- Linux-stable-mirror - lists.linaro.org

[git:media_tree/master] media: vivid: Fix wrong locking that causes race conditions on streaming stop

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: vivid: Fix wrong locking that causes race conditions on streaming stop Author: Alexander Popov <alex.popov(a)linux.com> Date: Sun Nov 3 23:17:19 2019 +0100 There is the same incorrect approach to locking implemented in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out() and sdr_cap_stop_streaming(). These functions are called during streaming stopping with vivid_dev.mutex locked. And they all do the same mistake while stopping their kthreads, which need to lock this mutex as well. See the example from vivid_stop_generating_vid_cap(): /* shutdown control thread */ vivid_grab_controls(dev, false); mutex_unlock(&dev->mutex); kthread_stop(dev->kthread_vid_cap); dev->kthread_vid_cap = NULL; mutex_lock(&dev->mutex); But when this mutex is unlocked, another vb2_fop_read() can lock it instead of vivid_thread_vid_cap() and manipulate the buffer queue. That causes a use-after-free access later. To fix those issues let's: 1. avoid unlocking the mutex in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out() and sdr_cap_stop_streaming(); 2. use mutex_trylock() with schedule_timeout_uninterruptible() in the loops of the vivid kthread handlers. Signed-off-by: Alexander Popov <alex.popov(a)linux.com> Acked-by: Linus Torvalds <torvalds(a)linux-foundation.org> Tested-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Cc: <stable(a)vger.kernel.org> # for v3.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/platform/vivid/vivid-kthread-cap.c | 8 +++++--- drivers/media/platform/vivid/vivid-kthread-out.c | 8 +++++--- drivers/media/platform/vivid/vivid-sdr-cap.c | 8 +++++--- 3 files changed, 15 insertions(+), 9 deletions(-) --- diff --git a/drivers/media/platform/vivid/vivid-kthread-cap.c b/drivers/media/platform/vivid/vivid-kthread-cap.c index 9f981e8bae6e..01a9d671b947 100644 --- a/drivers/media/platform/vivid/vivid-kthread-cap.c +++ b/drivers/media/platform/vivid/vivid-kthread-cap.c @@ -818,7 +818,11 @@ static int vivid_thread_vid_cap(void *data) if (kthread_should_stop()) break; - mutex_lock(&dev->mutex); + if (!mutex_trylock(&dev->mutex)) { + schedule_timeout_uninterruptible(1); + continue; + } + cur_jiffies = jiffies; if (dev->cap_seq_resync) { dev->jiffies_vid_cap = cur_jiffies; @@ -998,8 +1002,6 @@ void vivid_stop_generating_vid_cap(struct vivid_dev *dev, bool *pstreaming) /* shutdown control thread */ vivid_grab_controls(dev, false); - mutex_unlock(&dev->mutex); kthread_stop(dev->kthread_vid_cap); dev->kthread_vid_cap = NULL; - mutex_lock(&dev->mutex); } diff --git a/drivers/media/platform/vivid/vivid-kthread-out.c b/drivers/media/platform/vivid/vivid-kthread-out.c index c974235d7de3..6780687978f9 100644 --- a/drivers/media/platform/vivid/vivid-kthread-out.c +++ b/drivers/media/platform/vivid/vivid-kthread-out.c @@ -166,7 +166,11 @@ static int vivid_thread_vid_out(void *data) if (kthread_should_stop()) break; - mutex_lock(&dev->mutex); + if (!mutex_trylock(&dev->mutex)) { + schedule_timeout_uninterruptible(1); + continue; + } + cur_jiffies = jiffies; if (dev->out_seq_resync) { dev->jiffies_vid_out = cur_jiffies; @@ -344,8 +348,6 @@ void vivid_stop_generating_vid_out(struct vivid_dev *dev, bool *pstreaming) /* shutdown control thread */ vivid_grab_controls(dev, false); - mutex_unlock(&dev->mutex); kthread_stop(dev->kthread_vid_out); dev->kthread_vid_out = NULL; - mutex_lock(&dev->mutex); } diff --git a/drivers/media/platform/vivid/vivid-sdr-cap.c b/drivers/media/platform/vivid/vivid-sdr-cap.c index 9acc709b0740..2b7522e16efc 100644 --- a/drivers/media/platform/vivid/vivid-sdr-cap.c +++ b/drivers/media/platform/vivid/vivid-sdr-cap.c @@ -141,7 +141,11 @@ static int vivid_thread_sdr_cap(void *data) if (kthread_should_stop()) break; - mutex_lock(&dev->mutex); + if (!mutex_trylock(&dev->mutex)) { + schedule_timeout_uninterruptible(1); + continue; + } + cur_jiffies = jiffies; if (dev->sdr_cap_seq_resync) { dev->jiffies_sdr_cap = cur_jiffies; @@ -303,10 +307,8 @@ static void sdr_cap_stop_streaming(struct vb2_queue *vq) } /* shutdown control thread */ - mutex_unlock(&dev->mutex); kthread_stop(dev->kthread_sdr_cap); dev->kthread_sdr_cap = NULL; - mutex_lock(&dev->mutex); } static void sdr_cap_buf_request_complete(struct vb2_buffer *vb)

6 years

1
0
0 0

patch "staging: rtl8192e: fix potential use after free" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: rtl8192e: fix potential use after free to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From b7aa39a2ed0112d07fc277ebd24a08a7b2368ab9 Mon Sep 17 00:00:00 2001 From: Pan Bian <bianpan2016(a)163.com> Date: Tue, 5 Nov 2019 22:49:11 +0800 Subject: staging: rtl8192e: fix potential use after free The variable skb is released via kfree_skb() when the return value of _rtl92e_tx is not zero. However, after that, skb is accessed again to read its length, which may result in a use after free bug. This patch fixes the bug by moving the release operation to where skb is never used later. Signed-off-by: Pan Bian <bianpan2016(a)163.com> Reviewed-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/1572965351-6745-1-git-send-email-bianpan2016@163.… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtl8192e/rtl8192e/rtl_core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c index b08712a9c029..dace81a7d1ba 100644 --- a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c +++ b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c @@ -1616,14 +1616,15 @@ static void _rtl92e_hard_data_xmit(struct sk_buff *skb, struct net_device *dev, memcpy((unsigned char *)(skb->cb), &dev, sizeof(dev)); skb_push(skb, priv->rtllib->tx_headroom); ret = _rtl92e_tx(dev, skb); - if (ret != 0) - kfree_skb(skb); if (queue_index != MGNT_QUEUE) { priv->rtllib->stats.tx_bytes += (skb->len - priv->rtllib->tx_headroom); priv->rtllib->stats.tx_packets++; } + + if (ret != 0) + kfree_skb(skb); } static int _rtl92e_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) -- 2.24.0

6 years

1
0
0 0

❌ FAIL: Stable queue: queue-5.3

by CKI Project

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 37b4d0c37c0b - Linux 5.3.9 The results of these automated tests are provided below. Overall result: FAILED (see details below) Merge: OK Compile: OK Tests: FAILED All kernel binaries, config files, and logs are available for download here: https://artifacts.cki-project.org/pipelines/271580 One or more kernel tests failed: x86_64: ❌ iotop: sanity We hope that these logs can help you find the problem quickly. For the full detail on our testing procedures, please scroll to the bottom of this message. Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out the following commit: Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 37b4d0c37c0b - Linux 5.3.9 We grabbed the 591b923e15aa commit of the stable queue repository. We then merged the patchset with `git am`: regulator-of-fix-suspend-min-max-voltage-parsing.patch asoc-samsung-arndale-add-missing-of-node-dereferenci.patch asoc-wm8994-do-not-register-inapplicable-controls-fo.patch regulator-da9062-fix-suspend_enable-disable-preparat.patch asoc-topology-fix-a-signedness-bug-in-soc_tplg_dapm_.patch arm64-dts-allwinner-a64-pine64-plus-add-phy-regulato.patch arm64-dts-allwinner-a64-drop-pmu-node.patch arm64-dts-allwinner-a64-sopine-baseboard-add-phy-reg.patch arm64-dts-fix-gpio-to-pinmux-mapping.patch regulator-ti-abb-fix-timeout-in-ti_abb_wait_txdone-t.patch pinctrl-intel-allocate-irq-chip-dynamic.patch asoc-sof-loader-fix-kernel-oops-on-firmware-boot-fai.patch asoc-sof-topology-fix-parse-fail-issue-for-byte-bool.patch asoc-sof-intel-hda-fix-warnings-during-fw-load.patch asoc-sof-intel-initialise-and-verify-fw-crash-dump-d.patch asoc-sof-intel-hda-disable-dmi-l1-entry-during-captu.patch asoc-rt5682-add-null-handler-to-set_jack-function.patch asoc-intel-sof_rt5682-add-remove-function-to-disable.patch asoc-intel-bytcr_rt5651-add-null-check-to-support_bu.patch regulator-pfuze100-regulator-variable-val-in-pfuze10.patch asoc-wm_adsp-don-t-generate-kcontrols-without-read-f.patch asoc-rockchip-i2s-fix-rpm-imbalance.patch arm64-dts-rockchip-fix-rockpro64-rk808-interrupt-lin.patch arm-dts-logicpd-torpedo-som-remove-twl_keypad.patch arm64-dts-rockchip-fix-rockpro64-vdd-log-regulator-s.patch arm64-dts-rockchip-fix-rockpro64-sdhci-settings.patch pinctrl-ns2-fix-off-by-one-bugs-in-ns2_pinmux_enable.patch pinctrl-stmfx-fix-null-pointer-on-remove.patch arm64-dts-zii-ultra-fix-arm-regulator-states.patch arm-dts-am3874-iceboard-fix-i2c-mux-idle-disconnect-.patch asoc-msm8916-wcd-digital-add-missing-mix2-path-for-r.patch asoc-simple_card_utils.h-fix-potential-multiple-rede.patch arm-dts-use-level-interrupt-for-omap4-5-wlcore.patch arm-mm-fix-alignment-handler-faults-under-memory-pre.patch scsi-qla2xxx-fix-a-potential-null-pointer-dereferenc.patch scsi-scsi_dh_alua-handle-rtpg-sense-code-correctly-d.patch scsi-sni_53c710-fix-compilation-error.patch scsi-fix-kconfig-dependency-warning-related-to-53c70.patch arm-8908-1-add-__always_inline-to-functions-called-f.patch arm-8914-1-nommu-fix-exc_ret-for-xip.patch arm64-dts-rockchip-fix-rockpro64-sdmmc-settings.patch arm64-dts-rockchip-fix-usb-c-on-hugsun-x99-tv-box.patch arm64-dts-lx2160a-correct-cpu-core-idle-state-name.patch arm-dts-imx6q-logicpd-re-enable-snvs-power-key.patch arm-dts-vf610-zii-scu4-aib-specify-i2c-mux-idle-disc.patch arm-dts-imx7s-correct-gpt-s-ipg-clock-source.patch arm64-dts-imx8mq-use-correct-clock-for-usdhc-s-ipg-c.patch arm64-dts-imx8mm-use-correct-clock-for-usdhc-s-ipg-c.patch perf-tools-fix-resource-leak-of-closedir-on-the-erro.patch perf-c2c-fix-memory-leak-in-build_cl_output.patch 8250-men-mcb-fix-error-checking-when-get_num_ports-r.patch perf-kmem-fix-memory-leak-in-compact_gfp_flags.patch arm-davinci-dm365-fix-mcbsp-dma_slave_map-entry.patch drm-amdgpu-fix-potential-vm-faults.patch drm-amdgpu-fix-error-handling-in-amdgpu_bo_list_crea.patch scsi-target-core-do-not-overwrite-cdb-byte-1.patch scsi-hpsa-add-missing-hunks-in-reset-patch.patch asoc-intel-sof-rt5682-add-a-check-for-devm_clk_get.patch asoc-sof-control-return-true-when-kcontrol-values-ch.patch tracing-fix-gfp_t-format-for-synthetic-events.patch arm-dts-bcm2837-rpi-cm3-avoid-leds-gpio-probing-issu.patch i2c-aspeed-fix-master-pending-state-handling.patch drm-komeda-don-t-flush-inactive-pipes.patch arm-8926-1-v7m-remove-register-save-to-stack-before-.patch selftests-kvm-vmx_set_nested_state_test-don-t-check-.patch selftests-kvm-fix-sync_regs_test-with-newer-gccs.patch alsa-hda-add-tigerlake-jasperlake-pci-id.patch of-unittest-fix-memory-leak-in-unittest_data_add.patch mips-bmips-mark-exception-vectors-as-char-arrays.patch irqchip-gic-v3-its-use-the-exact-itslist-for-vmovp.patch i2c-mt65xx-fix-null-ptr-dereference.patch i2c-stm32f7-fix-first-byte-to-send-in-slave-mode.patch i2c-stm32f7-fix-a-race-in-slave-mode-with-arbitratio.patch i2c-stm32f7-remove-warning-when-compiling-with-w-1.patch cifs-fix-cifsinodeinfo-lock_sem-deadlock-when-reconn.patch irqchip-sifive-plic-skip-contexts-except-supervisor-.patch nbd-protect-cmd-status-with-cmd-lock.patch nbd-handle-racing-with-error-ed-out-commands.patch cxgb4-fix-panic-when-attaching-to-uld-fail.patch cxgb4-request-the-tx-cidx-updates-to-status-page.patch dccp-do-not-leak-jiffies-on-the-wire.patch erspan-fix-the-tun_info-options_len-check-for-erspan.patch inet-stop-leaking-jiffies-on-the-wire.patch net-annotate-accesses-to-sk-sk_incoming_cpu.patch net-annotate-lockless-accesses-to-sk-sk_napi_id.patch net-dsa-bcm_sf2-fix-imp-setup-for-port-different-than-8.patch net-ethernet-ftgmac100-fix-dma-coherency-issue-with-sw-checksum.patch net-fix-sk_page_frag-recursion-from-memory-reclaim.patch net-hisilicon-fix-ping-latency-when-deal-with-high-throughput.patch net-mlx4_core-dynamically-set-guaranteed-amount-of-counters-per-vf.patch netns-fix-gfp-flags-in-rtnl_net_notifyid.patch net-rtnetlink-fix-a-typo-fbd-fdb.patch net-usb-lan78xx-disable-interrupts-before-calling-generic_handle_irq.patch net-zeroing-the-structure-ethtool_wolinfo-in-ethtool_get_wol.patch selftests-net-reuseport_dualstack-fix-uninitalized-parameter.patch udp-fix-data-race-in-udp_set_dev_scratch.patch vxlan-check-tun_info-options_len-properly.patch net-add-skb_queue_empty_lockless.patch udp-use-skb_queue_empty_lockless.patch net-use-skb_queue_empty_lockless-in-poll-handlers.patch net-use-skb_queue_empty_lockless-in-busy-poll-contexts.patch net-add-read_once-annotation-in-__skb_wait_for_more_packets.patch ipv4-fix-route-update-on-metric-change.patch selftests-fib_tests-add-more-tests-for-metric-update.patch net-smc-fix-closing-of-fallback-smc-sockets.patch net-smc-keep-vlan_id-for-smc-r-in-smc_listen_work.patch keys-fix-memory-leak-in-copy_net_ns.patch net-phylink-fix-phylink_dbg-macro.patch rxrpc-fix-handling-of-last-subpacket-of-jumbo-packet.patch net-mlx5e-determine-source-port-properly-for-vlan-push-action.patch net-mlx5e-remove-incorrect-match-criteria-assignment-line.patch net-mlx5e-initialize-on-stack-link-modes-bitmap.patch net-mlx5-fix-flow-counter-list-auto-bits-struct.patch net-smc-fix-refcounting-for-non-blocking-connect.patch net-mlx5-fix-rtable-reference-leak.patch mlxsw-core-unpublish-devlink-parameters-during-reload.patch r8169-fix-wrong-phy-id-issue-with-rtl8168dp.patch net-mlx5e-fix-ethtool-self-test-link-speed.patch net-mlx5e-fix-handling-of-compressed-cqes-in-case-of-low-napi-budget.patch ipv4-fix-ipskb_frag_pmtu-handling-with-fragmentation.patch net-bcmgenet-don-t-set-phydev-link-from-mac.patch net-dsa-b53-do-not-clear-existing-mirrored-port-mask.patch net-dsa-fix-switch-tree-list.patch net-ensure-correct-skb-tstamp-in-various-fragmenters.patch net-hns3-fix-mis-counting-irq-vector-numbers-issue.patch net-netem-fix-error-path-for-corrupted-gso-frames.patch net-reorder-struct-net-fields-to-avoid-false-sharing.patch net-usb-lan78xx-connect-phy-before-registering-mac.patch r8152-add-device-id-for-lenovo-thinkpad-usb-c-dock-gen-2.patch net-netem-correct-the-parent-s-backlog-when-corrupted-packet-was-dropped.patch net-phy-bcm7xxx-define-soft_reset-for-40nm-ephy.patch net-bcmgenet-reset-40nm-ephy-on-energy-detect.patch net-flow_dissector-switch-to-siphash.patch Compile testing --------------- We compiled the kernel for 3 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test ✅ selinux-policy: serge-testsuite 🚧 ✅ Storage blktests Host 2: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test ⚡⚡⚡ Podman system integration test (as root) ⚡⚡⚡ Podman system integration test (as user) ⚡⚡⚡ LTP lite ⚡⚡⚡ Loopdev Sanity ⚡⚡⚡ jvm test suite ⚡⚡⚡ AMTU (Abstract Machine Test Utility) ⚡⚡⚡ LTP: openposix test suite ⚡⚡⚡ Networking bridge: sanity ⚡⚡⚡ Ethernet drivers sanity ⚡⚡⚡ Networking socket: fuzz ⚡⚡⚡ Networking sctp-auth: sockopts test ⚡⚡⚡ Networking route_func: local ⚡⚡⚡ Networking route_func: forward ⚡⚡⚡ Networking TCP: keepalive test ⚡⚡⚡ Networking UDP: socket ⚡⚡⚡ Networking tunnel: gre basic ⚡⚡⚡ Networking tunnel: vxlan basic ⚡⚡⚡ audit: audit testsuite test ⚡⚡⚡ httpd: mod_ssl smoke sanity ⚡⚡⚡ iotop: sanity ⚡⚡⚡ tuned: tune-processes-through-perf ⚡⚡⚡ ALSA PCM loopback test ⚡⚡⚡ ALSA Control (mixer) Userspace Element test ⚡⚡⚡ Usex - version 1.9-29 ⚡⚡⚡ storage: SCSI VPD ⚡⚡⚡ stress: stress-ng ⚡⚡⚡ trace: ftrace/tracer 🚧 ⚡⚡⚡ CIFS Connectathon 🚧 ⚡⚡⚡ POSIX pjd-fstest suites ppc64le: Host 1: ✅ Boot test ✅ Podman system integration test (as root) ✅ Podman system integration test (as user) ✅ LTP lite ✅ Loopdev Sanity ✅ jvm test suite ✅ AMTU (Abstract Machine Test Utility) ✅ LTP: openposix test suite ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking sctp-auth: sockopts test ✅ Networking route_func: local ✅ Networking route_func: forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: gre basic ✅ Networking tunnel: vxlan basic ✅ audit: audit testsuite test ✅ httpd: mod_ssl smoke sanity ✅ iotop: sanity ✅ tuned: tune-processes-through-perf ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ Usex - version 1.9-29 ✅ trace: ftrace/tracer 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites Host 2: ✅ Boot test ✅ selinux-policy: serge-testsuite 🚧 ❌ Storage blktests x86_64: Host 1: ✅ Boot test ✅ selinux-policy: serge-testsuite 🚧 ✅ Storage blktests Host 2: ✅ Boot test ✅ Podman system integration test (as root) ✅ Podman system integration test (as user) ✅ LTP lite ✅ Loopdev Sanity ✅ jvm test suite ✅ AMTU (Abstract Machine Test Utility) ✅ LTP: openposix test suite ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking sctp-auth: sockopts test ✅ Networking route_func: local ✅ Networking route_func: forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: gre basic ✅ Networking tunnel: vxlan basic ✅ audit: audit testsuite test ✅ httpd: mod_ssl smoke sanity ❌ iotop: sanity ⚡⚡⚡ tuned: tune-processes-through-perf ⚡⚡⚡ pciutils: sanity smoke test ⚡⚡⚡ ALSA PCM loopback test ⚡⚡⚡ ALSA Control (mixer) Userspace Element test ⚡⚡⚡ Usex - version 1.9-29 ⚡⚡⚡ storage: SCSI VPD ⚡⚡⚡ stress: stress-ng ⚡⚡⚡ trace: ftrace/tracer 🚧 ⚡⚡⚡ CIFS Connectathon 🚧 ⚡⚡⚡ POSIX pjd-fstest suites Test sources: https://github.com/CKI-project/tests-beaker 💚 Pull requests are welcome for new tests or improvements to existing tests! Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed. Testing timeout --------------- We aim to provide a report within reasonable timeframe. Tests that haven't finished running are marked with ⏱. Reports for non-upstream kernels have a Beaker recipe linked to next to each host.

