1. 09 Aug, 2016 1 commit
    • Vegard Nossum's avatar
      9p/trans_virtio: use kvfree() for iov_iter_get_pages_alloc() · 1b8553c0
      Vegard Nossum authored
      The memory allocated by iov_iter_get_pages_alloc() can be allocated with
      vmalloc() if kmalloc() failed -- see get_pages_array().
      
      In that case we need to free it with vfree(), so let's use kvfree().
      
      The bug manifests like this:
      
      BUG: unable to handle kernel paging request at ffffeb0400072da0
      IP: [<ffffffff8139c67b>] kfree+0x4b/0x140
      PGD 0
      Oops: 0000 [#1] PREEMPT SMP KASAN
      CPU: 2 PID: 675 Comm: trinity-c2 Not tainted 4.7.0-rc7+ #14
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
      task: ffff8800badef2c0 ti: ffff880069208000 task.ti: ffff880069208000
      RIP: 0010:[<ffffffff8139c67b>]  [<ffffffff8139c67b>] kfree+0x4b/0x140
      RSP: 0000:ffff88006920f3f0  EFLAGS: 00010282
      RAX: ffffea0000000000 RBX: ffffc90001cb6000 RCX: 0000000000000000
      RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffffc90001cb6000
      RBP: ffff88006920f410 R08: 0000000000000000 R09: dffffc0000000000
      R10: ffff8800badefa30 R11: 0000056a3d3b0d9f R12: ffff88006920f620
      R13: ffffeb0400072d80 R14: ffff8800baa94078 R15: 0000000000000000
      FS:  00007fbd2b437700(0000) GS:ffff88011af00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: ffffeb0400072da0 CR3: 000000006926d000 CR4: 00000000000006e0
      Stack:
       0000000000000001 ffff88006920f620 ffffed001755280f ffff8800baa94078
       ffff88006920f6a8 ffffffff8310442b dffffc0000000000 ffff8800badefa30
       ffff8800badefa28 ffff88011af1fba0 1ffff1000d241e98 ffff8800ba892150
      Call Trace:
       [<ffffffff8310442b>] p9_virtio_zc_request+0x72b/0xdb0
       [<ffffffff830f2116>] p9_client_zc_rpc.constprop.8+0x246/0xb10
       [<ffffffff830f5d79>] p9_client_read+0x4c9/0x750
       [<ffffffff8175ceac>] v9fs_fid_readpage+0x14c/0x320
       [<ffffffff8175d0b6>] v9fs_vfs_readpage+0x36/0x50
       [<ffffffff812c6f13>] filemap_fault+0x9a3/0xe60
       [<ffffffff81331878>] __do_fault+0x158/0x300
       [<ffffffff81339e01>] handle_mm_fault+0x1cf1/0x3c80
       [<ffffffff810c0aaa>] __do_page_fault+0x30a/0x8e0
       [<ffffffff810c10df>] do_page_fault+0x2f/0x80
       [<ffffffff810b5b07>] do_async_page_fault+0x27/0xa0
       [<ffffffff83296c48>] async_page_fault+0x28/0x30
      Code: 00 80 41 54 53 49 01 fd 48 0f 42 05 b0 39 67 02 48 89 fb 49 01 c5 48 b8 00 00 00 00 00 ea ff ff 49 c1 ed 0c 49 c1 e5 06 49 01 c5 <49> 8b 45 20 48 8d 50 ff a8 01 4c 0f 45 ea 49 8b 55 20 48 8d 42
      RIP  [<ffffffff8139c67b>] kfree+0x4b/0x140
       RSP <ffff88006920f3f0>
      CR2: ffffeb0400072da0
      ---[ end trace f3d59a04bafec038 ]---
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarVegard Nossum <vegard.nossum@oracle.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      1b8553c0
  2. 04 Jan, 2016 1 commit
  3. 06 Dec, 2015 1 commit
  4. 14 Nov, 2015 1 commit
  5. 13 Jul, 2015 1 commit
  6. 11 Apr, 2015 1 commit
  7. 20 Mar, 2015 1 commit
  8. 12 Mar, 2015 1 commit
  9. 20 Jan, 2015 1 commit
  10. 14 Oct, 2014 1 commit
  11. 25 Mar, 2014 1 commit
  12. 10 Feb, 2014 1 commit
    • Richard Yao's avatar
      9p/trans_virtio.c: Fix broken zero-copy on vmalloc() buffers · b6f52ae2
      Richard Yao authored
      The 9p-virtio transport does zero copy on things larger than 1024 bytes
      in size. It accomplishes this by returning the physical addresses of
      pages to the virtio-pci device. At present, the translation is usually a
      bit shift.
      
      That approach produces an invalid page address when we read/write to
      vmalloc buffers, such as those used for Linux kernel modules. Any
      attempt to load a Linux kernel module from 9p-virtio produces the
      following stack.
      
      [<ffffffff814878ce>] p9_virtio_zc_request+0x45e/0x510
      [<ffffffff814814ed>] p9_client_zc_rpc.constprop.16+0xfd/0x4f0
      [<ffffffff814839dd>] p9_client_read+0x15d/0x240
      [<ffffffff811c8440>] v9fs_fid_readn+0x50/0xa0
      [<ffffffff811c84a0>] v9fs_file_readn+0x10/0x20
      [<ffffffff811c84e7>] v9fs_file_read+0x37/0x70
      [<ffffffff8114e3fb>] vfs_read+0x9b/0x160
      [<ffffffff81153571>] kernel_read+0x41/0x60
      [<ffffffff810c83ab>] copy_module_from_fd.isra.34+0xfb/0x180
      
      Subsequently, QEMU will die printing:
      
      qemu-system-x86_64: virtio: trying to map MMIO memory
      
      This patch enables 9p-virtio to correctly handle this case. This not
      only enables us to load Linux kernel modules off virtfs, but also
      enables ZFS file-based vdevs on virtfs to be used without killing QEMU.
      
      Special thanks to both Avi Kivity and Alexander Graf for their
      interpretation of QEMU backtraces. Without their guidence, tracking down
      this bug would have taken much longer. Also, special thanks to Linus
      Torvalds for his insightful explanation of why this should use
      is_vmalloc_addr() instead of is_vmalloc_or_module_addr():
      
      https://lkml.org/lkml/2014/2/8/272Signed-off-by: default avatarRichard Yao <ryao@gentoo.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b6f52ae2
  13. 23 Nov, 2013 1 commit
  14. 16 Oct, 2013 1 commit
  15. 26 Aug, 2013 1 commit
  16. 19 Mar, 2013 1 commit
  17. 08 Mar, 2013 1 commit
  18. 27 Feb, 2013 1 commit
    • Sasha Levin's avatar
      hlist: drop the node parameter from iterators · b67bfe0d
      Sasha Levin authored
      I'm not sure why, but the hlist for each entry iterators were conceived
      
              list_for_each_entry(pos, head, member)
      
      The hlist ones were greedy and wanted an extra parameter:
      
              hlist_for_each_entry(tpos, pos, head, member)
      
      Why did they need an extra pos parameter? I'm not quite sure. Not only
      they don't really need it, it also prevents the iterator from looking
      exactly like the list iterator, which is unfortunate.
      
      Besides the semantic patch, there was some manual work required:
      
       - Fix up the actual hlist iterators in linux/list.h
       - Fix up the declaration of other iterators based on the hlist ones.
       - A very small amount of places were using the 'node' parameter, this
       was modified to use 'obj->member' instead.
       - Coccinelle didn't handle the hlist_for_each_entry_safe iterator
       properly, so those had to be fixed up manually.
      
      The semantic patch which is mostly the work of Peter Senna Tschudin is here:
      
      @@
      iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
      
      type T;
      expression a,c,d,e;
      identifier b;
      statement S;
      @@
      
      -T b;
          <+... when != b
      (
      hlist_for_each_entry(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_continue(a,
      - b,
      c) S
      |
      hlist_for_each_entry_from(a,
      - b,
      c) S
      |
      hlist_for_each_entry_rcu(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_rcu_bh(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_continue_rcu_bh(a,
      - b,
      c) S
      |
      for_each_busy_worker(a, c,
      - b,
      d) S
      |
      ax25_uid_for_each(a,
      - b,
      c) S
      |
      ax25_for_each(a,
      - b,
      c) S
      |
      inet_bind_bucket_for_each(a,
      - b,
      c) S
      |
      sctp_for_each_hentry(a,
      - b,
      c) S
      |
      sk_for_each(a,
      - b,
      c) S
      |
      sk_for_each_rcu(a,
      - b,
      c) S
      |
      sk_for_each_from
      -(a, b)
      +(a)
      S
      + sk_for_each_from(a) S
      |
      sk_for_each_safe(a,
      - b,
      c, d) S
      |
      sk_for_each_bound(a,
      - b,
      c) S
      |
      hlist_for_each_entry_safe(a,
      - b,
      c, d, e) S
      |
      hlist_for_each_entry_continue_rcu(a,
      - b,
      c) S
      |
      nr_neigh_for_each(a,
      - b,
      c) S
      |
      nr_neigh_for_each_safe(a,
      - b,
      c, d) S
      |
      nr_node_for_each(a,
      - b,
      c) S
      |
      nr_node_for_each_safe(a,
      - b,
      c, d) S
      |
      - for_each_gfn_sp(a, c, d, b) S
      + for_each_gfn_sp(a, c, d) S
      |
      - for_each_gfn_indirect_valid_sp(a, c, d, b) S
      + for_each_gfn_indirect_valid_sp(a, c, d) S
      |
      for_each_host(a,
      - b,
      c) S
      |
      for_each_host_safe(a,
      - b,
      c, d) S
      |
      for_each_mesh_entry(a,
      - b,
      c, d) S
      )
          ...+>
      
      [akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
      [akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
      [akpm@linux-foundation.org: checkpatch fixes]
      [akpm@linux-foundation.org: fix warnings]
      [akpm@linux-foudnation.org: redo intrusive kvm changes]
      Tested-by: default avatarPeter Senna Tschudin <peter.senna@gmail.com>
      Acked-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      Cc: Wu Fengguang <fengguang.wu@intel.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Gleb Natapov <gleb@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b67bfe0d
  19. 23 Feb, 2013 1 commit
  20. 22 Oct, 2012 1 commit
  21. 11 Jul, 2012 1 commit
  22. 11 Jun, 2012 1 commit
  23. 21 May, 2012 1 commit
    • Sasha Levin's avatar
      9p: disconnect channel when PCI device is removed · 991ad9ec
      Sasha Levin authored
      When a virtio_9p pci device is being removed, we should close down any
      active channels and free up resources, we're not supposed to BUG() if there's
      still an open channel since it's a valid case when removing the PCI device.
      
      Otherwise, removing the PCI device with an open channel would cause the
      following BUG():
      
      [ 1184.671416] ------------[ cut here ]------------
      [ 1184.672057] kernel BUG at net/9p/trans_virtio.c:618!
      [ 1184.672057] invalid opcode: 0000 [#1] PREEMPT SMP
      [ 1184.672057] CPU 3
      [ 1184.672057] Pid: 5, comm: kworker/u:0 Tainted: G        W    3.4.0-rc2-next-20120413-sasha-dirty #76
      [ 1184.672057] RIP: 0010:[<ffffffff825c9116>]  [<ffffffff825c9116>] p9_virtio_remove+0x16/0x90
      [ 1184.672057] RSP: 0018:ffff88000d653ac0  EFLAGS: 00010202
      [ 1184.672057] RAX: ffffffff836bfb40 RBX: ffff88000c9b2148 RCX: ffff88000d658978
      [ 1184.672057] RDX: 0000000000000006 RSI: 0000000000000000 RDI: ffff880028868000
      [ 1184.672057] RBP: ffff88000d653ad0 R08: 0000000000000000 R09: 0000000000000000
      [ 1184.672057] R10: 0000000000000000 R11: 0000000000000001 R12: ffff880028868000
      [ 1184.672057] R13: ffffffff835aa7c0 R14: ffff880041630000 R15: ffff88000d653da0
      [ 1184.672057] FS:  0000000000000000(0000) GS:ffff880035a00000(0000) knlGS:0000000000000000
      [ 1184.672057] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      [ 1184.672057] CR2: 0000000001181000 CR3: 000000000eba1000 CR4: 00000000000406e0
      [ 1184.672057] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      x000000000117a190 *[ 1184.672057] DR3: 00000000000000**
      00 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      [ 1184.672057] Process kworker/u:0 (pid: 5, threadinfo ffff88000d652000, task ffff88000d658000)
      [ 1184.672057] Stack:
      [ 1184.672057]  ffff880028868000 ffffffff836bfb40 ffff88000d653af0 ffffffff8193661b
      [ 1184.672057]  ffff880028868008 ffffffff836bfb40 ffff88000d653b10 ffffffff81af1c81
      [ 1184.672057]  ffff880028868068 ffff880028868008 ffff88000d653b30 ffffffff81af257a
      [ 1184.795301] Call Trace:
      [ 1184.795301]  [<ffffffff8193661b>] virtio_dev_remove+0x1b/0x60
      [ 1184.795301]  [<ffffffff81af1c81>] __device_release_driver+0x81/0xd0
      [ 1184.795301]  [<ffffffff81af257a>] device_release_driver+0x2a/0x40
      [ 1184.795301]  [<ffffffff81af0d48>] bus_remove_device+0x138/0x150
      [ 1184.795301]  [<ffffffff81aef08d>] device_del+0x14d/0x1b0
      [ 1184.795301]  [<ffffffff81aef138>] device_unregister+0x48/0x60
      [ 1184.795301]  [<ffffffff8193694d>] unregister_virtio_device+0xd/0x10
      [ 1184.795301]  [<ffffffff8265fc74>] virtio_pci_remove+0x2a/0x6c
      [ 1184.795301]  [<ffffffff818a95ad>] pci_device_remove+0x4d/0x110
      [ 1184.795301]  [<ffffffff81af1c81>] __device_release_driver+0x81/0xd0
      [ 1184.795301]  [<ffffffff81af257a>] device_release_driver+0x2a/0x40
      [ 1184.795301]  [<ffffffff81af0d48>] bus_remove_device+0x138/0x150
      [ 1184.795301]  [<ffffffff81aef08d>] device_del+0x14d/0x1b0
      [ 1184.795301]  [<ffffffff81aef138>] device_unregister+0x48/0x60
      [ 1184.795301]  [<ffffffff818a36fa>] pci_stop_bus_device+0x6a/0x90
      [ 1184.795301]  [<ffffffff818a3791>] pci_stop_and_remove_bus_device+0x11/0x20
      [ 1184.795301]  [<ffffffff818c21d9>] remove_callback+0x9/0x10
      [ 1184.795301]  [<ffffffff81252d91>] sysfs_schedule_callback_work+0x21/0x60
      [ 1184.795301]  [<ffffffff810cb1a1>] process_one_work+0x281/0x430
      [ 1184.795301]  [<ffffffff810cb140>] ? process_one_work+0x220/0x430
      [ 1184.795301]  [<ffffffff81252d70>] ? sysfs_read_file+0x1c0/0x1c0
      [ 1184.795301]  [<ffffffff810cc613>] worker_thread+0x1f3/0x320
      [ 1184.795301]  [<ffffffff810cc420>] ? manage_workers.clone.13+0x130/0x130
      [ 1184.795301]  [<ffffffff810d30b2>] kthread+0xb2/0xc0
      [ 1184.795301]  [<ffffffff826783f4>] kernel_thread_helper+0x4/0x10
      [ 1184.795301]  [<ffffffff810deb18>] ? finish_task_switch+0x78/0xf0
      [ 1184.795301]  [<ffffffff82676574>] ? retint_restore_args+0x13/0x13
      [ 1184.795301]  [<ffffffff810d3000>] ? kthread_flush_work_fn+0x10/0x10
      [ 1184.795301]  [<ffffffff826783f0>] ? gs_change+0x13/0x13
      [ 1184.795301] Code: c1 9e 0a 00 48 83 c4 08 5b c9 c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 54 49 89 fc 53 48 8b 9f a8 04 00 00 80 3b 00 74 0a <0f> 0b 0f 1f 84 00 00 00 00 00 48 8b 87 88 04 00 00 ff 50 30 31
      [ 1184.795301] RIP  [<ffffffff825c9116>] p9_virtio_remove+0x16/0x90
      [ 1184.795301]  RSP <ffff88000d653ac0>
      [ 1184.952618] ---[ end trace a307b3ed40206b4c ]---
      Signed-off-by: default avatarSasha Levin <levinsasha928@gmail.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      991ad9ec
  24. 11 Jan, 2012 1 commit
  25. 05 Jan, 2012 1 commit
    • Joe Perches's avatar
      9p: Reduce object size with CONFIG_NET_9P_DEBUG · 5d385153
      Joe Perches authored
      Reduce object size by deduplicating formats.
      
      Use vsprintf extension %pV.
      Rename P9_DPRINTK uses to p9_debug, align arguments.
      Add function for _p9_debug and macro to add __func__.
      Add missing "\n"s to p9_debug uses.
      Remove embedded function names as p9_debug adds it.
      Remove P9_EPRINTK macro and convert use to pr_<level>.
      Add and use pr_fmt and pr_<level>.
      
      $ size fs/9p/built-in.o*
         text	   data	    bss	    dec	    hex	filename
        62133	    984	  16000	  79117	  1350d	fs/9p/built-in.o.new
        67342	    984	  16928	  85254	  14d06	fs/9p/built-in.o.old
      $ size net/9p/built-in.o*
         text	   data	    bss	    dec	    hex	filename
        88792	   4148	  22024	 114964	  1c114	net/9p/built-in.o.new
        94072	   4148	  23232	 121452	  1da6c	net/9p/built-in.o.old
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
      5d385153
  26. 24 Oct, 2011 1 commit
    • Aneesh Kumar K.V's avatar
      fs/9p: Update zero-copy implementation in 9p · abfa034e
      Aneesh Kumar K.V authored
      * remove lot of update to different data structure
      * add a seperate callback for zero copy request.
      * above makes non zero copy code path simpler
      * remove conditionalizing TREAD/TREADDIR/TWRITE in the zero copy path
      * Fix the dotu p9_check_errors with zero copy. Add sufficient doc around
      * Add support for both in and output buffers in zero copy callback
      * pin and unpin pages in the same context
      * use helpers instead of defining page offset and rest of page ourself
      * Fix mem leak in p9_check_errors
      * Remove 'E' and 'F' in p9pdu_vwritef
      Signed-off-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
      abfa034e
  27. 06 Sep, 2011 1 commit
  28. 23 Jul, 2011 2 commits
  29. 15 Apr, 2011 1 commit
  30. 22 Mar, 2011 4 commits
  31. 15 Mar, 2011 2 commits
  32. 28 Oct, 2010 2 commits
  33. 27 Sep, 2010 1 commit
    • Sven Eckelmann's avatar
      net/9p: Mount only matching virtio channels · 0b20406c
      Sven Eckelmann authored
      p9_virtio_create will only compare the the channel's tag characters
      against the device name till the end of the channel's tag but not till
      the end of the device name. This means that if a user defines channels
      with the tags foo and foobar then he would mount foo when he requested
      foonot and may mount foo when he requested foobar.
      
      Thus it is necessary to check both string lengths against each other in
      case of a successful partial string match.
      Signed-off-by: default avatarSven Eckelmann <sven.eckelmann@gmx.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0b20406c
  34. 19 May, 2010 1 commit