July 2019 - Linux-stable-mirror

FAILED: patch "[PATCH] sd_zbc: Fix report zones buffer allocation" failed to apply to 5.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b091ac616846a1da75b1f2566b41255ce7f0e0a6 Mon Sep 17 00:00:00 2001 From: Damien Le Moal <damien.lemoal(a)wdc.com> Date: Mon, 1 Jul 2019 14:09:17 +0900 Subject: [PATCH] sd_zbc: Fix report zones buffer allocation During disk scan and revalidation done with sd_revalidate(), the zones of a zoned disk are checked using the helper function blk_revalidate_disk_zones() if a configuration change is detected (change in the number of zones or zone size). The function blk_revalidate_disk_zones() issues report_zones calls that are very large, that is, to obtain zone information for all zones of the disk with a single command. The size of the report zones command buffer necessary for such large request generally is lower than the disk max_hw_sectors and KMALLOC_MAX_SIZE (4MB) and succeeds on boot (no memory fragmentation), but often fail at run time (e.g. hot-plug event). This causes the disk revalidation to fail and the disk capacity to be changed to 0. This problem can be avoided by using vmalloc() instead of kmalloc() for the buffer allocation. To limit the amount of memory to be allocated, this patch also introduces the arbitrary SD_ZBC_REPORT_MAX_ZONES maximum number of zones to report with a single report zones command. This limit may be lowered further to satisfy the disk max_hw_sectors limit. Finally, to ensure that the vmalloc-ed buffer can always be mapped in a request, the buffer size is further limited to at most queue_max_segments() pages, allowing successful mapping of the buffer even in the worst case scenario where none of the buffer pages are contiguous. Fixes: 515ce6061312 ("scsi: sd_zbc: Fix sd_zbc_report_zones() buffer allocation") Fixes: e76239a3748c ("block: add a report_zones method") Cc: stable(a)vger.kernel.org Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c index ec3764c8f3f1..db16c19e05c4 100644 --- a/drivers/scsi/sd_zbc.c +++ b/drivers/scsi/sd_zbc.c @@ -9,6 +9,8 @@ */ #include <linux/blkdev.h> +#include <linux/vmalloc.h> +#include <linux/sched/mm.h> #include <asm/unaligned.h> @@ -50,7 +52,7 @@ static void sd_zbc_parse_report(struct scsi_disk *sdkp, u8 *buf, /** * sd_zbc_do_report_zones - Issue a REPORT ZONES scsi command. * @sdkp: The target disk - * @buf: Buffer to use for the reply + * @buf: vmalloc-ed buffer to use for the reply * @buflen: the buffer size * @lba: Start LBA of the report * @partial: Do partial report @@ -79,7 +81,6 @@ static int sd_zbc_do_report_zones(struct scsi_disk *sdkp, unsigned char *buf, put_unaligned_be32(buflen, &cmd[10]); if (partial) cmd[14] = ZBC_REPORT_ZONE_PARTIAL; - memset(buf, 0, buflen); result = scsi_execute_req(sdp, cmd, DMA_FROM_DEVICE, buf, buflen, &sshdr, @@ -103,6 +104,53 @@ static int sd_zbc_do_report_zones(struct scsi_disk *sdkp, unsigned char *buf, return 0; } +/* + * Maximum number of zones to get with one report zones command. + */ +#define SD_ZBC_REPORT_MAX_ZONES 8192U + +/** + * Allocate a buffer for report zones reply. + * @sdkp: The target disk + * @nr_zones: Maximum number of zones to report + * @buflen: Size of the buffer allocated + * + * Try to allocate a reply buffer for the number of requested zones. + * The size of the buffer allocated may be smaller than requested to + * satify the device constraint (max_hw_sectors, max_segments, etc). + * + * Return the address of the allocated buffer and update @buflen with + * the size of the allocated buffer. + */ +static void *sd_zbc_alloc_report_buffer(struct scsi_disk *sdkp, + unsigned int nr_zones, size_t *buflen) +{ + struct request_queue *q = sdkp->disk->queue; + size_t bufsize; + void *buf; + + /* + * Report zone buffer size should be at most 64B times the number of + * zones requested plus the 64B reply header, but should be at least + * SECTOR_SIZE for ATA devices. + * Make sure that this size does not exceed the hardware capabilities. + * Furthermore, since the report zone command cannot be split, make + * sure that the allocated buffer can always be mapped by limiting the + * number of pages allocated to the HBA max segments limit. + */ + nr_zones = min(nr_zones, SD_ZBC_REPORT_MAX_ZONES); + bufsize = roundup((nr_zones + 1) * 64, 512); + bufsize = min_t(size_t, bufsize, + queue_max_hw_sectors(q) << SECTOR_SHIFT); + bufsize = min_t(size_t, bufsize, queue_max_segments(q) << PAGE_SHIFT); + + buf = vzalloc(bufsize); + if (buf) + *buflen = bufsize; + + return buf; +} + /** * sd_zbc_report_zones - Disk report zones operation. * @disk: The target disk @@ -116,30 +164,23 @@ int sd_zbc_report_zones(struct gendisk *disk, sector_t sector, struct blk_zone *zones, unsigned int *nr_zones) { struct scsi_disk *sdkp = scsi_disk(disk); - unsigned int i, buflen, nrz = *nr_zones; + unsigned int i, nrz = *nr_zones; unsigned char *buf; - size_t offset = 0; + size_t buflen = 0, offset = 0; int ret = 0; if (!sd_is_zoned(sdkp)) /* Not a zoned device */ return -EOPNOTSUPP; - /* - * Get a reply buffer for the number of requested zones plus a header, - * without exceeding the device maximum command size. For ATA disks, - * buffers must be aligned to 512B. - */ - buflen = min(queue_max_hw_sectors(disk->queue) << 9, - roundup((nrz + 1) * 64, 512)); - buf = kmalloc(buflen, GFP_KERNEL); + buf = sd_zbc_alloc_report_buffer(sdkp, nrz, &buflen); if (!buf) return -ENOMEM; ret = sd_zbc_do_report_zones(sdkp, buf, buflen, sectors_to_logical(sdkp->device, sector), true); if (ret) - goto out_free_buf; + goto out; nrz = min(nrz, get_unaligned_be32(&buf[0]) / 64); for (i = 0; i < nrz; i++) { @@ -150,8 +191,8 @@ int sd_zbc_report_zones(struct gendisk *disk, sector_t sector, *nr_zones = nrz; -out_free_buf: - kfree(buf); +out: + kvfree(buf); return ret; } @@ -285,8 +326,6 @@ static int sd_zbc_check_zoned_characteristics(struct scsi_disk *sdkp, return 0; } -#define SD_ZBC_BUF_SIZE 131072U - /** * sd_zbc_check_zones - Check the device capacity and zone sizes * @sdkp: Target disk @@ -302,22 +341,28 @@ static int sd_zbc_check_zoned_characteristics(struct scsi_disk *sdkp, */ static int sd_zbc_check_zones(struct scsi_disk *sdkp, u32 *zblocks) { + size_t bufsize, buflen; + unsigned int noio_flag; u64 zone_blocks = 0; sector_t max_lba, block = 0; unsigned char *buf; unsigned char *rec; - unsigned int buf_len; - unsigned int list_length; int ret; u8 same; + /* Do all memory allocations as if GFP_NOIO was specified */ + noio_flag = memalloc_noio_save(); + /* Get a buffer */ - buf = kmalloc(SD_ZBC_BUF_SIZE, GFP_KERNEL); - if (!buf) - return -ENOMEM; + buf = sd_zbc_alloc_report_buffer(sdkp, SD_ZBC_REPORT_MAX_ZONES, + &bufsize); + if (!buf) { + ret = -ENOMEM; + goto out; + } /* Do a report zone to get max_lba and the same field */ - ret = sd_zbc_do_report_zones(sdkp, buf, SD_ZBC_BUF_SIZE, 0, false); + ret = sd_zbc_do_report_zones(sdkp, buf, bufsize, 0, false); if (ret) goto out_free; @@ -353,12 +398,12 @@ static int sd_zbc_check_zones(struct scsi_disk *sdkp, u32 *zblocks) do { /* Parse REPORT ZONES header */ - list_length = get_unaligned_be32(&buf[0]) + 64; + buflen = min_t(size_t, get_unaligned_be32(&buf[0]) + 64, + bufsize); rec = buf + 64; - buf_len = min(list_length, SD_ZBC_BUF_SIZE); /* Parse zone descriptors */ - while (rec < buf + buf_len) { + while (rec < buf + buflen) { u64 this_zone_blocks = get_unaligned_be64(&rec[8]); if (zone_blocks == 0) { @@ -374,8 +419,8 @@ static int sd_zbc_check_zones(struct scsi_disk *sdkp, u32 *zblocks) } if (block < sdkp->capacity) { - ret = sd_zbc_do_report_zones(sdkp, buf, SD_ZBC_BUF_SIZE, - block, true); + ret = sd_zbc_do_report_zones(sdkp, buf, bufsize, block, + true); if (ret) goto out_free; } @@ -406,7 +451,8 @@ static int sd_zbc_check_zones(struct scsi_disk *sdkp, u32 *zblocks) } out_free: - kfree(buf); + memalloc_noio_restore(noio_flag); + kvfree(buf); return ret; }

5 years, 5 months

2
2
0 0

[PATCH] block: Limit zone array allocation size

by Damien Le Moal

From: "gregkh(a)linuxfoundation.org" <gregkh(a)linuxfoundation.org> commit 26202928fafad8bda8b478edb7e62c885be623d7 upstream. Limit the size of the struct blk_zone array used in blk_revalidate_disk_zones() to avoid memory allocation failures leading to disk revalidation failure. Also further reduce the likelyhood of such failures by using kvcalloc() (that is vmalloc()) instead of allocating contiguous pages with alloc_pages(). Fixes: 515ce6061312 ("scsi: sd_zbc: Fix sd_zbc_report_zones() buffer allocation") Fixes: e76239a3748c ("block: add a report_zones method") Cc: stable(a)vger.kernel.org # 5.1.x Cc: stable(a)vger.kernel.org # 5.2.x Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Damien Le Moal <damien.lemoal(a)wdc.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- block/blk-zoned.c | 46 +++++++++++++++++++++++++++--------------- include/linux/blkdev.h | 5 +++++ 2 files changed, 35 insertions(+), 16 deletions(-) diff --git a/block/blk-zoned.c b/block/blk-zoned.c index ae7e91bd0618..c29929b0bc06 100644 --- a/block/blk-zoned.c +++ b/block/blk-zoned.c @@ -14,6 +14,9 @@ #include <linux/rbtree.h> #include <linux/blkdev.h> #include <linux/blk-mq.h> +#include <linux/mm.h> +#include <linux/vmalloc.h> +#include <linux/sched/mm.h> #include "blk.h" @@ -373,22 +376,25 @@ static inline unsigned long *blk_alloc_zone_bitmap(int node, * Allocate an array of struct blk_zone to get nr_zones zone information. * The allocated array may be smaller than nr_zones. */ -static struct blk_zone *blk_alloc_zones(int node, unsigned int *nr_zones) +static struct blk_zone *blk_alloc_zones(unsigned int *nr_zones) { - size_t size = *nr_zones * sizeof(struct blk_zone); - struct page *page; - int order; - - for (order = get_order(size); order >= 0; order--) { - page = alloc_pages_node(node, GFP_NOIO | __GFP_ZERO, order); - if (page) { - *nr_zones = min_t(unsigned int, *nr_zones, - (PAGE_SIZE << order) / sizeof(struct blk_zone)); - return page_address(page); - } + struct blk_zone *zones; + size_t nrz = min(*nr_zones, BLK_ZONED_REPORT_MAX_ZONES); + + /* + * GFP_KERNEL here is meaningless as the caller task context has + * the PF_MEMALLOC_NOIO flag set in blk_revalidate_disk_zones() + * with memalloc_noio_save(). + */ + zones = kvcalloc(nrz, sizeof(struct blk_zone), GFP_KERNEL); + if (!zones) { + *nr_zones = 0; + return NULL; } - return NULL; + *nr_zones = nrz; + + return zones; } void blk_queue_free_zone_bitmaps(struct request_queue *q) @@ -415,6 +421,7 @@ int blk_revalidate_disk_zones(struct gendisk *disk) unsigned long *seq_zones_wlock = NULL, *seq_zones_bitmap = NULL; unsigned int i, rep_nr_zones = 0, z = 0, nrz; struct blk_zone *zones = NULL; + unsigned int noio_flag; sector_t sector = 0; int ret = 0; @@ -427,6 +434,12 @@ int blk_revalidate_disk_zones(struct gendisk *disk) return 0; } + /* + * Ensure that all memory allocations in this context are done as + * if GFP_NOIO was specified. + */ + noio_flag = memalloc_noio_save(); + if (!blk_queue_is_zoned(q) || !nr_zones) { nr_zones = 0; goto update; @@ -443,7 +456,7 @@ int blk_revalidate_disk_zones(struct gendisk *disk) /* Get zone information and initialize seq_zones_bitmap */ rep_nr_zones = nr_zones; - zones = blk_alloc_zones(q->node, &rep_nr_zones); + zones = blk_alloc_zones(&rep_nr_zones); if (!zones) goto out; @@ -480,8 +493,9 @@ int blk_revalidate_disk_zones(struct gendisk *disk) blk_mq_unfreeze_queue(q); out: - free_pages((unsigned long)zones, - get_order(rep_nr_zones * sizeof(struct blk_zone))); + memalloc_noio_restore(noio_flag); + + kvfree(zones); kfree(seq_zones_wlock); kfree(seq_zones_bitmap); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 592669bcc536..f7faac856017 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -344,6 +344,11 @@ struct queue_limits { #ifdef CONFIG_BLK_DEV_ZONED +/* + * Maximum number of zones to report with a single report zones command. + */ +#define BLK_ZONED_REPORT_MAX_ZONES 8192U + extern unsigned int blkdev_nr_zones(struct block_device *bdev); extern int blkdev_report_zones(struct block_device *bdev, sector_t sector, struct blk_zone *zones, -- 2.21.0

5 years, 5 months

2
3
0 0

stable-rc/linux-4.14.y boot: 126 boots: 3 failed, 121 passed with 1 offline, 1 untried/unknown (v4.14.134-179-gf0382b8e83d1)

by kernelci.org bot

stable-rc/linux-4.14.y boot: 126 boots: 3 failed, 121 passed with 1 offline, 1 untried/unknown (v4.14.134-179-gf0382b8e83d1) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.14.y/kernel/v4.1… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.134-1… Tree: stable-rc Branch: linux-4.14.y Git Describe: v4.14.134-179-gf0382b8e83d1 Git Commit: f0382b8e83d10a8840495f7243d28d5abd6502e8 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 67 unique boards, 26 SoC families, 16 builds out of 201 Boot Failures Detected: arm64: defconfig: gcc-8: meson-gxl-s905x-nexbox-a95x: 1 failed lab rk3399-firefly: 1 failed lab arc: hsdk_defconfig: gcc-8: hsdk: 1 failed lab Offline Platforms: arm64: defconfig: gcc-8 meson-gxbb-odroidc2: 1 offline lab --- For more info write to <info(a)kernelci.org>

5 years, 5 months

1
0
0 0

[PATCH 4.9 1/2] um: Allow building and running on older hosts

by Alessio Balsini

commit 0a987645672ebde7844a9c0732a5a25f3d4bb6c6 upstream. Commit a78ff1112263 ("um: add extended processor state save/restore support") and b6024b21fec8 ("um: extend fpstate to _xstate to support YMM registers") forced the use of the x86 FP _xstate and PTRACE_GETREGSET/SETREGSET. On older hosts, we would neither be able to build UML nor run it anymore with these two commits applied because we don't have definitions for struct _xstate nor these two ptrace requests. We can determine at build time which fp context structure to check against, just like we can keep using the old i387 fp save/restore if PTRACE_GETRESET/SETREGSET are not defined. Fixes: a78ff1112263 ("um: add extended processor state save/restore support") Fixes: b6024b21fec8 ("um: extend fpstate to _xstate to support YMM registers") Change-Id: I2cda034c8a6637de392c2740a993982ad132bda5 Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> Signed-off-by: Alessio Balsini <balsini(a)android.com> --- arch/x86/um/os-Linux/registers.c | 12 ++++++++---- arch/x86/um/user-offsets.c | 4 ++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/arch/x86/um/os-Linux/registers.c b/arch/x86/um/os-Linux/registers.c index 00f54a91bb4b..28775f55bde2 100644 --- a/arch/x86/um/os-Linux/registers.c +++ b/arch/x86/um/os-Linux/registers.c @@ -26,6 +26,7 @@ int save_i387_registers(int pid, unsigned long *fp_regs) int save_fp_registers(int pid, unsigned long *fp_regs) { +#ifdef PTRACE_GETREGSET struct iovec iov; if (have_xstate_support) { @@ -34,9 +35,9 @@ int save_fp_registers(int pid, unsigned long *fp_regs) if (ptrace(PTRACE_GETREGSET, pid, NT_X86_XSTATE, &iov) < 0) return -errno; return 0; - } else { + } else +#endif return save_i387_registers(pid, fp_regs); - } } int restore_i387_registers(int pid, unsigned long *fp_regs) @@ -48,6 +49,7 @@ int restore_i387_registers(int pid, unsigned long *fp_regs) int restore_fp_registers(int pid, unsigned long *fp_regs) { +#ifdef PTRACE_SETREGSET struct iovec iov; if (have_xstate_support) { @@ -56,9 +58,9 @@ int restore_fp_registers(int pid, unsigned long *fp_regs) if (ptrace(PTRACE_SETREGSET, pid, NT_X86_XSTATE, &iov) < 0) return -errno; return 0; - } else { + } else +#endif return restore_i387_registers(pid, fp_regs); - } } #ifdef __i386__ @@ -122,6 +124,7 @@ int put_fp_registers(int pid, unsigned long *regs) void arch_init_registers(int pid) { +#ifdef PTRACE_GETREGSET struct _xstate fp_regs; struct iovec iov; @@ -129,6 +132,7 @@ void arch_init_registers(int pid) iov.iov_len = sizeof(struct _xstate); if (ptrace(PTRACE_GETREGSET, pid, NT_X86_XSTATE, &iov) == 0) have_xstate_support = 1; +#endif } #endif diff --git a/arch/x86/um/user-offsets.c b/arch/x86/um/user-offsets.c index cb3c22370cf5..8af0fb5d2780 100644 --- a/arch/x86/um/user-offsets.c +++ b/arch/x86/um/user-offsets.c @@ -50,7 +50,11 @@ void foo(void) DEFINE(HOST_GS, GS); DEFINE(HOST_ORIG_AX, ORIG_EAX); #else +#if defined(PTRACE_GETREGSET) && defined(PTRACE_SETREGSET) DEFINE(HOST_FP_SIZE, sizeof(struct _xstate) / sizeof(unsigned long)); +#else + DEFINE(HOST_FP_SIZE, sizeof(struct _fpstate) / sizeof(unsigned long)); +#endif DEFINE_LONGS(HOST_BX, RBX); DEFINE_LONGS(HOST_CX, RCX); DEFINE_LONGS(HOST_DI, RDI); -- 2.22.0.657.g960e92d24f-goog

5 years, 5 months

3
3
0 0

+ proc-kpageflags-do-not-use-uninitialized-struct-pages.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: /proc/kpageflags: do not use uninitialized struct pages has been added to the -mm tree. Its filename is proc-kpageflags-do-not-use-uninitialized-struct-pages.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/proc-kpageflags-do-not-use-uniniti… and later at http://ozlabs.org/~akpm/mmotm/broken-out/proc-kpageflags-do-not-use-uniniti… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Toshiki Fukasawa <t-fukasawa(a)vx.jp.nec.com> Subject: /proc/kpageflags: do not use uninitialized struct pages A kernel panic was observed during reading /proc/kpageflags for first few pfns allocated by pmem namespace: BUG: unable to handle page fault for address: fffffffffffffffe [ 114.495280] #PF: supervisor read access in kernel mode [ 114.495738] #PF: error_code(0x0000) - not-present page [ 114.496203] PGD 17120e067 P4D 17120e067 PUD 171210067 PMD 0 [ 114.496713] Oops: 0000 [#1] SMP PTI [ 114.497037] CPU: 9 PID: 1202 Comm: page-types Not tainted 5.3.0-rc1 #1 [ 114.497621] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014 [ 114.498706] RIP: 0010:stable_page_flags+0x27/0x3f0 [ 114.499142] Code: 82 66 90 66 66 66 66 90 48 85 ff 0f 84 d1 03 00 00 41 54 55 48 89 fd 53 48 8b 57 08 48 8b 1f 48 8d 42 ff 83 e2 01 48 0f 44 c7 <48> 8b 00 f6 c4 02 0f 84 57 03 00 00 45 31 e4 48 8b 55 08 48 89 ef [ 114.500788] RSP: 0018:ffffa5e601a0fe60 EFLAGS: 00010202 [ 114.501373] RAX: fffffffffffffffe RBX: ffffffffffffffff RCX: 0000000000000000 [ 114.502009] RDX: 0000000000000001 RSI: 00007ffca13a7310 RDI: ffffd07489000000 [ 114.502637] RBP: ffffd07489000000 R08: 0000000000000001 R09: 0000000000000000 [ 114.503270] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000240000 [ 114.503896] R13: 0000000000080000 R14: 00007ffca13a7310 R15: ffffa5e601a0ff08 [ 114.504530] FS: 00007f0266c7f540(0000) GS:ffff962dbbac0000(0000) knlGS:0000000000000000 [ 114.505245] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 114.505754] CR2: fffffffffffffffe CR3: 000000023a204000 CR4: 00000000000006e0 [ 114.506401] Call Trace: [ 114.506660] kpageflags_read+0xb1/0x130 [ 114.507051] proc_reg_read+0x39/0x60 [ 114.507387] vfs_read+0x8a/0x140 [ 114.507686] ksys_pread64+0x61/0xa0 [ 114.508021] do_syscall_64+0x5f/0x1a0 [ 114.508372] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 114.508844] RIP: 0033:0x7f0266ba426b The reason for the panic is that stable_page_flags() which parses the page flags uses uninitialized struct pages reserved by the ZONE_DEVICE driver. Earlier approach to fix this was discussed here: https://marc.info/?l=linux-mm&m=152964770000672&w=2 This is another approach. To avoid using the uninitialized struct page, immediately return with KPF_RESERVED at the beginning of stable_page_flags() if the page is reserved by ZONE_DEVICE driver. Link: http://lkml.kernel.org/r/20190725023100.31141-3-t-fukasawa@vx.jp.nec.com Signed-off-by: Toshiki Fukasawa <t-fukasawa(a)vx.jp.nec.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Junichi Nomura <j-nomura(a)ce.jp.nec.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/page.c | 3 +++ include/linux/memremap.h | 6 ++++++ kernel/memremap.c | 20 ++++++++++++++++++++ 3 files changed, 29 insertions(+) --- a/fs/proc/page.c~proc-kpageflags-do-not-use-uninitialized-struct-pages +++ a/fs/proc/page.c @@ -97,6 +97,9 @@ u64 stable_page_flags(struct page *page) if (!page) return BIT_ULL(KPF_NOPAGE); + if (pfn_zone_device_reserved(page_to_pfn(page))) + return BIT_ULL(KPF_RESERVED); + k = page->flags; u = 0; --- a/include/linux/memremap.h~proc-kpageflags-do-not-use-uninitialized-struct-pages +++ a/include/linux/memremap.h @@ -124,6 +124,7 @@ static inline struct vmem_altmap *pgmap_ } #ifdef CONFIG_ZONE_DEVICE +bool pfn_zone_device_reserved(unsigned long pfn); void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap); void devm_memunmap_pages(struct device *dev, struct dev_pagemap *pgmap); struct dev_pagemap *get_dev_pagemap(unsigned long pfn, @@ -132,6 +133,11 @@ struct dev_pagemap *get_dev_pagemap(unsi unsigned long vmem_altmap_offset(struct vmem_altmap *altmap); void vmem_altmap_free(struct vmem_altmap *altmap, unsigned long nr_pfns); #else +static inline bool pfn_zone_device_reserved(unsigned long pfn) +{ + return false; +} + static inline void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) { --- a/kernel/memremap.c~proc-kpageflags-do-not-use-uninitialized-struct-pages +++ a/kernel/memremap.c @@ -72,6 +72,26 @@ static unsigned long pfn_next(unsigned l return pfn + 1; } +/* + * This returns true if the page is reserved by ZONE_DEVICE driver. + */ +bool pfn_zone_device_reserved(unsigned long pfn) +{ + struct dev_pagemap *pgmap; + struct vmem_altmap *altmap; + bool ret = false; + + pgmap = get_dev_pagemap(pfn, NULL); + if (!pgmap) + return ret; + altmap = pgmap_altmap(pgmap); + if (altmap && pfn < (altmap->base_pfn + altmap->reserve)) + ret = true; + put_dev_pagemap(pgmap); + + return ret; +} + #define for_each_device_pfn(pfn, map) \ for (pfn = pfn_first(map); pfn < pfn_end(map); pfn = pfn_next(pfn)) _ Patches currently in -mm which might be from t-fukasawa(a)vx.jp.nec.com are proc-kpageflags-prevent-an-integer-overflow-in-stable_page_flags.patch proc-kpageflags-do-not-use-uninitialized-struct-pages.patch

5 years, 5 months

1
0
0 0

+ proc-kpageflags-prevent-an-integer-overflow-in-stable_page_flags.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: /proc/kpageflags: prevent an integer overflow in stable_page_flags() has been added to the -mm tree. Its filename is proc-kpageflags-prevent-an-integer-overflow-in-stable_page_flags.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/proc-kpageflags-prevent-an-integer… and later at http://ozlabs.org/~akpm/mmotm/broken-out/proc-kpageflags-prevent-an-integer… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Toshiki Fukasawa <t-fukasawa(a)vx.jp.nec.com> Subject: /proc/kpageflags: prevent an integer overflow in stable_page_flags() stable_page_flags() returns kpageflags info in u64, but it uses "1 << KPF_*" internally which is considered as int. This type mismatch causes no visible problem now, but it will if you set bit 32 or more as done in a subsequent patch. So use BIT_ULL in order to avoid future overflow issues. Link: http://lkml.kernel.org/r/20190725023100.31141-2-t-fukasawa@vx.jp.nec.com Signed-off-by: Toshiki Fukasawa <t-fukasawa(a)vx.jp.nec.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Junichi Nomura <j-nomura(a)ce.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/page.c | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) --- a/fs/proc/page.c~proc-kpageflags-prevent-an-integer-overflow-in-stable_page_flags +++ a/fs/proc/page.c @@ -95,7 +95,7 @@ u64 stable_page_flags(struct page *page) * it differentiates a memory hole from a page with no flags */ if (!page) - return 1 << KPF_NOPAGE; + return BIT_ULL(KPF_NOPAGE); k = page->flags; u = 0; @@ -107,22 +107,22 @@ u64 stable_page_flags(struct page *page) * simple test in page_mapped() is not enough. */ if (!PageSlab(page) && page_mapped(page)) - u |= 1 << KPF_MMAP; + u |= BIT_ULL(KPF_MMAP); if (PageAnon(page)) - u |= 1 << KPF_ANON; + u |= BIT_ULL(KPF_ANON); if (PageKsm(page)) - u |= 1 << KPF_KSM; + u |= BIT_ULL(KPF_KSM); /* * compound pages: export both head/tail info * they together define a compound page's start/end pos and order */ if (PageHead(page)) - u |= 1 << KPF_COMPOUND_HEAD; + u |= BIT_ULL(KPF_COMPOUND_HEAD); if (PageTail(page)) - u |= 1 << KPF_COMPOUND_TAIL; + u |= BIT_ULL(KPF_COMPOUND_TAIL); if (PageHuge(page)) - u |= 1 << KPF_HUGE; + u |= BIT_ULL(KPF_HUGE); /* * PageTransCompound can be true for non-huge compound pages (slab * pages or pages allocated by drivers with __GFP_COMP) because it @@ -133,14 +133,13 @@ u64 stable_page_flags(struct page *page) struct page *head = compound_head(page); if (PageLRU(head) || PageAnon(head)) - u |= 1 << KPF_THP; + u |= BIT_ULL(KPF_THP); else if (is_huge_zero_page(head)) { - u |= 1 << KPF_ZERO_PAGE; - u |= 1 << KPF_THP; + u |= BIT_ULL(KPF_ZERO_PAGE); + u |= BIT_ULL(KPF_THP); } } else if (is_zero_pfn(page_to_pfn(page))) - u |= 1 << KPF_ZERO_PAGE; - + u |= BIT_ULL(KPF_ZERO_PAGE); /* * Caveats on high order pages: page->_refcount will only be set @@ -148,23 +147,23 @@ u64 stable_page_flags(struct page *page) * SLOB won't set PG_slab at all on compound pages. */ if (PageBuddy(page)) - u |= 1 << KPF_BUDDY; + u |= BIT_ULL(KPF_BUDDY); else if (page_count(page) == 0 && is_free_buddy_page(page)) - u |= 1 << KPF_BUDDY; + u |= BIT_ULL(KPF_BUDDY); if (PageOffline(page)) - u |= 1 << KPF_OFFLINE; + u |= BIT_ULL(KPF_OFFLINE); if (PageTable(page)) - u |= 1 << KPF_PGTABLE; + u |= BIT_ULL(KPF_PGTABLE); if (page_is_idle(page)) - u |= 1 << KPF_IDLE; + u |= BIT_ULL(KPF_IDLE); u |= kpf_copy_bit(k, KPF_LOCKED, PG_locked); u |= kpf_copy_bit(k, KPF_SLAB, PG_slab); if (PageTail(page) && PageSlab(compound_head(page))) - u |= 1 << KPF_SLAB; + u |= BIT_ULL(KPF_SLAB); u |= kpf_copy_bit(k, KPF_ERROR, PG_error); u |= kpf_copy_bit(k, KPF_DIRTY, PG_dirty); @@ -177,7 +176,7 @@ u64 stable_page_flags(struct page *page) u |= kpf_copy_bit(k, KPF_RECLAIM, PG_reclaim); if (PageSwapCache(page)) - u |= 1 << KPF_SWAPCACHE; + u |= BIT_ULL(KPF_SWAPCACHE); u |= kpf_copy_bit(k, KPF_SWAPBACKED, PG_swapbacked); u |= kpf_copy_bit(k, KPF_UNEVICTABLE, PG_unevictable); _ Patches currently in -mm which might be from t-fukasawa(a)vx.jp.nec.com are proc-kpageflags-prevent-an-integer-overflow-in-stable_page_flags.patch proc-kpageflags-do-not-use-uninitialized-struct-pages.patch

5 years, 5 months

1
0
0 0

stable-rc/linux-4.9.y boot: 106 boots: 1 failed, 103 passed with 1 offline, 1 untried/unknown (v4.9.186-126-ge18d357305a9)

by kernelci.org bot

stable-rc/linux-4.9.y boot: 106 boots: 1 failed, 103 passed with 1 offline, 1 untried/unknown (v4.9.186-126-ge18d357305a9) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.9.y/kernel/v4.9.186-126… Tree: stable-rc Branch: linux-4.9.y Git Describe: v4.9.186-126-ge18d357305a9 Git Commit: e18d357305a9aaf6125c08c8038320ad1c2b1dce Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 51 unique boards, 23 SoC families, 15 builds out of 197 Boot Regressions Detected: arm64: defconfig: gcc-8: apq8016-sbc: lab-mhart: new failure (last pass: v4.9.186-126-g97ad1fbc1478) Boot Failure Detected: arm: multi_v7_defconfig: gcc-8: qcom-apq8064-cm-qs600: 1 failed lab Offline Platforms: arm64: defconfig: gcc-8 meson-gxbb-odroidc2: 1 offline lab --- For more info write to <info(a)kernelci.org>

5 years, 5 months

1
0
0 0

[to-be-updated] mm-document-zone-device-struct-page-field-usage.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: document zone device struct page field usage has been removed from the -mm tree. Its filename was mm-document-zone-device-struct-page-field-usage.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: Ralph Campbell <rcampbell(a)nvidia.com> Subject: mm: document zone device struct page field usage Patch series "mm/hmm: fixes for device private page migration", v2. Testing the latest linux git tree turned up a few bugs with page migration to and from ZONE_DEVICE private and anonymous pages. Hopefully it clarifies how ZONE_DEVICE private struct page uses the same mapping and index fields from the source anonymous page mapping. This patch (of 3): Struct page for ZONE_DEVICE private pages uses the page->mapping and and page->index fields while the source anonymous pages are migrated to device private memory. This is so rmap_walk() can find the page when migrating the ZONE_DEVICE private page back to system memory. ZONE_DEVICE pmem backed fsdax pages also use the page->mapping and page->index fields when files are mapped into a process address space. Restructure struct page and add comments to make this more clear. Link: http://lkml.kernel.org/r/20190719192955.30462-2-rcampbell@nvidia.com Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Christoph Lameter <cl(a)linux.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: "Kirill A . Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Lai Jiangshan <jiangshanlai(a)gmail.com> Cc: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Randy Dunlap <rdunlap(a)infradead.org> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Logan Gunthorpe <logang(a)deltatee.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm_types.h | 42 +++++++++++++++++++++++++------------ 1 file changed, 29 insertions(+), 13 deletions(-) --- a/include/linux/mm_types.h~mm-document-zone-device-struct-page-field-usage +++ a/include/linux/mm_types.h @@ -76,13 +76,35 @@ struct page { * avoid collision and false-positive PageTail(). */ union { - struct { /* Page cache and anonymous pages */ - /** - * @lru: Pageout list, eg. active_list protected by - * pgdat->lru_lock. Sometimes used as a generic list - * by the page owner. - */ - struct list_head lru; + struct { /* Page cache, anonymous, ZONE_DEVICE pages */ + union { + /** + * @lru: Pageout list, e.g., active_list + * protected by pgdat->lru_lock. Sometimes + * used as a generic list by the page owner. + */ + struct list_head lru; + /** + * ZONE_DEVICE pages are never on the lru + * list so they reuse the list space. + * ZONE_DEVICE private pages are counted as + * being mapped so the @mapping and @index + * fields are used while the page is migrated + * to device private memory. + * ZONE_DEVICE MEMORY_DEVICE_FS_DAX pages also + * use the @mapping and @index fields when pmem + * backed DAX files are mapped. + */ + struct { + /** + * @pgmap: Points to the hosting + * device page map. + */ + struct dev_pagemap *pgmap; + /** @zone_device_data: opaque data. */ + void *zone_device_data; + }; + }; /* See page-flags.h for PAGE_MAPPING_FLAGS */ struct address_space *mapping; pgoff_t index; /* Our offset within mapping. */ @@ -155,12 +177,6 @@ struct page { spinlock_t ptl; #endif }; - struct { /* ZONE_DEVICE pages */ - /** @pgmap: Points to the hosting device page map. */ - struct dev_pagemap *pgmap; - void *zone_device_data; - unsigned long _zd_pad_1; /* uses mapping */ - }; /** @rcu_head: You can use this to free a page by RCU. */ struct rcu_head rcu_head; _ Patches currently in -mm which might be from rcampbell(a)nvidia.com are mm-hmm-fix-zone_device-anon-page-mapping-reuse.patch mm-hmm-fix-bad-subpage-pointer-in-try_to_unmap_one.patch mm-migrate-initialize-pud_entry-in-migrate_vma.patch

5 years, 5 months

1
0
0 0

stable-rc/linux-5.1.y boot: 137 boots: 2 failed, 133 passed with 1 offline, 1 conflict (v5.1.19-372-g21e90543f836)

by kernelci.org bot

stable-rc/linux-5.1.y boot: 137 boots: 2 failed, 133 passed with 1 offline, 1 conflict (v5.1.19-372-g21e90543f836) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-5.1.y/kernel/v5.1.… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.1.y/kernel/v5.1.19-372-… Tree: stable-rc Branch: linux-5.1.y Git Describe: v5.1.19-372-g21e90543f836 Git Commit: 21e90543f836d29dae6ec06215a6e52419913d7b Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 79 unique boards, 27 SoC families, 17 builds out of 209 Boot Failures Detected: arm: multi_v7_defconfig: gcc-8: bcm4708-smartrg-sr400ac: 1 failed lab arm64: defconfig: gcc-8: meson-gxl-s905x-nexbox-a95x: 1 failed lab Offline Platforms: arm64: defconfig: gcc-8 meson-gxbb-odroidc2: 1 offline lab Conflicting Boot Failure Detected: (These likely are not failures as other labs are reporting PASS. Needs review.) arm: multi_v7_defconfig: exynos5422-odroidxu3: lab-collabora: PASS (gcc-8) lab-baylibre: FAIL (gcc-8) --- For more info write to <info(a)kernelci.org>

5 years, 5 months

1
0
0 0

stable-rc/linux-4.4.y boot: 96 boots: 2 failed, 93 passed with 1 conflict (v4.4.186-87-g08853233f3dc)

by kernelci.org bot

stable-rc/linux-4.4.y boot: 96 boots: 2 failed, 93 passed with 1 conflict (v4.4.186-87-g08853233f3dc) Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.186-87-… Tree: stable-rc Branch: linux-4.4.y Git Describe: v4.4.186-87-g08853233f3dc Git Commit: 08853233f3dc1af30edd80205c1985e0db76bf47 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Tested: 45 unique boards, 20 SoC families, 14 builds out of 190 Boot Failures Detected: arm: multi_v7_defconfig: gcc-8: stih410-b2120: 1 failed lab arm64: defconfig: gcc-8: qcom-qdf2400: 1 failed lab Conflicting Boot Failure Detected: (These likely are not failures as other labs are reporting PASS. Needs review.) x86_64: x86_64_defconfig: qemu: lab-drue: PASS (gcc-8) lab-collabora: PASS (gcc-8) lab-linaro-lkft: PASS (gcc-8) lab-mhart: PASS (gcc-8) lab-baylibre: FAIL (gcc-8) --- For more info write to <info(a)kernelci.org>

5 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2019