6 years

1
0
0 0

Investment opportunity

by Peter Wong

Greetings, Find attached email very confidential. reply for more details Thanks. Peter Wong ---------------------------------------------------- This email was sent by the shareware version of Postman Professional.

6 years

1
0
0 0

[merged] mm-memcontrol-fix-network-errors-from-failing-__gfp_atomic-charges.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges has been removed from the -mm tree. Its filename was mm-memcontrol-fix-network-errors-from-failing-__gfp_atomic-charges.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges While upgrading from 4.16 to 5.2, we noticed these allocation errors in the log of the new kernel: [ 8642.253395] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC) [ 8642.269170] cache: tw_sock_TCPv6(960:helper-logs), object size: 232, buffer size: 240, default order: 1, min order: 0 [ 8642.293009] node 0: slabs: 5, objs: 170, free: 0 slab_out_of_memory+1 ___slab_alloc+969 __slab_alloc+14 kmem_cache_alloc+346 inet_twsk_alloc+60 tcp_time_wait+46 tcp_fin+206 tcp_data_queue+2034 tcp_rcv_state_process+784 tcp_v6_do_rcv+405 __release_sock+118 tcp_close+385 inet_release+46 __sock_release+55 sock_close+17 __fput+170 task_work_run+127 exit_to_usermode_loop+191 do_syscall_64+212 entry_SYSCALL_64_after_hwframe+68 accompanied by an increase in machines going completely radio silent under memory pressure. One thing that changed since 4.16 is e699e2c6a654 ("net, mm: account sock objects to kmemcg"), which made these slab caches subject to cgroup memory accounting and control. The problem with that is that cgroups, unlike the page allocator, do not maintain dedicated atomic reserves. As a cgroup's usage hovers at its limit, atomic allocations - such as done during network rx - can fail consistently for extended periods of time. The kernel is not able to operate under these conditions. We don't want to revert the culprit patch, because it indeed tracks a potentially substantial amount of memory used by a cgroup. We also don't want to implement dedicated atomic reserves for cgroups. There is no point in keeping a fixed margin of unused bytes in the cgroup's memory budget to accomodate a consumer that is impossible to predict - we'd be wasting memory and get into configuration headaches, not unlike what we have going with min_free_kbytes. We do this for physical mem because we have to, but cgroups are an accounting game. Instead, account these privileged allocations to the cgroup, but let them bypass the configured limit if they have to. This way, we get the benefits of accounting the consumed memory and have it exert pressure on the rest of the cgroup, but like with the page allocator, we shift the burden of reclaimining on behalf of atomic allocations onto the regular allocations that can block. Link: http://lkml.kernel.org/r/20191022233708.365764-1-hannes@cmpxchg.org Fixes: e699e2c6a654 ("net, mm: account sock objects to kmemcg") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Cc: Suleiman Souhlal <suleiman(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: <stable(a)vger.kernel.org> [4.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/mm/memcontrol.c~mm-memcontrol-fix-network-errors-from-failing-__gfp_atomic-charges +++ a/mm/memcontrol.c @@ -2535,6 +2535,15 @@ retry: } /* + * Memcg doesn't have a dedicated reserve for atomic + * allocations. But like the global atomic pool, we need to + * put the burden of reclaim on regular allocation requests + * and let these go through as privileged allocations. + */ + if (gfp_mask & __GFP_ATOMIC) + goto force; + + /* * Unlike in global OOM situations, memcg is not in a physical * memory shortage. Allow dying and OOM-killed tasks to * bypass the last charges so that they can exit quickly and _ Patches currently in -mm which might be from hannes(a)cmpxchg.org are mm-memcontrol-remove-dead-code-from-memory_max_write.patch mm-memcontrol-try-harder-to-set-a-new-memoryhigh.patch mm-drop-mmap_sem-before-calling-balance_dirty_pages-in-write-fault.patch mm-vmscan-simplify-lruvec_lru_size.patch mm-clean-up-and-clarify-lruvec-lookup-procedure.patch mm-vmscan-move-inactive_list_is_low-swap-check-to-the-caller.patch mm-vmscan-naming-fixes-global_reclaim-and-sane_reclaim.patch mm-vmscan-replace-shrink_node-loop-with-a-retry-jump.patch mm-vmscan-turn-shrink_node_memcg-into-shrink_lruvec.patch mm-vmscan-split-shrink_node-into-node-part-and-memcgs-part.patch mm-vmscan-split-shrink_node-into-node-part-and-memcgs-part-fix.patch mm-vmscan-harmonize-writeback-congestion-tracking-for-nodes-memcgs.patch kernel-sysctl-make-drop_caches-write-only.patch

6 years

1
0
0 0

[merged] mm-slab-make-page_cgroup_ino-to-recognize-non-compound-slab-pages-properly.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: slab: make page_cgroup_ino() to recognize non-compound slab pages properly has been removed from the -mm tree. Its filename was mm-slab-make-page_cgroup_ino-to-recognize-non-compound-slab-pages-properly.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Roman Gushchin <guro(a)fb.com> Subject: mm: slab: make page_cgroup_ino() to recognize non-compound slab pages properly page_cgroup_ino() doesn't return a valid memcg pointer for non-compound slab pages, because it depends on PgHead AND PgSlab flags to be set to determine the memory cgroup from the kmem_cache. It's correct for compound pages, but not for generic small pages. Those don't have PgHead set, so it ends up returning zero. Fix this by replacing the condition to PageSlab() && !PageTail(). Before this patch: [root@localhost ~]# ./page-types -c /sys/fs/cgroup/user.slice/user-0.slice/user(a)0.service/ | grep slab 0x0000000000000080 38 0 _______S___________________________________ slab After this patch: [root@localhost ~]# ./page-types -c /sys/fs/cgroup/user.slice/user-0.slice/user(a)0.service/ | grep slab 0x0000000000000080 147 0 _______S___________________________________ slab Also, hwpoison_filter_task() uses output of page_cgroup_ino() in order to filter error injection events based on memcg. So if page_cgroup_ino() fails to return memcg pointer, we just fail to inject memory error. Considering that hwpoison filter is for testing, affected users are limited and the impact should be marginal. [n-horiguchi(a)ah.jp.nec.com: changelog additions] Link: http://lkml.kernel.org/r/20191031012151.2722280-1-guro@fb.com Fixes: 4d96ba353075 ("mm: memcg/slab: stop setting page->mem_cgroup pointer for slab pages") Signed-off-by: Roman Gushchin <guro(a)fb.com> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 2 +- mm/slab.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/mm/memcontrol.c~mm-slab-make-page_cgroup_ino-to-recognize-non-compound-slab-pages-properly +++ a/mm/memcontrol.c @@ -484,7 +484,7 @@ ino_t page_cgroup_ino(struct page *page) unsigned long ino = 0; rcu_read_lock(); - if (PageHead(page) && PageSlab(page)) + if (PageSlab(page) && !PageTail(page)) memcg = memcg_from_slab_page(page); else memcg = READ_ONCE(page->mem_cgroup); --- a/mm/slab.h~mm-slab-make-page_cgroup_ino-to-recognize-non-compound-slab-pages-properly +++ a/mm/slab.h @@ -323,8 +323,8 @@ static inline struct kmem_cache *memcg_r * Expects a pointer to a slab page. Please note, that PageSlab() check * isn't sufficient, as it returns true also for tail compound slab pages, * which do not have slab_cache pointer set. - * So this function assumes that the page can pass PageHead() and PageSlab() - * checks. + * So this function assumes that the page can pass PageSlab() && !PageTail() + * check. * * The kmem_cache can be reparented asynchronously. The caller must ensure * the memcg lifetime, e.g. by taking rcu_read_lock() or cgroup_mutex. _ Patches currently in -mm which might be from guro(a)fb.com are mm-memcg-switch-to-css_tryget-in-get_mem_cgroup_from_mm.patch mm-hugetlb-switch-to-css_tryget-in-hugetlb_cgroup_charge_cgroup.patch

6 years

1
0
0 0

[merged] dump_stack-avoid-the-livelock-of-the-dump_lock.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: dump_stack: avoid the livelock of the dump_lock has been removed from the -mm tree. Its filename was dump_stack-avoid-the-livelock-of-the-dump_lock.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Kevin Hao <haokexin(a)gmail.com> Subject: dump_stack: avoid the livelock of the dump_lock In the current code, we use the atomic_cmpxchg() to serialize the output of the dump_stack(), but this implementation suffers the thundering herd problem. We have observed such kind of livelock on a Marvell cn96xx board(24 cpus) when heavily using the dump_stack() in a kprobe handler. Actually we can let the competitors to wait for the releasing of the lock before jumping to atomic_cmpxchg(). This will definitely mitigate the thundering herd problem. Thanks Linus for the suggestion. [akpm(a)linux-foundation.org: fix comment] Link: http://lkml.kernel.org/r/20191030031637.6025-1-haokexin@gmail.com Fixes: b58d977432c8 ("dump_stack: serialize the output from dump_stack()") Signed-off-by: Kevin Hao <haokexin(a)gmail.com> Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/dump_stack.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/lib/dump_stack.c~dump_stack-avoid-the-livelock-of-the-dump_lock +++ a/lib/dump_stack.c @@ -106,7 +106,12 @@ retry: was_locked = 1; } else { local_irq_restore(flags); - cpu_relax(); + /* + * Wait for the lock to release before jumping to + * atomic_cmpxchg() in order to mitigate the thundering herd + * problem. + */ + do { cpu_relax(); } while (atomic_read(&dump_lock) != -1); goto retry; } _ Patches currently in -mm which might be from haokexin(a)gmail.com are

6 years

1
0
0 0

[merged] khugepaged-might_sleep-warn-due-to-config_highpte=y.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/khugepaged: fix might_sleep() warn with CONFIG_HIGHPTE=y has been removed from the -mm tree. Its filename was khugepaged-might_sleep-warn-due-to-config_highpte=y.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Subject: mm/khugepaged: fix might_sleep() warn with CONFIG_HIGHPTE=y I got some khugepaged spew on a 32bit x86: [ 217.490026] BUG: sleeping function called from invalid context at include/linux/mmu_notifier.h:346 [ 217.492826] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 25, name: khugepaged [ 217.495589] INFO: lockdep is turned off. [ 217.498371] CPU: 1 PID: 25 Comm: khugepaged Not tainted 5.4.0-rc5-elk+ #206 [ 217.501233] Hardware name: System manufacturer P5Q-EM/P5Q-EM, BIOS 2203 07/08/2009 [ 217.501697] Call Trace: [ 217.501697] dump_stack+0x66/0x8e [ 217.501697] ___might_sleep.cold.96+0x95/0xa6 [ 217.501697] __might_sleep+0x2e/0x80 [ 217.501697] collapse_huge_page.isra.51+0x5ac/0x1360 [ 217.501697] ? __alloc_pages_nodemask+0xec/0xf80 [ 217.501697] ? __alloc_pages_nodemask+0x191/0xf80 [ 217.501697] ? trace_hardirqs_on+0x4a/0xf0 [ 217.501697] khugepaged+0x9a9/0x20f0 [ 217.501697] ? _raw_spin_unlock+0x21/0x30 [ 217.501697] ? trace_hardirqs_on+0x4a/0xf0 [ 217.501697] ? wait_woken+0xa0/0xa0 [ 217.501697] kthread+0xf5/0x110 [ 217.501697] ? collapse_pte_mapped_thp+0x3b0/0x3b0 [ 217.501697] ? kthread_create_worker_on_cpu+0x20/0x20 [ 217.501697] ret_from_fork+0x2e/0x38 Looks like it's due to CONFIG_HIGHPTE=y pte_offset_map()->kmap_atomic() vs. mmu_notifier_invalidate_range_start(). Let's do the naive approach and just reorder the two operations. Link: http://lkml.kernel.org/r/20191029201513.GG1208@intel.com Fixes: 810e24e009cf71 ("mm/mmu_notifiers: annotate with might_sleep()") Signed-off-by: Ville Syrjl <ville.syrjala(a)linux.intel.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: Daniel Vetter <daniel.vetter(a)intel.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/khugepaged.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/mm/khugepaged.c~khugepaged-might_sleep-warn-due-to-config_highpte=y +++ a/mm/khugepaged.c @@ -1028,12 +1028,13 @@ static void collapse_huge_page(struct mm anon_vma_lock_write(vma->anon_vma); - pte = pte_offset_map(pmd, address); - pte_ptl = pte_lockptr(mm, pmd); - mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm, address, address + HPAGE_PMD_SIZE); mmu_notifier_invalidate_range_start(&range); + + pte = pte_offset_map(pmd, address); + pte_ptl = pte_lockptr(mm, pmd); + pmd_ptl = pmd_lock(mm, pmd); /* probably unnecessary */ /* * After this gup_fast can't run anymore. This also removes _ Patches currently in -mm which might be from ville.syrjala(a)linux.intel.com are

6 years

1
0
0 0

[merged] mm-vmstat-hide-proc-pagetypeinfo-from-normal-users.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, vmstat: hide /proc/pagetypeinfo from normal users has been removed from the -mm tree. Its filename was mm-vmstat-hide-proc-pagetypeinfo-from-normal-users.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Michal Hocko <mhocko(a)suse.com> Subject: mm, vmstat: hide /proc/pagetypeinfo from normal users /proc/pagetypeinfo is a debugging tool to examine internal page allocator state wrt to fragmentation. It is not very useful for any other use so normal users really do not need to read this file. Waiman Long has noticed that reading this file can have negative side effects because zone->lock is necessary for gathering data and that a) interferes with the page allocator and its users and b) can lead to hard lockups on large machines which have very long free_list. Reduce both issues by simply not exporting the file to regular users. Link: http://lkml.kernel.org/r/20191025072610.18526-2-mhocko@kernel.org Fixes: 467c996c1e19 ("Print out statistics in relation to fragmentation avoidance to /proc/pagetypeinfo") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Reported-by: Waiman Long <longman(a)redhat.com> Acked-by: Mel Gorman <mgorman(a)suse.de> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: Waiman Long <longman(a)redhat.com> Acked-by: Rafael Aquini <aquini(a)redhat.com> Acked-by: David Rientjes <rientjes(a)google.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> Cc: Jann Horn <jannh(a)google.com> Cc: Song Liu <songliubraving(a)fb.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmstat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/vmstat.c~mm-vmstat-hide-proc-pagetypeinfo-from-normal-users +++ a/mm/vmstat.c @@ -1972,7 +1972,7 @@ void __init init_mm_internals(void) #endif #ifdef CONFIG_PROC_FS proc_create_seq("buddyinfo", 0444, NULL, &fragmentation_op); - proc_create_seq("pagetypeinfo", 0444, NULL, &pagetypeinfo_op); + proc_create_seq("pagetypeinfo", 0400, NULL, &pagetypeinfo_op); proc_create_seq("vmstat", 0444, NULL, &vmstat_op); proc_create_seq("zoneinfo", 0444, NULL, &zoneinfo_op); #endif _ Patches currently in -mm which might be from mhocko(a)suse.com are

6 years

1
0
0 0

[merged] ocfs2-protect-extent-tree-in-the-ocfs2_prepare_inode_for_write.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() has been removed from the -mm tree. Its filename was ocfs2-protect-extent-tree-in-the-ocfs2_prepare_inode_for_write.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Shuning Zhang <sunny.s.zhang(a)oracle.com> Subject: ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() When the extent tree is modified, it should be protected by inode cluster lock and ip_alloc_sem. The extent tree is accessed and modified in the ocfs2_prepare_inode_for_write, but isn't protected by ip_alloc_sem. The following is a case. The function ocfs2_fiemap is accessing the extent tree, which is modified at the same time. [47145.974472] kernel BUG at fs/ocfs2/extent_map.c:475! [47145.974480] invalid opcode: 0000 [#1] SMP [47145.974489] Modules linked in: tun ocfs2 ocfs2_nodemanager configfs ocfs2_stackglue xen_netback xen_blkback xen_gntalloc xen_gntdev xen_evtchn xenfs xen_privcmd vfat fat bnx2fc fcoe libfcoe libfc scsi_transport_fc sunrpc bridge 8021q mrp garp stp llc ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr dm_round_robin dm_multipath sg pcspkr raid1 shpchp ipmi_devintf ipmi_msghandler ext4 jbd2 mbcache2 sd_mod nvme nvme_core bnxt_en xhci_pci xhci_hcd crc32c_intel be2iscsi bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi ipv6 cxgb3 mdio qla4xxx wmi dm_mirror dm_region_hash dm_log dm_mod iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi iscsi_ibft iscsi_boot_sysfs [47145.974636] CPU: 16 PID: 14047 Comm: o2info Not tainted 4.1.12-124.23.1.el6uek.x86_64 #2 [47145.974646] Hardware name: Oracle Corporation ORACLE SERVER X7-2L/ASM, MB MECH, X7-2L, BIOS 42040600 10/19/2018 [47145.974658] task: ffff88019487e200 ti: ffff88003daa4000 task.ti: ffff88003daa4000 [47145.974667] RIP: e030:[<ffffffffa05e4840>] [<ffffffffa05e4840>] ocfs2_get_clusters_nocache.isra.11+0x390/0x550 [ocfs2] [47145.974708] RSP: e02b:ffff88003daa7d88 EFLAGS: 00010287 [47145.974713] RAX: 00000000000000de RBX: ffff8801d1104030 RCX: ffff8801d1104e10 [47145.974719] RDX: 00000000000000de RSI: 000000000009ec40 RDI: ffff8801d1104e24 [47145.974725] RBP: ffff88003daa7df8 R08: ffff88003daa7e38 R09: 0000000000000000 [47145.974732] R10: 000000000009ec3f R11: 0000000000000246 R12: 000000000009ec3f [47145.974739] R13: ffff88004c419000 R14: 0000000000000002 R15: ffff88003daa7e28 [47145.974754] FS: 00007fdbccc92720(0000) GS:ffff880358800000(0000) knlGS:ffff880358800000 [47145.974764] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 [47145.974772] CR2: 00007fd5dfcd8350 CR3: 0000000208677000 CR4: 0000000000042660 [47145.974785] Stack: [47145.974790] ffff88003daa7df8 00002000a05e249b ffff8801d1104000 ffff88003daa7e2c [47145.974802] ffff88003daa7e38 ffff88000cc484c0 ffff880145f5b478 0000000000000000 [47145.974811] 0000000000002000 ffff88000cc484c0 ffff88003daa7ea0 0000000000000000 [47145.974820] Call Trace: [47145.974837] [<ffffffffa05e53e3>] ocfs2_fiemap+0x1e3/0x430 [ocfs2] [47145.974848] [<ffffffff816f644f>] ? xen_hypervisor_callback+0x7f/0x120 [47145.974855] [<ffffffff816f6448>] ? xen_hypervisor_callback+0x78/0x120 [47145.974861] [<ffffffff816f64a3>] ? xen_hypervisor_callback+0xd3/0x120 [47145.974872] [<ffffffff81220905>] do_vfs_ioctl+0x155/0x510 [47145.974878] [<ffffffff81220d41>] SyS_ioctl+0x81/0xa0 [47145.974885] [<ffffffff816f1b9f>] ? system_call_after_swapgs+0xe9/0x190 [47145.974891] [<ffffffff816f1b98>] ? system_call_after_swapgs+0xe2/0x190 [47145.974899] [<ffffffff816f1b91>] ? system_call_after_swapgs+0xdb/0x190 [47145.974905] [<ffffffff816f1c5e>] system_call_fastpath+0x18/0xd8 [47145.974910] Code: 18 48 c7 c6 60 7f 65 a0 31 c0 bb e2 ff ff ff 48 8b 4a 40 48 8b 7a 28 48 c7 c2 78 2d 66 a0 e8 38 4f 05 00 e9 28 fe ff ff 0f 1f 00 <0f> 0b 66 0f 1f 44 00 00 bb 86 ff ff ff e9 13 fe ff ff 66 0f 1f [47145.975000] RIP [<ffffffffa05e4840>] ocfs2_get_clusters_nocache.isra.11+0x390/0x550 [ocfs2] [47145.975018] RSP <ffff88003daa7d88> [47145.989999] ---[ end trace c8aa0c8180e869dc ]--- [47146.087579] Kernel panic - not syncing: Fatal exception [47146.087691] Kernel Offset: disabled This issue can be reproduced every week in a production environment. This issue is related to the usage mode. If others use ocfs2 in this mode, the kernel will panic frequently. [akpm(a)linux-foundation.org: coding style fixes] Link: http://lkml.kernel.org/r/1568772175-2906-2-git-send-email-sunny.s.zhang@ora… Signed-off-by: Shuning Zhang <sunny.s.zhang(a)oracle.com> Reviewed-by: Junxiao Bi <junxiao.bi(a)oracle.com> Reviewed-by: Gang He <ghe(a)suse.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Joseph Qi <jiangqi903(a)gmail.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/file.c | 125 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 99 insertions(+), 26 deletions(-) --- a/fs/ocfs2/file.c~ocfs2-protect-extent-tree-in-the-ocfs2_prepare_inode_for_write +++ a/fs/ocfs2/file.c @@ -2125,26 +2125,89 @@ out: return ret; } +static int ocfs2_inode_lock_for_extent_tree(struct inode *inode, + struct buffer_head **di_bh, + int meta_level, + int overwrite_io, + int write_sem, + int wait) +{ + int ret = 0; + + if (wait) + ret = ocfs2_inode_lock(inode, NULL, meta_level); + else + ret = ocfs2_try_inode_lock(inode, + overwrite_io ? NULL : di_bh, meta_level); + if (ret < 0) + goto out; + + if (wait) { + if (write_sem) + down_write(&OCFS2_I(inode)->ip_alloc_sem); + else + down_read(&OCFS2_I(inode)->ip_alloc_sem); + } else { + if (write_sem) + ret = down_write_trylock(&OCFS2_I(inode)->ip_alloc_sem); + else + ret = down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem); + + if (!ret) { + ret = -EAGAIN; + goto out_unlock; + } + } + + return ret; + +out_unlock: + brelse(*di_bh); + ocfs2_inode_unlock(inode, meta_level); +out: + return ret; +} + +static void ocfs2_inode_unlock_for_extent_tree(struct inode *inode, + struct buffer_head **di_bh, + int meta_level, + int write_sem) +{ + if (write_sem) + up_write(&OCFS2_I(inode)->ip_alloc_sem); + else + up_read(&OCFS2_I(inode)->ip_alloc_sem); + + brelse(*di_bh); + *di_bh = NULL; + + if (meta_level >= 0) + ocfs2_inode_unlock(inode, meta_level); +} + static int ocfs2_prepare_inode_for_write(struct file *file, loff_t pos, size_t count, int wait) { int ret = 0, meta_level = 0, overwrite_io = 0; + int write_sem = 0; struct dentry *dentry = file->f_path.dentry; struct inode *inode = d_inode(dentry); struct buffer_head *di_bh = NULL; + u32 cpos; + u32 clusters; /* * We start with a read level meta lock and only jump to an ex * if we need to make modifications here. */ for(;;) { - if (wait) - ret = ocfs2_inode_lock(inode, NULL, meta_level); - else - ret = ocfs2_try_inode_lock(inode, - overwrite_io ? NULL : &di_bh, meta_level); + ret = ocfs2_inode_lock_for_extent_tree(inode, + &di_bh, + meta_level, + overwrite_io, + write_sem, + wait); if (ret < 0) { - meta_level = -1; if (ret != -EAGAIN) mlog_errno(ret); goto out; @@ -2156,15 +2219,8 @@ static int ocfs2_prepare_inode_for_write */ if (!wait && !overwrite_io) { overwrite_io = 1; - if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) { - ret = -EAGAIN; - goto out_unlock; - } ret = ocfs2_overwrite_io(inode, di_bh, pos, count); - brelse(di_bh); - di_bh = NULL; - up_read(&OCFS2_I(inode)->ip_alloc_sem); if (ret < 0) { if (ret != -EAGAIN) mlog_errno(ret); @@ -2183,7 +2239,10 @@ static int ocfs2_prepare_inode_for_write * set inode->i_size at the end of a write. */ if (should_remove_suid(dentry)) { if (meta_level == 0) { - ocfs2_inode_unlock(inode, meta_level); + ocfs2_inode_unlock_for_extent_tree(inode, + &di_bh, + meta_level, + write_sem); meta_level = 1; continue; } @@ -2197,18 +2256,32 @@ static int ocfs2_prepare_inode_for_write ret = ocfs2_check_range_for_refcount(inode, pos, count); if (ret == 1) { - ocfs2_inode_unlock(inode, meta_level); - meta_level = -1; + ocfs2_inode_unlock_for_extent_tree(inode, + &di_bh, + meta_level, + write_sem); + ret = ocfs2_inode_lock_for_extent_tree(inode, + &di_bh, + meta_level, + overwrite_io, + 1, + wait); + write_sem = 1; + if (ret < 0) { + if (ret != -EAGAIN) + mlog_errno(ret); + goto out; + } - ret = ocfs2_prepare_inode_for_refcount(inode, - file, - pos, - count, - &meta_level); + cpos = pos >> OCFS2_SB(inode->i_sb)->s_clustersize_bits; + clusters = + ocfs2_clusters_for_bytes(inode->i_sb, pos + count) - cpos; + ret = ocfs2_refcount_cow(inode, di_bh, cpos, clusters, UINT_MAX); } if (ret < 0) { - mlog_errno(ret); + if (ret != -EAGAIN) + mlog_errno(ret); goto out_unlock; } @@ -2219,10 +2292,10 @@ out_unlock: trace_ocfs2_prepare_inode_for_write(OCFS2_I(inode)->ip_blkno, pos, count, wait); - brelse(di_bh); - - if (meta_level >= 0) - ocfs2_inode_unlock(inode, meta_level); + ocfs2_inode_unlock_for_extent_tree(inode, + &di_bh, + meta_level, + write_sem); out: return ret; _ Patches currently in -mm which might be from sunny.s.zhang(a)oracle.com are

6 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror