The patch titled
Subject: mm: memcontrol: fix percpu vmstats and vmevents flush
has been removed from the -mm tree. Its filename was
mm-memcontrol-fix-percpu-vmstats-and-vmevents-flush.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Shakeel Butt <shakeelb(a)google.com>
Subject: mm: memcontrol: fix percpu vmstats and vmevents flush
Instead of using raw_cpu_read() use per_cpu() to read the actual data of
the corresponding cpu otherwise we will be reading the data of the current
cpu for the number of online CPUs.
Link: http://lkml.kernel.org/r/20190829203110.129263-1-shakeelb@google.com
Fixes: bb65f89b7d3d ("mm: memcontrol: flush percpu vmevents before releasing memcg")
Fixes: c350a99ea2b1 ("mm: memcontrol: flush percpu vmstats before releasing memcg")
Signed-off-by: Shakeel Butt <shakeelb(a)google.com>
Acked-by: Roman Gushchin <guro(a)fb.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/memcontrol.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/mm/memcontrol.c~mm-memcontrol-fix-percpu-vmstats-and-vmevents-flush
+++ a/mm/memcontrol.c
@@ -3278,7 +3278,7 @@ static void memcg_flush_percpu_vmstats(s
for_each_online_cpu(cpu)
for (i = min_idx; i < max_idx; i++)
- stat[i] += raw_cpu_read(memcg->vmstats_percpu->stat[i]);
+ stat[i] += per_cpu(memcg->vmstats_percpu->stat[i], cpu);
for (mi = memcg; mi; mi = parent_mem_cgroup(mi))
for (i = min_idx; i < max_idx; i++)
@@ -3296,8 +3296,8 @@ static void memcg_flush_percpu_vmstats(s
for_each_online_cpu(cpu)
for (i = min_idx; i < max_idx; i++)
- stat[i] += raw_cpu_read(
- pn->lruvec_stat_cpu->count[i]);
+ stat[i] += per_cpu(
+ pn->lruvec_stat_cpu->count[i], cpu);
for (pi = pn; pi; pi = parent_nodeinfo(pi, node))
for (i = min_idx; i < max_idx; i++)
@@ -3316,8 +3316,8 @@ static void memcg_flush_percpu_vmevents(
for_each_online_cpu(cpu)
for (i = 0; i < NR_VM_EVENT_ITEMS; i++)
- events[i] += raw_cpu_read(
- memcg->vmstats_percpu->events[i]);
+ events[i] += per_cpu(memcg->vmstats_percpu->events[i],
+ cpu);
for (mi = memcg; mi; mi = parent_mem_cgroup(mi))
for (i = 0; i < NR_VM_EVENT_ITEMS; i++)
_
Patches currently in -mm which might be from shakeelb(a)google.com are
The patch titled
Subject: mm, memcg: partially revert "mm/memcontrol.c: keep local VM counters in sync with the hierarchical ones"
has been removed from the -mm tree. Its filename was
partially-revert-mm-memcontrolc-keep-local-vm-counters-in-sync-with-the-hierarchical-ones.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Roman Gushchin <guro(a)fb.com>
Subject: mm, memcg: partially revert "mm/memcontrol.c: keep local VM counters in sync with the hierarchical ones"
Commit 766a4c19d880 ("mm/memcontrol.c: keep local VM counters in sync with
the hierarchical ones") effectively decreased the precision of per-memcg
vmstats_local and per-memcg-per-node lruvec percpu counters.
That's good for displaying in memory.stat, but brings a serious regression
into the reclaim process.
One issue I've discovered and debugged is the following: lruvec_lru_size()
can return 0 instead of the actual number of pages in the lru list,
preventing the kernel to reclaim last remaining pages. Result is yet
another dying memory cgroups flooding. The opposite is also happening:
scanning an empty lru list is the waste of cpu time.
Also, inactive_list_is_low() can return incorrect values, preventing the
active lru from being scanned and freed. It can fail both because the
size of active and inactive lists are inaccurate, and because the number
of workingset refaults isn't precise. In other words, the result is
pretty random.
I'm not sure, if using the approximate number of slab pages in
count_shadow_number() is acceptable, but issues described above are enough
to partially revert the patch.
Let's keep per-memcg vmstat_local batched (they are only used for
displaying stats to the userspace), but keep lruvec stats precise. This
change fixes the dead memcg flooding on my setup.
Link: http://lkml.kernel.org/r/20190817004726.2530670-1-guro@fb.com
Fixes: 766a4c19d880 ("mm/memcontrol.c: keep local VM counters in sync with the hierarchical ones")
Signed-off-by: Roman Gushchin <guro(a)fb.com>
Acked-by: Yafang Shao <laoar.shao(a)gmail.com>
Cc: Johannes Weiner <hannes(a)cmpxchg.org>
Cc: Michal Hocko <mhocko(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/memcontrol.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/mm/memcontrol.c~partially-revert-mm-memcontrolc-keep-local-vm-counters-in-sync-with-the-hierarchical-ones
+++ a/mm/memcontrol.c
@@ -752,15 +752,13 @@ void __mod_lruvec_state(struct lruvec *l
/* Update memcg */
__mod_memcg_state(memcg, idx, val);
+ /* Update lruvec */
+ __this_cpu_add(pn->lruvec_stat_local->count[idx], val);
+
x = val + __this_cpu_read(pn->lruvec_stat_cpu->count[idx]);
if (unlikely(abs(x) > MEMCG_CHARGE_BATCH)) {
struct mem_cgroup_per_node *pi;
- /*
- * Batch local counters to keep them in sync with
- * the hierarchical ones.
- */
- __this_cpu_add(pn->lruvec_stat_local->count[idx], x);
for (pi = pn; pi; pi = parent_nodeinfo(pi, pgdat->node_id))
atomic_long_add(x, &pi->lruvec_stat[idx]);
x = 0;
_
Patches currently in -mm which might be from guro(a)fb.com are
mm-memcontrol-switch-to-rcu-protection-in-drain_all_stock.patch
Hello,
We ran automated tests on a patchset that was proposed for merging into this
kernel tree. The patches were applied to:
Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Commit: c3915fe1bf12 - Linux 5.2.11
The results of these automated tests are provided below.
Overall result: PASSED
Merge: OK
Compile: OK
Tests: OK
All kernel binaries, config files, and logs are available for download here:
https://artifacts.cki-project.org/pipelines/141232
Please reply to this email if you have any questions about the tests that we
ran or if you have any suggestions on how to make future tests more effective.
,-. ,-.
( C ) ( K ) Continuous
`-',-.`-' Kernel
( I ) Integration
`-'
______________________________________________________________________________
Merge testing
-------------
We cloned this repository and checked out the following commit:
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Commit: c3915fe1bf12 - Linux 5.2.11
We grabbed the d5e0e6a34f8b commit of the stable queue repository.
We then merged the patchset with `git am`:
dmaengine-ste_dma40-fix-unneeded-variable-warning.patch
nvme-multipath-revalidate-nvme_ns_head-gendisk-in-nv.patch
afs-fix-the-cb.probeuuid-service-handler-to-reply-co.patch
afs-fix-loop-index-mixup-in-afs_deliver_vl_get_entry.patch
fs-afs-fix-a-possible-null-pointer-dereference-in-af.patch
afs-fix-off-by-one-in-afs_rename-expected-data-versi.patch
afs-only-update-d_fsdata-if-different-in-afs_d_reval.patch
afs-fix-missing-dentry-data-version-updating.patch
nvmet-fix-use-after-free-bug-when-a-port-is-removed.patch
nvmet-loop-flush-nvme_delete_wq-when-removing-the-po.patch
nvmet-file-fix-nvmet_file_flush-always-returning-an-.patch
nvme-core-fix-extra-device_put-call-on-error-path.patch
nvme-fix-a-possible-deadlock-when-passthru-commands-.patch
nvme-rdma-fix-possible-use-after-free-in-connect-err.patch
nvme-fix-controller-removal-race-with-scan-work.patch
nvme-pci-fix-async-probe-remove-race.patch
soundwire-cadence_master-fix-register-definition-for.patch
soundwire-cadence_master-fix-definitions-for-intstat.patch
auxdisplay-panel-need-to-delete-scan_timer-when-misc.patch
btrfs-trim-check-the-range-passed-into-to-prevent-ov.patch
ib-mlx5-fix-implicit-mr-release-flow.patch
dmaengine-stm32-mdma-fix-a-possible-null-pointer-der.patch
omap-dma-omap_vout_vrfb-fix-off-by-one-fi-value.patch
iommu-dma-handle-sg-length-overflow-better.patch
dma-direct-don-t-truncate-dma_required_mask-to-bus-a.patch
usb-gadget-composite-clear-suspended-on-reset-discon.patch
usb-gadget-mass_storage-fix-races-between-fsg_disabl.patch
habanalabs-fix-dram-usage-accounting-on-context-tear.patch
habanalabs-fix-endianness-handling-for-packets-from-.patch
habanalabs-fix-completion-queue-handling-when-host-i.patch
habanalabs-fix-endianness-handling-for-internal-qman.patch
habanalabs-fix-device-irq-unmasking-for-be-host.patch
xen-blkback-fix-memory-leaks.patch
arm64-cpufeature-don-t-treat-granule-sizes-as-strict.patch
riscv-fix-flush_tlb_range-end-address-for-flush_tlb_.patch
i2c-rcar-avoid-race-when-unregistering-slave-client.patch
i2c-emev2-avoid-race-when-unregistering-slave-client.patch
drm-scheduler-use-job-count-instead-of-peek.patch
drm-ast-fixed-reboot-test-may-cause-system-hanged.patch
usb-host-fotg2-restart-hcd-after-port-reset.patch
tools-hv-fixed-python-pep8-flake8-warnings-for-lsvmb.patch
tools-hv-fix-kvp-and-vss-daemons-exit-code.patch
locking-rwsem-add-missing-acquire-to-read_slowpath-e.patch
lcoking-rwsem-add-missing-acquire-to-read_slowpath-s.patch
watchdog-bcm2835_wdt-fix-module-autoload.patch
selftests-bpf-install-files-test_xdp_vlan.sh.patch
drm-bridge-tfp410-fix-memleak-in-get_modes.patch
mt76-usb-fix-rx-a-msdu-support.patch
ipv6-addrconf-allow-adding-multicast-addr-if-ifa_f_mcautojoin-is-set.patch
ipv6-fix-return-value-of-ipv6_mc_may_pull-for-malformed-packets.patch
net-cpsw-fix-null-pointer-exception-in-the-probe-error-path.patch
net-fix-__ip_mc_inc_group-usage.patch
net-smc-make-sure-epollout-is-raised.patch
tcp-make-sure-epollout-wont-be-missed.patch
ipv4-mpls-fix-mpls_xmit-for-iptunnel.patch
openvswitch-fix-conntrack-cache-with-timeout.patch
ipv4-icmp-fix-rt-dst-dev-null-pointer-dereference.patch
xfrm-xfrm_policy-fix-dst-dev-null-pointer-dereference-in-collect_md-mode.patch
mm-zsmalloc.c-fix-build-when-config_compaction-n.patch
alsa-usb-audio-check-mixer-unit-bitmap-yet-more-strictly.patch
alsa-hda-ca0132-add-new-sbz-quirk.patch
alsa-line6-fix-memory-leak-at-line6_init_pcm-error-path.patch
alsa-hda-fixes-inverted-conexant-gpio-mic-mute-led.patch
alsa-seq-fix-potential-concurrent-access-to-the-deleted-pool.patch
alsa-usb-audio-fix-invalid-null-check-in-snd_emuusb_set_samplerate.patch
alsa-usb-audio-add-implicit-fb-quirk-for-behringer-ufx1604.patch
kvm-x86-skip-populating-logical-dest-map-if-apic-is-not-sw-enabled.patch
kvm-x86-hyper-v-don-t-crash-on-kvm_get_supported_hv_cpuid-when-kvm_intel.nested-is-disabled.patch
kvm-x86-don-t-update-rip-or-do-single-step-on-faulting-emulation.patch
uprobes-x86-fix-detection-of-32-bit-user-mode.patch
x86-mm-cpa-prevent-large-page-split-when-ftrace-flips-rw-on-kernel-text.patch
x86-apic-do-not-initialize-ldr-and-dfr-for-bigsmp.patch
x86-apic-include-the-ldr-when-clearing-out-apic-registers.patch
hid-logitech-hidpp-remove-support-for-the-g700-over-.patch
ftrace-fix-null-pointer-dereference-in-t_probe_next.patch
ftrace-check-for-successful-allocation-of-hash.patch
ftrace-check-for-empty-hash-and-comment-the-race-with-registering-probes.patch
Compile testing
---------------
We compiled the kernel for 3 architectures:
aarch64:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
ppc64le:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
x86_64:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
Hardware testing
----------------
We booted each kernel and ran the following tests:
aarch64:
Host 1:
✅ Boot test [0]
✅ Podman system integration test (as root) [1]
✅ Podman system integration test (as user) [1]
✅ Loopdev Sanity [2]
✅ jvm test suite [3]
✅ AMTU (Abstract Machine Test Utility) [4]
✅ LTP: openposix test suite [5]
✅ Ethernet drivers sanity [6]
✅ Networking socket: fuzz [7]
✅ Networking: igmp conformance test [8]
✅ audit: audit testsuite test [9]
✅ httpd: mod_ssl smoke sanity [10]
✅ iotop: sanity [11]
✅ tuned: tune-processes-through-perf [12]
✅ Usex - version 1.9-29 [13]
✅ stress: stress-ng [14]
🚧 ✅ LTP lite [15]
🚧 ✅ Memory function: kaslr [16]
🚧 ✅ Networking ipsec: basic netns transport [17]
🚧 ✅ Networking ipsec: basic netns tunnel [17]
🚧 ✅ trace: ftrace/tracer [18]
Host 2:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [19]
🚧 ✅ Storage blktests [20]
ppc64le:
Host 1:
✅ Boot test [0]
✅ Podman system integration test (as root) [1]
✅ Podman system integration test (as user) [1]
✅ Loopdev Sanity [2]
✅ jvm test suite [3]
✅ AMTU (Abstract Machine Test Utility) [4]
✅ LTP: openposix test suite [5]
✅ Ethernet drivers sanity [6]
✅ Networking socket: fuzz [7]
✅ audit: audit testsuite test [9]
✅ httpd: mod_ssl smoke sanity [10]
✅ iotop: sanity [11]
✅ tuned: tune-processes-through-perf [12]
✅ Usex - version 1.9-29 [13]
🚧 ✅ LTP lite [15]
🚧 ✅ Memory function: kaslr [16]
🚧 ✅ Networking ipsec: basic netns tunnel [17]
🚧 ✅ trace: ftrace/tracer [18]
Host 2:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [19]
🚧 ✅ Storage blktests [20]
x86_64:
Host 1:
⚡ Internal infrastructure issues prevented one or more tests (marked
with ⚡⚡⚡) from running on this architecture.
This is not the fault of the kernel that was tested.
✅ Boot test [0]
✅ Podman system integration test (as root) [1]
✅ Podman system integration test (as user) [1]
✅ Loopdev Sanity [2]
✅ jvm test suite [3]
✅ AMTU (Abstract Machine Test Utility) [4]
✅ LTP: openposix test suite [5]
✅ Ethernet drivers sanity [6]
✅ Networking socket: fuzz [7]
✅ Networking: igmp conformance test [8]
✅ audit: audit testsuite test [9]
✅ httpd: mod_ssl smoke sanity [10]
✅ iotop: sanity [11]
✅ tuned: tune-processes-through-perf [12]
✅ pciutils: sanity smoke test [21]
✅ Usex - version 1.9-29 [13]
✅ stress: stress-ng [14]
🚧 ⚡⚡⚡ LTP lite [15]
🚧 ✅ Memory function: kaslr [16]
🚧 ✅ Networking ipsec: basic netns transport [17]
🚧 ✅ Networking ipsec: basic netns tunnel [17]
🚧 ✅ trace: ftrace/tracer [18]
Host 2:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [19]
🚧 ✅ Storage blktests [20]
🚧 ✅ IOMMU boot test [22]
Test source:
💚 Pull requests are welcome for new tests or improvements to existing tests!
[0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/container/p…
[2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/…
[3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/jvm
[4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu
[5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/i…
[9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud…
[10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt…
[11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot…
[12]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun…
[13]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us…
[14]: https://github.com/CKI-project/tests-beaker/archive/master.zip#stress/stres…
[15]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[16]: https://github.com/CKI-project/tests-beaker/archive/master.zip#memory/funct…
[17]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[18]: https://github.com/CKI-project/tests-beaker/archive/master.zip#trace/ftrace…
[19]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se…
[20]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/blk
[21]: https://github.com/CKI-project/tests-beaker/archive/master.zip#pciutils/san…
[22]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/iommu/boot
Waived tests
------------
If the test run included waived tests, they are marked with 🚧. Such tests are
executed but their results are not taken into account. Tests are waived when
their results are not reliable enough, e.g. when they're just introduced or are
being fixed.
Hello,
We ran automated tests on a patchset that was proposed for merging into this
kernel tree. The patches were applied to:
Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Commit: c3915fe1bf12 - Linux 5.2.11
The results of these automated tests are provided below.
Overall result: PASSED
Merge: OK
Compile: OK
Tests: OK
All kernel binaries, config files, and logs are available for download here:
https://artifacts.cki-project.org/pipelines/140992
Please reply to this email if you have any questions about the tests that we
ran or if you have any suggestions on how to make future tests more effective.
,-. ,-.
( C ) ( K ) Continuous
`-',-.`-' Kernel
( I ) Integration
`-'
______________________________________________________________________________
Merge testing
-------------
We cloned this repository and checked out the following commit:
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Commit: c3915fe1bf12 - Linux 5.2.11
We grabbed the 87cde3375279 commit of the stable queue repository.
We then merged the patchset with `git am`:
dmaengine-ste_dma40-fix-unneeded-variable-warning.patch
nvme-multipath-revalidate-nvme_ns_head-gendisk-in-nv.patch
afs-fix-the-cb.probeuuid-service-handler-to-reply-co.patch
afs-fix-loop-index-mixup-in-afs_deliver_vl_get_entry.patch
fs-afs-fix-a-possible-null-pointer-dereference-in-af.patch
afs-fix-off-by-one-in-afs_rename-expected-data-versi.patch
afs-only-update-d_fsdata-if-different-in-afs_d_reval.patch
afs-fix-missing-dentry-data-version-updating.patch
nvmet-fix-use-after-free-bug-when-a-port-is-removed.patch
nvmet-loop-flush-nvme_delete_wq-when-removing-the-po.patch
nvmet-file-fix-nvmet_file_flush-always-returning-an-.patch
nvme-core-fix-extra-device_put-call-on-error-path.patch
nvme-fix-a-possible-deadlock-when-passthru-commands-.patch
nvme-rdma-fix-possible-use-after-free-in-connect-err.patch
nvme-fix-controller-removal-race-with-scan-work.patch
nvme-pci-fix-async-probe-remove-race.patch
soundwire-cadence_master-fix-register-definition-for.patch
soundwire-cadence_master-fix-definitions-for-intstat.patch
auxdisplay-panel-need-to-delete-scan_timer-when-misc.patch
btrfs-trim-check-the-range-passed-into-to-prevent-ov.patch
ib-mlx5-fix-implicit-mr-release-flow.patch
dmaengine-stm32-mdma-fix-a-possible-null-pointer-der.patch
omap-dma-omap_vout_vrfb-fix-off-by-one-fi-value.patch
iommu-dma-handle-sg-length-overflow-better.patch
dma-direct-don-t-truncate-dma_required_mask-to-bus-a.patch
usb-gadget-composite-clear-suspended-on-reset-discon.patch
usb-gadget-mass_storage-fix-races-between-fsg_disabl.patch
habanalabs-fix-dram-usage-accounting-on-context-tear.patch
habanalabs-fix-endianness-handling-for-packets-from-.patch
habanalabs-fix-completion-queue-handling-when-host-i.patch
habanalabs-fix-endianness-handling-for-internal-qman.patch
habanalabs-fix-device-irq-unmasking-for-be-host.patch
xen-blkback-fix-memory-leaks.patch
arm64-cpufeature-don-t-treat-granule-sizes-as-strict.patch
riscv-fix-flush_tlb_range-end-address-for-flush_tlb_.patch
i2c-rcar-avoid-race-when-unregistering-slave-client.patch
i2c-emev2-avoid-race-when-unregistering-slave-client.patch
drm-scheduler-use-job-count-instead-of-peek.patch
drm-ast-fixed-reboot-test-may-cause-system-hanged.patch
usb-host-fotg2-restart-hcd-after-port-reset.patch
tools-hv-fixed-python-pep8-flake8-warnings-for-lsvmb.patch
tools-hv-fix-kvp-and-vss-daemons-exit-code.patch
locking-rwsem-add-missing-acquire-to-read_slowpath-e.patch
lcoking-rwsem-add-missing-acquire-to-read_slowpath-s.patch
watchdog-bcm2835_wdt-fix-module-autoload.patch
selftests-bpf-install-files-test_xdp_vlan.sh.patch
drm-bridge-tfp410-fix-memleak-in-get_modes.patch
mt76-usb-fix-rx-a-msdu-support.patch
ipv6-addrconf-allow-adding-multicast-addr-if-ifa_f_mcautojoin-is-set.patch
ipv6-fix-return-value-of-ipv6_mc_may_pull-for-malformed-packets.patch
net-cpsw-fix-null-pointer-exception-in-the-probe-error-path.patch
net-fix-__ip_mc_inc_group-usage.patch
net-smc-make-sure-epollout-is-raised.patch
tcp-make-sure-epollout-wont-be-missed.patch
ipv4-mpls-fix-mpls_xmit-for-iptunnel.patch
openvswitch-fix-conntrack-cache-with-timeout.patch
ipv4-icmp-fix-rt-dst-dev-null-pointer-dereference.patch
xfrm-xfrm_policy-fix-dst-dev-null-pointer-dereference-in-collect_md-mode.patch
mm-zsmalloc.c-fix-build-when-config_compaction-n.patch
alsa-usb-audio-check-mixer-unit-bitmap-yet-more-strictly.patch
alsa-hda-ca0132-add-new-sbz-quirk.patch
alsa-line6-fix-memory-leak-at-line6_init_pcm-error-path.patch
alsa-hda-fixes-inverted-conexant-gpio-mic-mute-led.patch
alsa-seq-fix-potential-concurrent-access-to-the-deleted-pool.patch
alsa-usb-audio-fix-invalid-null-check-in-snd_emuusb_set_samplerate.patch
alsa-usb-audio-add-implicit-fb-quirk-for-behringer-ufx1604.patch
kvm-x86-skip-populating-logical-dest-map-if-apic-is-not-sw-enabled.patch
kvm-x86-hyper-v-don-t-crash-on-kvm_get_supported_hv_cpuid-when-kvm_intel.nested-is-disabled.patch
kvm-x86-don-t-update-rip-or-do-single-step-on-faulting-emulation.patch
uprobes-x86-fix-detection-of-32-bit-user-mode.patch
x86-mm-cpa-prevent-large-page-split-when-ftrace-flips-rw-on-kernel-text.patch
x86-apic-do-not-initialize-ldr-and-dfr-for-bigsmp.patch
x86-apic-include-the-ldr-when-clearing-out-apic-registers.patch
hid-logitech-hidpp-remove-support-for-the-g700-over-.patch
Compile testing
---------------
We compiled the kernel for 3 architectures:
aarch64:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
ppc64le:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
x86_64:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
Hardware testing
----------------
We booted each kernel and ran the following tests:
aarch64:
Host 1:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [1]
🚧 ✅ Storage blktests [2]
Host 2:
✅ Boot test [0]
✅ Podman system integration test (as root) [3]
✅ Podman system integration test (as user) [3]
✅ Loopdev Sanity [4]
✅ jvm test suite [5]
✅ AMTU (Abstract Machine Test Utility) [6]
✅ LTP: openposix test suite [7]
✅ Ethernet drivers sanity [8]
✅ Networking socket: fuzz [9]
✅ Networking: igmp conformance test [10]
✅ audit: audit testsuite test [11]
✅ httpd: mod_ssl smoke sanity [12]
✅ iotop: sanity [13]
✅ tuned: tune-processes-through-perf [14]
✅ Usex - version 1.9-29 [15]
✅ stress: stress-ng [16]
🚧 ✅ LTP lite [17]
🚧 ✅ Memory function: kaslr [18]
🚧 ✅ Networking ipsec: basic netns transport [19]
🚧 ✅ Networking ipsec: basic netns tunnel [19]
ppc64le:
Host 1:
✅ Boot test [0]
✅ Podman system integration test (as root) [3]
✅ Podman system integration test (as user) [3]
✅ Loopdev Sanity [4]
✅ jvm test suite [5]
✅ AMTU (Abstract Machine Test Utility) [6]
✅ LTP: openposix test suite [7]
✅ Ethernet drivers sanity [8]
✅ Networking socket: fuzz [9]
✅ audit: audit testsuite test [11]
✅ httpd: mod_ssl smoke sanity [12]
✅ iotop: sanity [13]
✅ tuned: tune-processes-through-perf [14]
✅ Usex - version 1.9-29 [15]
🚧 ✅ LTP lite [17]
🚧 ✅ Memory function: kaslr [18]
🚧 ✅ Networking ipsec: basic netns tunnel [19]
Host 2:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [1]
🚧 ❌ Storage blktests [2]
x86_64:
Host 1:
✅ Boot test [0]
✅ Podman system integration test (as root) [3]
✅ Podman system integration test (as user) [3]
✅ Loopdev Sanity [4]
✅ jvm test suite [5]
✅ AMTU (Abstract Machine Test Utility) [6]
✅ LTP: openposix test suite [7]
✅ Ethernet drivers sanity [8]
✅ Networking socket: fuzz [9]
✅ Networking: igmp conformance test [10]
✅ audit: audit testsuite test [11]
✅ httpd: mod_ssl smoke sanity [12]
✅ iotop: sanity [13]
✅ tuned: tune-processes-through-perf [14]
✅ pciutils: sanity smoke test [20]
✅ Usex - version 1.9-29 [15]
✅ stress: stress-ng [16]
🚧 ✅ LTP lite [17]
🚧 ✅ Memory function: kaslr [18]
🚧 ✅ Networking ipsec: basic netns transport [19]
🚧 ✅ Networking ipsec: basic netns tunnel [19]
Host 2:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [1]
🚧 ✅ Storage blktests [2]
🚧 ✅ IOMMU boot test [21]
Test source:
💚 Pull requests are welcome for new tests or improvements to existing tests!
[0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se…
[2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/blk
[3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/container/p…
[4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/…
[5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/jvm
[6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu
[7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/i…
[11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud…
[12]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt…
[13]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot…
[14]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun…
[15]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us…
[16]: https://github.com/CKI-project/tests-beaker/archive/master.zip#stress/stres…
[17]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[18]: https://github.com/CKI-project/tests-beaker/archive/master.zip#memory/funct…
[19]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[20]: https://github.com/CKI-project/tests-beaker/archive/master.zip#pciutils/san…
[21]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/iommu/boot
Waived tests
------------
If the test run included waived tests, they are marked with 🚧. Such tests are
executed but their results are not taken into account. Tests are waived when
their results are not reliable enough, e.g. when they're just introduced or are
being fixed.
Hi,
I also tried to reproduce this in a targeted way, and run into the
same difficulty as you: satisfying the first condition “
(sk->sk_wmem_queued >> 1) > limit “.
I will not have bandwidth the coming days to try and reproduce it in
this way. Maybe simply forcing a very small send buffer using sysctl
net.ipv4.tcp_wmem might even do the trick?
I suspect that the bug is easier to trigger with the MPTCP patch like
I did originally, due to the way this patch manages the tcp subflow
buffers (it can temporarily overfill the buffers, satisfying that
first condition more often).
another thing, the stacktrace you shared before seems caused by
another issue (corrupted socket?), it will not be solved by the patch
we submitted.
kind regards,
Tim
On Tue, Sep 3, 2019 at 5:22 AM maowenan <maowenan(a)huawei.com> wrote:
>
> Hi Tim,
>
>
>
> I try to reproduce it with packetdrill or user application, but I can’t.
>
> The first condition “ (sk->sk_wmem_queued >> 1) > limit “ can’t be satisfied,
>
> This condition is to avoid tiny SO_SNDBUF values set by user.
>
> It also adds the some room due to the fact that tcp_sendmsg()
>
> and tcp_sendpage() might overshoot sk_wmem_queued by about one full
>
> TSO skb (64KB size).
>
>
>
> limit = sk->sk_sndbuf + 2 * SKB_TRUESIZE(GSO_MAX_SIZE);
>
> if (unlikely((sk->sk_wmem_queued >> 1) > limit &&
>
> skb != tcp_rtx_queue_head(sk) &&
>
> skb != tcp_rtx_queue_tail(sk))) {
>
> NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG);
>
> return -ENOMEM;
>
> }
>
>
>
> Can you try to reproduce it with packetdrill or C socket application?
>
>
--
Tim Froidcoeur | R&D engineer HAG
tim.froidcoeur(a)tessares.net
Tessares SA | Hybrid Access Solutions
www.tessares.net
1 Avenue Jean Monnet, 1348 Louvain-la-Neuve, Belgium
--
Disclaimer: https://www.tessares.net/mail-disclaimer/
<https://www.tessares.net/mail-disclaimer/>
The following commit has been merged into the sched/urgent branch of tip:
Commit-ID: 5e2d2cc2588bd3307ce3937acbc2ed03c830a861
Gitweb: https://git.kernel.org/tip/5e2d2cc2588bd3307ce3937acbc2ed03c830a861
Author: Liangyan <liangyan.peng(a)linux.alibaba.com>
AuthorDate: Mon, 26 Aug 2019 20:16:33 +08:00
Committer: Ingo Molnar <mingo(a)kernel.org>
CommitterDate: Tue, 03 Sep 2019 08:55:07 +02:00
sched/fair: Don't assign runtime for throttled cfs_rq
do_sched_cfs_period_timer() will refill cfs_b runtime and call
distribute_cfs_runtime to unthrottle cfs_rq, sometimes cfs_b->runtime
will allocate all quota to one cfs_rq incorrectly, then other cfs_rqs
attached to this cfs_b can't get runtime and will be throttled.
We find that one throttled cfs_rq has non-negative
cfs_rq->runtime_remaining and cause an unexpetced cast from s64 to u64
in snippet:
distribute_cfs_runtime() {
runtime = -cfs_rq->runtime_remaining + 1;
}
The runtime here will change to a large number and consume all
cfs_b->runtime in this cfs_b period.
According to Ben Segall, the throttled cfs_rq can have
account_cfs_rq_runtime called on it because it is throttled before
idle_balance, and the idle_balance calls update_rq_clock to add time
that is accounted to the task.
This commit prevents cfs_rq to be assgined new runtime if it has been
throttled until that distribute_cfs_runtime is called.
Signed-off-by: Liangyan <liangyan.peng(a)linux.alibaba.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org>
Reviewed-by: Valentin Schneider <valentin.schneider(a)arm.com>
Reviewed-by: Ben Segall <bsegall(a)google.com>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: shanpeic(a)linux.alibaba.com
Cc: stable(a)vger.kernel.org
Cc: xlpang(a)linux.alibaba.com
Fixes: d3d9dc330236 ("sched: Throttle entities exceeding their allowed bandwidth")
Link: https://lkml.kernel.org/r/20190826121633.6538-1-liangyan.peng@linux.alibaba…
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
---
kernel/sched/fair.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index bc9cfea..500f5db 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -4470,6 +4470,8 @@ static void __account_cfs_rq_runtime(struct cfs_rq *cfs_rq, u64 delta_exec)
if (likely(cfs_rq->runtime_remaining > 0))
return;
+ if (cfs_rq->throttled)
+ return;
/*
* if we're unable to extend our runtime we resched so that the active
* hierarchy can be throttled
@@ -4673,6 +4675,9 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b,
if (!cfs_rq_throttled(cfs_rq))
goto next;
+ /* By the above check, this should never be true */
+ SCHED_WARN_ON(cfs_rq->runtime_remaining > 0);
+
runtime = -cfs_rq->runtime_remaining + 1;
if (runtime > remaining)
runtime = remaining;
Hello,
We ran automated tests on a patchset that was proposed for merging into this
kernel tree. The patches were applied to:
Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Commit: c3915fe1bf12 - Linux 5.2.11
The results of these automated tests are provided below.
Overall result: PASSED
Merge: OK
Compile: OK
Tests: OK
All kernel binaries, config files, and logs are available for download here:
https://artifacts.cki-project.org/pipelines/140276
Please reply to this email if you have any questions about the tests that we
ran or if you have any suggestions on how to make future tests more effective.
,-. ,-.
( C ) ( K ) Continuous
`-',-.`-' Kernel
( I ) Integration
`-'
______________________________________________________________________________
Merge testing
-------------
We cloned this repository and checked out the following commit:
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Commit: c3915fe1bf12 - Linux 5.2.11
We grabbed the a72cf2e32965 commit of the stable queue repository.
We then merged the patchset with `git am`:
dmaengine-ste_dma40-fix-unneeded-variable-warning.patch
nvme-multipath-revalidate-nvme_ns_head-gendisk-in-nv.patch
afs-fix-the-cb.probeuuid-service-handler-to-reply-co.patch
afs-fix-loop-index-mixup-in-afs_deliver_vl_get_entry.patch
fs-afs-fix-a-possible-null-pointer-dereference-in-af.patch
afs-fix-off-by-one-in-afs_rename-expected-data-versi.patch
afs-only-update-d_fsdata-if-different-in-afs_d_reval.patch
afs-fix-missing-dentry-data-version-updating.patch
nvmet-fix-use-after-free-bug-when-a-port-is-removed.patch
nvmet-loop-flush-nvme_delete_wq-when-removing-the-po.patch
nvmet-file-fix-nvmet_file_flush-always-returning-an-.patch
nvme-core-fix-extra-device_put-call-on-error-path.patch
nvme-fix-a-possible-deadlock-when-passthru-commands-.patch
nvme-rdma-fix-possible-use-after-free-in-connect-err.patch
nvme-fix-controller-removal-race-with-scan-work.patch
nvme-pci-fix-async-probe-remove-race.patch
soundwire-cadence_master-fix-register-definition-for.patch
soundwire-cadence_master-fix-definitions-for-intstat.patch
auxdisplay-panel-need-to-delete-scan_timer-when-misc.patch
btrfs-trim-check-the-range-passed-into-to-prevent-ov.patch
ib-mlx5-fix-implicit-mr-release-flow.patch
dmaengine-stm32-mdma-fix-a-possible-null-pointer-der.patch
omap-dma-omap_vout_vrfb-fix-off-by-one-fi-value.patch
iommu-dma-handle-sg-length-overflow-better.patch
dma-direct-don-t-truncate-dma_required_mask-to-bus-a.patch
usb-gadget-composite-clear-suspended-on-reset-discon.patch
usb-gadget-mass_storage-fix-races-between-fsg_disabl.patch
habanalabs-fix-dram-usage-accounting-on-context-tear.patch
habanalabs-fix-endianness-handling-for-packets-from-.patch
habanalabs-fix-completion-queue-handling-when-host-i.patch
habanalabs-fix-endianness-handling-for-internal-qman.patch
habanalabs-fix-device-irq-unmasking-for-be-host.patch
xen-blkback-fix-memory-leaks.patch
arm64-cpufeature-don-t-treat-granule-sizes-as-strict.patch
riscv-fix-flush_tlb_range-end-address-for-flush_tlb_.patch
i2c-rcar-avoid-race-when-unregistering-slave-client.patch
i2c-emev2-avoid-race-when-unregistering-slave-client.patch
drm-scheduler-use-job-count-instead-of-peek.patch
drm-ast-fixed-reboot-test-may-cause-system-hanged.patch
usb-host-fotg2-restart-hcd-after-port-reset.patch
tools-hv-fixed-python-pep8-flake8-warnings-for-lsvmb.patch
tools-hv-fix-kvp-and-vss-daemons-exit-code.patch
locking-rwsem-add-missing-acquire-to-read_slowpath-e.patch
lcoking-rwsem-add-missing-acquire-to-read_slowpath-s.patch
watchdog-bcm2835_wdt-fix-module-autoload.patch
selftests-bpf-install-files-test_xdp_vlan.sh.patch
drm-bridge-tfp410-fix-memleak-in-get_modes.patch
mt76-usb-fix-rx-a-msdu-support.patch
ipv6-addrconf-allow-adding-multicast-addr-if-ifa_f_mcautojoin-is-set.patch
ipv6-fix-return-value-of-ipv6_mc_may_pull-for-malformed-packets.patch
net-cpsw-fix-null-pointer-exception-in-the-probe-error-path.patch
net-fix-__ip_mc_inc_group-usage.patch
net-smc-make-sure-epollout-is-raised.patch
tcp-make-sure-epollout-wont-be-missed.patch
ipv4-mpls-fix-mpls_xmit-for-iptunnel.patch
openvswitch-fix-conntrack-cache-with-timeout.patch
ipv4-icmp-fix-rt-dst-dev-null-pointer-dereference.patch
xfrm-xfrm_policy-fix-dst-dev-null-pointer-dereference-in-collect_md-mode.patch
mm-zsmalloc.c-fix-build-when-config_compaction-n.patch
alsa-usb-audio-check-mixer-unit-bitmap-yet-more-strictly.patch
alsa-hda-ca0132-add-new-sbz-quirk.patch
alsa-line6-fix-memory-leak-at-line6_init_pcm-error-path.patch
alsa-hda-fixes-inverted-conexant-gpio-mic-mute-led.patch
alsa-seq-fix-potential-concurrent-access-to-the-deleted-pool.patch
alsa-usb-audio-fix-invalid-null-check-in-snd_emuusb_set_samplerate.patch
alsa-usb-audio-add-implicit-fb-quirk-for-behringer-ufx1604.patch
kvm-x86-skip-populating-logical-dest-map-if-apic-is-not-sw-enabled.patch
kvm-x86-hyper-v-don-t-crash-on-kvm_get_supported_hv_cpuid-when-kvm_intel.nested-is-disabled.patch
kvm-x86-don-t-update-rip-or-do-single-step-on-faulting-emulation.patch
uprobes-x86-fix-detection-of-32-bit-user-mode.patch
x86-mm-cpa-prevent-large-page-split-when-ftrace-flips-rw-on-kernel-text.patch
x86-apic-do-not-initialize-ldr-and-dfr-for-bigsmp.patch
x86-apic-include-the-ldr-when-clearing-out-apic-registers.patch
Compile testing
---------------
We compiled the kernel for 3 architectures:
aarch64:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
ppc64le:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
x86_64:
make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg
Hardware testing
----------------
We booted each kernel and ran the following tests:
aarch64:
Host 1:
✅ Boot test [0]
✅ Podman system integration test (as root) [1]
✅ Podman system integration test (as user) [1]
✅ Loopdev Sanity [2]
✅ jvm test suite [3]
✅ AMTU (Abstract Machine Test Utility) [4]
✅ LTP: openposix test suite [5]
✅ Ethernet drivers sanity [6]
✅ Networking socket: fuzz [7]
✅ Networking: igmp conformance test [8]
✅ audit: audit testsuite test [9]
✅ httpd: mod_ssl smoke sanity [10]
✅ iotop: sanity [11]
✅ tuned: tune-processes-through-perf [12]
✅ Usex - version 1.9-29 [13]
✅ stress: stress-ng [14]
🚧 ✅ LTP lite [15]
🚧 ✅ Memory function: kaslr [16]
🚧 ✅ Networking ipsec: basic netns transport [17]
🚧 ✅ Networking ipsec: basic netns tunnel [17]
Host 2:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [18]
🚧 ✅ Storage blktests [19]
ppc64le:
Host 1:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [18]
🚧 ✅ Storage blktests [19]
Host 2:
✅ Boot test [0]
✅ Podman system integration test (as root) [1]
✅ Podman system integration test (as user) [1]
✅ Loopdev Sanity [2]
✅ jvm test suite [3]
✅ AMTU (Abstract Machine Test Utility) [4]
✅ LTP: openposix test suite [5]
✅ Ethernet drivers sanity [6]
✅ Networking socket: fuzz [7]
✅ audit: audit testsuite test [9]
✅ httpd: mod_ssl smoke sanity [10]
✅ iotop: sanity [11]
✅ tuned: tune-processes-through-perf [12]
✅ Usex - version 1.9-29 [13]
🚧 ✅ LTP lite [15]
🚧 ✅ Memory function: kaslr [16]
🚧 ✅ Networking ipsec: basic netns tunnel [17]
x86_64:
Host 1:
✅ Boot test [0]
✅ selinux-policy: serge-testsuite [18]
🚧 ✅ Storage blktests [19]
🚧 ❌ IOMMU boot test [20]
Host 2:
✅ Boot test [0]
✅ Podman system integration test (as root) [1]
✅ Podman system integration test (as user) [1]
✅ Loopdev Sanity [2]
✅ jvm test suite [3]
✅ AMTU (Abstract Machine Test Utility) [4]
✅ LTP: openposix test suite [5]
✅ Ethernet drivers sanity [6]
✅ Networking socket: fuzz [7]
✅ Networking: igmp conformance test [8]
✅ audit: audit testsuite test [9]
✅ httpd: mod_ssl smoke sanity [10]
✅ iotop: sanity [11]
✅ tuned: tune-processes-through-perf [12]
✅ pciutils: sanity smoke test [21]
✅ Usex - version 1.9-29 [13]
✅ stress: stress-ng [14]
🚧 ✅ LTP lite [15]
🚧 ✅ Memory function: kaslr [16]
🚧 ✅ Networking ipsec: basic netns transport [17]
🚧 ✅ Networking ipsec: basic netns tunnel [17]
Test source:
💚 Pull requests are welcome for new tests or improvements to existing tests!
[0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/container/p…
[2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/…
[3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/jvm
[4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu
[5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#networking/i…
[9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud…
[10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt…
[11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot…
[12]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun…
[13]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us…
[14]: https://github.com/CKI-project/tests-beaker/archive/master.zip#stress/stres…
[15]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
[16]: https://github.com/CKI-project/tests-beaker/archive/master.zip#memory/funct…
[17]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/…
[18]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se…
[19]: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/blk
[20]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/iommu/boot
[21]: https://github.com/CKI-project/tests-beaker/archive/master.zip#pciutils/san…
Waived tests
------------
If the test run included waived tests, they are marked with 🚧. Such tests are
executed but their results are not taken into account. Tests are waived when
their results are not reliable enough, e.g. when they're just introduced or are
being fixed.
The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 9212ec7d8357ea630031e89d0d399c761421c83b Mon Sep 17 00:00:00 2001
From: Sebastian Mayr <me(a)sam.st>
Date: Sun, 28 Jul 2019 17:26:17 +0200
Subject: [PATCH] uprobes/x86: Fix detection of 32-bit user mode
32-bit processes running on a 64-bit kernel are not always detected
correctly, causing the process to crash when uretprobes are installed.
The reason for the crash is that in_ia32_syscall() is used to determine the
process's mode, which only works correctly when called from a syscall.
In the case of uretprobes, however, the function is called from a exception
and always returns 'false' on a 64-bit kernel. In consequence this leads to
corruption of the process's return address.
Fix this by using user_64bit_mode() instead of in_ia32_syscall(), which
is correct in any situation.
[ tglx: Add a comment and the following historical info ]
This should have been detected by the rename which happened in commit
abfb9498ee13 ("x86/entry: Rename is_{ia32,x32}_task() to in_{ia32,x32}_syscall()")
which states in the changelog:
The is_ia32_task()/is_x32_task() function names are a big misnomer: they
suggests that the compat-ness of a system call is a task property, which
is not true, the compatness of a system call purely depends on how it
was invoked through the system call layer.
.....
and then it went and blindly renamed every call site.
Sadly enough this was already mentioned here:
8faaed1b9f50 ("uprobes/x86: Introduce sizeof_long(), cleanup adjust_ret_addr() and
arch_uretprobe_hijack_return_addr()")
where the changelog says:
TODO: is_ia32_task() is not what we actually want, TS_COMPAT does
not necessarily mean 32bit. Fortunately syscall-like insns can't be
probed so it actually works, but it would be better to rename and
use is_ia32_frame().
and goes all the way back to:
0326f5a94dde ("uprobes/core: Handle breakpoint and singlestep exceptions")
Oh well. 7+ years until someone actually tried a uretprobe on a 32bit
process on a 64bit kernel....
Fixes: 0326f5a94dde ("uprobes/core: Handle breakpoint and singlestep exceptions")
Signed-off-by: Sebastian Mayr <me(a)sam.st>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Masami Hiramatsu <mhiramat(a)kernel.org>
Cc: Dmitry Safonov <dsafonov(a)virtuozzo.com>
Cc: Oleg Nesterov <oleg(a)redhat.com>
Cc: Srikar Dronamraju <srikar(a)linux.vnet.ibm.com>
Cc: stable(a)vger.kernel.org
Link: https://lkml.kernel.org/r/20190728152617.7308-1-me@sam.st
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
index d8359ebeea70..8cd745ef8c7b 100644
--- a/arch/x86/kernel/uprobes.c
+++ b/arch/x86/kernel/uprobes.c
@@ -508,9 +508,12 @@ struct uprobe_xol_ops {
void (*abort)(struct arch_uprobe *, struct pt_regs *);
};
-static inline int sizeof_long(void)
+static inline int sizeof_long(struct pt_regs *regs)
{
- return in_ia32_syscall() ? 4 : 8;
+ /*
+ * Check registers for mode as in_xxx_syscall() does not apply here.
+ */
+ return user_64bit_mode(regs) ? 8 : 4;
}
static int default_pre_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs)
@@ -521,9 +524,9 @@ static int default_pre_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs)
static int emulate_push_stack(struct pt_regs *regs, unsigned long val)
{
- unsigned long new_sp = regs->sp - sizeof_long();
+ unsigned long new_sp = regs->sp - sizeof_long(regs);
- if (copy_to_user((void __user *)new_sp, &val, sizeof_long()))
+ if (copy_to_user((void __user *)new_sp, &val, sizeof_long(regs)))
return -EFAULT;
regs->sp = new_sp;
@@ -556,7 +559,7 @@ static int default_post_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs
long correction = utask->vaddr - utask->xol_vaddr;
regs->ip += correction;
} else if (auprobe->defparam.fixups & UPROBE_FIX_CALL) {
- regs->sp += sizeof_long(); /* Pop incorrect return address */
+ regs->sp += sizeof_long(regs); /* Pop incorrect return address */
if (emulate_push_stack(regs, utask->vaddr + auprobe->defparam.ilen))
return -ERESTART;
}
@@ -675,7 +678,7 @@ static int branch_post_xol_op(struct arch_uprobe *auprobe, struct pt_regs *regs)
* "call" insn was executed out-of-line. Just restore ->sp and restart.
* We could also restore ->ip and try to call branch_emulate_op() again.
*/
- regs->sp += sizeof_long();
+ regs->sp += sizeof_long(regs);
return -ERESTART;
}
@@ -1056,7 +1059,7 @@ bool arch_uprobe_skip_sstep(struct arch_uprobe *auprobe, struct pt_regs *regs)
unsigned long
arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs *regs)
{
- int rasize = sizeof_long(), nleft;
+ int rasize = sizeof_long(regs), nleft;
unsigned long orig_ret_vaddr = 0; /* clear high bits for 32-bit apps */
if (copy_from_user(&orig_ret_vaddr, (void __user *)regs->sp, rasize))