tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'akpm' (patches from Andrew)

Merge misc fixes from Andrew Morton:
"8 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
fs/exec.c: account for argv/envp pointers
ocfs2: fix deadlock caused by recursive locking in xattr
slub: make sysfs file removal asynchronous
lib/cmdline.c: fix get_options() overflow while parsing ranges
fs/dax.c: fix inefficiency in dax_writeback_mapping_range()
autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings
mm, thp: remove cond_resched from __collapse_huge_page_copy

Linus Torvalds 337c6ba2 2592d2ef

+86 -35
+1 -1
fs/autofs4/dev-ioctl.c
··· 344 344 int status; 345 345 346 346 token = (autofs_wqt_t) param->fail.token; 347 - status = param->fail.status ? param->fail.status : -ENOENT; 347 + status = param->fail.status < 0 ? param->fail.status : -ENOENT; 348 348 return autofs4_wait_release(sbi, token, status); 349 349 } 350 350
+1
fs/dax.c
··· 859 859 if (ret < 0) 860 860 goto out; 861 861 } 862 + start_index = indices[pvec.nr - 1] + 1; 862 863 } 863 864 out: 864 865 put_dax(dax_dev);
+24 -4
fs/exec.c
··· 220 220 221 221 if (write) { 222 222 unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start; 223 + unsigned long ptr_size; 223 224 struct rlimit *rlim; 225 + 226 + /* 227 + * Since the stack will hold pointers to the strings, we 228 + * must account for them as well. 229 + * 230 + * The size calculation is the entire vma while each arg page is 231 + * built, so each time we get here it's calculating how far it 232 + * is currently (rather than each call being just the newly 233 + * added size from the arg page). As a result, we need to 234 + * always add the entire size of the pointers, so that on the 235 + * last call to get_arg_page() we'll actually have the entire 236 + * correct size. 237 + */ 238 + ptr_size = (bprm->argc + bprm->envc) * sizeof(void *); 239 + if (ptr_size > ULONG_MAX - size) 240 + goto fail; 241 + size += ptr_size; 224 242 225 243 acct_arg_size(bprm, size / PAGE_SIZE); 226 244 ··· 257 239 * to work from. 258 240 */ 259 241 rlim = current->signal->rlim; 260 - if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4) { 261 - put_page(page); 262 - return NULL; 263 - } 242 + if (size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4) 243 + goto fail; 264 244 } 265 245 266 246 return page; 247 + 248 + fail: 249 + put_page(page); 250 + return NULL; 267 251 } 268 252 269 253 static void put_arg_page(struct page *page)
+4
fs/ocfs2/dlmglue.c
··· 2591 2591 struct ocfs2_lock_res *lockres; 2592 2592 2593 2593 lockres = &OCFS2_I(inode)->ip_inode_lockres; 2594 + /* had_lock means that the currect process already takes the cluster 2595 + * lock previously. If had_lock is 1, we have nothing to do here, and 2596 + * it will get unlocked where we got the lock. 2597 + */ 2594 2598 if (!had_lock) { 2595 2599 ocfs2_remove_holder(lockres, oh); 2596 2600 ocfs2_inode_unlock(inode, ex);
+13 -10
fs/ocfs2/xattr.c
··· 1328 1328 void *buffer, 1329 1329 size_t buffer_size) 1330 1330 { 1331 - int ret; 1331 + int ret, had_lock; 1332 1332 struct buffer_head *di_bh = NULL; 1333 + struct ocfs2_lock_holder oh; 1333 1334 1334 - ret = ocfs2_inode_lock(inode, &di_bh, 0); 1335 - if (ret < 0) { 1336 - mlog_errno(ret); 1337 - return ret; 1335 + had_lock = ocfs2_inode_lock_tracker(inode, &di_bh, 0, &oh); 1336 + if (had_lock < 0) { 1337 + mlog_errno(had_lock); 1338 + return had_lock; 1338 1339 } 1339 1340 down_read(&OCFS2_I(inode)->ip_xattr_sem); 1340 1341 ret = ocfs2_xattr_get_nolock(inode, di_bh, name_index, 1341 1342 name, buffer, buffer_size); 1342 1343 up_read(&OCFS2_I(inode)->ip_xattr_sem); 1343 1344 1344 - ocfs2_inode_unlock(inode, 0); 1345 + ocfs2_inode_unlock_tracker(inode, 0, &oh, had_lock); 1345 1346 1346 1347 brelse(di_bh); 1347 1348 ··· 3538 3537 { 3539 3538 struct buffer_head *di_bh = NULL; 3540 3539 struct ocfs2_dinode *di; 3541 - int ret, credits, ref_meta = 0, ref_credits = 0; 3540 + int ret, credits, had_lock, ref_meta = 0, ref_credits = 0; 3542 3541 struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); 3543 3542 struct inode *tl_inode = osb->osb_tl_inode; 3544 3543 struct ocfs2_xattr_set_ctxt ctxt = { NULL, NULL, NULL, }; 3545 3544 struct ocfs2_refcount_tree *ref_tree = NULL; 3545 + struct ocfs2_lock_holder oh; 3546 3546 3547 3547 struct ocfs2_xattr_info xi = { 3548 3548 .xi_name_index = name_index, ··· 3574 3572 return -ENOMEM; 3575 3573 } 3576 3574 3577 - ret = ocfs2_inode_lock(inode, &di_bh, 1); 3578 - if (ret < 0) { 3575 + had_lock = ocfs2_inode_lock_tracker(inode, &di_bh, 1, &oh); 3576 + if (had_lock < 0) { 3577 + ret = had_lock; 3579 3578 mlog_errno(ret); 3580 3579 goto cleanup_nolock; 3581 3580 } ··· 3673 3670 if (ret) 3674 3671 mlog_errno(ret); 3675 3672 } 3676 - ocfs2_inode_unlock(inode, 1); 3673 + ocfs2_inode_unlock_tracker(inode, 1, &oh, had_lock); 3677 3674 cleanup_nolock: 3678 3675 brelse(di_bh); 3679 3676 brelse(xbs.xattr_bh);
