In PTE holes that contain VM_SOFTDIRTY VMAs, unmapped addresses before
VM_SOFTDIRTY VMAs are reported as softdirty by /proc/pid/pagemap. This
bug was introduced in commit 68b5a65248 ("mm: softdirty: respect
VM_SOFTDIRTY in PTE holes"). That commit made /proc/pid/pagemap look at
VM_SOFTDIRTY in PTE holes but neglected to observe the start of VMAs
returned by find_vma.
Tested:
Wrote a selftest that creates a PMD-sized VMA then unmaps the first
page and asserts that the page is not softdirty. I'm going to send the
pagemap selftest in a later commit.
Signed-off-by: Peter Feiner <pfeiner@google.com>
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: Jamie Liu <jamieliu@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This bug leads to reproducible silent data loss, despite the use of
msync(), sync() and a clean unmount of the file system. It is easily
reproducible with the following script:
----------------[BEGIN SCRIPT]--------------------
mkfs.nilfs2 -f /dev/sdb
mount /dev/sdb /mnt
dd if=/dev/zero bs=1M count=30 of=/mnt/testfile
umount /mnt
mount /dev/sdb /mnt
CHECKSUM_BEFORE="$(md5sum /mnt/testfile)"
/root/mmaptest/mmaptest /mnt/testfile 30 10 5
sync
CHECKSUM_AFTER="$(md5sum /mnt/testfile)"
umount /mnt
mount /dev/sdb /mnt
CHECKSUM_AFTER_REMOUNT="$(md5sum /mnt/testfile)"
umount /mnt
echo "BEFORE MMAP:\t$CHECKSUM_BEFORE"
echo "AFTER MMAP:\t$CHECKSUM_AFTER"
echo "AFTER REMOUNT:\t$CHECKSUM_AFTER_REMOUNT"
----------------[END SCRIPT]--------------------
The mmaptest tool looks something like this (very simplified, with
error checking removed):
----------------[BEGIN mmaptest]--------------------
data = mmap(NULL, file_size - file_offset, PROT_READ | PROT_WRITE,
MAP_SHARED, fd, file_offset);
for (i = 0; i < write_count; ++i) {
memcpy(data + i * 4096, buf, sizeof(buf));
msync(data, file_size - file_offset, MS_SYNC))
}
----------------[END mmaptest]--------------------
The output of the script looks something like this:
BEFORE MMAP: 281ed1d5ae50e8419f9b978aab16de83 /mnt/testfile
AFTER MMAP: 6604a1c31f10780331a6850371b3a313 /mnt/testfile
AFTER REMOUNT: 281ed1d5ae50e8419f9b978aab16de83 /mnt/testfile
So it is clear, that the changes done using mmap() do not survive a
remount. This can be reproduced a 100% of the time. The problem was
introduced in commit 136e8770cd ("nilfs2: fix issue of
nilfs_set_page_dirty() for page at EOF boundary").
If the page was read with mpage_readpage() or mpage_readpages() for
example, then it has no buffers attached to it. In that case
page_has_buffers(page) in nilfs_set_page_dirty() will be false.
Therefore nilfs_set_file_dirty() is never called and the pages are never
collected and never written to disk.
This patch fixes the problem by also calling nilfs_set_file_dirty() if the
page has no buffers attached to it.
[akpm@linux-foundation.org: s/PAGE_SHIFT/PAGE_CACHE_SHIFT/]
Signed-off-by: Andreas Rohner <andreas.rohner@gmx.net>
Tested-by: Andreas Rohner <andreas.rohner@gmx.net>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull drm fixes from Dave Airlie:
"Some final radeon and i915 fixes, black screens mostly"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/radeon/cik: use a separate counter for CP init timeout
drm/i915/hdmi: fix hdmi audio state readout
drm/i915: Don't leak command parser tables on suspend/resume
drm/radeon: add PX quirk for asus K53TK
drm/radeon: add a backlight quirk for Amilo Xi 2550
drm/radeon: add a module parameter for backlight control (v2)
drm/radeon: Update IH_RB_RPTR register after each processed interrupt
drm/radeon: Make IH ring overflow debugging output more useful
drm/radeon: Clear RB_OVERFLOW bit earlier
- fix a backlight regression resulting in dark screen
- add a PX quirk to avoid a hang with runtime pm
- fix an init issue on the CIK compute rings
- fix IH ring buffer overflows gracefully
* 'drm-fixes-3.17' of git://people.freedesktop.org/~agd5f/linux:
drm/radeon/cik: use a separate counter for CP init timeout
drm/radeon: add PX quirk for asus K53TK
drm/radeon: add a backlight quirk for Amilo Xi 2550
drm/radeon: add a module parameter for backlight control (v2)
drm/radeon: Update IH_RB_RPTR register after each processed interrupt
drm/radeon: Make IH ring overflow debugging output more useful
drm/radeon: Clear RB_OVERFLOW bit earlier
a couple of small fixes for 3.17 still.
* tag 'drm-intel-fixes-2014-09-24' of git://anongit.freedesktop.org/drm-intel:
drm/i915/hdmi: fix hdmi audio state readout
drm/i915: Don't leak command parser tables on suspend/resume
Pull networking fixes from David Miller:
"Here is a quick pull request primarily meant to address the deconfig
fallout from changing SCSI_NETLINK from being used via 'select' to
being used via 'depends'.
I applied a set of 5 patches written by Michal Marek, and then I
carefully audited all of the remaining config files, basically:
1) I scanned every arch config file, and if it mentioned CONFIG_INET
or CONFIG_UNIX, I made sure it had CONFIG_NET=y
2) After that, I scanned every arch config file, and if it did not
have CONFIG_NET=y I made sure it did not reference any networking
config options.
Finally, we have some late breaking wireless fixes in here from John
Linville and co"
[ And there's a sparc bpf fix snuck in too ]
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
sparc: bpf_jit: fix loads from negative offsets
parisc: Update defconfigs which were missing CONFIG_NET.
powerpc: Update defconfigs which were missing CONFIG_NET.
s390: Update defconfigs which were missing CONFIG_NET.
mips: Update some more defconfigs which were missing CONFIG_NET.
sparc: Set CONFIG_NET=y in defconfigs
sh: Set CONFIG_NET=y in defconfigs
powerpc: Set CONFIG_NET=y in defconfigs
parisc: Set CONFIG_NET=y in defconfigs
mips: Set CONFIG_NET=y in defconfigs
brcmfmac: Fix off by one bug in brcmf_count_20mhz_channels()
ath9k: Fix NULL pointer dereference on early irq
net: rfkill: gpio: Fix clock status
NFC: st21nfca: Fix potential depmod dependency cycle
NFC: st21nfcb: Fix depmod dependency cycle
NFC: microread: Potential overflows in microread_target_discovered()
- fix BPF_LD|ABS|IND from negative offsets:
make sure to sign extend lower 32 bits in 64-bit register
before calling C helpers from JITed code, otherwise 'int k'
argument of bpf_internal_load_pointer_neg_helper() function
will be added as large unsigned integer, causing packet size
check to trigger and abort the program.
It's worth noting that JITed code for 'A = A op K' will affect
upper 32 bits differently depending whether K is simm13 or not.
Since small constants are sign extended, whereas large constants
are stored in temp register and zero extended.
That is ok and we don't have to pay a penalty of sign extension
for every sethi, since all classic BPF instructions have 32-bit
semantics and we only need to set correct upper bits when
transitioning from JITed code into C.
- though instructions 'A &= 0' and 'A *= 0' are odd, JIT compiler
should not optimize them out
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
John W. Linville says:
====================
pull request: wireless 2014-09-23
Please consider pulling this one last batch of fixes intended for the 3.17 stream!
For the NFC bits, Samuel says:
"Hopefully not too late for a handful of NFC fixes:
- 2 potential build failures for ST21NFCA and ST21NFCB, triggered by a
depmod dependenyc cycle.
- One potential buffer overflow in the microread driver."
On top of that...
Emil Goode provides a fix for a brcmfmac off-by-one regression which
was introduced in the 3.17 cycle.
Loic Poulain fixes a polarity mismatch for a variable assignment
inside of rfkill-gpio.
Wojciech Dubowik prevents a NULL pointer dereference in ath9k.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit df568d8e ("scsi: Use 'depends' with LIBFC instead of
'select'.") removed what happened to be the only instance of 'select
NET'. Defconfigs that were relying on the select now lack networking
support.
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit df568d8e ("scsi: Use 'depends' with LIBFC instead of
'select'.") removed what happened to be the only instance of 'select
NET'. Defconfigs that were relying on the select now lack networking
support.
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit df568d8e ("scsi: Use 'depends' with LIBFC instead of
'select'.") removed what happened to be the only instance of 'select
NET'. Defconfigs that were relying on the select now lack networking
support.
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit df568d8e ("scsi: Use 'depends' with LIBFC instead of
'select'.") removed what happened to be the only instance of 'select
NET'. Defconfigs that were relying on the select now lack networking
support.
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 5d6be6a5 ("scsi_netlink : Make SCSI_NETLINK dependent on NET
instead of selecting NET") removed what happened to be the only instance
of 'select NET'. Defconfigs that were relying on the select now lack
networking support.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: sparclinux@vger.kernel.org
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 5d6be6a5 ("scsi_netlink : Make SCSI_NETLINK dependent on NET
instead of selecting NET") removed what happened to be the only instance
of 'select NET'. Defconfigs that were relying on the select now lack
networking support.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: linux-sh@vger.kernel.org
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 5d6be6a5 ("scsi_netlink : Make SCSI_NETLINK dependent on NET
instead of selecting NET") removed what happened to be the only instance
of 'select NET'. Defconfigs that were relying on the select now lack
networking support.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 5d6be6a5 ("scsi_netlink : Make SCSI_NETLINK dependent on NET
instead of selecting NET") removed what happened to be the only instance
of 'select NET'. Defconfigs that were relying on the select now lack
networking support.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: linux-parisc@vger.kernel.org
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 5d6be6a5 ("scsi_netlink : Make SCSI_NETLINK dependent on NET
instead of selecting NET") removed what happened to be the only instance
of 'select NET'. Defconfigs that were relying on the select now lack
networking support.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: linux-mips@linux-mips.org
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull one last block fix from Jens Axboe:
"We've had an issue with scsi-mq where probing takes forever. This was
bisected down to the percpu changes for blk_mq_queue_enter(), and the
fact we now suffer an RCU grace period when killing a queue. SCSI
creates and destroys tons of queues, so this let to 10s of seconds of
stalls at boot for some.
Tejun has a real fix for this, but it's too involved for 3.17. So
this is a temporary workaround to expedite the queue killing until we
can fold in the real fix for 3.18 when that merge window opens"
* 'for-linus' of git://git.kernel.dk/linux-block:
blk-mq, percpu_ref: implement a kludge for SCSI blk-mq stall during probe
Pull PCI fixes from Bjorn Helgaas:
"Here are a few fixes that should be in v3.17.
- Reverting "Don't scan random busses" covers up a CardBus regression
having to do with allocating CardBus bus numbers.
- Reverting "Make sure bus numbers stay within parents bounds" covers
up an ACPI _CRS bug that makes us reconfigure a bridge, causing a
broken device behind it to stop responding.
- The pciehp timeout change fixes some code we added in v3.17.
Without the fix, we can send a new hotplug command too early,
before the timeout has expired.
I hope for better fixes for the reverts, but those will have to come
after v3.17"
* tag 'pci-v3.17-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: pciehp: Fix pcie_wait_cmd() timeout
Revert "PCI: Make sure bus number resources stay within their parents bounds"
Revert "PCI: Don't scan random busses in pci_scan_bridge()"
Pull crypto fixes from Herbert Xu:
"This fixes three issues:
- if ccp is loaded on a machine without ccp, it will incorrectly
activate causing all requests to fail. Fixed by preventing ccp
from loading if hardware isn't available.
- not all IRQs were enabled for the qat driver, leading to potential
stalls when it is used
- disabled buggy AVX CTR implementation in aesni"
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: aesni - disable "by8" AVX CTR optimization
crypto: ccp - Check for CCP before registering crypto algs
crypto: qat - Enable all 32 IRQs
Pull media fixes from Mauro Carvalho Chehab:
"For some last time fixes:
- a regression detected on Kernel 3.16 related to VBI Teletext
application breakage on drivers using videobuf2 (see
https://bugzilla.kernel.org/show_bug.cgi?id=84401). The bug was
noticed on saa7134 (migrated to VB2 on 3.16), but also affects
em28xx (migrated on 3.9 to VB2);
- two additional sanity checks at videobuf2;
- two fixups to restore proper VBI support at the em28xx driver;
- two Kernel oops fixups (at cx24123 and cx2341x drivers);
- a bug at adv7604 where an if was doing just the opposite as it
would be expected;
- some documentation fixups to match the behavior defined at the
Kernel"
* tag 'media/v3.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
[media] em28xx-v4l: get rid of field "users" in struct em28xx_v4l2"
[media] em28xx: fix VBI handling logic
[media] DocBook media: improve the poll() documentation
[media] DocBook media: fix the poll() 'no QBUF' documentation
[media] vb2: fix VBI/poll regression
[media] cx2341x: fix kernel oops
[media] cx24123: fix kernel oops due to missing parent pointer
[media] adv7604: fix inverted condition
[media] media/radio: fix radio-miropcm20.c build with io.h header file
[media] vb2: fix plane index sanity check in vb2_plane_cookie()
[media] DocBook media: update version number and V4L2 changes
[media] DocBook media: fix fieldname in struct v4l2_subdev_selection
[media] vb2: fix vb2 state check when start_streaming fails
[media] videobuf2-core.h: fix comment
[media] videobuf2-core: add comments before the WARN_ON
[media] videobuf2-dma-sg: fix for wrong GFP mask to sg_alloc_table_from_pages
Pull bugfixes for md/raid1 from Neil Brown:
"It is amazing how much easier it is to find bugs when you know one is
there. Two bug reports resulted in finding 7 bugs!
All are tagged for -stable. Those that can't cause (rare) data
corruption, cause lockups.
Particularly, but not only, fixing new "resync" code"
* tag 'md/3.17-more-fixes' of git://git.neil.brown.name/md:
md/raid1: fix_read_error should act on all non-faulty devices.
md/raid1: count resync requests in nr_pending.
md/raid1: update next_resync under resync_lock.
md/raid1: Don't use next_resync to determine how far resync has progressed
md/raid1: make sure resync waits for conflicting writes to complete.
md/raid1: clean up request counts properly in close_sync()
md/raid1: be more cautious where we read-balance during resync.
md/raid1: intialise start_next_window for READ case to avoid hang
David Rientjes
Peter Feiner
Joseph Qi
Andreas Rohner
Linus Torvalds
Dave Airlie
Alexei Starovoitov
David S. Miller
Michal Marek