- Linux-stable-mirror - lists.linaro.org

[PATCH] ext4: fix race between ext4_sync_parent() and rename()

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> 'igrab(d_inode(dentry->d_parent))' without holding dentry->d_lock is broken because without d_lock, d_parent can be concurrently changed due to a rename(). Then if the old directory is immediately deleted, old d_parent->inode can be NULL. That causes a NULL dereference in igrab(). To fix this, use dget_parent() to safely grab a reference to the parent dentry, which pins the inode. This also eliminates the need to use d_find_any_alias() other than for the initial inode, as we no longer throw away the dentry at each step. This is an extremely hard race to hit, but it is possible. Adding a udelay() in between the reads of ->d_parent and its ->d_inode makes it reproducible on a no-journal filesystem using the following program: #include <fcntl.h> #include <unistd.h> int main() { if (fork()) { for (;;) { mkdir("dir1", 0700); int fd = open("dir1/file", O_RDWR|O_CREAT|O_SYNC); write(fd, "X", 1); close(fd); } } else { mkdir("dir2", 0700); for (;;) { rename("dir1/file", "dir2/file"); rmdir("dir1"); } } } Fixes: d59729f4e794 ("ext4: fix races in ext4_sync_parent()") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/ext4/fsync.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/fs/ext4/fsync.c b/fs/ext4/fsync.c index e10206e7f4bbe7..093c359952cdba 100644 --- a/fs/ext4/fsync.c +++ b/fs/ext4/fsync.c @@ -44,30 +44,28 @@ */ static int ext4_sync_parent(struct inode *inode) { - struct dentry *dentry = NULL; - struct inode *next; + struct dentry *dentry, *next; int ret = 0; if (!ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) return 0; - inode = igrab(inode); + dentry = d_find_any_alias(inode); + if (!dentry) + return 0; while (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) { ext4_clear_inode_state(inode, EXT4_STATE_NEWENTRY); - dentry = d_find_any_alias(inode); - if (!dentry) - break; - next = igrab(d_inode(dentry->d_parent)); + + next = dget_parent(dentry); dput(dentry); - if (!next) - break; - iput(inode); - inode = next; + dentry = next; + inode = dentry->d_inode; + /* * The directory inode may have gone through rmdir by now. But * the inode itself and its blocks are still allocated (we hold - * a reference to the inode so it didn't go through - * ext4_evict_inode()) and so we are safe to flush metadata - * blocks and the inode. + * a reference to the inode via its dentry), so it didn't go + * through ext4_evict_inode()) and so we are safe to flush + * metadata blocks and the inode. */ ret = sync_mapping_buffers(inode->i_mapping); if (ret) @@ -76,7 +74,7 @@ static int ext4_sync_parent(struct inode *inode) if (ret) break; } - iput(inode); + dput(dentry); return ret; } -- 2.26.2

5 years, 6 months

2
3
0 0

[stable-4.4 1/5] padata: set cpu_index of unused CPUs to -1

by Daniel Jordan

From: Mathias Krause <minipli(a)googlemail.com> [ Upstream commit 1bd845bcb41d5b7f83745e0cb99273eb376f2ec5 ] The parallel queue per-cpu data structure gets initialized only for CPUs in the 'pcpu' CPU mask set. This is not sufficient as the reorder timer may run on a different CPU and might wrongly decide it's the target CPU for the next reorder item as per-cpu memory gets memset(0) and we might be waiting for the first CPU in cpumask.pcpu, i.e. cpu_index 0. Make the '__this_cpu_read(pd->pqueue->cpu_index) == next_queue->cpu_index' compare in padata_get_next() fail in this case by initializing the cpu_index member of all per-cpu parallel queues. Use -1 for unused ones. Signed-off-by: Mathias Krause <minipli(a)googlemail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Daniel Jordan <daniel.m.jordan(a)oracle.com> --- kernel/padata.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/kernel/padata.c b/kernel/padata.c index 8aef48c3267b..4f860043a8e5 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -461,8 +461,14 @@ static void padata_init_pqueues(struct parallel_data *pd) struct padata_parallel_queue *pqueue; cpu_index = 0; - for_each_cpu(cpu, pd->cpumask.pcpu) { + for_each_possible_cpu(cpu) { pqueue = per_cpu_ptr(pd->pqueue, cpu); + + if (!cpumask_test_cpu(cpu, pd->cpumask.pcpu)) { + pqueue->cpu_index = -1; + continue; + } + pqueue->pd = pd; pqueue->cpu_index = cpu_index; cpu_index++; -- 2.26.2

5 years, 6 months

2
5
0 0

[PATCH v3 0/2] Renovate memcpy_mcsafe with copy_mc_to_{user, kernel}

by Dan Williams

Changes since v2 [1]: - Replace the non-descriptive copy_safe() with copy_mc_to_user() and copy_mc_to_kernel() several code organization cleanups resulted from this rename, which further proves the point that the name deeply matters for maintainability in this case. (Linus) - Do not use copy_user_generic() as the generic x86 backend for copy_mc_to_user() since the #MC handler explicitly wants the exception to be trapped by a _ASM_EXTABLE_FAULT handler. (Vivek). - Rename copy_safe_slow() to copy_mc_fragile() to better indicate what the implementation is handling. copy_safe_fast() is replaced with copy_mc_generic(). --- The primary motivation to go touch memcpy_mcsafe() is that the existing benefit of doing slow "handle with care" copies is obviated on newer CPUs. With that concern lifted it also obviates the need to continue to update the MCA-recovery capability detection code currently gated by "mcsafe_key". Now the old "mcsafe_key" opt-in to perform the copy with concerns for recovery fragility can instead be made an opt-out from the default fast copy implementation (enable_copy_mc_fragile()). The discussion with Linus on the first iteration of this patch identified that memcpy_mcsafe() was misnamed relative to its usage. The new names copy_mc_to_user() and copy_mc_to_kernel() clearly indicate the intended use case and lets the architecture organize the implementation accordingly. For both powerpc and x86 a copy_mc_generic() implementation is added as the backend for these interfaces. Patches are relative to tip/master. --- Dan Williams (2): x86, powerpc: Rename memcpy_mcsafe() to copy_mc_to_{user,kernel}() x86/copy_mc: Introduce copy_mc_generic() arch/powerpc/Kconfig | 2 arch/powerpc/include/asm/string.h | 2 arch/powerpc/include/asm/uaccess.h | 40 +++-- arch/powerpc/lib/Makefile | 2 arch/powerpc/lib/copy_mc_64.S | 4 arch/x86/Kconfig | 2 arch/x86/Kconfig.debug | 2 arch/x86/include/asm/copy_mc_test.h | 75 +++++++++ arch/x86/include/asm/mcsafe_test.h | 75 --------- arch/x86/include/asm/string_64.h | 32 ---- arch/x86/include/asm/uaccess_64.h | 35 ++-- arch/x86/kernel/cpu/mce/core.c | 8 - arch/x86/kernel/quirks.c | 9 - arch/x86/lib/Makefile | 1 arch/x86/lib/copy_mc.c | 64 ++++++++ arch/x86/lib/copy_mc_64.S | 165 ++++++++++++++++++++ arch/x86/lib/memcpy_64.S | 115 -------------- arch/x86/lib/usercopy_64.c | 21 --- drivers/md/dm-writecache.c | 15 +- drivers/nvdimm/claim.c | 2 drivers/nvdimm/pmem.c | 6 - include/linux/string.h | 9 - include/linux/uaccess.h | 9 + include/linux/uio.h | 10 + lib/Kconfig | 7 + lib/iov_iter.c | 43 +++-- tools/arch/x86/include/asm/copy_safe_test.h | 13 ++ tools/arch/x86/include/asm/mcsafe_test.h | 13 -- tools/arch/x86/lib/memcpy_64.S | 115 -------------- tools/objtool/check.c | 5 - tools/perf/bench/Build | 1 tools/perf/bench/mem-memcpy-x86-64-lib.c | 24 --- tools/testing/nvdimm/test/nfit.c | 48 +++--- .../testing/selftests/powerpc/copyloops/.gitignore | 2 tools/testing/selftests/powerpc/copyloops/Makefile | 6 - .../testing/selftests/powerpc/copyloops/copy_mc.S | 0 36 files changed, 460 insertions(+), 522 deletions(-) rename arch/powerpc/lib/{memcpy_mcsafe_64.S => copy_mc_64.S} (98%) create mode 100644 arch/x86/include/asm/copy_mc_test.h delete mode 100644 arch/x86/include/asm/mcsafe_test.h create mode 100644 arch/x86/lib/copy_mc.c create mode 100644 arch/x86/lib/copy_mc_64.S create mode 100644 tools/arch/x86/include/asm/copy_safe_test.h delete mode 100644 tools/arch/x86/include/asm/mcsafe_test.h delete mode 100644 tools/perf/bench/mem-memcpy-x86-64-lib.c rename tools/testing/selftests/powerpc/copyloops/{memcpy_mcsafe_64.S => copy_mc.S} (100%) base-commit: bba413deb1065f1291cb1f366247513f11215520

5 years, 6 months

6
11
0 0

[PATCH 2/2] jbd2: Avoid leaking transaction credits when unreserving handle

by Jan Kara

When reserved transaction handle is unused, we subtract its reserved credits in __jbd2_journal_unreserve_handle() called from jbd2_journal_stop(). However this function forgets to remove reserved credits from transaction->t_outstanding_credits and thus the transaction space that was reserved remains effectively leaked. The leaked transaction space can be quite significant in some cases and leads to unnecessarily small transactions and thus reducing throughput of the journalling machinery. E.g. fsmark workload creating lots of 4k files was observed to have about 20% lower throughput due to this when ext4 is mounted with dioread_nolock mount option. Subtract reserved credits from t_outstanding_credits as well. CC: stable(a)vger.kernel.org Fixes: 8f7d89f36829 ("jbd2: transaction reservation support") Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/jbd2/transaction.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index 3dccc23cf010..b49a103cff1f 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -541,17 +541,24 @@ handle_t *jbd2_journal_start(journal_t *journal, int nblocks) } EXPORT_SYMBOL(jbd2_journal_start); -static void __jbd2_journal_unreserve_handle(handle_t *handle) +static void __jbd2_journal_unreserve_handle(handle_t *handle, transaction_t *t) { journal_t *journal = handle->h_journal; WARN_ON(!handle->h_reserved); sub_reserved_credits(journal, handle->h_total_credits); + if (t) + atomic_sub(handle->h_total_credits, &t->t_outstanding_credits); } void jbd2_journal_free_reserved(handle_t *handle) { - __jbd2_journal_unreserve_handle(handle); + journal_t *journal = handle->h_journal; + + /* Get j_state_lock to pin running transaction if it exists */ + read_lock(&journal->j_state_lock); + __jbd2_journal_unreserve_handle(handle, journal->j_running_transaction); + read_unlock(&journal->j_state_lock); jbd2_free_handle(handle); } EXPORT_SYMBOL(jbd2_journal_free_reserved); @@ -721,8 +728,10 @@ static void stop_this_handle(handle_t *handle) } atomic_sub(handle->h_total_credits, &transaction->t_outstanding_credits); - if (handle->h_rsv_handle) - __jbd2_journal_unreserve_handle(handle->h_rsv_handle); + if (handle->h_rsv_handle) { + __jbd2_journal_unreserve_handle(handle->h_rsv_handle, + transaction); + } if (atomic_dec_and_test(&transaction->t_updates)) wake_up(&journal->j_wait_updates); -- 2.16.4

5 years, 6 months

3
3
0 0

[PATCH] drm/etnaviv: fix memory leak when mapping prime imported buffers

by Martin Fuzzey

When using mmap() on a prime imported buffer allocated by a different driver (such as imx-drm) the later munmap() does not correctly decrement the refcount of the original enaviv_gem_object, leading to a leak. Signed-off-by: Martin Fuzzey <martin.fuzzey(a)flowbird.group> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c index f24dd21..28a01b8 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c @@ -93,7 +93,25 @@ static void *etnaviv_gem_prime_vmap_impl(struct etnaviv_gem_object *etnaviv_obj) static int etnaviv_gem_prime_mmap_obj(struct etnaviv_gem_object *etnaviv_obj, struct vm_area_struct *vma) { - return dma_buf_mmap(etnaviv_obj->base.dma_buf, vma, 0); + int ret; + + ret = dma_buf_mmap(etnaviv_obj->base.dma_buf, vma, 0); + + /* drm_gem_mmap_obj() has already been called before this function + * and has incremented our refcount, expecting it to be decremented + * on unmap() via drm_gem_vm_close(). + * However dma_buf_mmap() invokes drm_gem_cma_prime_mmap() + * that ends up updating the vma->vma_private_data to point to the + * dma_buf's gem object. + * Hence our gem object here will not have its refcount decremented + * when userspace does unmap(). + * So decrement the refcount here to avoid a memory leak if the dma + * buf mapping was successful. + */ + if (!ret) + drm_gem_object_put_unlocked(&etnaviv_obj->base); + + return ret; } static const struct etnaviv_gem_ops etnaviv_gem_prime_ops = { -- 1.9.1

5 years, 6 months

4
3
0 0

Re: [PATCH 1/4] Btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents

by Sasha Levin

Hi [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: 4.4+ The bot has tested the following trees: v5.6.13, v5.4.41, v4.19.123, v4.14.180, v4.9.223, v4.4.223. v5.6.13: Failed to apply! Possible dependencies: 0024652895e3 ("btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root") 02162a0265eb ("btrfs: hold a ref on the root in __btrfs_run_defrag_inode") 04734e844894 ("btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info") 0b530bc5e11f ("btrfs: hold a ref on the root in build_backref_tree") 0d4b0463011d ("btrfs: export and rename free_fs_info") 2a2b5d620266 ("btrfs: hold ref on root in btrfs_ioctl_default_subvol") 3ca35e839e94 ("btrfs: hold a ref on the root in search_ioctl") 3d7babdcf2cc ("btrfs: hold a ref on the root in find_data_references") 41a2ee75aab0 ("btrfs: introduce per-inode file extent tree") 442b1ac5244e ("btrfs: hold a ref on the root in record_reloc_root_in_trans") 4c78e9f59632 ("btrfs: hold a ref on the root in open_ctree") 76deacf02387 ("btrfs: hold a ref on the root in create_reloc_inode") 81f096edf047 ("btrfs: use btrfs_put_fs_root to free roots always") 8727002f7909 ("btrfs: hold a ref on the root in fixup_tree_root_location") 88234012beaa ("btrfs: hold a ref on the root in btrfs_search_path_in_tree") 9326f76f4bc4 ("btrfs: hold a ref on the root in resolve_indirect_ref") 9f583209f20a ("btrfs: push grab_fs_root into read_fs_root") ab9737bd7597 ("btrfs: hold a ref on the root in merge_reloc_roots") b8a49ae1913f ("btrfs: hold a ref on the root in btrfs_search_path_in_tree_user") bc44d7c4b2b1 ("btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root") bdf70b9e75f5 ("btrfs: hold a root ref in btrfs_get_dentry") db2c2ca2db44 ("btrfs: hold a ref on the root in prepare_to_merge") fc92f79856aa ("btrfs: hold a ref on the root in create_subvol") v5.4.41: Failed to apply! Possible dependencies: 0024652895e3 ("btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root") 0d4b0463011d ("btrfs: export and rename free_fs_info") 33ca832fefa5 ("btrfs: separate out the extent leak code") 41a2ee75aab0 ("btrfs: introduce per-inode file extent tree") 6f0d04f8e72e ("btrfs: separate out the extent io init function") 81f096edf047 ("btrfs: use btrfs_put_fs_root to free roots always") 9326f76f4bc4 ("btrfs: hold a ref on the root in resolve_indirect_ref") 9c7d3a548331 ("btrfs: move extent_io_tree defs to their own header") v4.19.123: Failed to apply! Possible dependencies: 370a11b8114b ("btrfs: qgroup: Introduce per-root swapped blocks infrastructure") 43eb5f297584 ("btrfs: Introduce extent_io_tree::owner to distinguish different io_trees") 57ec5fb478a3 ("btrfs: tests: move testing members of struct btrfs_root to the end") 7b4397386fbd ("btrfs: switch extent_io_tree::track_uptodate to bool") c258d6e36442 ("btrfs: Introduce fs_info to extent_io_tree") e06a1fc99cc7 ("btrfs: Remove extent_io_ops::set_bit_hook extent_io callback") eede2bf34f4f ("Btrfs: prevent ioctls from interfering with a swap file") v4.14.180: Failed to apply! Possible dependencies: 370a11b8114b ("btrfs: qgroup: Introduce per-root swapped blocks infrastructure") 429d6275d501 ("btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification") 57ec5fb478a3 ("btrfs: tests: move testing members of struct btrfs_root to the end") 64cfaef6362f ("btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS") 64ee4e751a1c ("btrfs: qgroup: Update trace events to use new separate rsv types") 733e03a0b26a ("btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans") 8287475a2055 ("btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space") d4e5c92055d8 ("btrfs: qgroup: Skeleton to support separate qgroup reservation type") dba213242fbc ("btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type") e1211d0e896b ("btrfs: qgroup: Don't use root->qgroup_meta_rsv for qgroup") eede2bf34f4f ("Btrfs: prevent ioctls from interfering with a swap file") f59c0347d4be ("btrfs: qgroup: Introduce helpers to update and access new qgroup rsv") fd708b81d972 ("Btrfs: add a extent ref verify tool") v4.9.223: Failed to apply! Possible dependencies: 0c476a5d7f63 ("btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space") 370a11b8114b ("btrfs: qgroup: Introduce per-root swapped blocks infrastructure") 4989d277eb4b ("btrfs: refactor __btrfs_lookup_bio_sums to use bio_for_each_segment_all") 62d1f9fe97dd ("btrfs: remove trivial helper btrfs_find_tree_block") da17066c4047 ("btrfs: pull node/sector/stripe sizes out of root and into fs_info") eede2bf34f4f ("Btrfs: prevent ioctls from interfering with a swap file") fd708b81d972 ("Btrfs: add a extent ref verify tool") v4.4.223: Failed to apply! Possible dependencies: 2f3165ecf103 ("btrfs: don't force mounts to wait for cleaner_kthread to delete one or more subvolumes") 370a11b8114b ("btrfs: qgroup: Introduce per-root swapped blocks infrastructure") 511711af91f2 ("btrfs: don't run delayed references while we are creating the free space tree") 70f6d82ec73c ("Btrfs: add free space tree mount option") 87241c2e6845 ("Btrfs: use root when checking need_async_flush") 90c711ab380d ("btrfs: avoid blocking open_ctree from cleaner_kthread") 9e7cc91a6d18 ("btrfs: fix fsfreeze hang caused by delayed iputs deal") a5ed91828518 ("Btrfs: implement the free space B-tree") afcdd129e05a ("Btrfs: add a flags field to btrfs_fs_info") d38b349c39a9 ("Btrfs: don't bother kicking async if there's nothing to reclaim") eede2bf34f4f ("Btrfs: prevent ioctls from interfering with a swap file") f376df2b7da3 ("Btrfs: add tracepoints for flush events") NOTE: The patch will not be queued to stable trees until it is upstream. How should we proceed with this patch? -- Thanks Sasha

5 years, 6 months

1
0
0 0

[PATCH 4.14] arm64: fix the flush_icache_range arguments in machine_kexec

by Catalin Marinas

From: Christoph Hellwig <hch(a)lst.de> Commit d51c214541c5154dda3037289ee895ea3ded5ebd upstream. The second argument is the end "pointer", not the length. Fixes: d28f6df1305a ("arm64/kexec: Add core kexec support") Cc: <stable(a)vger.kernel.org> # 4.8.x- Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> --- arch/arm64/kernel/machine_kexec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/machine_kexec.c b/arch/arm64/kernel/machine_kexec.c index 11121f608eb5..f7e593965c1d 100644 --- a/arch/arm64/kernel/machine_kexec.c +++ b/arch/arm64/kernel/machine_kexec.c @@ -184,7 +184,8 @@ void machine_kexec(struct kimage *kimage) /* Flush the reboot_code_buffer in preparation for its execution. */ __flush_dcache_area(reboot_code_buffer, arm64_relocate_new_kernel_size); flush_icache_range((uintptr_t)reboot_code_buffer, - arm64_relocate_new_kernel_size); + (uintptr_t)reboot_code_buffer + + arm64_relocate_new_kernel_size); /* Flush the kimage list and its buffers. */ kexec_list_flush(kimage);

5 years, 6 months

2
1
0 0

[PATCH 3.16 00/99] 3.16.84-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.84 release. There are 99 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri May 22 20:00:00 UTC 2020. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Al Viro (1): propagate_one(): mnt_set_mountpoint() needs mount_lock [b0d3869ce9eeacbb1bbd541909beeef4126426d5] Alexandre Belloni (2): ARM: dts: at91: sama5d3: define clock rate range for tcb1 [a7e0f3fc01df4b1b7077df777c37feae8c9e8b6d] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates [ee0aa926ddb0bd8ba59e33e3803b3b5804e3f5da] Ard Biesheuvel (1): efi/x86: Map the entire EFI vendor string before copying it [ffc2760bcf2dba0dbef74013ed73eea8310cc52c] Arnd Bergmann (2): sparc32: fix struct ipc64_perm type definition [34ca70ef7d3a9fa7e89151597db5e37ae1d429b4] x86: kvm: avoid unused variable warning [7288bde1f9df6c1475675419bdd7725ce84dec56] Bin Liu (1): usb: dwc3: turn off VBUS when leaving host mode [09ed259fac621634d51cd986aa8d65f035662658] Bryan O'Donoghue (2): usb: gadget: f_ecm: Use atomic_t to track in-flight request [d710562e01c48d59be3f60d58b7a85958b39aeda] usb: gadget: f_ncm: Use atomic_t to track in-flight request [5b24c28cfe136597dc3913e1c00b119307a20c7e] Chen Yucong (1): kvm: x86: use macros to compute bank MSRs [81760dccf8d1fe5b128b58736fe3f56a566133cb] Christoffer Dall (1): KVM: arm64: Only sign-extend MMIO up to register width [b6ae256afd32f96bec0117175b329d0dd617655e] Christophe JAILLET (1): pxa168fb: Fix the function used to release some memory in an error handling path [3c911fe799d1c338d94b78e7182ad452c37af897] Chuhong Yuan (1): crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill [7f8c36fe9be46862c4f3c5302f769378028a34fa] Colin Ian King (2): iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop [c2f9a4e4a5abfc84c01b738496b3fd2d471e0b18] staging: wlan-ng: ensure error return is actually returned [4cc41cbce536876678b35e03c4a8a7bb72c78fa9] Dan Carpenter (3): brcmfmac: Fix use after free in brcmf_sdio_readframes() [216b44000ada87a63891a8214c347e05a4aea8fe] mm/mempolicy.c: fix out of bounds write in mpol_parse_str() [c7a91bc7c2e17e0a9c8b9745a2cb118891218fd1] power: supply: sbs-battery: Fix a signedness bug in sbs_get_battery_capacity() [eb368de6de32925c65a97c1e929a31cae2155aee] Daniel Jordan (3): padata: always acquire cpu_hotplug_lock before pinst->lock [38228e8848cd7dd86ccb90406af32de0cad24be3] padata: initialize pd->cpu with effective cpumask [ec9c7d19336ee98ecba8de80128aa405c45feebb] padata: purge get_cpu and reorder_via_wq from padata_do_serial [065cf577135a4977931c7a1e1edf442bfd9773dd] Daniel Kiper (1): efi: Use early_mem*() instead of early_io*() [abc93f8eb6e46a480485f19256bdbda36ec78a84] Eric Dumazet (4): bonding/alb: properly access headers in bond_alb_xmit() [38f88c45404293bbc027b956def6c10cbd45c616] cls_rsvp: fix rsvp_policy [cb3c0e6bdf64d0d124e94ce43cbe4ccbb9b37f51] net_sched: ematch: reject invalid TCF_EM_SIMPLE [55cd9f67f1e45de8517cdaab985fb8e56c0bc1d8] tcp: clear tp->total_retrans in tcp_disconnect() [c13c48c00a6bc1febc73902505bdec0967bd7095] Fabian Frederick (1): nfs: use kmap/kunmap directly [0795bf8357c1887e2a95e6e4f5b89d0896a0d929] Filipe Manana (1): Btrfs: fix race between adding and putting tree mod seq elements and nodes [7227ff4de55d931bbdc156c8ef0ce4f100c78a5b] Geert Uytterhoeven (1): nfs: NFS_SWAP should depend on SWAP [474c4f306eefbb21b67ebd1de802d005c7d7ecdc] Guenter Roeck (1): brcmfmac: abort and release host after error [863844ee3bd38219c88e82966d1df36a77716f3e] Herbert Xu (7): crypto: af_alg - Use bh_lock_sock in sk_destruct [37f96694cf73ba116993a9d2d99ad6a75fa7fdb0] crypto: api - Check spawn->alg under lock in crypto_drop_spawn [7db3b61b6bba4310f454588c2ca6faf2958ad79f] crypto: api - Fix race condition in crypto_spawn_alg [73669cc556462f4e50376538d77ee312142e8a8a] crypto: pcrypt - Do not clear MAY_SLEEP flag in original request [e8d998264bffade3cfe0536559f712ab9058d654] crypto: pcrypt - Fix user-after-free on module unload [07bfd9bdf568a38d9440c607b72342036011f727] padata: Remove broken queue flushing [07928d9bfc81640bab36f5190e8725894d93b659] padata: Replace delayed timer with immediate workqueue in padata_reorder [6fc4dbcf0276279d488c5fbbfabe94734134f4fa] Jan Kara (2): reiserfs: Fix memory leak of journal device string [5474ca7da6f34fa95e82edc747d5faa19cbdfb5c] reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling [4d5c1adaf893b8aa52525d2b81995e949bcb3239] Jason A. Donenfeld (2): padata: avoid race in reordering [de5540d088fe97ad583cc7d396586437b32149a5] padata: get_next is never NULL [69b348449bda0f9588737539cfe135774c9939a7] Joe Thornber (1): dm space map common: fix to ensure new block isn't already in use [4feaef830de7ffdd8352e1fe14ad3bf13c9688f8] Johan Hovold (10): USB: serial: ir-usb: add missing endpoint sanity check [2988a8ae7476fe9535ab620320790d1714bdad1d] USB: serial: ir-usb: fix IrLAP framing [38c0d5bdf4973f9f5a888166e9d3e9ed0d32057a] USB: serial: ir-usb: fix link-speed handling [17a0184ca17e288decdca8b2841531e34d49285f] ath9k: fix storage endpoint lookup [0ef332951e856efa89507cdd13ba8f4fb8d4db12] brcmfmac: fix interface sanity check [3428fbcd6e6c0850b1a8b2a12082b7b2aabb3da3] media: iguanair: fix endpoint sanity check [1b257870a78b0a9ce98fdfb052c58542022ffb5b] orinoco_usb: fix interface sanity check [b73e05aa543cf8db4f4927e36952360d71291d41] rsi: fix use-after-free on failed probe and unbind [e93cd35101b61e4c79149be2cfc927c4b28dc60c] rsi_91x_usb: fix interface sanity check [3139b180906af43bc09bd3373fc2338a8271d9d9] zd1211rw: fix storage endpoint lookup [2d68bb2687abb747558b933e80845ff31570a49c] John Hubbard (1): media/v4l2-core: set pages dirty upon releasing DMA buffers [3c7470b6f68434acae459482ab920d1e3fabd1c7] Kai Li (1): jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal [a09decff5c32060639a685581c380f51b14e1fc2] Konstantin Khlebnikov (1): clocksource: Prevent double add_timer_on() for watchdog_timer [febac332a819f0e764aa4da62757ba21d18c182b] Linus Walleij (1): mmc: spi: Toggle SPI polarity, do not hardcode it [af3ed119329cf9690598c5a562d95dfd128e91d6] Logan Gunthorpe (1): PCI: Don't disable bridge BARs when assigning bus resources [9db8dc6d0785225c42a37be7b44d1b07b31b8957] Luis Henriques (1): tracing: Fix tracing_stat return values in error handling paths [afccc00f75bbbee4e4ae833a96c2d29a7259c693] Marios Pomonis (7): KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks [ea740059ecb37807ba47b84b33d1447435a8d868] KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c [6ec4c5eee1750d5d17951c4e1960d953376a0dda] KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks [8c86405f606ca8508b8d9280680166ca26723695] KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks [670564559ca35b439c8d8861fc399451ddf95137] KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks [4bf79cb089f6b1c6c632492c0271054ce52ad766] KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks [3c9053a2cae7ba2ba73766a34cea41baa70f57f7] KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks [14e32321f3606e4b0970200b6e5e47ee6f1e6410] Masahiro Yamada (1): kconfig: fix broken dependency in randconfig-generated .config [c8fb7d7e48d11520ad24808cfce7afb7b9c9f798] Mathias Krause (2): padata: ensure padata_do_serial() runs on the correct CPU [350ef88e7e922354f82a931897ad4a4ce6c686ff] padata: ensure the reorder timer callback runs on the correct CPU [cf5868c8a22dc2854b96e9569064bb92365549ca] Miaohe Lin (1): KVM: nVMX: vmread should not set rflags to specify success in case of #PF [a4d956b9390418623ae5d07933e2679c68b6f83c] Michael Ellerman (1): of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc [dabf6b36b83a18d57e3d4b9d50544ed040d86255] Navid Emamdoost (1): brcmfmac: Fix memory leak in brcmf_usbdev_qinit [4282dc057d750c6a7dd92953564b15c26b54c22c] Oliver Neukum (1): media: iguanair: add sanity checks [ab1cbdf159beba7395a13ab70bc71180929ca064] Paul Kocialkowski (1): rtc: hym8563: Return -EINVAL if the time is known to be invalid [f236a2a2ebabad0848ad0995af7ad1dc7029e895] Pawan Gupta (1): x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR [5efc6fa9044c3356d6046c6e1da6d02572dbed6b] Piotr Krysiuk (1): fs/namespace.c: fix mountpoint reference counter race [2763d11912317a12318135ca03e592bb6df65624] Quinn Tran (1): scsi: qla2xxx: Fix mtcp dump collection failure [641e0efddcbde52461e017136acd3ce7f2ef0c14] Roberto Bergantinos Corpas (1): sunrpc: expiry_time should be seconds not timeval [3d96208c30f84d6edf9ab4fac813306ac0d20c10] Ronnie Sahlberg (1): cifs: fail i/o on soft mounts if sessionsetup errors out [b0dd940e582b6a60296b9847a54012a4b080dc72] Sean Christopherson (6): KVM: Check for a bad hva before dropping into the ghc slow path [fcfbc617547fc6d9552cb6c1c563b6a90ee98085] KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails [1a978d9d3e72ddfa40ac60d26301b154247ee0bc] KVM: PPC: Book3S PR: Free shared page if mmu initialization fails [cb10bf9194f4d2c5d830eddca861f7ca0fecdbb4] KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM [e30a7d623dccdb3f880fbcad980b0cb589a1da45] KVM: x86: Don't let userspace set host-reserved cr4 bits [b11306b53b2540c6ba068c4deddb6a17d9f8d95b] KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails [16be9ddea268ad841457a59109963fff8c9de38d] Stephen Warren (2): ARM: tegra: Enable PLLP bypass during Tegra124 LP1 [1a3388d506bf5b45bb283e6a4c4706cfb4897333] clk: tegra: Mark fuse clock as critical [bf83b96f87ae2abb1e535306ea53608e8de5dfbb] Steven Rostedt (1): tracing: Fix very unlikely race of registering two stat tracers [dfb6cd1e654315168e36d947471bd2a0ccd834ae] Takashi Iwai (2): ALSA: dummy: Fix PCM format loop in proc output [2acf25f13ebe8beb40e97a1bbe76f36277c64f1e] ALSA: sh: Fix compile warning wrt const [f1dd4795b1523fbca7ab4344dd5a8bb439cc770d] Tobias Klauser (1): padata: Remove unused but set variables [119a0798dc42ed4c4f96d39b8b676efcea73aec6] Trond Myklebust (2): NFS: Directory page cache pages need to be locked when read [114de38225d9b300f027e2aec9afbb6e0def154b] NFS: Fix memory leaks and corruption in readdir [4b310319c6a8ce708f1033d57145e2aa027a883c] Vincent Whitchurch (1): CIFS: Fix task struct use-after-free on reconnect [f1f27ad74557e39f67a8331a808b860f89254f2d] Vladimir Oltean (1): gianfar: Fix TX timestamping with a stacked DSA driver [c26a2c2ddc0115eb088873f5c309cf46b982f522] Will Deacon (1): media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors [68035c80e129c4cfec659aac4180354530b26527] Wuxu.Wu (1): spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls [19b61392c5a852b4e8a0bf35aecb969983c5932d] Zhangyi (2): ext4, jbd2: ensure panic when aborting with zero errno [51f57b01e4a3c7d7bdceffd84de35144e8c538e7] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record [d0a186e0d3e7ac05cc77da7c157dae5aa59f95d9] Zhihao Cheng (1): ubifs: Fix deadlock in concurrent bulk-read and writepage [f5de5b83303e61b1f3fb09bd77ce3ac2d7a475f2] Makefile | 4 +- arch/arm/boot/dts/sama5d3.dtsi | 26 ++-- arch/arm/boot/dts/sama5d3_can.dtsi | 4 +- arch/arm/boot/dts/sama5d3_tcb1.dtsi | 1 + arch/arm/boot/dts/sama5d3_uart.dtsi | 4 +- arch/arm/include/asm/kvm_emulate.h | 5 + arch/arm/include/asm/kvm_mmio.h | 2 + arch/arm/kvm/mmio.c | 6 + arch/arm/mach-tegra/sleep-tegra30.S | 11 ++ arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/include/asm/kvm_mmio.h | 6 +- arch/powerpc/Kconfig | 1 + arch/powerpc/kvm/book3s_hv.c | 4 +- arch/powerpc/kvm/book3s_pr.c | 4 +- arch/sparc/include/uapi/asm/ipcbuf.h | 22 ++-- arch/x86/kernel/cpu/tsx.c | 13 +- arch/x86/kvm/emulate.c | 12 +- arch/x86/kvm/i8259.c | 4 +- arch/x86/kvm/lapic.c | 14 ++- arch/x86/kvm/vmx.c | 4 +- arch/x86/kvm/x86.c | 57 +++++++-- arch/x86/platform/efi/efi.c | 37 +++--- crypto/af_alg.c | 6 +- crypto/algapi.c | 22 ++-- crypto/api.c | 3 +- crypto/internal.h | 1 - crypto/pcrypt.c | 4 +- drivers/clk/tegra/clk-tegra-periph.c | 6 +- drivers/crypto/picoxcell_crypto.c | 15 ++- drivers/firmware/efi/efi.c | 4 +- drivers/md/persistent-data/dm-space-map-common.c | 27 ++++ drivers/md/persistent-data/dm-space-map-common.h | 2 + drivers/md/persistent-data/dm-space-map-disk.c | 6 +- drivers/md/persistent-data/dm-space-map-metadata.c | 5 +- drivers/media/rc/iguanair.c | 15 ++- drivers/media/usb/uvc/uvc_driver.c | 12 ++ drivers/media/v4l2-core/videobuf-dma-sg.c | 5 +- drivers/mmc/host/mmc_spi.c | 11 +- drivers/net/bonding/bond_alb.c | 44 +++++-- drivers/net/ethernet/freescale/gianfar.c | 10 +- drivers/net/wireless/ath/ath9k/hif_usb.c | 2 +- drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 3 + drivers/net/wireless/brcm80211/brcmfmac/usb.c | 3 +- drivers/net/wireless/iwlegacy/common.c | 2 +- drivers/net/wireless/orinoco/orinoco_usb.c | 4 +- drivers/net/wireless/rsi/rsi_91x_usb.c | 12 +- drivers/net/wireless/zd1211rw/zd_usb.c | 2 +- drivers/of/Kconfig | 4 + drivers/of/address.c | 6 +- drivers/pci/setup-bus.c | 20 ++- drivers/power/sbs-battery.c | 2 +- drivers/rtc/rtc-hym8563.c | 2 +- drivers/scsi/qla2xxx/qla_mbx.c | 3 +- drivers/spi/spi-dw.c | 14 ++- drivers/spi/spi-dw.h | 1 + drivers/staging/wlan-ng/prism2mgmt.c | 2 +- drivers/usb/dwc3/core.c | 3 + drivers/usb/gadget/f_ecm.c | 16 ++- drivers/usb/gadget/f_ncm.c | 17 ++- drivers/usb/serial/ir-usb.c | 136 ++++++++++++++++----- drivers/video/fbdev/pxa168fb.c | 6 +- fs/btrfs/ctree.c | 8 +- fs/btrfs/ctree.h | 6 +- fs/btrfs/delayed-ref.c | 8 +- fs/btrfs/disk-io.c | 1 - fs/btrfs/tests/btrfs-tests.c | 1 - fs/cifs/cifsglob.h | 1 + fs/cifs/smb2pdu.c | 10 +- fs/cifs/smb2transport.c | 2 + fs/cifs/transport.c | 4 + fs/jbd2/checkpoint.c | 2 +- fs/jbd2/commit.c | 4 +- fs/jbd2/journal.c | 21 ++-- fs/namespace.c | 2 +- fs/nfs/Kconfig | 2 +- fs/nfs/dir.c | 104 +++++++--------- fs/pnode.c | 9 +- fs/reiserfs/super.c | 4 +- fs/ubifs/file.c | 5 +- include/linux/padata.h | 13 +- include/linux/usb/irda.h | 13 +- kernel/padata.c | 134 +++++++------------- kernel/time/clocksource.c | 11 +- kernel/trace/trace_stat.c | 31 ++--- mm/mempolicy.c | 6 +- net/ipv4/tcp.c | 1 + net/sched/cls_rsvp.h | 6 +- net/sched/ematch.c | 3 + net/sunrpc/auth_gss/svcauth_gss.c | 4 + scripts/kconfig/confdata.c | 2 +- sound/drivers/dummy.c | 2 +- sound/sh/aica.c | 4 +- virt/kvm/ioapic.c | 15 ++- virt/kvm/kvm_main.c | 12 +- 94 files changed, 711 insertions(+), 444 deletions(-) -- Ben Hutchings All the simple programs have been written, and all the good names taken

5 years, 6 months

4
111
0 0

[stable-4.19 1/3] padata: Replace delayed timer with immediate workqueue in padata_reorder

by Daniel Jordan

From: Herbert Xu <herbert(a)gondor.apana.org.au> [ Upstream commit 6fc4dbcf0276279d488c5fbbfabe94734134f4fa ] The function padata_reorder will use a timer when it cannot progress while completed jobs are outstanding (pd->reorder_objects > 0). This is suboptimal as if we do end up using the timer then it would have introduced a gratuitous delay of one second. In fact we can easily distinguish between whether completed jobs are outstanding and whether we can make progress. All we have to do is look at the next pqueue list. This patch does that by replacing pd->processed with pd->cpu so that the next pqueue is more accessible. A work queue is used instead of the original try_again to avoid hogging the CPU. Note that we don't bother removing the work queue in padata_flush_queues because the whole premise is broken. You cannot flush async crypto requests so it makes no sense to even try. A subsequent patch will fix it by replacing it with a ref counting scheme. Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> [dj: - adjust context - corrected setup_timer -> timer_setup to delete hunk - skip padata_flush_queues() hunk, function already removed in 4.19] Signed-off-by: Daniel Jordan <daniel.m.jordan(a)oracle.com> --- include/linux/padata.h | 13 ++---- kernel/padata.c | 95 ++++++++---------------------------------- 2 files changed, 22 insertions(+), 86 deletions(-) diff --git a/include/linux/padata.h b/include/linux/padata.h index 5d13d25da2c8..d803397a28f7 100644 --- a/include/linux/padata.h +++ b/include/linux/padata.h @@ -24,7 +24,6 @@ #include <linux/workqueue.h> #include <linux/spinlock.h> #include <linux/list.h> -#include <linux/timer.h> #include <linux/notifier.h> #include <linux/kobject.h> @@ -85,18 +84,14 @@ struct padata_serial_queue { * @serial: List to wait for serialization after reordering. * @pwork: work struct for parallelization. * @swork: work struct for serialization. - * @pd: Backpointer to the internal control structure. * @work: work struct for parallelization. - * @reorder_work: work struct for reordering. * @num_obj: Number of objects that are processed by this cpu. * @cpu_index: Index of the cpu. */ struct padata_parallel_queue { struct padata_list parallel; struct padata_list reorder; - struct parallel_data *pd; struct work_struct work; - struct work_struct reorder_work; atomic_t num_obj; int cpu_index; }; @@ -122,10 +117,10 @@ struct padata_cpumask { * @reorder_objects: Number of objects waiting in the reorder queues. * @refcnt: Number of objects holding a reference on this parallel_data. * @max_seq_nr: Maximal used sequence number. + * @cpu: Next CPU to be processed. * @cpumask: The cpumasks in use for parallel and serial workers. + * @reorder_work: work struct for reordering. * @lock: Reorder lock. - * @processed: Number of already processed objects. - * @timer: Reorder timer. */ struct parallel_data { struct padata_instance *pinst; @@ -134,10 +129,10 @@ struct parallel_data { atomic_t reorder_objects; atomic_t refcnt; atomic_t seq_nr; + int cpu; struct padata_cpumask cpumask; + struct work_struct reorder_work; spinlock_t lock ____cacheline_aligned; - unsigned int processed; - struct timer_list timer; }; /** diff --git a/kernel/padata.c b/kernel/padata.c index c280cb153915..47dc31ce15ac 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -167,23 +167,12 @@ EXPORT_SYMBOL(padata_do_parallel); */ static struct padata_priv *padata_get_next(struct parallel_data *pd) { - int cpu, num_cpus; - unsigned int next_nr, next_index; struct padata_parallel_queue *next_queue; struct padata_priv *padata; struct padata_list *reorder; + int cpu = pd->cpu; - num_cpus = cpumask_weight(pd->cpumask.pcpu); - - /* - * Calculate the percpu reorder queue and the sequence - * number of the next object. - */ - next_nr = pd->processed; - next_index = next_nr % num_cpus; - cpu = padata_index_to_cpu(pd, next_index); next_queue = per_cpu_ptr(pd->pqueue, cpu); - reorder = &next_queue->reorder; spin_lock(&reorder->lock); @@ -194,7 +183,8 @@ static struct padata_priv *padata_get_next(struct parallel_data *pd) list_del_init(&padata->list); atomic_dec(&pd->reorder_objects); - pd->processed++; + pd->cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu, -1, + false); spin_unlock(&reorder->lock); goto out; @@ -217,6 +207,7 @@ static void padata_reorder(struct parallel_data *pd) struct padata_priv *padata; struct padata_serial_queue *squeue; struct padata_instance *pinst = pd->pinst; + struct padata_parallel_queue *next_queue; /* * We need to ensure that only one cpu can work on dequeueing of @@ -248,7 +239,6 @@ static void padata_reorder(struct parallel_data *pd) * so exit immediately. */ if (PTR_ERR(padata) == -ENODATA) { - del_timer(&pd->timer); spin_unlock_bh(&pd->lock); return; } @@ -267,70 +257,29 @@ static void padata_reorder(struct parallel_data *pd) /* * The next object that needs serialization might have arrived to - * the reorder queues in the meantime, we will be called again - * from the timer function if no one else cares for it. + * the reorder queues in the meantime. * - * Ensure reorder_objects is read after pd->lock is dropped so we see - * an increment from another task in padata_do_serial. Pairs with + * Ensure reorder queue is read after pd->lock is dropped so we see + * new objects from another task in padata_do_serial. Pairs with * smp_mb__after_atomic in padata_do_serial. */ smp_mb(); - if (atomic_read(&pd->reorder_objects) - && !(pinst->flags & PADATA_RESET)) - mod_timer(&pd->timer, jiffies + HZ); - else - del_timer(&pd->timer); - return; + next_queue = per_cpu_ptr(pd->pqueue, pd->cpu); + if (!list_empty(&next_queue->reorder.list)) + queue_work(pinst->wq, &pd->reorder_work); } static void invoke_padata_reorder(struct work_struct *work) { - struct padata_parallel_queue *pqueue; struct parallel_data *pd; local_bh_disable(); - pqueue = container_of(work, struct padata_parallel_queue, reorder_work); - pd = pqueue->pd; + pd = container_of(work, struct parallel_data, reorder_work); padata_reorder(pd); local_bh_enable(); } -static void padata_reorder_timer(struct timer_list *t) -{ - struct parallel_data *pd = from_timer(pd, t, timer); - unsigned int weight; - int target_cpu, cpu; - - cpu = get_cpu(); - - /* We don't lock pd here to not interfere with parallel processing - * padata_reorder() calls on other CPUs. We just need any CPU out of - * the cpumask.pcpu set. It would be nice if it's the right one but - * it doesn't matter if we're off to the next one by using an outdated - * pd->processed value. - */ - weight = cpumask_weight(pd->cpumask.pcpu); - target_cpu = padata_index_to_cpu(pd, pd->processed % weight); - - /* ensure to call the reorder callback on the correct CPU */ - if (cpu != target_cpu) { - struct padata_parallel_queue *pqueue; - struct padata_instance *pinst; - - /* The timer function is serialized wrt itself -- no locking - * needed. - */ - pinst = pd->pinst; - pqueue = per_cpu_ptr(pd->pqueue, target_cpu); - queue_work_on(target_cpu, pinst->wq, &pqueue->reorder_work); - } else { - padata_reorder(pd); - } - - put_cpu(); -} - static void padata_serial_worker(struct work_struct *serial_work) { struct padata_serial_queue *squeue; @@ -384,9 +333,8 @@ void padata_do_serial(struct padata_priv *padata) cpu = get_cpu(); - /* We need to run on the same CPU padata_do_parallel(.., padata, ..) - * was called on -- or, at least, enqueue the padata object into the - * correct per-cpu queue. + /* We need to enqueue the padata object into the correct + * per-cpu queue. */ if (cpu != padata->cpu) { reorder_via_wq = 1; @@ -396,12 +344,12 @@ void padata_do_serial(struct padata_priv *padata) pqueue = per_cpu_ptr(pd->pqueue, cpu); spin_lock(&pqueue->reorder.lock); - atomic_inc(&pd->reorder_objects); list_add_tail(&padata->list, &pqueue->reorder.list); + atomic_inc(&pd->reorder_objects); spin_unlock(&pqueue->reorder.lock); /* - * Ensure the atomic_inc of reorder_objects above is ordered correctly + * Ensure the addition to the reorder list is ordered correctly * with the trylock of pd->lock in padata_reorder. Pairs with smp_mb * in padata_reorder. */ @@ -409,13 +357,7 @@ void padata_do_serial(struct padata_priv *padata) put_cpu(); - /* If we're running on the wrong CPU, call padata_reorder() via a - * kernel worker. - */ - if (reorder_via_wq) - queue_work_on(cpu, pd->pinst->wq, &pqueue->reorder_work); - else - padata_reorder(pd); + padata_reorder(pd); } EXPORT_SYMBOL(padata_do_serial); @@ -471,14 +413,12 @@ static void padata_init_pqueues(struct parallel_data *pd) continue; } - pqueue->pd = pd; pqueue->cpu_index = cpu_index; cpu_index++; __padata_list_init(&pqueue->reorder); __padata_list_init(&pqueue->parallel); INIT_WORK(&pqueue->work, padata_parallel_worker); - INIT_WORK(&pqueue->reorder_work, invoke_padata_reorder); atomic_set(&pqueue->num_obj, 0); } } @@ -506,12 +446,13 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst, padata_init_pqueues(pd); padata_init_squeues(pd); - timer_setup(&pd->timer, padata_reorder_timer, 0); atomic_set(&pd->seq_nr, -1); atomic_set(&pd->reorder_objects, 0); atomic_set(&pd->refcnt, 1); pd->pinst = pinst; spin_lock_init(&pd->lock); + pd->cpu = cpumask_first(pcpumask); + INIT_WORK(&pd->reorder_work, invoke_padata_reorder); return pd; -- 2.26.2

5 years, 6 months

2
3
0 0

[4.4] Security fixes

by Ben Hutchings

I've backported fixes for I²C and media controller devices, dealing with the lifetime of related cdev and struct device instances and some similar race conditions. Fixing the lifetime issue for watchdog devices looks impractical for 4.4, as it depends on a big refactoring in 4.5. All but one of these are already included in or queued for the later stable branches. You dropped the I²C lifetime fix for 4.9, but I hope my previous replies persuaded you that it is valid. Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

5 years, 6 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror