diff options
Diffstat (limited to 'recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0038-memory-hotplug-fix-invalid-memory-access-caused-by-s.patch')
-rw-r--r-- | recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0038-memory-hotplug-fix-invalid-memory-access-caused-by-s.patch | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0038-memory-hotplug-fix-invalid-memory-access-caused-by-s.patch b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0038-memory-hotplug-fix-invalid-memory-access-caused-by-s.patch new file mode 100644 index 00000000..5d3cef24 --- /dev/null +++ b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.24/0038-memory-hotplug-fix-invalid-memory-access-caused-by-s.patch | |||
@@ -0,0 +1,114 @@ | |||
1 | From c9a4beeb70f62ec5976dcbb9086683fda56d6aec Mon Sep 17 00:00:00 2001 | ||
2 | From: Jiang Liu <jiang.liu@huawei.com> | ||
3 | Date: Wed, 11 Jul 2012 14:01:52 -0700 | ||
4 | Subject: [PATCH 038/109] memory hotplug: fix invalid memory access caused by | ||
5 | stale kswapd pointer | ||
6 | |||
7 | commit d8adde17e5f858427504725218c56aef90e90fc7 upstream. | ||
8 | |||
9 | kswapd_stop() is called to destroy the kswapd work thread when all memory | ||
10 | of a NUMA node has been offlined. But kswapd_stop() only terminates the | ||
11 | work thread without resetting NODE_DATA(nid)->kswapd to NULL. The stale | ||
12 | pointer will prevent kswapd_run() from creating a new work thread when | ||
13 | adding memory to the memory-less NUMA node again. Eventually the stale | ||
14 | pointer may cause invalid memory access. | ||
15 | |||
16 | An example stack dump as below. It's reproduced with 2.6.32, but latest | ||
17 | kernel has the same issue. | ||
18 | |||
19 | BUG: unable to handle kernel NULL pointer dereference at (null) | ||
20 | IP: [<ffffffff81051a94>] exit_creds+0x12/0x78 | ||
21 | PGD 0 | ||
22 | Oops: 0000 [#1] SMP | ||
23 | last sysfs file: /sys/devices/system/memory/memory391/state | ||
24 | CPU 11 | ||
25 | Modules linked in: cpufreq_conservative cpufreq_userspace cpufreq_powersave acpi_cpufreq microcode fuse loop dm_mod tpm_tis rtc_cmos i2c_i801 rtc_core tpm serio_raw pcspkr sg tpm_bios igb i2c_core iTCO_wdt rtc_lib mptctl iTCO_vendor_support button dca bnx2 usbhid hid uhci_hcd ehci_hcd usbcore sd_mod crc_t10dif edd ext3 mbcache jbd fan ide_pci_generic ide_core ata_generic ata_piix libata thermal processor thermal_sys hwmon mptsas mptscsih mptbase scsi_transport_sas scsi_mod | ||
26 | Pid: 7949, comm: sh Not tainted 2.6.32.12-qiuxishi-5-default #92 Tecal RH2285 | ||
27 | RIP: 0010:exit_creds+0x12/0x78 | ||
28 | RSP: 0018:ffff8806044f1d78 EFLAGS: 00010202 | ||
29 | RAX: 0000000000000000 RBX: ffff880604f22140 RCX: 0000000000019502 | ||
30 | RDX: 0000000000000000 RSI: 0000000000000202 RDI: 0000000000000000 | ||
31 | RBP: ffff880604f22150 R08: 0000000000000000 R09: ffffffff81a4dc10 | ||
32 | R10: 00000000000032a0 R11: ffff880006202500 R12: 0000000000000000 | ||
33 | R13: 0000000000c40000 R14: 0000000000008000 R15: 0000000000000001 | ||
34 | FS: 00007fbc03d066f0(0000) GS:ffff8800282e0000(0000) knlGS:0000000000000000 | ||
35 | CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b | ||
36 | CR2: 0000000000000000 CR3: 000000060f029000 CR4: 00000000000006e0 | ||
37 | DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 | ||
38 | DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 | ||
39 | Process sh (pid: 7949, threadinfo ffff8806044f0000, task ffff880603d7c600) | ||
40 | Stack: | ||
41 | ffff880604f22140 ffffffff8103aac5 ffff880604f22140 ffffffff8104d21e | ||
42 | ffff880006202500 0000000000008000 0000000000c38000 ffffffff810bd5b1 | ||
43 | 0000000000000000 ffff880603d7c600 00000000ffffdd29 0000000000000003 | ||
44 | Call Trace: | ||
45 | __put_task_struct+0x5d/0x97 | ||
46 | kthread_stop+0x50/0x58 | ||
47 | offline_pages+0x324/0x3da | ||
48 | memory_block_change_state+0x179/0x1db | ||
49 | store_mem_state+0x9e/0xbb | ||
50 | sysfs_write_file+0xd0/0x107 | ||
51 | vfs_write+0xad/0x169 | ||
52 | sys_write+0x45/0x6e | ||
53 | system_call_fastpath+0x16/0x1b | ||
54 | Code: ff 4d 00 0f 94 c0 84 c0 74 08 48 89 ef e8 1f fd ff ff 5b 5d 31 c0 41 5c c3 53 48 8b 87 20 06 00 00 48 89 fb 48 8b bf 18 06 00 00 <8b> 00 48 c7 83 18 06 00 00 00 00 00 00 f0 ff 0f 0f 94 c0 84 c0 | ||
55 | RIP exit_creds+0x12/0x78 | ||
56 | RSP <ffff8806044f1d78> | ||
57 | CR2: 0000000000000000 | ||
58 | |||
59 | [akpm@linux-foundation.org: add pglist_data.kswapd locking comments] | ||
60 | Signed-off-by: Xishi Qiu <qiuxishi@huawei.com> | ||
61 | Signed-off-by: Jiang Liu <jiang.liu@huawei.com> | ||
62 | Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> | ||
63 | Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> | ||
64 | Acked-by: Mel Gorman <mgorman@suse.de> | ||
65 | Acked-by: David Rientjes <rientjes@google.com> | ||
66 | Reviewed-by: Minchan Kim <minchan@kernel.org> | ||
67 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> | ||
68 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | ||
69 | Signed-off-by: Ben Hutchings <ben@decadent.org.uk> | ||
70 | --- | ||
71 | include/linux/mmzone.h | 2 +- | ||
72 | mm/vmscan.c | 7 +++++-- | ||
73 | 2 files changed, 6 insertions(+), 3 deletions(-) | ||
74 | |||
75 | diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h | ||
76 | index 188cb2f..905b1e1 100644 | ||
77 | --- a/include/linux/mmzone.h | ||
78 | +++ b/include/linux/mmzone.h | ||
79 | @@ -652,7 +652,7 @@ typedef struct pglist_data { | ||
80 | range, including holes */ | ||
81 | int node_id; | ||
82 | wait_queue_head_t kswapd_wait; | ||
83 | - struct task_struct *kswapd; | ||
84 | + struct task_struct *kswapd; /* Protected by lock_memory_hotplug() */ | ||
85 | int kswapd_max_order; | ||
86 | enum zone_type classzone_idx; | ||
87 | } pg_data_t; | ||
88 | diff --git a/mm/vmscan.c b/mm/vmscan.c | ||
89 | index fbe2d2c..72cf498 100644 | ||
90 | --- a/mm/vmscan.c | ||
91 | +++ b/mm/vmscan.c | ||
92 | @@ -3090,14 +3090,17 @@ int kswapd_run(int nid) | ||
93 | } | ||
94 | |||
95 | /* | ||
96 | - * Called by memory hotplug when all memory in a node is offlined. | ||
97 | + * Called by memory hotplug when all memory in a node is offlined. Caller must | ||
98 | + * hold lock_memory_hotplug(). | ||
99 | */ | ||
100 | void kswapd_stop(int nid) | ||
101 | { | ||
102 | struct task_struct *kswapd = NODE_DATA(nid)->kswapd; | ||
103 | |||
104 | - if (kswapd) | ||
105 | + if (kswapd) { | ||
106 | kthread_stop(kswapd); | ||
107 | + NODE_DATA(nid)->kswapd = NULL; | ||
108 | + } | ||
109 | } | ||
110 | |||
111 | static int __init kswapd_init(void) | ||
112 | -- | ||
113 | 1.7.7.6 | ||
114 | |||