- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] [PATCH 4.9.y 2/2] drm: rcar-du: Fix race condition when disabling planes at CRTC stop

by Nhan Nguyen

From: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> commit 641307df71fe77d7b38a477067495ede05d47295 upstream. When stopping the CRTC the driver must disable all planes and wait for the change to take effect at the next vblank. Merely calling drm_crtc_wait_one_vblank() is not enough, as the function doesn't include any mechanism to handle the race with vblank interrupts. Replace the drm_crtc_wait_one_vblank() call with a manual mechanism that handles the vblank interrupt race. Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Signed-off-by: thongsyho <thong.ho.px(a)rvc.renesas.com> Signed-off-by: Nhan Nguyen <nhan.nguyen.yb(a)renesas.com> --- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 53 ++++++++++++++++++++++++++++++---- drivers/gpu/drm/rcar-du/rcar_du_crtc.h | 8 +++++ 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/rcar-du/rcar_du_crtc.c b/drivers/gpu/drm/rcar-du/rcar_du_crtc.c index 848f7f2..3322b15 100644 --- a/drivers/gpu/drm/rcar-du/rcar_du_crtc.c +++ b/drivers/gpu/drm/rcar-du/rcar_du_crtc.c @@ -392,6 +392,31 @@ static void rcar_du_crtc_start(struct rcar_du_crtc *rcrtc) rcrtc->started = true; } +static void rcar_du_crtc_disable_planes(struct rcar_du_crtc *rcrtc) +{ + struct rcar_du_device *rcdu = rcrtc->group->dev; + struct drm_crtc *crtc = &rcrtc->crtc; + u32 status; + /* Make sure vblank interrupts are enabled. */ + drm_crtc_vblank_get(crtc); + /* + * Disable planes and calculate how many vertical blanking interrupts we + * have to wait for. If a vertical blanking interrupt has been triggered + * but not processed yet, we don't know whether it occurred before or + * after the planes got disabled. We thus have to wait for two vblank + * interrupts in that case. + */ + spin_lock_irq(&rcrtc->vblank_lock); + rcar_du_group_write(rcrtc->group, rcrtc->index % 2 ? DS2PR : DS1PR, 0); + status = rcar_du_crtc_read(rcrtc, DSSR); + rcrtc->vblank_count = status & DSSR_VBK ? 2 : 1; + spin_unlock_irq(&rcrtc->vblank_lock); + if (!wait_event_timeout(rcrtc->vblank_wait, rcrtc->vblank_count == 0, + msecs_to_jiffies(100))) + dev_warn(rcdu->dev, "vertical blanking timeout\n"); + drm_crtc_vblank_put(crtc); +} + static void rcar_du_crtc_stop(struct rcar_du_crtc *rcrtc) { struct drm_crtc *crtc = &rcrtc->crtc; @@ -400,17 +425,16 @@ static void rcar_du_crtc_stop(struct rcar_du_crtc *rcrtc) return; /* Disable all planes and wait for the change to take effect. This is - * required as the DSnPR registers are updated on vblank, and no vblank - * will occur once the CRTC is stopped. Disabling planes when starting - * the CRTC thus wouldn't be enough as it would start scanning out - * immediately from old frame buffers until the next vblank. + * required as the plane enable registers are updated on vblank, and no + * vblank will occur once the CRTC is stopped. Disabling planes when + * starting the CRTC thus wouldn't be enough as it would start scanning + * out immediately from old frame buffers until the next vblank. * * This increases the CRTC stop delay, especially when multiple CRTCs * are stopped in one operation as we now wait for one vblank per CRTC. * Whether this can be improved needs to be researched. */ - rcar_du_group_write(rcrtc->group, rcrtc->index % 2 ? DS2PR : DS1PR, 0); - drm_crtc_wait_one_vblank(crtc); + rcar_du_crtc_disable_planes(rcrtc); /* Disable vertical blanking interrupt reporting. We first need to wait * for page flip completion before stopping the CRTC as userspace @@ -548,10 +572,25 @@ static irqreturn_t rcar_du_crtc_irq(int irq, void *arg) irqreturn_t ret = IRQ_NONE; u32 status; + spin_lock(&rcrtc->vblank_lock); + status = rcar_du_crtc_read(rcrtc, DSSR); rcar_du_crtc_write(rcrtc, DSRCR, status & DSRCR_MASK); if (status & DSSR_VBK) { + /* + * Wake up the vblank wait if the counter reaches 0. This must + * be protected by the vblank_lock to avoid races in + * rcar_du_crtc_disable_planes(). + */ + if (rcrtc->vblank_count) { + if (--rcrtc->vblank_count == 0) + wake_up(&rcrtc->vblank_wait); + } + } + spin_unlock(&rcrtc->vblank_lock); + + if (status & DSSR_VBK) { drm_crtc_handle_vblank(&rcrtc->crtc); rcar_du_crtc_finish_page_flip(rcrtc); ret = IRQ_HANDLED; @@ -606,6 +645,8 @@ int rcar_du_crtc_create(struct rcar_du_group *rgrp, unsigned int index) } init_waitqueue_head(&rcrtc->flip_wait); + init_waitqueue_head(&rcrtc->vblank_wait); + spin_lock_init(&rcrtc->vblank_lock); rcrtc->group = rgrp; rcrtc->mmio_offset = mmio_offsets[index]; diff --git a/drivers/gpu/drm/rcar-du/rcar_du_crtc.h b/drivers/gpu/drm/rcar-du/rcar_du_crtc.h index 6f08b7e..48bef05 100644 --- a/drivers/gpu/drm/rcar-du/rcar_du_crtc.h +++ b/drivers/gpu/drm/rcar-du/rcar_du_crtc.h @@ -15,6 +15,7 @@ #define __RCAR_DU_CRTC_H__ #include <linux/mutex.h> +#include <linux/spinlock.h> #include <linux/wait.h> #include <drm/drmP.h> @@ -33,6 +34,9 @@ * @started: whether the CRTC has been started and is running * @event: event to post when the pending page flip completes * @flip_wait: wait queue used to signal page flip completion + * @vblank_lock: protects vblank_wait and vblank_count + * @vblank_wait: wait queue used to signal vertical blanking + * @vblank_count: number of vertical blanking interrupts to wait for * @outputs: bitmask of the outputs (enum rcar_du_output) driven by this CRTC * @group: CRTC group this CRTC belongs to */ @@ -48,6 +52,10 @@ struct rcar_du_crtc { struct drm_pending_vblank_event *event; wait_queue_head_t flip_wait; + spinlock_t vblank_lock; + wait_queue_head_t vblank_wait; + unsigned int vblank_count; + unsigned int outputs; struct rcar_du_group *group; -- 1.9.1

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.9.y 1/2] drm: rcar-du: Use the VBK interrupt for vblank events

by Nhan Nguyen

From: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> commit cbbb90b0c084d7dfb2ed8e3fecf8df200fbdd2a0 upstream. When implementing support for interlaced modes, the driver switched from reporting vblank events on the vertical blanking (VBK) interrupt to the frame end interrupt (FRM). This incorrectly divided the reported refresh rate by two. Fix it by moving back to the VBK interrupt. Fixes: 906eff7fcada ("drm: rcar-du: Implement support for interlaced modes") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Signed-off-by: thongsyho <thong.ho.px(a)rvc.renesas.com> Signed-off-by: Nhan Nguyen <nhan.nguyen.yb(a)renesas.com> --- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/rcar-du/rcar_du_crtc.c b/drivers/gpu/drm/rcar-du/rcar_du_crtc.c index a2ec6d8..848f7f2 100644 --- a/drivers/gpu/drm/rcar-du/rcar_du_crtc.c +++ b/drivers/gpu/drm/rcar-du/rcar_du_crtc.c @@ -551,7 +551,7 @@ static irqreturn_t rcar_du_crtc_irq(int irq, void *arg) status = rcar_du_crtc_read(rcrtc, DSSR); rcar_du_crtc_write(rcrtc, DSRCR, status & DSRCR_MASK); - if (status & DSSR_FRM) { + if (status & DSSR_VBK) { drm_crtc_handle_vblank(&rcrtc->crtc); rcar_du_crtc_finish_page_flip(rcrtc); ret = IRQ_HANDLED; -- 1.9.1

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.9.y 3/3] ASoC: rsnd: avoid duplicate free_irq()

by Nhan Nguyen

From: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> commit e0936c3471a8411a5df327641fa3ffe12a2fb07b upstream. commit 1f8754d4daea5f ("ASoC: rsnd: don't call free_irq() on Parent SSI") fixed Parent SSI duplicate free_irq(). But on Renesas Sound, not only Parent SSI but also Multi SSI have same issue. This patch avoid duplicate free_irq() if it was not pure SSI. Fixes: 1f8754d4daea5f ("ASoC: rsnd: don't call free_irq() on Parent SSI") Cc: stable(a)vger.kernel.org Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: thongsyho <thong.ho.px(a)rvc.renesas.com> Signed-off-by: Nhan Nguyen <nhan.nguyen.yb(a)renesas.com> --- sound/soc/sh/rcar/ssi.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/soc/sh/rcar/ssi.c b/sound/soc/sh/rcar/ssi.c index 9472d99..3454cba 100644 --- a/sound/soc/sh/rcar/ssi.c +++ b/sound/soc/sh/rcar/ssi.c @@ -694,12 +694,12 @@ static int rsnd_ssi_dma_remove(struct rsnd_mod *mod, struct rsnd_priv *priv) { struct rsnd_ssi *ssi = rsnd_mod_to_ssi(mod); - struct rsnd_mod *ssi_parent_mod = rsnd_io_to_mod_ssip(io); + struct rsnd_mod *pure_ssi_mod = rsnd_io_to_mod_ssi(io); struct device *dev = rsnd_priv_to_dev(priv); int irq = ssi->irq; - /* Do nothing for SSI parent mod */ - if (ssi_parent_mod == mod) + /* Do nothing if non SSI (= SSI parent, multi SSI) mod */ + if (pure_ssi_mod != mod) return 0; /* PIO will request IRQ again */ -- 1.9.1

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.9.y 2/3] ASoC: rsnd: don't call free_irq() on Parent SSI

by Nhan Nguyen

From: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> commit 1f8754d4daea5f257370a52a30fcb22798c54516 upstream. If SSI uses shared pin, some SSI will be used as parent SSI. Then, normal SSI's remove and Parent SSI's remove (these are same SSI) will be called when unbind or remove timing. In this case, free_irq() will be called twice. This patch solve this issue. Cc: stable(a)vger.kernel.org Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Tested-by: Hiroyuki Yokoyama <hiroyuki.yokoyama.vx(a)renesas.com> Reported-by: Hiroyuki Yokoyama <hiroyuki.yokoyama.vx(a)renesas.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: thongsyho <thong.ho.px(a)rvc.renesas.com> Signed-off-by: Nhan Nguyen <nhan.nguyen.yb(a)renesas.com> --- sound/soc/sh/rcar/ssi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sound/soc/sh/rcar/ssi.c b/sound/soc/sh/rcar/ssi.c index 6cb6db0..9472d99 100644 --- a/sound/soc/sh/rcar/ssi.c +++ b/sound/soc/sh/rcar/ssi.c @@ -694,9 +694,14 @@ static int rsnd_ssi_dma_remove(struct rsnd_mod *mod, struct rsnd_priv *priv) { struct rsnd_ssi *ssi = rsnd_mod_to_ssi(mod); + struct rsnd_mod *ssi_parent_mod = rsnd_io_to_mod_ssip(io); struct device *dev = rsnd_priv_to_dev(priv); int irq = ssi->irq; + /* Do nothing for SSI parent mod */ + if (ssi_parent_mod == mod) + return 0; + /* PIO will request IRQ again */ devm_free_irq(dev, irq, mod); -- 1.9.1

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.9.y 1/3] ASoC: simple-card: Fix misleading error message

by Nhan Nguyen

From: Julian Scheel <julian(a)jusst.de> commit 7ac45d1635a4cd2e99a4b11903d4a2815ca1b27b upstream. In case cpu could not be found the error message would always refer to /codec/ not being found in DT. Fix this by catching the cpu node not found case explicitly. Cc: stable(a)vger.kernel.org Signed-off-by: Julian Scheel <julian(a)jusst.de> Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: thongsyho <thong.ho.px(a)rvc.renesas.com> Signed-off-by: Nhan Nguyen <nhan.nguyen.yb(a)renesas.com> --- sound/soc/generic/simple-card.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sound/soc/generic/simple-card.c b/sound/soc/generic/simple-card.c index f608f8d2..dd88c2c 100644 --- a/sound/soc/generic/simple-card.c +++ b/sound/soc/generic/simple-card.c @@ -232,13 +232,19 @@ static int asoc_simple_card_dai_link_of(struct device_node *node, snprintf(prop, sizeof(prop), "%scpu", prefix); cpu = of_get_child_by_name(node, prop); + if (!cpu) { + ret = -EINVAL; + dev_err(dev, "%s: Can't find %s DT node\n", __func__, prop); + goto dai_link_of_err; + } + snprintf(prop, sizeof(prop), "%splat", prefix); plat = of_get_child_by_name(node, prop); snprintf(prop, sizeof(prop), "%scodec", prefix); codec = of_get_child_by_name(node, prop); - if (!cpu || !codec) { + if (!codec) { ret = -EINVAL; dev_err(dev, "%s: Can't find %s DT node\n", __func__, prop); goto dai_link_of_err; -- 1.9.1

7 years, 8 months

1
0
0 0

Re: [Linux-stable-mirror] [tip:sched/urgent] sched/rt: Up the root domain ref count when passing it around via IPIs

by Steven Rostedt

I see this was just applied to Linus's tree. This too probably should be tagged for stable as well. -- Steve On Tue, 6 Feb 2018 03:54:42 -0800 "tip-bot for Steven Rostedt (VMware)" <tipbot(a)zytor.com> wrote: > Commit-ID: 364f56653708ba8bcdefd4f0da2a42904baa8eeb > Gitweb: https://git.kernel.org/tip/364f56653708ba8bcdefd4f0da2a42904baa8eeb > Author: Steven Rostedt (VMware) <rostedt(a)goodmis.org> > AuthorDate: Tue, 23 Jan 2018 20:45:38 -0500 > Committer: Ingo Molnar <mingo(a)kernel.org> > CommitDate: Tue, 6 Feb 2018 10:20:33 +0100 > > sched/rt: Up the root domain ref count when passing it around via IPIs > > When issuing an IPI RT push, where an IPI is sent to each CPU that has more > than one RT task scheduled on it, it references the root domain's rto_mask, > that contains all the CPUs within the root domain that has more than one RT > task in the runable state. The problem is, after the IPIs are initiated, the > rq->lock is released. This means that the root domain that is associated to > the run queue could be freed while the IPIs are going around. > > Add a sched_get_rd() and a sched_put_rd() that will increment and decrement > the root domain's ref count respectively. This way when initiating the IPIs, > the scheduler will up the root domain's ref count before releasing the > rq->lock, ensuring that the root domain does not go away until the IPI round > is complete. > > Reported-by: Pavan Kondeti <pkondeti(a)codeaurora.org> > Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> > Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> > Cc: Andrew Morton <akpm(a)linux-foundation.org> > Cc: Linus Torvalds <torvalds(a)linux-foundation.org> > Cc: Mike Galbraith <efault(a)gmx.de> > Cc: Peter Zijlstra <peterz(a)infradead.org> > Cc: Thomas Gleixner <tglx(a)linutronix.de> > Fixes: 4bdced5c9a292 ("sched/rt: Simplify the IPI based RT balancing logic") > Link: http://lkml.kernel.org/r/CAEU1=PkiHO35Dzna8EQqNSKW1fr1y1zRQ5y66X117MG06sQtN… > Signed-off-by: Ingo Molnar <mingo(a)kernel.org> > --- > kernel/sched/rt.c | 9 +++++++-- > kernel/sched/sched.h | 2 ++ > kernel/sched/topology.c | 13 +++++++++++++ > 3 files changed, 22 insertions(+), 2 deletions(-) > > diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c > index 2fb627d..89a086e 100644 > --- a/kernel/sched/rt.c > +++ b/kernel/sched/rt.c > @@ -1990,8 +1990,11 @@ static void tell_cpu_to_push(struct rq *rq) > > rto_start_unlock(&rq->rd->rto_loop_start); > > - if (cpu >= 0) > + if (cpu >= 0) { > + /* Make sure the rd does not get freed while pushing */ > + sched_get_rd(rq->rd); > irq_work_queue_on(&rq->rd->rto_push_work, cpu); > + } > } > > /* Called from hardirq context */ > @@ -2021,8 +2024,10 @@ void rto_push_irq_work_func(struct irq_work *work) > > raw_spin_unlock(&rd->rto_lock); > > - if (cpu < 0) > + if (cpu < 0) { > + sched_put_rd(rd); > return; > + } > > /* Try the next RT overloaded CPU */ > irq_work_queue_on(&rd->rto_push_work, cpu); > diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h > index 2e95505..fb5fc45 100644 > --- a/kernel/sched/sched.h > +++ b/kernel/sched/sched.h > @@ -691,6 +691,8 @@ extern struct mutex sched_domains_mutex; > extern void init_defrootdomain(void); > extern int sched_init_domains(const struct cpumask *cpu_map); > extern void rq_attach_root(struct rq *rq, struct root_domain *rd); > +extern void sched_get_rd(struct root_domain *rd); > +extern void sched_put_rd(struct root_domain *rd); > > #ifdef HAVE_RT_PUSH_IPI > extern void rto_push_irq_work_func(struct irq_work *work); > diff --git a/kernel/sched/topology.c b/kernel/sched/topology.c > index 034cbed..519b024 100644 > --- a/kernel/sched/topology.c > +++ b/kernel/sched/topology.c > @@ -259,6 +259,19 @@ void rq_attach_root(struct rq *rq, struct root_domain *rd) > call_rcu_sched(&old_rd->rcu, free_rootdomain); > } > > +void sched_get_rd(struct root_domain *rd) > +{ > + atomic_inc(&rd->refcount); > +} > + > +void sched_put_rd(struct root_domain *rd) > +{ > + if (!atomic_dec_and_test(&rd->refcount)) > + return; > + > + call_rcu_sched(&rd->rcu, free_rootdomain); > +} > + > static int init_rootdomain(struct root_domain *rd) > { > if (!zalloc_cpumask_var(&rd->span, GFP_KERNEL))

7 years, 8 months

1
0
0 0

Re: [Linux-stable-mirror] [tip:sched/urgent] sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()

by Steven Rostedt

I see this was just applied to Linus's tree. It probably should be tagged for stable as well. -- Steve On Tue, 6 Feb 2018 03:54:16 -0800 "tip-bot for Steven Rostedt (VMware)" <tipbot(a)zytor.com> wrote: > Commit-ID: ad0f1d9d65938aec72a698116cd73a980916895e > Gitweb: https://git.kernel.org/tip/ad0f1d9d65938aec72a698116cd73a980916895e > Author: Steven Rostedt (VMware) <rostedt(a)goodmis.org> > AuthorDate: Tue, 23 Jan 2018 20:45:37 -0500 > Committer: Ingo Molnar <mingo(a)kernel.org> > CommitDate: Tue, 6 Feb 2018 10:20:33 +0100 > > sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() > > When the rto_push_irq_work_func() is called, it looks at the RT overloaded > bitmask in the root domain via the runqueue (rq->rd). The problem is that > during CPU up and down, nothing here stops rq->rd from changing between > taking the rq->rd->rto_lock and releasing it. That means the lock that is > released is not the same lock that was taken. > > Instead of using this_rq()->rd to get the root domain, as the irq work is > part of the root domain, we can simply get the root domain from the irq work > that is passed to the routine: > > container_of(work, struct root_domain, rto_push_work) > > This keeps the root domain consistent. > > Reported-by: Pavan Kondeti <pkondeti(a)codeaurora.org> > Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> > Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> > Cc: Andrew Morton <akpm(a)linux-foundation.org> > Cc: Linus Torvalds <torvalds(a)linux-foundation.org> > Cc: Mike Galbraith <efault(a)gmx.de> > Cc: Peter Zijlstra <peterz(a)infradead.org> > Cc: Thomas Gleixner <tglx(a)linutronix.de> > Fixes: 4bdced5c9a292 ("sched/rt: Simplify the IPI based RT balancing logic") > Link: http://lkml.kernel.org/r/CAEU1=PkiHO35Dzna8EQqNSKW1fr1y1zRQ5y66X117MG06sQtN… > Signed-off-by: Ingo Molnar <mingo(a)kernel.org> > --- > kernel/sched/rt.c | 15 ++++++++------- > 1 file changed, 8 insertions(+), 7 deletions(-) > > diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c > index 862a513..2fb627d 100644 > --- a/kernel/sched/rt.c > +++ b/kernel/sched/rt.c > @@ -1907,9 +1907,8 @@ static void push_rt_tasks(struct rq *rq) > * the rt_loop_next will cause the iterator to perform another scan. > * > */ > -static int rto_next_cpu(struct rq *rq) > +static int rto_next_cpu(struct root_domain *rd) > { > - struct root_domain *rd = rq->rd; > int next; > int cpu; > > @@ -1985,7 +1984,7 @@ static void tell_cpu_to_push(struct rq *rq) > * Otherwise it is finishing up and an ipi needs to be sent. > */ > if (rq->rd->rto_cpu < 0) > - cpu = rto_next_cpu(rq); > + cpu = rto_next_cpu(rq->rd); > > raw_spin_unlock(&rq->rd->rto_lock); > > @@ -1998,6 +1997,8 @@ static void tell_cpu_to_push(struct rq *rq) > /* Called from hardirq context */ > void rto_push_irq_work_func(struct irq_work *work) > { > + struct root_domain *rd = > + container_of(work, struct root_domain, rto_push_work); > struct rq *rq; > int cpu; > > @@ -2013,18 +2014,18 @@ void rto_push_irq_work_func(struct irq_work *work) > raw_spin_unlock(&rq->lock); > } > > - raw_spin_lock(&rq->rd->rto_lock); > + raw_spin_lock(&rd->rto_lock); > > /* Pass the IPI to the next rt overloaded queue */ > - cpu = rto_next_cpu(rq); > + cpu = rto_next_cpu(rd); > > - raw_spin_unlock(&rq->rd->rto_lock); > + raw_spin_unlock(&rd->rto_lock); > > if (cpu < 0) > return; > > /* Try the next RT overloaded CPU */ > - irq_work_queue_on(&rq->rd->rto_push_work, cpu); > + irq_work_queue_on(&rd->rto_push_work, cpu); > } > #endif /* HAVE_RT_PUSH_IPI */ >

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH] memremap: fix softlockup reports at teardown

by Dan Williams

The cond_resched() currently in the setup path needs to be duplicated in the teardown path. Rather than require each instance of for_each_device_pfn() to open code the same sequence, embed it in the helper. Link: https://github.com/intel/ixpdimm_sw/issues/11 Cc: "Jérôme Glisse" <jglisse(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: <stable(a)vger.kernel.org> Fixes: 71389703839e ("mm, zone_device: Replace {get, put}_zone_device_page()...") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- kernel/memremap.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/kernel/memremap.c b/kernel/memremap.c index 4849be5f9b3c..4dd4274cabe2 100644 --- a/kernel/memremap.c +++ b/kernel/memremap.c @@ -275,8 +275,15 @@ static unsigned long pfn_end(struct dev_pagemap *pgmap) return (res->start + resource_size(res)) >> PAGE_SHIFT; } +static unsigned long pfn_next(unsigned long pfn) +{ + if (pfn % 1024 == 0) + cond_resched(); + return pfn + 1; +} + #define for_each_device_pfn(pfn, map) \ - for (pfn = pfn_first(map); pfn < pfn_end(map); pfn++) + for (pfn = pfn_first(map); pfn < pfn_end(map); pfn = pfn_next(pfn)) static void devm_memremap_pages_release(void *data) { @@ -337,10 +344,10 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) resource_size_t align_start, align_size, align_end; struct vmem_altmap *altmap = pgmap->altmap_valid ? &pgmap->altmap : NULL; + struct resource *res = &pgmap->res; unsigned long pfn, pgoff, order; pgprot_t pgprot = PAGE_KERNEL; - int error, nid, is_ram, i = 0; - struct resource *res = &pgmap->res; + int error, nid, is_ram; align_start = res->start & ~(SECTION_SIZE - 1); align_size = ALIGN(res->start + resource_size(res), SECTION_SIZE) @@ -409,8 +416,6 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) list_del(&page->lru); page->pgmap = pgmap; percpu_ref_get(pgmap->ref); - if (!(++i % 1024)) - cond_resched(); } devm_add_action(dev, devm_memremap_pages_release, pgmap);

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH -mm] mm, swap, frontswap: Fix THP swap if frontswap enabled

by Huang, Ying

From: Huang Ying <ying.huang(a)intel.com> It was reported by Sergey Senozhatsky that if THP (Transparent Huge Page) and frontswap (via zswap) are both enabled, when memory goes low so that swap is triggered, segfault and memory corruption will occur in random user space applications as follow, kernel: urxvt[338]: segfault at 20 ip 00007fc08889ae0d sp 00007ffc73a7fc40 error 6 in libc-2.26.so[7fc08881a000+1ae000] #0 0x00007fc08889ae0d _int_malloc (libc.so.6) #1 0x00007fc08889c2f3 malloc (libc.so.6) #2 0x0000560e6004bff7 _Z14rxvt_wcstoutf8PKwi (urxvt) #3 0x0000560e6005e75c n/a (urxvt) #4 0x0000560e6007d9f1 _ZN16rxvt_perl_interp6invokeEP9rxvt_term9hook_typez (urxvt) #5 0x0000560e6003d988 _ZN9rxvt_term9cmd_parseEv (urxvt) #6 0x0000560e60042804 _ZN9rxvt_term6pty_cbERN2ev2ioEi (urxvt) #7 0x0000560e6005c10f _Z17ev_invoke_pendingv (urxvt) #8 0x0000560e6005cb55 ev_run (urxvt) #9 0x0000560e6003b9b9 main (urxvt) #10 0x00007fc08883af4a __libc_start_main (libc.so.6) #11 0x0000560e6003f9da _start (urxvt) After bisection, it was found the first bad commit is bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out"). The root cause is as follow. When the pages are written to storage device during swapping out in swap_writepage(), zswap (fontswap) is tried to compress the pages instead to improve the performance. But zswap (frontswap) will treat THP as normal page, so only the head page is saved. After swapping in, tail pages will not be restored to its original contents, so cause the memory corruption in the applications. This is fixed via splitting THP at the begin of swapping out if frontswap is enabled. To avoid frontswap to be enabled at runtime, whether the page is THP is checked before using frontswap during swapping out too. Reported-and-tested-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Shaohua Li <shli(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: stable(a)vger.kernel.org # 4.14 Fixes: bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out") --- mm/page_io.c | 2 +- mm/vmscan.c | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/mm/page_io.c b/mm/page_io.c index b41cf9644585..6dca817ae7a0 100644 --- a/mm/page_io.c +++ b/mm/page_io.c @@ -250,7 +250,7 @@ int swap_writepage(struct page *page, struct writeback_control *wbc) unlock_page(page); goto out; } - if (frontswap_store(page) == 0) { + if (!PageTransHuge(page) && frontswap_store(page) == 0) { set_page_writeback(page); unlock_page(page); end_page_writeback(page); diff --git a/mm/vmscan.c b/mm/vmscan.c index bee53495a829..d1c1e00b08bb 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -55,6 +55,7 @@ #include <linux/swapops.h> #include <linux/balloon_compaction.h> +#include <linux/frontswap.h> #include "internal.h" @@ -1063,14 +1064,23 @@ static unsigned long shrink_page_list(struct list_head *page_list, /* cannot split THP, skip it */ if (!can_split_huge_page(page, NULL)) goto activate_locked; + /* + * Split THP if frontswap enabled, + * because it cannot process THP + */ + if (frontswap_enabled()) { + if (split_huge_page_to_list( + page, page_list)) + goto activate_locked; + } /* * Split pages without a PMD map right * away. Chances are some or all of the * tail pages can be freed without IO. */ - if (!compound_mapcount(page) && - split_huge_page_to_list(page, - page_list)) + else if (!compound_mapcount(page) && + split_huge_page_to_list(page, + page_list)) goto activate_locked; } if (!add_to_swap(page)) { -- 2.15.1

7 years, 8 months

4
8
0 0

[Linux-stable-mirror] [PATCHv2 1/1] ext4: don't put symlink in pagecache into highmem

by Jin Qian

From: Jin Qian <jinqian(a)google.com> partial backport from 21fc61c73c3903c4c312d0802da01ec2b323d174 upstream to v4.4 to prevent virt_to_page on highmem. ext4_encrypted_follow_link uses kmap() for cpage caddr = kmap(cpage); _ext4_fname_disk_to_usr calls virt_to_page on the kmapped address. _ext4_fname_disk_to_usr() ext4_fname_decrypt() sg_init_one() sg_init_one(&src_sg, iname->name, iname->len); sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); Cc: stable(a)vger.kernel.org Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Signed-off-by: Jin Qian <jinqian(a)google.com> Signed-off-by: Jin Qian <jinqian(a)android.com> --- fs/ext4/inode.c | 1 + fs/ext4/namei.c | 1 + fs/ext4/symlink.c | 10 +++------- fs/inode.c | 6 ++++++ include/linux/fs.h | 1 + 5 files changed, 12 insertions(+), 7 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 4df1cb19a243..f0cabc8c96cb 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4417,6 +4417,7 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino) inode->i_op = &ext4_symlink_inode_operations; ext4_set_aops(inode); } + inode_nohighmem(inode); } else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) || S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) { inode->i_op = &ext4_special_inode_operations; diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index 4c36dca486cc..32960b3ecd4f 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -3151,6 +3151,7 @@ static int ext4_symlink(struct inode *dir, if ((disk_link.len > EXT4_N_BLOCKS * 4)) { if (!encryption_required) inode->i_op = &ext4_symlink_inode_operations; + inode_nohighmem(inode); ext4_set_aops(inode); /* * We cannot call page_symlink() with transaction started diff --git a/fs/ext4/symlink.c b/fs/ext4/symlink.c index e8e7af62ac95..287c3980fa0b 100644 --- a/fs/ext4/symlink.c +++ b/fs/ext4/symlink.c @@ -45,7 +45,7 @@ static const char *ext4_encrypted_follow_link(struct dentry *dentry, void **cook cpage = read_mapping_page(inode->i_mapping, 0, NULL); if (IS_ERR(cpage)) return ERR_CAST(cpage); - caddr = kmap(cpage); + caddr = page_address(cpage); caddr[size] = 0; } @@ -75,16 +75,12 @@ static const char *ext4_encrypted_follow_link(struct dentry *dentry, void **cook /* Null-terminate the name */ if (res <= plen) paddr[res] = '\0'; - if (cpage) { - kunmap(cpage); + if (cpage) page_cache_release(cpage); - } return *cookie = paddr; errout: - if (cpage) { - kunmap(cpage); + if (cpage) page_cache_release(cpage); - } kfree(paddr); return ERR_PTR(res); } diff --git a/fs/inode.c b/fs/inode.c index b0edef500590..b95615f3fc50 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -2028,3 +2028,9 @@ void inode_set_flags(struct inode *inode, unsigned int flags, new_flags) != old_flags)); } EXPORT_SYMBOL(inode_set_flags); + +void inode_nohighmem(struct inode *inode) +{ + mapping_set_gfp_mask(inode->i_mapping, GFP_USER); +} +EXPORT_SYMBOL(inode_nohighmem); diff --git a/include/linux/fs.h b/include/linux/fs.h index c8decb7075d6..f746a59fcc88 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3066,5 +3066,6 @@ static inline bool dir_relax(struct inode *inode) } extern bool path_noexec(const struct path *path); +extern void inode_nohighmem(struct inode *inode); #endif /* _LINUX_FS_H */ -- 2.16.0.rc1.238.g530d649a79-goog

7 years, 8 months

4
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror