From f851c8d8583891a6e0a447b539db3c39a4f5d43d Mon Sep 17 00:00:00 2001 From: Michael Holzheu Date: Tue, 17 Sep 2013 16:57:34 +0200 Subject: [PATCH 1/3] percpu: fix bootmem error handling in pcpu_page_first_chunk() If memory allocation of in pcpu_embed_first_chunk() fails, the allocated memory is not released correctly. In the release loop also the non-allocated elements are released which leads to the following kernel BUG on systems with very little memory: [ 0.000000] kernel BUG at mm/bootmem.c:307! [ 0.000000] illegal operation: 0001 [#1] PREEMPT SMP DEBUG_PAGEALLOC [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 3.10.0 #22 [ 0.000000] task: 0000000000a20ae0 ti: 0000000000a08000 task.ti: 0000000000a08000 [ 0.000000] Krnl PSW : 0400000180000000 0000000000abda7a (__free+0x116/0x154) [ 0.000000] R:0 T:1 IO:0 EX:0 Key:0 M:0 W:0 P:0 AS:0 CC:0 PM:0 EA:3 ... [ 0.000000] [<0000000000abdce2>] mark_bootmem_node+0xde/0xf0 [ 0.000000] [<0000000000abdd9c>] mark_bootmem+0xa8/0x118 [ 0.000000] [<0000000000abcbba>] pcpu_embed_first_chunk+0xe7a/0xf0c [ 0.000000] [<0000000000abcc96>] setup_per_cpu_areas+0x4a/0x28c To fix the problem now only allocated elements are released. This then leads to the correct kernel panic: [ 0.000000] Kernel panic - not syncing: Failed to initialize percpu areas. ... [ 0.000000] Call Trace: [ 0.000000] ([<000000000011307e>] show_trace+0x132/0x150) [ 0.000000] [<0000000000113160>] show_stack+0xc4/0xd4 [ 0.000000] [<00000000007127dc>] dump_stack+0x74/0xd8 [ 0.000000] [<00000000007123fe>] panic+0xea/0x264 [ 0.000000] [<0000000000b14814>] setup_per_cpu_areas+0x5c/0x28c tj: Flipped if conditional so that it doesn't need "continue". Signed-off-by: Michael Holzheu Signed-off-by: Tejun Heo --- mm/percpu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/percpu.c b/mm/percpu.c index 8c8e08f3a692..0d10defe951e 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -1706,8 +1706,9 @@ int __init pcpu_embed_first_chunk(size_t reserved_size, size_t dyn_size, out_free_areas: for (group = 0; group < ai->nr_groups; group++) - free_fn(areas[group], - ai->groups[group].nr_units * ai->unit_size); + if (areas[group]) + free_fn(areas[group], + ai->groups[group].nr_units * ai->unit_size); out_free: pcpu_free_alloc_info(ai); if (areas) From 84292b29475bc7bb6b04ae5360595bd816ca4efb Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Mon, 21 Oct 2013 13:25:36 +0200 Subject: [PATCH 2/3] percpu: remove this_cpu_xor() implementation There is not a single user in the whole kernel. Besides that this_cpu_xor() is broken anyway since it gets translated to this_cpu_or() (see __pcpu_size_call() line). So instead of fixing an unused definition just remove it. Signed-off-by: Heiko Carstens Acked-by: Ingo Molnar Signed-off-by: Tejun Heo --- include/linux/percpu.h | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/include/linux/percpu.h b/include/linux/percpu.h index cc88172c7d9a..fd6ffe459aae 100644 --- a/include/linux/percpu.h +++ b/include/linux/percpu.h @@ -375,22 +375,6 @@ do { \ # define this_cpu_or(pcp, val) __pcpu_size_call(this_cpu_or_, (pcp), (val)) #endif -#ifndef this_cpu_xor -# ifndef this_cpu_xor_1 -# define this_cpu_xor_1(pcp, val) _this_cpu_generic_to_op((pcp), (val), ^=) -# endif -# ifndef this_cpu_xor_2 -# define this_cpu_xor_2(pcp, val) _this_cpu_generic_to_op((pcp), (val), ^=) -# endif -# ifndef this_cpu_xor_4 -# define this_cpu_xor_4(pcp, val) _this_cpu_generic_to_op((pcp), (val), ^=) -# endif -# ifndef this_cpu_xor_8 -# define this_cpu_xor_8(pcp, val) _this_cpu_generic_to_op((pcp), (val), ^=) -# endif -# define this_cpu_xor(pcp, val) __pcpu_size_call(this_cpu_or_, (pcp), (val)) -#endif - #define _this_cpu_generic_add_return(pcp, val) \ ({ \ typeof(pcp) ret__; \ @@ -629,22 +613,6 @@ do { \ # define __this_cpu_or(pcp, val) __pcpu_size_call(__this_cpu_or_, (pcp), (val)) #endif -#ifndef __this_cpu_xor -# ifndef __this_cpu_xor_1 -# define __this_cpu_xor_1(pcp, val) __this_cpu_generic_to_op((pcp), (val), ^=) -# endif -# ifndef __this_cpu_xor_2 -# define __this_cpu_xor_2(pcp, val) __this_cpu_generic_to_op((pcp), (val), ^=) -# endif -# ifndef __this_cpu_xor_4 -# define __this_cpu_xor_4(pcp, val) __this_cpu_generic_to_op((pcp), (val), ^=) -# endif -# ifndef __this_cpu_xor_8 -# define __this_cpu_xor_8(pcp, val) __this_cpu_generic_to_op((pcp), (val), ^=) -# endif -# define __this_cpu_xor(pcp, val) __pcpu_size_call(__this_cpu_xor_, (pcp), (val)) -#endif - #define __this_cpu_generic_add_return(pcp, val) \ ({ \ __this_cpu_add(pcp, val); \ From 90f2492cf9c84fd414ecfd2f40685fb5291a484e Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Mon, 21 Oct 2013 13:25:37 +0200 Subject: [PATCH 3/3] x86: remove this_cpu_xor() implementation Remove the unused x86 implementation of this_cpu_xor(). Signed-off-by: Heiko Carstens Signed-off-by: Tejun Heo --- arch/x86/include/asm/percpu.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/arch/x86/include/asm/percpu.h b/arch/x86/include/asm/percpu.h index 0da5200ee79d..604e13dc353d 100644 --- a/arch/x86/include/asm/percpu.h +++ b/arch/x86/include/asm/percpu.h @@ -377,9 +377,6 @@ do { \ #define __this_cpu_or_1(pcp, val) percpu_to_op("or", (pcp), val) #define __this_cpu_or_2(pcp, val) percpu_to_op("or", (pcp), val) #define __this_cpu_or_4(pcp, val) percpu_to_op("or", (pcp), val) -#define __this_cpu_xor_1(pcp, val) percpu_to_op("xor", (pcp), val) -#define __this_cpu_xor_2(pcp, val) percpu_to_op("xor", (pcp), val) -#define __this_cpu_xor_4(pcp, val) percpu_to_op("xor", (pcp), val) #define __this_cpu_xchg_1(pcp, val) percpu_xchg_op(pcp, val) #define __this_cpu_xchg_2(pcp, val) percpu_xchg_op(pcp, val) #define __this_cpu_xchg_4(pcp, val) percpu_xchg_op(pcp, val) @@ -399,9 +396,6 @@ do { \ #define this_cpu_or_1(pcp, val) percpu_to_op("or", (pcp), val) #define this_cpu_or_2(pcp, val) percpu_to_op("or", (pcp), val) #define this_cpu_or_4(pcp, val) percpu_to_op("or", (pcp), val) -#define this_cpu_xor_1(pcp, val) percpu_to_op("xor", (pcp), val) -#define this_cpu_xor_2(pcp, val) percpu_to_op("xor", (pcp), val) -#define this_cpu_xor_4(pcp, val) percpu_to_op("xor", (pcp), val) #define this_cpu_xchg_1(pcp, nval) percpu_xchg_op(pcp, nval) #define this_cpu_xchg_2(pcp, nval) percpu_xchg_op(pcp, nval) #define this_cpu_xchg_4(pcp, nval) percpu_xchg_op(pcp, nval) @@ -446,7 +440,6 @@ do { \ #define __this_cpu_add_8(pcp, val) percpu_add_op((pcp), val) #define __this_cpu_and_8(pcp, val) percpu_to_op("and", (pcp), val) #define __this_cpu_or_8(pcp, val) percpu_to_op("or", (pcp), val) -#define __this_cpu_xor_8(pcp, val) percpu_to_op("xor", (pcp), val) #define __this_cpu_add_return_8(pcp, val) percpu_add_return_op(pcp, val) #define __this_cpu_xchg_8(pcp, nval) percpu_xchg_op(pcp, nval) #define __this_cpu_cmpxchg_8(pcp, oval, nval) percpu_cmpxchg_op(pcp, oval, nval) @@ -456,7 +449,6 @@ do { \ #define this_cpu_add_8(pcp, val) percpu_add_op((pcp), val) #define this_cpu_and_8(pcp, val) percpu_to_op("and", (pcp), val) #define this_cpu_or_8(pcp, val) percpu_to_op("or", (pcp), val) -#define this_cpu_xor_8(pcp, val) percpu_to_op("xor", (pcp), val) #define this_cpu_add_return_8(pcp, val) percpu_add_return_op(pcp, val) #define this_cpu_xchg_8(pcp, nval) percpu_xchg_op(pcp, nval) #define this_cpu_cmpxchg_8(pcp, oval, nval) percpu_cmpxchg_op(pcp, oval, nval)