot, are
- memblock_region_resize_late_begin
- memblock_region_resize_late_end
The code to alter memblock regions should be guarded by
these APIs.
CRs-fixed: 967728
Change-Id: I6a10c3e980002048aafeaf829a16119848c6a099
Signed-off-by: Shiraz Hashim <shashim@codeaurora.org>
There is a chance of zbud handle being used after a free.
Unable to handle kernel paging request at virtual address ffffffc05be72040
PC is at zcache_store_page+0x59c/0x618
LR is at zcache_store_page+0x59c/0x618
[<ffffffc00019c99c>] zcache_store_page+0x59c/0x618
[<ffffffc0001a70c4>] __cleancache_put_page+0x94/0xcc
[<ffffffc00015da4c>] __delete_from_page_cache+0xc0/0x2cc
[<ffffffc00016d230>] __remove_mapping+0xe4/0x128
[<ffffffc00016e750>] shrink_page_list+0x634/0x95c
[<ffffffc00016f32c>] shrink_inactive_list+0x41c/0x67c
[<ffffffc00016fc14>] shrink_lruvec+0x364/0x510
[<ffffffc00016fe10>] shrink_zone+0x50/0x12c
[<ffffffc000170278>] try_to_free_pages+0x38c/0x56c
[<ffffffc000164e4c>] __alloc_pages_nodemask+0x5e0/0x994
[<ffffffc000165214>] __get_free_pages+0x14/0x60
CRs-Fixed: 968859
Change-Id: I24f6cf8ccbac956d4c3114e70a9f94f5e3bfa1c8
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Add support to receive a static ratio from userspace to
divide the swap pages between ZRAM and disk based swap
devices. The existing infrastructure allows to keep
same priority for multiple swap devices, which results
in round robin distribution of pages. With this patch,
the ratio can be defined.
CRs-fixed: 968416
Change-Id: I54f54489db84cabb206569dd62d61a8a7a898991
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
On 32bit, memblock_alloc_range_nid can return block of
memory from highmem. Ensure kmemleak is called only for
logically mapped region.
Change-Id: I4491f199437d8401071ba5f98a8b0eedbaf47b00
Signed-off-by: Shiraz Hashim <shashim@codeaurora.org>
zcache store can fail on lowmemory conditions.
Do not throw unnecessary prints on such events, causing
a stall.
Change-Id: I8fba6938f75ef5b6054ee079951b7409279e1c02
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
The following race is possible:
CPU 1 CPU2
zcache_store_page
zbud_alloc
zcache_evict_zpage
zpool = zhandle->zpool;
CRASH
zcache_store_page
zhandle->zpool = zpool
Fix this by properly initializing the zhandle and validating
in zcache_evict_zpage
Change-Id: I02328220b30f415fa1f171236eab3a2e40072fd9
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
mapping multiple pages on a fault result in page_check_references
hitting more number of referenced inactive pages and this results
in increased pressure on reclaim. Reduce it to the lowest possible
value. Reduced kswapd wakeups are observed with this change.
Change-Id: I03c6cac9f28fa328abab7b40f5f01144084a147c
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
When files pages are very low, it is better to clear off
zcache pages, since the freed memory can be used to sustain
an application in foreground. Moreover when file pages
are too low, we don't gain much by holding a few zcache
pages.
Change-Id: I88dd295d24b7de18fb3bc0788e0baeb6bfdb2f6d
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
zero pages need not be compressed and stored unnecessarily.
Rather insert a special handle to the radix tree to identify
a zero page.
Change-Id: Ic92321c4753401a90d69a6e8c61b5119168c9df7
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
zcache allocations happen during reclaim of pages,
and waking up kswapd at this time hinders system
performance. During tests it was seen that without
this patch, there were a lot of kswapd wakeups and
was resulting in bad launches.
Change-Id: Ic0f0240b8fdad6b3fe142b2bdc0366cfd870635e
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
zcache_pool_pages is supposed to store the total
pages in all the pools used by zcache. But at
present zcache_pool_pages is assigned pages of any
particular pool on a load, store or any operation
which modifies the pool size. And this is more
important for external clients which depend on zcache
pool size, like the lowmemorykiller.
Change-Id: Ifdaab8646c40f1fec71dfa5903658fbdc6b3cce5
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
When file pages drops down, at a point zcache pages
can be more than the file pages, and even further when
we have to reclaim the maximum number of file pages
possible to launch an application, we need a way to
reclaim even the zcache pages at least to an extend
which makes it match with the number of file pages.
This can help in better foreground headroom.
Change-Id: I481bfb9961ed5cee47ebeae08eb910bb269b644c
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
zcache store ops cannot sleep since it is called from
an atomic context. Pass the right flags to alloc functions.
Change-Id: I9c7956e895fb7909932315aa3d85845127aa02e1
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Implemented zbud_ops->evict, so that compressed zpages can be evicted from
zbud memory pool in the case that the compressed pool is full.
zbud already managered the compressed pool based on LRU. The evict was
implemented just by dropping the compressed file page data directly, if
the data is required again then no more disk reading can be saved.
Signed-off-by: Bob Liu <bob.liu@oracle.com>
Patch-mainline: linux-mm @ 2013-08-06 11:36:16
[vinmenon@codeaurora.org: trivial merge conflict fixes]
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Change-Id: Ia66652475e490f0233547511e80abf7587054e65
zcache is a backend for cleancache that takes file pages that are in the
process of being reclaimed and attempts to compress them and store them
in a RAM-based memory pool. This can result in a significant I/O reduction
if system is full with file pages and, in the case where decompressing
from RAM is faster than reading from the disk, can also improve workload
performance.
Signed-off-by: Bob Liu <bob.liu@oracle.com>
Patch-mainline: linux-mm @ 2013-08-06 11:36:14
[vinmenon@codeaurora.org: trivial merge conflict fixes, checkpatch fixes]
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Change-Id: Id05bcc1946eee22b94a83adeb0134a3f6e357ef8
Add cma and migrate trace events to enable CMA allocation
performance to be measured via ftrace.
Change-Id: I1e471e9e21f1a14ce2ed167d8515ccb5f83eb88c
Signed-off-by: Liam Mark <lmark@codeaurora.org>
1) The swap readahead algorithm need not be applied for fast swap
devices like zram.
2) Code to set SWP_FAST is placed incorrectly, resulting in the flag
not being set.
Fix these to reduce the swapcache usage.
Change-Id: I23d9af5819f4b25f90f14a12657fa19ed401fb2a
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
* lsk-44/linux-linaro-lsk-v4.4:
Linux 4.4.3
modules: fix modparam async_probe request
module: wrapper for symbol name.
itimers: Handle relative timers with CONFIG_TIME_LOW_RES proper
posix-timers: Handle relative timers with CONFIG_TIME_LOW_RES proper
timerfd: Handle relative timers with CONFIG_TIME_LOW_RES proper
prctl: take mmap sem for writing to protect against others
xfs: log mount failures don't wait for buffers to be released
Revert "xfs: clear PF_NOFREEZE for xfsaild kthread"
xfs: inode recovery readahead can race with inode buffer creation
libxfs: pack the agfl header structure so XFS_AGFL_SIZE is correct
ovl: setattr: check permissions before copy-up
ovl: root: copy attr
ovl: check dentry positiveness in ovl_cleanup_whiteouts()
ovl: use a minimal buffer in ovl_copy_xattr
ovl: allow zero size xattr
futex: Drop refcount if requeue_pi() acquired the rtmutex
devm_memremap_release(): fix memremap'd addr handling
ipc/shm: handle removed segments gracefully in shm_mmap()
intel_scu_ipcutil: underflow in scu_reg_access()
mm,thp: khugepaged: call pte flush at the time of collapse
dump_stack: avoid potential deadlocks
radix-tree: fix oops after radix_tree_iter_retry
drivers/hwspinlock: fix race between radix tree insertion and lookup
radix-tree: fix race in gang lookup
MAINTAINERS: return arch/sh to maintained state, with new maintainers
memcg: only free spare array when readers are done
numa: fix /proc/<pid>/numa_maps for hugetlbfs on s390
fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list()
scripts/bloat-o-meter: fix python3 syntax error
dma-debug: switch check from _text to _stext
m32r: fix m32104ut_defconfig build fail
xhci: Fix list corruption in urb dequeue at host removal
Revert "xhci: don't finish a TD if we get a short-transfer event mid TD"
iommu/vt-d: Clear PPR bit to ensure we get more page request interrupts
iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
iommu/vt-d: Fix mm refcounting to hold mm_count not mm_users
iommu/amd: Correct the wrong setting of alias DTE in do_attach
iommu/vt-d: Don't skip PCI devices when disabling IOTLB
Input: vmmouse - fix absolute device registration
string_helpers: fix precision loss for some inputs
Input: i8042 - add Fujitsu Lifebook U745 to the nomux list
Input: elantech - mark protocols v2 and v3 as semi-mt
mm: fix regression in remap_file_pages() emulation
mm: replace vma_lock_anon_vma with anon_vma_lock_read/write
mm: fix mlock accouting
libnvdimm: fix namespace object confusion in is_uuid_busy()
mm: soft-offline: check return value in second __get_any_page() call
perf kvm record/report: 'unprocessable sample' error while recording/reporting guest data
KVM: PPC: Fix ONE_REG AltiVec support
KVM: PPC: Fix emulation of H_SET_DABR/X on POWER8
KVM: arm/arm64: Fix reference to uninitialised VGIC
arm64: dma-mapping: fix handling of devices registered before arch_initcall
ARM: OMAP2+: Fix ppa_zero_params and ppa_por_params for rodata
ARM: OMAP2+: Fix save_secure_ram_context for rodata
ARM: OMAP2+: Fix l2dis_3630 for rodata
ARM: OMAP2+: Fix l2_inv_api_params for rodata
ARM: OMAP2+: Fix wait_dll_lock_timed for rodata
ARM: dts: at91: sama5d4ek: add phy address and IRQ for macb0
ARM: dts: at91: sama5d4 xplained: fix phy0 IRQ type
ARM: dts: at91: sama5d4: fix instance id of DBGU
ARM: dts: at91: sama5d4 xplained: properly mux phy interrupt
ARM: dts: omap5-board-common: enable rtc and charging of backup battery
ARM: dts: Fix omap5 PMIC control lines for RTC writes
ARM: dts: Fix wl12xx missing clocks that cause hangs
ARM: nomadik: fix up SD/MMC DT settings
ARM: 8517/1: ICST: avoid arithmetic overflow in icst_hz()
ARM: 8519/1: ICST: try other dividends than 1
arm64: mm: avoid calling apply_to_page_range on empty range
ARM: mvebu: remove duplicated regulator definition in Armada 388 GP
powerpc/ioda: Set "read" permission when "write" is set
powerpc/powernv: Fix stale PE primary bus
powerpc/eeh: Fix stale cached primary bus
powerpc/eeh: Fix PE location code
SUNRPC: Fixup socket wait for memory
udf: Check output buffer length when converting name to CS0
udf: Prevent buffer overrun with multi-byte characters
udf: limit the maximum number of indirect extents in a row
pNFS/flexfiles: Fix an XDR encoding bug in layoutreturn
nfs: Fix race in __update_open_stateid()
pNFS/flexfiles: Fix an Oopsable typo in ff_mirror_match_fh()
NFS: Fix attribute cache revalidation
cifs: fix erroneous return value
cifs_dbg() outputs an uninitialized buffer in cifs_readdir()
cifs: fix race between call_async() and reconnect()
cifs: Ratelimit kernel log messages
iio: inkern: fix a NULL dereference on error
iio: pressure: mpl115: fix temperature offset sign
iio: light: acpi-als: Report data as processed
iio: dac: mcp4725: set iio name property in sysfs
iio: add IIO_TRIGGER dependency to STK8BA50
iio: add HAS_IOMEM dependency to VF610_ADC
iio-light: Use a signed return type for ltr501_match_samp_freq()
iio:adc:ti_am335x_adc Fix buffered mode by identifying as software buffer.
iio: adis_buffer: Fix out-of-bounds memory access
scsi: fix soft lockup in scsi_remove_target() on module removal
SCSI: Add Marvell Console to VPD blacklist
scsi_dh_rdac: always retry MODE SELECT on command lock violation
drivers/scsi/sg.c: mark VMA as VM_IO to prevent migration
SCSI: fix crashes in sd and sr runtime PM
iscsi-target: Fix potential dead-lock during node acl delete
scsi: add Synology to 1024 sector blacklist
klist: fix starting point removed bug in klist iterators
tracepoints: Do not trace when cpu is offline
tracing: Fix freak link error caused by branch tracer
perf tools: tracepoint_error() can receive e=NULL, robustify it
tools lib traceevent: Fix output of %llu for 64 bit values read on 32 bit machines
ptrace: use fsuid, fsgid, effective creds for fs access checks
Btrfs: fix direct IO requests not reporting IO error to user space
Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl
Btrfs: fix page reading in extent_same ioctl leading to csum errors
Btrfs: fix invalid page accesses in extent_same (dedup) ioctl
btrfs: properly set the termination value of ctx->pos in readdir
Revert "btrfs: clear PF_NOFREEZE in cleaner_kthread()"
Btrfs: fix fitrim discarding device area reserved for boot loader's use
btrfs: handle invalid num_stripes in sys_array
ext4: don't read blocks from disk after extents being swapped
ext4: fix potential integer overflow
ext4: fix scheduling in atomic on group checksum failure
serial: omap: Prevent DoS using unprivileged ioctl(TIOCSRS485)
serial: 8250_pci: Add Intel Broadwell ports
tty: Add support for PCIe WCH382 2S multi-IO card
pty: make sure super_block is still valid in final /dev/tty close
pty: fix possible use after free of tty->driver_data
staging/speakup: Use tty_ldisc_ref() for paste kworker
phy: twl4030-usb: Fix unbalanced pm_runtime_enable on module reload
phy: twl4030-usb: Relase usb phy on unload
ALSA: seq: Fix double port list deletion
ALSA: seq: Fix leak of pool buffer at concurrent writes
ALSA: pcm: Fix rwsem deadlock for non-atomic PCM stream
ALSA: hda - Cancel probe work instead of flush at remove
x86/mm: Fix vmalloc_fault() to handle large pages properly
x86/uaccess/64: Handle the caching of 4-byte nocache copies properly in __copy_user_nocache()
x86/uaccess/64: Make the __copy_user_nocache() assembly code more readable
x86/mm/pat: Avoid truncation when converting cpa->numpages to address
x86/mm: Fix types used in pgprot cacheability flags translations
Linux 4.4.2
HID: multitouch: fix input mode switching on some Elan panels
mm, vmstat: fix wrong WQ sleep when memory reclaim doesn't make any progress
zsmalloc: fix migrate_zspage-zs_free race condition
zram: don't call idr_remove() from zram_remove()
zram: try vmalloc() after kmalloc()
zram/zcomp: use GFP_NOIO to allocate streams
rtlwifi: rtl8821ae: Fix 5G failure when EEPROM is incorrectly encoded
rtlwifi: rtl8821ae: Fix errors in parameter initialization
crypto: marvell/cesa - fix test in mv_cesa_dev_dma_init()
crypto: atmel-sha - remove calls of clk_prepare() from atomic contexts
crypto: atmel-sha - fix atmel_sha_remove()
crypto: algif_skcipher - Do not set MAY_BACKLOG on the async path
crypto: algif_skcipher - Do not dereference ctx without socket lock
crypto: algif_skcipher - Do not assume that req is unchanged
crypto: user - lock crypto_alg_list on alg dump
EVM: Use crypto_memneq() for digest comparisons
crypto: algif_hash - wait for crypto_ahash_init() to complete
crypto: shash - Fix has_key setting
crypto: chacha20-ssse3 - Align stack pointer to 64 bytes
crypto: caam - make write transactions bufferable on PPC platforms
crypto: algif_skcipher - sendmsg SG marking is off by one
crypto: algif_skcipher - Load TX SG list after waiting
crypto: crc32c - Fix crc32c soft dependency
crypto: algif_skcipher - Fix race condition in skcipher_check_key
crypto: algif_hash - Fix race condition in hash_check_key
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
crypto: algif_skcipher - Remove custom release parent function
crypto: algif_hash - Remove custom release parent function
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
ahci: Intel DNV device IDs SATA
libata: disable forced PORTS_IMPL for >= AHCI 1.3
crypto: algif_skcipher - Add key check exception for cipher_null
crypto: skcipher - Add crypto_skcipher_has_setkey
crypto: algif_hash - Require setkey before accept(2)
crypto: hash - Add crypto_ahash_has_setkey
crypto: algif_skcipher - Add nokey compatibility path
crypto: af_alg - Add nokey compatibility path
crypto: af_alg - Fix socket double-free when accept fails
crypto: af_alg - Disallow bind/setkey/... after accept(2)
crypto: algif_skcipher - Require setkey before accept(2)
sched: Fix crash in sched_init_numa()
ext4 crypto: add missing locking for keyring_key access
iommu/io-pgtable-arm: Ensure we free the final level on teardown
tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
tty: Retry failed reopen if tty teardown in-progress
tty: Wait interruptibly for tty lock on reopen
n_tty: Fix unsafe reference to "other" ldisc
usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Broxton-M platforms
usb: xhci: handle both SSIC ports in PME stuck quirk
usb: phy: msm: fix error handling in probe.
usb: cdc-acm: send zero packet for intel 7260 modem
usb: cdc-acm: handle unlinked urb in acm read callback
USB: option: fix Cinterion AHxx enumeration
USB: serial: option: Adding support for Telit LE922
USB: cp210x: add ID for IAI USB to RS485 adaptor
USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
usb: hub: do not clear BOS field during reset device
USB: visor: fix null-deref at probe
USB: serial: visor: fix crash on detecting device without write_urbs
ASoC: rt5645: fix the shift bit of IN1 boost
saa7134-alsa: Only frees registered sound cards
ALSA: dummy: Implement timer backend switching more safely
ALSA: hda - Fix bad dereference of jack object
ALSA: hda - Fix speaker output from VAIO AiO machines
Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo"
ALSA: hda - Fix static checker warning in patch_hdmi.c
ALSA: hda - Add fixup for Mac Mini 7,1 model
ALSA: timer: Fix race between stop and interrupt
ALSA: timer: Fix wrong instance passed to slave callbacks
ALSA: timer: Fix race at concurrent reads
ALSA: timer: Fix link corruption due to double start or stop
ALSA: timer: Fix leftover link at closing
ALSA: timer: Code cleanup
ALSA: seq: Fix lockdep warnings due to double mutex locks
ALSA: seq: Fix race at closing in virmidi driver
ALSA: seq: Fix yet another races among ALSA timer accesses
ASoC: dpcm: fix the BE state on hw_free
ALSA: pcm: Fix potential deadlock in OSS emulation
ALSA: hda/realtek - Support Dell headset mode for ALC225
ALSA: hda/realtek - Support headset mode for ALC225
ALSA: hda/realtek - New codec support of ALC225
ALSA: rawmidi: Fix race at copying & updating the position
ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check
ALSA: rawmidi: Make snd_rawmidi_transmit() race-free
ALSA: seq: Degrade the error message for too many opens
ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
ALSA: dummy: Disable switching timer backend via sysfs
ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures
ALSA: hda - disable dynamic clock gating on Broxton before reset
ALSA: Add missing dependency on CONFIG_SND_TIMER
ALSA: bebob: Use a signed return type for get_formation_index
ALSA: usb-audio: avoid freeing umidi object twice
ALSA: usb-audio: Add native DSD support for PS Audio NuWave DAC
ALSA: usb-audio: Fix OPPO HA-1 vendor ID
ALSA: usb-audio: Add quirk for Microsoft LifeCam HD-6000
ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay
hrtimer: Handle remaining time proper for TIME_LOW_RES
md/raid: only permit hot-add of compatible integrity profiles
media: i2c: Don't export ir-kbd-i2c module alias
parisc: Fix __ARCH_SI_PREAMBLE_SIZE
parisc: Protect huge page pte changes with spinlocks
printk: do cond_resched() between lines while outputting to consoles
tracing/stacktrace: Show entire trace if passed in function not found
tracing: Fix stacktrace skip depth in trace_buffer_unlock_commit_regs()
PCI: Fix minimum allocation address overwrite
PCI: host: Mark PCIe/PCI (MSI) IRQ cascade handlers as IRQF_NO_THREAD
mtd: nand: assign reasonable default name for NAND drivers
wlcore/wl12xx: spi: fix NULL pointer dereference (Oops)
wlcore/wl12xx: spi: fix oops on firmware load
ocfs2/dlm: clear refmap bit of recovery lock while doing local recovery cleanup
ocfs2/dlm: ignore cleaning the migration mle that is inuse
ALSA: hda - Implement loopback control switch for Realtek and other codecs
block: fix bio splitting on max sectors
base/platform: Fix platform drivers with no probe callback
HID: usbhid: fix recursive deadlock
ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock
block: split bios to max possible length
NFSv4.1/pnfs: Fixup an lo->plh_block_lgets imbalance in layoutreturn
crypto: sun4i-ss - add missing statesize
Linux 4.4.1
arm64: kernel: fix architected PMU registers unconditional access
arm64: kernel: enforce pmuserenr_el0 initialization and restore
arm64: mm: ensure that the zero page is visible to the page table walker
arm64: Clear out any singlestep state on a ptrace detach operation
powerpc/module: Handle R_PPC64_ENTRY relocations
scripts/recordmcount.pl: support data in text section on powerpc
powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
powerpc: Make value-returning atomics fully ordered
powerpc/tm: Check for already reclaimed tasks
batman-adv: Drop immediate orig_node free function
batman-adv: Drop immediate batadv_hard_iface free function
batman-adv: Drop immediate neigh_ifinfo free function
batman-adv: Drop immediate batadv_neigh_node free function
batman-adv: Drop immediate batadv_orig_ifinfo free function
batman-adv: Avoid recursive call_rcu for batadv_nc_node
batman-adv: Avoid recursive call_rcu for batadv_bla_claim
team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid
net/mlx5_core: Fix trimming down IRQ number
bridge: fix lockdep addr_list_lock false positive splat
ipv6: update skb->csum when CE mark is propagated
net: bpf: reject invalid shifts
phonet: properly unshare skbs in phonet_rcv()
dwc_eth_qos: Fix dma address for multi-fragment skbs
bonding: Prevent IPv6 link local address on enslaved devices
net: preserve IP control block during GSO segmentation
udp: disallow UFO for sockets with SO_NO_CHECK option
net: pktgen: fix null ptr deref in skb allocation
sched,cls_flower: set key address type when present
tcp_yeah: don't set ssthresh below 2
ipv6: tcp: add rcu locking in tcp_v6_send_synack()
net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory
vxlan: fix test which detect duplicate vxlan iface
unix: properly account for FDs passed over unix sockets
xhci: refuse loading if nousb is used
usb: core: lpm: fix usb3_hardware_lpm sysfs node
USB: cp210x: add ID for ELV Marble Sound Board 1
rtlwifi: fix memory leak for USB device
ASoC: compress: Fix compress device direction check
ASoC: wm5110: Fix PGA clear when disabling DRE
ALSA: timer: Handle disconnection more safely
ALSA: hda - Flush the pending probe work at remove
ALSA: hda - Fix missing module loading with model=generic option
ALSA: hda - Fix bass pin fixup for ASUS N550JX
ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
ALSA: hrtimer: Fix stall by hrtimer_cancel()
ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode
ALSA: hda - Add fixup for Dell Latitidue E6540
ALSA: timer: Fix double unlink of active_list
ALSA: timer: Fix race among timer ioctls
ALSA: hda - fix the headset mic detection problem for a Dell laptop
ALSA: timer: Harden slave timer list handling
ALSA: usb-audio: Fix mixer ctl regression of Native Instrument devices
ALSA: hda - Fix white noise on Dell Latitude E5550
ALSA: seq: Fix race at timer setup and close
ALSA: usb-audio: Avoid calling usb_autopm_put_interface() at disconnect
ALSA: seq: Fix missing NULL check at remove_events ioctl
ALSA: hda - Fixup inverted internal mic for Lenovo E50-80
ALSA: usb: Add native DSD support for Oppo HA-1
x86/mm: Improve switch_mm() barrier comments
x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
x86/boot: Double BOOT_HEAP_SIZE to 64KB
x86/reboot/quirks: Add iMac10,1 to pci_reboot_dmi_table[]
kvm: x86: Fix vmwrite to SECONDARY_VM_EXEC_CONTROL
KVM: x86: correctly print #AC in traces
KVM: x86: expose MSR_TSC_AUX to userspace
x86/xen: don't reset vcpu_info on a cancelled suspend
KEYS: Fix keyring ref leak in join_session_keyring()
Conflicts:
arch/arm64/kernel/perf_event.c
drivers/scsi/sd.c
sound/core/compress_offload.c
Change-Id: I9f77fe42aaae249c24cd6e170202110ab1426878
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
KASan marks slub objects as redzone and free and the bitmasks for
that region are not cleared until the pages are freed. When
CONFIG_PAGE_POISONING is enabled, as the pages still have special
bitmasks, KAsan report arises during pages poisoning. So mark the
pages as alloc status before poisoning the pages.
==================================================================
BUG: KASan: use after free in memset+0x24/0x44 at addr ffffffc0bb628000
Write of size 4096 by task kworker/u8:0/6
page:ffffffbacc51d900 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x4000000000000000()
page dumped because: kasan: bad access detected
Call trace:
[<ffffffc00008c010>] dump_backtrace+0x0/0x250
[<ffffffc00008c270>] show_stack+0x10/0x1c
[<ffffffc001b6f9e4>] dump_stack+0x74/0xfc
[<ffffffc0002debf4>] kasan_report_error+0x2b0/0x408
[<ffffffc0002dee28>] kasan_report+0x34/0x40
[<ffffffc0002de240>] __asan_storeN+0x15c/0x168
[<ffffffc0002de47c>] memset+0x20/0x44
[<ffffffc0002d77bc>] kernel_map_pages+0x2e8/0x384
[<ffffffc000266458>] free_pages_prepare+0x340/0x3a0
[<ffffffc0002694cc>] __free_pages_ok+0x20/0x12c
[<ffffffc00026a698>] __free_pages+0x34/0x44
[<ffffffc00026ab3c>] __free_kmem_pages+0x8/0x14
[<ffffffc0002dc3fc>] kfree+0x114/0x254
[<ffffffc000b05748>] devres_free+0x48/0x5c
[<ffffffc000b05824>] devres_destroy+0x10/0x28
[<ffffffc000b05958>] devm_kfree+0x1c/0x3c
Memory state around the buggy address:
ffffffc0bb627f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc0bb627f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffc0bb628000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffffffc0bb628080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffffffc0bb628100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
BUG: KASan: use after free in memset+0x24/0x44 at addr ffffffc0bb2fe000
Write of size 4096 by task swapper/0/1
page:ffffffbacc4fdec0 count:0 mapcount:0 mapping: (null) index:0xffffffc0bb2fe6a0
flags: 0x4000000000000000()
page dumped because: kasan: bad access detected
Call trace:
[<ffffffc00008c010>] dump_backtrace+0x0/0x250
[<ffffffc00008c270>] show_stack+0x10/0x1c
[<ffffffc001b6f9e4>] dump_stack+0x74/0xfc
[<ffffffc0002debf4>] kasan_report_error+0x2b0/0x408
[<ffffffc0002dee28>] kasan_report+0x34/0x40
[<ffffffc0002de240>] __asan_storeN+0x15c/0x168
[<ffffffc0002de47c>] memset+0x20/0x44
[<ffffffc0002d77bc>] kernel_map_pages+0x2e8/0x384
[<ffffffc000266458>] free_pages_prepare+0x340/0x3a0
[<ffffffc0002694cc>] __free_pages_ok+0x20/0x12c
[<ffffffc00026a698>] __free_pages+0x34/0x44
[<ffffffc0002d9c98>] __free_slab+0x15c/0x178
[<ffffffc0002d9d14>] discard_slab+0x60/0x6c
[<ffffffc0002dc034>] __slab_free+0x320/0x340
[<ffffffc0002dc224>] kmem_cache_free+0x1d0/0x25c
[<ffffffc0003bb608>] kernfs_put+0x2a0/0x3d8
Memory state around the buggy address:
ffffffc0bb2fdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffffffc0bb2fdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffffffc0bb2fe000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
^
fffffc0bb2fe080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffffffc0bb2fe100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
Change-Id: Id963b9439685f94a022dcdd60b59aaf126610387
Signed-off-by: Se Wang (Patrick) Oh <sewango@codeaurora.org>
[satyap: trivial merge conflict resolution]
Signed-off-by: Satya Durga Srinivasu Prabhala <satyap@codeaurora.org>
UBSAN uses compile-time instrumentation to catch undefined behavior
(UB). Compiler inserts code that perform certain kinds of checks before
operations that could cause UB. If check fails (i.e. UB detected)
__ubsan_handle_* function called to print error message.
So the most of the work is done by compiler. This patch just implements
ubsan handlers printing errors.
GCC has this capability since 4.9.x [1] (see -fsanitize=undefined
option and its suboptions).
However GCC 5.x has more checkers implemented [2].
Article [3] has a bit more details about UBSAN in the GCC.
[1] - https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html
[2] - https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html
[3] - http://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/
Issues which UBSAN has found thus far are:
Found bugs:
* out-of-bounds access - 97840cb67f ("netfilter: nfnetlink: fix
insufficient validation in nfnetlink_bind")
undefined shifts:
* d48458d4a7 ("jbd2: use a better hash function for the revoke
table")
* 10632008b9 ("clockevents: Prevent shift out of bounds")
* 'x << -1' shift in ext4 -
http://lkml.kernel.org/r/<5444EF21.8020501@samsung.com>
* undefined rol32(0) -
http://lkml.kernel.org/r/<1449198241-20654-1-git-send-email-sasha.levin@oracle.com>
* undefined dirty_ratelimit calculation -
http://lkml.kernel.org/r/<566594E2.3050306@odin.com>
* undefined roundown_pow_of_two(0) -
http://lkml.kernel.org/r/<1449156616-11474-1-git-send-email-sasha.levin@oracle.com>
* [WONTFIX] undefined shift in __bpf_prog_run -
http://lkml.kernel.org/r/<CACT4Y+ZxoR3UjLgcNdUm4fECLMx2VdtfrENMtRRCdgHB2n0bJA@mail.gmail.com>
WONTFIX here because it should be fixed in bpf program, not in kernel.
signed overflows:
* 32a8df4e0b ("sched: Fix odd values in effective_load()
calculations")
* mul overflow in ntp -
http://lkml.kernel.org/r/<1449175608-1146-1-git-send-email-sasha.levin@oracle.com>
* incorrect conversion into rtc_time in rtc_time64_to_tm() -
http://lkml.kernel.org/r/<1449187944-11730-1-git-send-email-sasha.levin@oracle.com>
* unvalidated timespec in io_getevents() -
http://lkml.kernel.org/r/<CACT4Y+bBxVYLQ6LtOKrKtnLthqLHcw-BMp3aqP3mjdAvr9FULQ@mail.gmail.com>
* [NOTABUG] signed overflow in ktime_add_safe() -
http://lkml.kernel.org/r/<CACT4Y+aJ4muRnWxsUe1CMnA6P8nooO33kwG-c8YZg=0Xc8rJqw@mail.gmail.com>
[akpm@linux-foundation.org: fix unused local warning]
[akpm@linux-foundation.org: fix __int128 build woes]
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Yury Gribov <y.gribov@samsung.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
Git-commit: c6d308534aef6c99904bf5862066360ae067abc4
[tsoni@codeaurora.org: trivial merge conflict resolution]
CRs-Fixed: 969533
Change-Id: I048b9936b1120e0d375b7932c59de78d8ef8f411
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
[satyap@codeaurora.org: trivial merge conflict resolution]
Signed-off-by: Satya Durga Srinivasu Prabhala <satyap@codeaurora.org>