+1
include/linux/slub_def.h
··· 84 84 int red_left_pad; /* Left redzone padding size */ 85 85 #ifdef CONFIG_SYSFS 86 86 struct kobject kobj; /* For sysfs */ 87 + struct work_struct kobj_remove_work; 87 88 #endif 88 89 #ifdef CONFIG_MEMCG 89 90 struct memcg_cache_params memcg_params;
+3 -3
lib/cmdline.c
··· 23 23 * the values[M, M+1, ..., N] into the ints array in get_options. 24 24 */ 25 25 26 - static int get_range(char **str, int *pint) 26 + static int get_range(char **str, int *pint, int n) 27 27 { 28 28 int x, inc_counter, upper_range; 29 29 30 30 (*str)++; 31 31 upper_range = simple_strtol((*str), NULL, 0); 32 32 inc_counter = upper_range - *pint; 33 - for (x = *pint; x < upper_range; x++) 33 + for (x = *pint; n && x < upper_range; x++, n--) 34 34 *pint++ = x; 35 35 return inc_counter; 36 36 } ··· 97 97 break; 98 98 if (res == 3) { 99 99 int range_nums; 100 - range_nums = get_range((char **)&str, ints + i); 100 + range_nums = get_range((char **)&str, ints + i, nints - i); 101 101 if (range_nums < 0) 102 102 break; 103 103 /*
-1
mm/khugepaged.c
··· 652 652 spin_unlock(ptl); 653 653 free_page_and_swap_cache(src_page); 654 654 } 655 - cond_resched(); 656 655 } 657 656 } 658 657
+26 -14
mm/slub.c
··· 5625 5625 return name; 5626 5626 } 5627 5627 5628 + static void sysfs_slab_remove_workfn(struct work_struct *work) 5629 + { 5630 + struct kmem_cache *s = 5631 + container_of(work, struct kmem_cache, kobj_remove_work); 5632 + 5633 + if (!s->kobj.state_in_sysfs) 5634 + /* 5635 + * For a memcg cache, this may be called during 5636 + * deactivation and again on shutdown. Remove only once. 5637 + * A cache is never shut down before deactivation is 5638 + * complete, so no need to worry about synchronization. 5639 + */ 5640 + return; 5641 + 5642 + #ifdef CONFIG_MEMCG 5643 + kset_unregister(s->memcg_kset); 5644 + #endif 5645 + kobject_uevent(&s->kobj, KOBJ_REMOVE); 5646 + kobject_del(&s->kobj); 5647 + kobject_put(&s->kobj); 5648 + } 5649 + 5628 5650 static int sysfs_slab_add(struct kmem_cache *s) 5629 5651 { 5630 5652 int err; 5631 5653 const char *name; 5632 5654 struct kset *kset = cache_kset(s); 5633 5655 int unmergeable = slab_unmergeable(s); 5656 + 5657 + INIT_WORK(&s->kobj_remove_work, sysfs_slab_remove_workfn); 5634 5658 5635 5659 if (!kset) { 5636 5660 kobject_init(&s->kobj, &slab_ktype); ··· 5719 5695 */ 5720 5696 return; 5721 5697 5722 - if (!s->kobj.state_in_sysfs) 5723 - /* 5724 - * For a memcg cache, this may be called during 5725 - * deactivation and again on shutdown. Remove only once. 5726 - * A cache is never shut down before deactivation is 5727 - * complete, so no need to worry about synchronization. 5728 - */ 5729 - return; 5730 - 5731 - #ifdef CONFIG_MEMCG 5732 - kset_unregister(s->memcg_kset); 5733 - #endif 5734 - kobject_uevent(&s->kobj, KOBJ_REMOVE); 5735 - kobject_del(&s->kobj); 5698 + kobject_get(&s->kobj); 5699 + schedule_work(&s->kobj_remove_work); 5736 5700 } 5737 5701 5738 5702 void sysfs_slab_release(struct kmem_cache *s)
+13 -2
mm/vmalloc.c
··· 287 287 if (p4d_none(*p4d)) 288 288 return NULL; 289 289 pud = pud_offset(p4d, addr); 290 - if (pud_none(*pud)) 290 + 291 + /* 292 + * Don't dereference bad PUD or PMD (below) entries. This will also 293 + * identify huge mappings, which we may encounter on architectures 294 + * that define CONFIG_HAVE_ARCH_HUGE_VMAP=y. Such regions will be 295 + * identified as vmalloc addresses by is_vmalloc_addr(), but are 296 + * not [unambiguously] associated with a struct page, so there is 297 + * no correct value to return for them. 298 + */ 299 + WARN_ON_ONCE(pud_bad(*pud)); 300 + if (pud_none(*pud) || pud_bad(*pud)) 291 301 return NULL; 292 302 pmd = pmd_offset(pud, addr); 293 - if (pmd_none(*pmd)) 303 + WARN_ON_ONCE(pmd_bad(*pmd)); 304 + if (pmd_none(*pmd) || pmd_bad(*pmd)) 294 305 return NULL; 295 306 296 307 ptep = pte_offset_map(pmd, addr);