1. 13 Sep, 2016 4 commits
    • Xin Long's avatar
      sctp: hold the transport before using it in sctp_hash_cmp · 715f5552
      Xin Long authored
      Since commit 4f008781 ("sctp: apply rhashtable api to send/recv
      path"), sctp uses transport rhashtable with .obj_cmpfn sctp_hash_cmp,
      in which it compares the members of the transport with the rhashtable
      args to check if it's the right transport.
      
      But sctp uses the transport without holding it in sctp_hash_cmp, it can
      cause a use-after-free panic. As after it gets transport from hashtable,
      another CPU may close the sk and free the asoc. In sctp_association_free,
      it frees all the transports, meanwhile, the assoc's refcnt may be reduced
      to 0, assoc can be destroyed by sctp_association_destroy.
      
      So after that, transport->assoc is actually an unavailable memory address
      in sctp_hash_cmp. Although sctp_hash_cmp is under rcu_read_lock, it still
      can not avoid this, as assoc is not freed by RCU.
      
      This patch is to hold the transport before checking it's members with
      sctp_transport_hold, in which it checks the refcnt first, holds it if
      it's not 0.
      
      Fixes: 4f008781
      
       ("sctp: apply rhashtable api to send/recv path")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      715f5552
    • Baoquan He's avatar
      bnx2: Reset device during driver initialization · 3e1be7ad
      Baoquan He authored
      When system enters into kdump kernel because of kernel panic, it won't
      shutdown devices. On-flight DMA will continue transferring data until
      device driver initializes. All devices are supposed to reset during
      driver initialization. And this property is used to fix the kdump
      failure in system with intel iommu. Other systems with hardware iommu
      should be similar. Please check commit 091d42e4
      
       ("iommu/vt-d: Copy
      translation tables from old kernel") and those commits around.
      
      But bnx2 driver doesn't reset device during driver initialization. The
      device resetting is deferred to net device up stage. This will cause
      hardware iommu handling failure on bnx2 device. And its resetting relies
      on firmware. So in this patch move the firmware requesting code to earlier
      bnx2_init_one(), then next call bnx2_reset_chip to reset device.
      Signed-off-by: default avatarBaoquan He <bhe@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3e1be7ad
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 67b9f0b7
      David S. Miller authored
      
      
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Endianess fix for the new nf_tables netlink trace infrastructure,
         NFTA_TRACE_POLICY endianess was not correct, patch from Liping Zhang.
      
      2) Fix broken re-route after userspace queueing in nf_tables route
         chain. This patch is large but it is simple since it is just getting
         this code in sync with iptable_mangle. Also from Liping.
      
      3) NAT mangling via ctnetlink lies to userspace when nf_nat_setup_info()
         fails to setup the NAT conntrack extension. This problem has been
         there since the beginning, but it can now show up after rhashtable
         conversion.
      
      4) Fix possible NULL pointer dereference due to failures in allocating
         the synproxy and seqadj conntrack extensions, from Gao feng.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      67b9f0b7
    • Gao Feng's avatar
      netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensions · 4440a2ab
      Gao Feng authored
      
      
      When memory is exhausted, nfct_seqadj_ext_add may fail to add the
      synproxy and seqadj extensions. The function nf_ct_seqadj_init doesn't
      check if get valid seqadj pointer by the nfct_seqadj.
      
      Now drop the packet directly when fail to add seqadj extension to
      avoid dereference NULL pointer in nf_ct_seqadj_init from
      init_conntrack().
      Signed-off-by: default avatarGao Feng <fgao@ikuai8.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      4440a2ab
  2. 12 Sep, 2016 8 commits
    • Pablo Neira Ayuso's avatar
      netfilter: nf_nat: handle NF_DROP from nfnetlink_parse_nat_setup() · ecfcdfec
      Pablo Neira Ayuso authored
      nf_nat_setup_info() returns NF_* verdicts, so convert them to error
      codes that is what ctnelink expects. This has passed overlook without
      having any impact since this nf_nat_setup_info() has always returned
      NF_ACCEPT so far. Since 870190a9
      
       ("netfilter: nat: convert nat bysrc
      hash to rhashtable"), this is problem.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      ecfcdfec
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · da499f8f
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "Mostly small sets of driver fixes scattered all over the place.
      
         1) Mediatek driver fixes from Sean Wang.  Forward port not written
            correctly during TX map, missed handling of EPROBE_DEFER, and
            mistaken use of put_page() instead of skb_free_frag().
      
         2) Fix socket double-free in KCM code, from WANG Cong.
      
         3) QED driver fixes from Sudarsana Reddy Kalluru, including a fix for
            using the dcbx buffers before initializing them.
      
         4) Mellanox Switch driver fixes from Jiri Pirko, including a fix for
            double fib removals and an error handling fix in
            mlxsw_sp_module_init().
      
         5) Fix kernel panic when enabling LLDP in i40e driver, from Dave
            Ertman.
      
         6) Fix padding of TSO packets in thunderx driver, from Sunil Goutham.
      
         7) TCP's rcv_wup not initialized properly when using fastopen, from
            Neal Cardwell.
      
         8) Don't use uninitialized flow keys in flow dissector, from Gao
            Feng.
      
         9) Use after free in l2tp module unload, from Sabrina Dubroca.
      
        10) Fix interrupt registry ordering issues in smsc911x driver, from
            Jeremy Linton.
      
        11) Fix crashes in bonding having to do with enslaving and rx_handler,
            from Mahesh Bandewar.
      
        12) AF_UNIX deadlock fixes from Linus.
      
        13) In mlx5 driver, don't read skb->xmit_mode after it might have been
            freed from the TX reclaim path.  From Tariq Toukan.
      
        14) Fix a bug from 2015 in TCP Yeah where the congestion window does
            not increase, from Artem Germanov.
      
        15) Don't pad frames on receive in NFP driver, from Jakub Kicinski.
      
        16) Fix chunk fragmenting in SCTP wrt. GSO, from Marcelo Ricardo
            Leitner.
      
        17) Fix deletion of VRF routes, from Mark Tomlinson.
      
        18) Fix device refcount leak when DAD fails in ipv6, from Wei Yongjun"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (101 commits)
        net/mlx4_en: Fix panic on xmit while port is down
        net/mlx4_en: Fixes for DCBX
        net/mlx4_en: Fix the return value of mlx4_en_dcbnl_set_state()
        net/mlx4_en: Fix the return value of mlx4_en_dcbnl_set_all()
        net: ethernet: renesas: sh_eth: add POST registers for rz
        drivers: net: phy: mdio-xgene: Add hardware dependency
        dwc_eth_qos: do not register semi-initialized device
        sctp: identify chunks that need to be fragmented at IP level
        mlxsw: spectrum: Set port type before setting its address
        mlxsw: spectrum_router: Fix error path in mlxsw_sp_router_init
        nfp: don't pad frames on receive
        nfp: drop support for old firmware ABIs
        nfp: remove linux/version.h includes
        tcp: cwnd does not increase in TCP YeAH
        net/mlx5e: Fix parsing of vlan packets when updating lro header
        net/mlx5e: Fix global PFC counters replication
        net/mlx5e: Prevent casting overflow
        net/mlx5e: Move an_disable_cap bit to a new position
        net/mlx5e: Fix xmit_more counter race issue
        tcp: fastopen: avoid negative sk_forward_alloc
        ...
      da499f8f
    • Linus Torvalds's avatar
      Linux 4.8-rc6 · 9395452b
      Linus Torvalds authored
      9395452b
    • David S. Miller's avatar
      Merge branch 'mlx4-fixes' · 373df313
      David S. Miller authored
      Tariq Toukan says:
      
      ====================
      mlx4 fixes
      
      This patchset contains several bug fixes from the team to the
      mlx4 Eth driver.
      
      Series generated against net commit:
      c2f57fb9
      
       "drivers: net: phy: mdio-xgene: Add hardware dependency"
      
      v2:
      * excluded some cleanup patches.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      373df313
    • Moshe Shemesh's avatar
      net/mlx4_en: Fix panic on xmit while port is down · 7a61fc86
      Moshe Shemesh authored
      When port is down, tx drop counter update is not needed.
      Updating the counter in this case can cause a kernel
      panic as when the port is down, ring can be NULL.
      
      Fixes: 63a664b7
      
       ("net/mlx4_en: fix tx_dropped bug")
      Signed-off-by: default avatarMoshe Shemesh <moshe@mellanox.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7a61fc86
    • Tariq Toukan's avatar
      net/mlx4_en: Fixes for DCBX · 564ed9b1
      Tariq Toukan authored
      This patch adds a capability check before enabling DCBX.
      In addition, it re-organizes the relevant data structures,
      and fixes a typo in a define.
      
      Fixes: af7d5185
      
       ("net/mlx4_en: Add DCB PFC support through CEE netlink commands")
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      564ed9b1
    • Kamal Heib's avatar
      net/mlx4_en: Fix the return value of mlx4_en_dcbnl_set_state() · c6770717
      Kamal Heib authored
      mlx4_en_dcbnl_set_state() returns u8, the return value from
      mlx4_en_setup_tc() could be negative in case of failure, so fix that.
      
      Fixes: af7d5185
      
       ("net/mlx4_en: Add DCB PFC support through CEE netlink commands")
      Signed-off-by: default avatarKamal Heib <kamalh@mellanox.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6770717
    • Kamal Heib's avatar
      net/mlx4_en: Fix the return value of mlx4_en_dcbnl_set_all() · 74a9e905
      Kamal Heib authored
      mlx4_en_dcbnl_set_all() returns u8, so return value can't be negative in
      case of failure.
      
      Fixes: af7d5185
      
       ("net/mlx4_en: Add DCB PFC support through CEE netlink commands")
      Signed-off-by: default avatarKamal Heib <kamalh@mellanox.com>
      Signed-off-by: default avatarRana Shahout <ranas@mellanox.com>
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      74a9e905
  3. 11 Sep, 2016 4 commits
  4. 10 Sep, 2016 14 commits
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 98ac9a60
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "nvdimm fixes for v4.8, two of them are tagged for -stable:
      
         - Fix devm_memremap_pages() to use track_pfn_insert().  Otherwise,
           DAX pmd mappings end up with an uncached pgprot, and unusable
           performance for the device-dax interface.  The device-dax interface
           appeared in 4.7 so this is tagged for -stable.
      
         - Fix a couple VM_BUG_ON() checks in the show_smaps() path to
           understand DAX pmd entries.  This fix is tagged for -stable.
      
         - Fix a mis-merge of the nfit machine-check handler to flip the
           polarity of an if() to match the final version of the patch that
           Vishal sent for 4.8-rc1.  Without this the nfit machine check
           handler never detects / inserts new 'badblocks' entries which
           applications use to identify lost portions of files.
      
         - For test purposes, fix the nvdimm_clear_poison() path to operate on
           legacy / simulated nvdimm memory ranges.  Without this fix a test
           can set badblocks, but never clear them on these ranges.
      
         - Fix the range checking done by dax_dev_pmd_fault().  This is not
           tagged for -stable since this problem is mitigated by specifying
           aligned resources at device-dax setup time.
      
        These patches have appeared in a next release over the past week.  The
        recent rebase you can see in the timestamps was to drop an invalid fix
        as identified by the updated device-dax unit tests [1].  The -mm
        touches have an ack from Andrew"
      
      [1]: "[ndctl PATCH 0/3] device-dax test for recent kernel bugs"
         https://lists.01.org/pipermail/linux-nvdimm/2016-September/006855.html
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm: allow legacy (e820) pmem region to clear bad blocks
        nfit, mce: Fix SPA matching logic in MCE handler
        mm: fix cache mode of dax pmd mappings
        mm: fix show_smap() for zone_device-pmd ranges
        dax: fix mapping size check
      98ac9a60
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · b8db3714
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Mostly driver bugfixes, but also a few cleanups which are nice to have
        out of the way"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: rk3x: Restore clock settings at resume time
        i2c: Spelling s/acknowedge/acknowledge/
        i2c: designware: save the preset value of DW_IC_SDA_HOLD
        Documentation: i2c: slave-interface: add note for driver development
        i2c: mux: demux-pinctrl: run properly with multiple instances
        i2c: bcm-kona: fix inconsistent indenting
        i2c: rcar: use proper device with dma_mapping_error
        i2c: sh_mobile: use proper device with dma_mapping_error
        i2c: mux: demux-pinctrl: invalidate properly when switching fails
      b8db3714
    • Linus Torvalds's avatar
      Merge tag 'for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 6905732c
      Linus Torvalds authored
      Pull fscrypto fixes fromTed Ts'o:
       "Fix some brown-paper-bag bugs for fscrypto, including one one which
        allows a malicious user to set an encryption policy on an empty
        directory which they do not own"
      
      * tag 'for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        fscrypto: require write access to mount to set encryption policy
        fscrypto: only allow setting encryption policy on directories
        fscrypto: add authorization check for setting encryption policy
      6905732c
    • Eric Biggers's avatar
      fscrypto: require write access to mount to set encryption policy · ba63f23d
      Eric Biggers authored
      
      
      Since setting an encryption policy requires writing metadata to the
      filesystem, it should be guarded by mnt_want_write/mnt_drop_write.
      Otherwise, a user could cause a write to a frozen or readonly
      filesystem.  This was handled correctly by f2fs but not by ext4.  Make
      fscrypt_process_policy() handle it rather than relying on the filesystem
      to get it right.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Cc: stable@vger.kernel.org # 4.1+; check fs/{ext4,f2fs}
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Acked-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      ba63f23d
    • Eric Biggers's avatar
      fscrypto: only allow setting encryption policy on directories · 002ced4b
      Eric Biggers authored
      
      
      The FS_IOC_SET_ENCRYPTION_POLICY ioctl allowed setting an encryption
      policy on nondirectory files.  This was unintentional, and in the case
      of nonempty regular files did not behave as expected because existing
      data was not actually encrypted by the ioctl.
      
      In the case of ext4, the user could also trigger filesystem errors in
      ->empty_dir(), e.g. due to mismatched "directory" checksums when the
      kernel incorrectly tried to interpret a regular file as a directory.
      
      This bug affected ext4 with kernels v4.8-rc1 or later and f2fs with
      kernels v4.6 and later.  It appears that older kernels only permitted
      directories and that the check was accidentally lost during the
      refactoring to share the file encryption code between ext4 and f2fs.
      
      This patch restores the !S_ISDIR() check that was present in older
      kernels.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      002ced4b
    • Eric Biggers's avatar
      fscrypto: add authorization check for setting encryption policy · 163ae1c6
      Eric Biggers authored
      
      
      On an ext4 or f2fs filesystem with file encryption supported, a user
      could set an encryption policy on any empty directory(*) to which they
      had readonly access.  This is obviously problematic, since such a
      directory might be owned by another user and the new encryption policy
      would prevent that other user from creating files in their own directory
      (for example).
      
      Fix this by requiring inode_owner_or_capable() permission to set an
      encryption policy.  This means that either the caller must own the file,
      or the caller must have the capability CAP_FOWNER.
      
      (*) Or also on any regular file, for f2fs v4.6 and later and ext4
          v4.8-rc1 and later; a separate bug fix is coming for that.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Cc: stable@vger.kernel.org # 4.1+; check fs/{ext4,f2fs}
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      163ae1c6
    • Jean Delvare's avatar
      drivers: net: phy: mdio-xgene: Add hardware dependency · c2f57fb9
      Jean Delvare authored
      
      
      The mdio-xgene driver is only useful on X-Gene SoC.
      Signed-off-by: default avatarJean Delvare <jdelvare@suse.de>
      Cc: Iyappan Subramanian <isubramanian@apm.com>
      Cc: David S. Miller <davem@davemloft.net>
      Acked-by: default avatarIyappan Subramanian <isubramanian@apm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c2f57fb9
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-for-davem-2016-09-08' of... · 0808a29a
      David S. Miller authored
      Merge tag 'wireless-drivers-for-davem-2016-09-08' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 4.8
      
      iwlwifi
      
      * fix P2P dump trigger
      * prevent a potential null dereference in iwlmvm
      * prevent an uninitialized value from being returned in iwlmvm
      * advertise support for channel width change in AP mode
      
      ath10k
      
      * fix racy rx status retrieval from htt context
      * QCA9887 support is not experimental anymore, remove the warning message
      
      ath9k
      
      * fix regression with led GPIOs
      * fix AR5416 GPIO access warning
      
      brcmfmac
      
      * avoid potential stack overflow in brcmf_cfg80211_start_ap()
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0808a29a
    • Lars Persson's avatar
      dwc_eth_qos: do not register semi-initialized device · 47b02f72
      Lars Persson authored
      
      
      We move register_netdev() to the end of dwceqos_probe() to close any
      races where the netdev callbacks are called before the initialization
      has finished.
      Reported-by: default avatarPavel Andrianov <andrianov@ispras.ru>
      Signed-off-by: default avatarLars Persson <larper@axis.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      47b02f72
    • Marcelo Ricardo Leitner's avatar
      sctp: identify chunks that need to be fragmented at IP level · 7303a147
      Marcelo Ricardo Leitner authored
      
      
      Previously, without GSO, it was easy to identify it: if the chunk didn't
      fit and there was no data chunk in the packet yet, we could fragment at
      IP level. So if there was an auth chunk and we were bundling a big data
      chunk, it would fragment regardless of the size of the auth chunk. This
      also works for the context of PMTU reductions.
      
      But with GSO, we cannot distinguish such PMTU events anymore, as the
      packet is allowed to exceed PMTU.
      
      So we need another check: to ensure that the chunk that we are adding,
      actually fits the current PMTU. If it doesn't, trigger a flush and let
      it be fragmented at IP level in the next round.
      Signed-off-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7303a147
    • Dave Jiang's avatar
      libnvdimm: allow legacy (e820) pmem region to clear bad blocks · 1e8b8d96
      Dave Jiang authored
      
      
      Bad blocks can be injected via /sys/block/pmemN/badblocks. In a situation
      where legacy pmem is being used or a pmem region created by using memmap
      kernel parameter, the injected bad blocks are not cleared due to
      nvdimm_clear_poison() failing from lack of ndctl function pointer. In
      this case we need to just return as handled and allow the bad blocks to
      be cleared rather than fail.
      Reviewed-by: default avatarVishal Verma <vishal.l.verma@intel.com>
      Signed-off-by: default avatarDave Jiang <dave.jiang@intel.com>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      1e8b8d96
    • Vishal Verma's avatar
      nfit, mce: Fix SPA matching logic in MCE handler · 2e21807d
      Vishal Verma authored
      The check for a 'pmem' type SPA in the MCE handler was inverted due to a
      merge/rebase error.
      
      Fixes: 6839a6d9
      
       nfit: do an ARS scrub on hitting a latent media error
      Cc: linux-acpi@vger.kernel.org
      Cc: Dan Williams <dan.j.williams@intel.com>
      Signed-off-by: default avatarVishal Verma <vishal.l.verma@intel.com>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      2e21807d
    • Dan Williams's avatar
      mm: fix cache mode of dax pmd mappings · 9049771f
      Dan Williams authored
      
      
      track_pfn_insert() in vmf_insert_pfn_pmd() is marking dax mappings as
      uncacheable rendering them impractical for application usage.  DAX-pte
      mappings are cached and the goal of establishing DAX-pmd mappings is to
      attain more performance, not dramatically less (3 orders of magnitude).
      
      track_pfn_insert() relies on a previous call to reserve_memtype() to
      establish the expected page_cache_mode for the range.  While memremap()
      arranges for reserve_memtype() to be called, devm_memremap_pages() does
      not.  So, teach track_pfn_insert() and untrack_pfn() how to handle
      tracking without a vma, and arrange for devm_memremap_pages() to
      establish the write-back-cache reservation in the memtype tree.
      
      Cc: <stable@vger.kernel.org>
      Cc: Matthew Wilcox <mawilcox@microsoft.com>
      Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
      Cc: Nilesh Choudhury <nilesh.choudhury@oracle.com>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reported-by: default avatarToshi Kani <toshi.kani@hpe.com>
      Reported-by: default avatarKai Zhang <kai.ka.zhang@oracle.com>
      Acked-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      9049771f
    • Dan Williams's avatar
      mm: fix show_smap() for zone_device-pmd ranges · ca120cf6
      Dan Williams authored
      
      
      Attempting to dump /proc/<pid>/smaps for a process with pmd dax mappings
      currently results in the following VM_BUG_ONs:
      
       kernel BUG at mm/huge_memory.c:1105!
       task: ffff88045f16b140 task.stack: ffff88045be14000
       RIP: 0010:[<ffffffff81268f9b>]  [<ffffffff81268f9b>] follow_trans_huge_pmd+0x2cb/0x340
       [..]
       Call Trace:
        [<ffffffff81306030>] smaps_pte_range+0xa0/0x4b0
        [<ffffffff814c2755>] ? vsnprintf+0x255/0x4c0
        [<ffffffff8123c46e>] __walk_page_range+0x1fe/0x4d0
        [<ffffffff8123c8a2>] walk_page_vma+0x62/0x80
        [<ffffffff81307656>] show_smap+0xa6/0x2b0
      
       kernel BUG at fs/proc/task_mmu.c:585!
       RIP: 0010:[<ffffffff81306469>]  [<ffffffff81306469>] smaps_pte_range+0x499/0x4b0
       Call Trace:
        [<ffffffff814c2795>] ? vsnprintf+0x255/0x4c0
        [<ffffffff8123c46e>] __walk_page_range+0x1fe/0x4d0
        [<ffffffff8123c8a2>] walk_page_vma+0x62/0x80
        [<ffffffff81307696>] show_smap+0xa6/0x2b0
      
      These locations are sanity checking page flags that must be set for an
      anonymous transparent huge page, but are not set for the zone_device
      pages associated with dax mappings.
      
      Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Acked-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      ca120cf6
  5. 09 Sep, 2016 10 commits