October 2021 - Linux-stable-mirror

stable-rc/queue/4.19 baseline: 164 runs, 1 regressions (v4.19.211-62-g3bd5e36634ac)

by kernelci.org bot

stable-rc/queue/4.19 baseline: 164 runs, 1 regressions (v4.19.211-62-g3bd5e36634ac) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ---------+------+---------------+----------+---------------------+------------ panda | arm | lab-collabora | gcc-10 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F4.19/kernel/v4.19.21… Test: baseline Tree: stable-rc Branch: queue/4.19 Describe: v4.19.211-62-g3bd5e36634ac URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 3bd5e36634ac171953865c6e35b0cb44c464eb4f Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ---------+------+---------------+----------+---------------------+------------ panda | arm | lab-collabora | gcc-10 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/plan/id/616edcded297dcaebb33592c Results: 5 PASS, 1 FAIL, 0 SKIP Full config: omap2plus_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.211-62-g3bd5e36634… HTML log: https://storage.kernelci.org//stable-rc/queue-4.19/v4.19.211-62-g3bd5e36634… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.dmesg.emerg: https://kernelci.org/test/case/id/616edcded297dcaebb33592f new failure (last pass: v4.19.211-62-gbf52fbbd32a0) 2 lines 2021-10-19T14:57:17.702287 <8>[ 21.155120] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=alert RESULT=pass UNITS=lines MEASUREMENT=0> 2021-10-19T14:57:17.745615 kern :emerg : BUG: spinlock bad magic on CPU#0, udevd/111 2021-10-19T14:57:17.754963 kern :emerg : lock: emif_lock+0x0/0xffffecfc [emif], .magic: dead4ead, .owner: <none>/-1, .owner_cpu: -1

3 years, 2 months

1
0
0 0

stable-rc/queue/4.14 baseline: 150 runs, 1 regressions (v4.14.250-73-ge93304c5bd7b)

by kernelci.org bot

stable-rc/queue/4.14 baseline: 150 runs, 1 regressions (v4.14.250-73-ge93304c5bd7b) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ---------+------+---------------+----------+---------------------+------------ panda | arm | lab-collabora | gcc-10 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F4.14/kernel/v4.14.25… Test: baseline Tree: stable-rc Branch: queue/4.14 Describe: v4.14.250-73-ge93304c5bd7b URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: e93304c5bd7b671291fe2b34d64f46d6151677d1 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ---------+------+---------------+----------+---------------------+------------ panda | arm | lab-collabora | gcc-10 | omap2plus_defconfig | 1 Details: https://kernelci.org/test/plan/id/616ed6ef79d564a8d23358dc Results: 4 PASS, 1 FAIL, 1 SKIP Full config: omap2plus_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-4.14/v4.14.250-73-ge93304c5bd… HTML log: https://storage.kernelci.org//stable-rc/queue-4.14/v4.14.250-73-ge93304c5bd… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2020.05-6-g8983f3b7… * baseline.dmesg.emerg: https://kernelci.org/test/case/id/616ed6ef79d564a8d23358df new failure (last pass: v4.14.250-73-gcf46928023bb) 2 lines 2021-10-19T14:31:58.735798 [ 19.798706] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=alert RESULT=pass UNITS=lines MEASUREMENT=0> 2021-10-19T14:31:58.780450 kern :emerg : BUG: spinlock bad magic on CPU#0, mmcqd/0/60 2021-10-19T14:31:58.789960 kern :emerg : lock: emif_lock+0x0/0xffffed3c [emif], .magic: dead4ead, .owner: <none>/-1, .owner_cpu: -1 2021-10-19T14:31:58.808851 [ 19.870330] smsc95xx 3-1.1:1.0 eth0: register 'smsc95xx' at usb-4a064c00.ehci-1.1, smsc95xx USB 2.0 Ethernet, 16:cc:7b:07:f5:e7 2021-10-19T14:31:58.815573 [ 19.882659] usbcore: registered new interface driver smsc95xx

3 years, 2 months

1
0
0 0

[merged] mm-fix-null-page-mapping-dereference-in-page_is_secretmem.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() has been removed from the -mm tree. Its filename was mm-fix-null-page-mapping-dereference-in-page_is_secretmem.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Sean Christopherson <seanjc(a)google.com> Subject: mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() Check for a NULL page->mapping before dereferencing the mapping in page_is_secretmem(), as the page's mapping can be nullified while gup() is running, e.g. by reclaim or truncation. BUG: kernel NULL pointer dereference, address: 0000000000000068 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 6 PID: 4173897 Comm: CPU 3/KVM Tainted: G W RIP: 0010:internal_get_user_pages_fast+0x621/0x9d0 Code: <48> 81 7a 68 80 08 04 bc 0f 85 21 ff ff 8 89 c7 be RSP: 0018:ffffaa90087679b0 EFLAGS: 00010046 RAX: ffffe3f37905b900 RBX: 00007f2dd561e000 RCX: ffffe3f37905b934 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffe3f37905b900 ... CR2: 0000000000000068 CR3: 00000004c5898003 CR4: 00000000001726e0 Call Trace: get_user_pages_fast_only+0x13/0x20 hva_to_pfn+0xa9/0x3e0 try_async_pf+0xa1/0x270 direct_page_fault+0x113/0xad0 kvm_mmu_page_fault+0x69/0x680 vmx_handle_exit+0xe1/0x5d0 kvm_arch_vcpu_ioctl_run+0xd81/0x1c70 kvm_vcpu_ioctl+0x267/0x670 __x64_sys_ioctl+0x83/0xa0 do_syscall_64+0x56/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Link: https://lkml.kernel.org/r/20211007231502.3552715-1-seanjc@google.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: Sean Christopherson <seanjc(a)google.com> Reported-by: Darrick J. Wong <djwong(a)kernel.org> Reported-by: Stephen <stephenackerman16(a)gmail.com> Tested-by: Darrick J. Wong <djwong(a)kernel.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Mike Rapoport <rppt(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/secretmem.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/secretmem.h~mm-fix-null-page-mapping-dereference-in-page_is_secretmem +++ a/include/linux/secretmem.h @@ -23,7 +23,7 @@ static inline bool page_is_secretmem(str mapping = (struct address_space *) ((unsigned long)page->mapping & ~PAGE_MAPPING_FLAGS); - if (mapping != page->mapping) + if (!mapping || mapping != page->mapping) return false; return mapping->a_ops == &secretmem_aops; _ Patches currently in -mm which might be from seanjc(a)google.com are

3 years, 2 months

1
0
0 0

[merged] vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: vfs: check fd has read access in kernel_read_file_from_fd() has been removed from the -mm tree. Its filename was vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: vfs: check fd has read access in kernel_read_file_from_fd() If we open a file without read access and then pass the fd to a syscall whose implementation calls kernel_read_file_from_fd(), we get a warning from __kernel_read(): if (WARN_ON_ONCE(!(file->f_mode & FMODE_READ))) This currently affects both finit_module() and kexec_file_load(), but it could affect other syscalls in the future. Link: https://lkml.kernel.org/r/20211007220110.600005-1-willy@infradead.org Fixes: b844f0ecbc56 ("vfs: define kernel_copy_file_from_fd()") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: Hao Sun <sunhao.th(a)gmail.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Acked-by: Christian Brauner <christian.brauner(a)ubuntu.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Mimi Zohar <zohar(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/kernel_read_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/kernel_read_file.c~vfs-check-fd-has-read-access-in-kernel_read_file_from_fd +++ a/fs/kernel_read_file.c @@ -178,7 +178,7 @@ int kernel_read_file_from_fd(int fd, lof struct fd f = fdget(fd); int ret = -EBADF; - if (!f.file) + if (!f.file || !(f.file->f_mode & FMODE_READ)) goto out; ret = kernel_read_file(f.file, offset, buf, buf_size, file_size, id); _ Patches currently in -mm which might be from willy(a)infradead.org are mm-move-kvmalloc-related-functions-to-slabh.patch mm-remove-bogus-vm_bug_on.patch mm-optimise-put_pages_list.patch kasan-fix-tag-for-large-allocations-when-using-config_slab.patch

3 years, 2 months

1
0
0 0

[merged] elfcore-correct-reference-to-config_uml.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: elfcore: correct reference to CONFIG_UML has been removed from the -mm tree. Its filename was elfcore-correct-reference-to-config_uml.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Lukas Bulwahn <lukas.bulwahn(a)gmail.com> Subject: elfcore: correct reference to CONFIG_UML Commit 6e7b64b9dd6d ("elfcore: fix building with clang") introduces special handling for two architectures, ia64 and User Mode Linux. However, the wrong name, i.e., CONFIG_UM, for the intended Kconfig symbol for User-Mode Linux was used. Although the directory for User Mode Linux is ./arch/um; the Kconfig symbol for this architecture is called CONFIG_UML. Luckily, ./scripts/checkkconfigsymbols.py warns on non-existing configs: UM Referencing files: include/linux/elfcore.h Similar symbols: UML, NUMA Correct the name of the config to the intended one. [akpm(a)linux-foundation.org: fix um/x86_64, per Catalin] Link: https://lkml.kernel.org/r/20211006181119.2851441-1-catalin.marinas@arm.com Link: https://lkml.kernel.org/r/YV6pejGzLy5ppEpt@arm.com Link: https://lkml.kernel.org/r/20211006082209.417-1-lukas.bulwahn@gmail.com Fixes: 6e7b64b9dd6d ("elfcore: fix building with clang") Signed-off-by: Lukas Bulwahn <lukas.bulwahn(a)gmail.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Nick Desaulniers <ndesaulniers(a)google.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Barret Rhoden <brho(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/elfcore.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/elfcore.h~elfcore-correct-reference-to-config_uml +++ a/include/linux/elfcore.h @@ -109,7 +109,7 @@ static inline int elf_core_copy_task_fpr #endif } -#if defined(CONFIG_UM) || defined(CONFIG_IA64) +#if (defined(CONFIG_UML) && defined(CONFIG_X86_32)) || defined(CONFIG_IA64) /* * These functions parameterize elf_core_dump in fs/binfmt_elf.c to write out * extra segments containing the gate DSO contents. Dumping its _ Patches currently in -mm which might be from lukas.bulwahn(a)gmail.com are memory-remove-unused-config_mem_block_size.patch

3 years, 2 months

1
0
0 0

[merged] mm-slub-fix-incorrect-memcg-slab-count-for-bulk-free.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, slub: fix incorrect memcg slab count for bulk free has been removed from the -mm tree. Its filename was mm-slub-fix-incorrect-memcg-slab-count-for-bulk-free.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm, slub: fix incorrect memcg slab count for bulk free kmem_cache_free_bulk() will call memcg_slab_free_hook() for all objects when doing bulk free. So we shouldn't call memcg_slab_free_hook() again for bulk free to avoid incorrect memcg slab count. Link: https://lkml.kernel.org/r/20210916123920.48704-6-linmiaohe@huawei.com Fixes: d1b2cf6cb84a ("mm: memcg/slab: uncharge during kmem_cache_free_bulk()") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Bharata B Rao <bharata(a)linux.ibm.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Faiyaz Mohammed <faiyazm(a)codeaurora.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/slub.c~mm-slub-fix-incorrect-memcg-slab-count-for-bulk-free +++ a/mm/slub.c @@ -3420,7 +3420,9 @@ static __always_inline void do_slab_free struct kmem_cache_cpu *c; unsigned long tid; - memcg_slab_free_hook(s, &head, 1); + /* memcg_slab_free_hook() is already called for bulk free. */ + if (!tail) + memcg_slab_free_hook(s, &head, 1); redo: /* * Determine the currently cpus per cpu slab. _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-page_allocc-remove-meaningless-vm_bug_on-in-pindex_to_order.patch mm-page_allocc-simplify-the-code-by-using-macro-k.patch mm-page_allocc-fix-obsolete-comment-in-free_pcppages_bulk.patch mm-page_allocc-use-helper-function-zone_spans_pfn.patch mm-page_allocc-avoid-allocating-highmem-pages-via-alloc_pages_exact.patch mm-page_isolation-fix-potential-missing-call-to-unset_migratetype_isolate.patch mm-page_isolation-guard-against-possible-putback-unisolated-page.patch mm-memory_hotplug-make-hwpoisoned-dirty-swapcache-pages-unmovable.patch mm-zsmallocc-close-race-window-between-zs_pool_dec_isolated-and-zs_unregister_migration.patch mm-zsmallocc-combine-two-atomic-ops-in-zs_pool_dec_isolated.patch

3 years, 2 months

1
0
0 0

[merged] mm-slub-fix-potential-use-after-free-in-slab_debugfs_fops.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, slub: fix potential use-after-free in slab_debugfs_fops has been removed from the -mm tree. Its filename was mm-slub-fix-potential-use-after-free-in-slab_debugfs_fops.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading to a use-after-free. Link: https://lkml.kernel.org/r/20210916123920.48704-5-linmiaohe@huawei.com Fixes: 64dd68497be7 ("mm: slub: move sysfs slab alloc/free interfaces to debugfs") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Bharata B Rao <bharata(a)linux.ibm.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Faiyaz Mohammed <faiyazm(a)codeaurora.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/mm/slub.c~mm-slub-fix-potential-use-after-free-in-slab_debugfs_fops +++ a/mm/slub.c @@ -4887,13 +4887,15 @@ int __kmem_cache_create(struct kmem_cach return 0; err = sysfs_slab_add(s); - if (err) + if (err) { __kmem_cache_release(s); + return err; + } if (s->flags & SLAB_STORE_USER) debugfs_slab_add(s); - return err; + return 0; } void *__kmalloc_track_caller(size_t size, gfp_t gfpflags, unsigned long caller) _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-page_allocc-remove-meaningless-vm_bug_on-in-pindex_to_order.patch mm-page_allocc-simplify-the-code-by-using-macro-k.patch mm-page_allocc-fix-obsolete-comment-in-free_pcppages_bulk.patch mm-page_allocc-use-helper-function-zone_spans_pfn.patch mm-page_allocc-avoid-allocating-highmem-pages-via-alloc_pages_exact.patch mm-page_isolation-fix-potential-missing-call-to-unset_migratetype_isolate.patch mm-page_isolation-guard-against-possible-putback-unisolated-page.patch mm-memory_hotplug-make-hwpoisoned-dirty-swapcache-pages-unmovable.patch mm-zsmallocc-close-race-window-between-zs_pool_dec_isolated-and-zs_unregister_migration.patch mm-zsmallocc-combine-two-atomic-ops-in-zs_pool_dec_isolated.patch

3 years, 2 months

1
0
0 0

[merged] mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, slub: fix potential memoryleak in kmem_cache_open() has been removed from the -mm tree. Its filename was mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources. Link: https://lkml.kernel.org/r/20210916123920.48704-4-linmiaohe@huawei.com Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Bharata B Rao <bharata(a)linux.ibm.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Faiyaz Mohammed <faiyazm(a)codeaurora.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/slub.c~mm-slub-fix-potential-memoryleak-in-kmem_cache_open +++ a/mm/slub.c @@ -4210,8 +4210,8 @@ static int kmem_cache_open(struct kmem_c if (alloc_kmem_cache_cpus(s)) return 0; - free_kmem_cache_nodes(s); error: + __kmem_cache_release(s); return -EINVAL; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-page_allocc-remove-meaningless-vm_bug_on-in-pindex_to_order.patch mm-page_allocc-simplify-the-code-by-using-macro-k.patch mm-page_allocc-fix-obsolete-comment-in-free_pcppages_bulk.patch mm-page_allocc-use-helper-function-zone_spans_pfn.patch mm-page_allocc-avoid-allocating-highmem-pages-via-alloc_pages_exact.patch mm-page_isolation-fix-potential-missing-call-to-unset_migratetype_isolate.patch mm-page_isolation-guard-against-possible-putback-unisolated-page.patch mm-memory_hotplug-make-hwpoisoned-dirty-swapcache-pages-unmovable.patch mm-zsmallocc-close-race-window-between-zs_pool_dec_isolated-and-zs_unregister_migration.patch mm-zsmallocc-combine-two-atomic-ops-in-zs_pool_dec_isolated.patch

3 years, 2 months

1
0
0 0

[merged] mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, slub: fix mismatch between reconstructed freelist depth and cnt has been removed from the -mm tree. Its filename was mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm, slub: fix mismatch between reconstructed freelist depth and cnt If object's reuse is delayed, it will be excluded from the reconstructed freelist. But we forgot to adjust the cnt accordingly. So there will be a mismatch between reconstructed freelist depth and cnt. This will lead to free_debug_processing() complaining about freelist count or a incorrect slub inuse count. Link: https://lkml.kernel.org/r/20210916123920.48704-3-linmiaohe@huawei.com Fixes: c3895391df38 ("kasan, slub: fix handling of kasan_slab_free hook") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Bharata B Rao <bharata(a)linux.ibm.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Faiyaz Mohammed <faiyazm(a)codeaurora.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/mm/slub.c~mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt +++ a/mm/slub.c @@ -1701,7 +1701,8 @@ static __always_inline bool slab_free_ho } static inline bool slab_free_freelist_hook(struct kmem_cache *s, - void **head, void **tail) + void **head, void **tail, + int *cnt) { void *object; @@ -1728,6 +1729,12 @@ static inline bool slab_free_freelist_ho *head = object; if (!*tail) *tail = object; + } else { + /* + * Adjust the reconstructed freelist depth + * accordingly if object's reuse is delayed. + */ + --(*cnt); } } while (object != old_tail); @@ -3480,7 +3487,7 @@ static __always_inline void slab_free(st * With KASAN enabled slab_free_freelist_hook modifies the freelist * to remove objects, whose reuse must be delayed. */ - if (slab_free_freelist_hook(s, &head, &tail)) + if (slab_free_freelist_hook(s, &head, &tail, &cnt)) do_slab_free(s, page, head, tail, cnt, addr); } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-page_allocc-remove-meaningless-vm_bug_on-in-pindex_to_order.patch mm-page_allocc-simplify-the-code-by-using-macro-k.patch mm-page_allocc-fix-obsolete-comment-in-free_pcppages_bulk.patch mm-page_allocc-use-helper-function-zone_spans_pfn.patch mm-page_allocc-avoid-allocating-highmem-pages-via-alloc_pages_exact.patch mm-page_isolation-fix-potential-missing-call-to-unset_migratetype_isolate.patch mm-page_isolation-guard-against-possible-putback-unisolated-page.patch mm-memory_hotplug-make-hwpoisoned-dirty-swapcache-pages-unmovable.patch mm-zsmallocc-close-race-window-between-zs_pool_dec_isolated-and-zs_unregister_migration.patch mm-zsmallocc-combine-two-atomic-ops-in-zs_pool_dec_isolated.patch

3 years, 2 months

1
0
0 0

[merged] mm-slub-fix-two-bugs-in-slab_debug_trace_open.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, slub: fix two bugs in slab_debug_trace_open() has been removed from the -mm tree. Its filename was mm-slub-fix-two-bugs-in-slab_debug_trace_open.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm, slub: fix two bugs in slab_debug_trace_open() Patch series "Fixups for slub". This series contains various bug fixes for slub. We fix memoryleak, use-afer-free, NULL pointer dereferencing and so on in slub. More details can be found in the respective changelogs. This patch (of 5): It's possible that __seq_open_private() will return NULL. So we should check it before using lest dereferencing NULL pointer. And in error paths, we forgot to release private buffer via seq_release_private(). Memory will leak in these paths. Link: https://lkml.kernel.org/r/20210916123920.48704-1-linmiaohe@huawei.com Link: https://lkml.kernel.org/r/20210916123920.48704-2-linmiaohe@huawei.com Fixes: 64dd68497be7 ("mm: slub: move sysfs slab alloc/free interfaces to debugfs") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Christoph Lameter <cl(a)linux.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Faiyaz Mohammed <faiyazm(a)codeaurora.org> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Bharata B Rao <bharata(a)linux.ibm.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/mm/slub.c~mm-slub-fix-two-bugs-in-slab_debug_trace_open +++ a/mm/slub.c @@ -6108,9 +6108,14 @@ static int slab_debug_trace_open(struct struct kmem_cache *s = file_inode(filep)->i_private; unsigned long *obj_map; + if (!t) + return -ENOMEM; + obj_map = bitmap_alloc(oo_objects(s->oo), GFP_KERNEL); - if (!obj_map) + if (!obj_map) { + seq_release_private(inode, filep); return -ENOMEM; + } if (strcmp(filep->f_path.dentry->d_name.name, "alloc_traces") == 0) alloc = TRACK_ALLOC; @@ -6119,6 +6124,7 @@ static int slab_debug_trace_open(struct if (!alloc_loc_track(t, PAGE_SIZE / sizeof(struct location), GFP_KERNEL)) { bitmap_free(obj_map); + seq_release_private(inode, filep); return -ENOMEM; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-page_allocc-remove-meaningless-vm_bug_on-in-pindex_to_order.patch mm-page_allocc-simplify-the-code-by-using-macro-k.patch mm-page_allocc-fix-obsolete-comment-in-free_pcppages_bulk.patch mm-page_allocc-use-helper-function-zone_spans_pfn.patch mm-page_allocc-avoid-allocating-highmem-pages-via-alloc_pages_exact.patch mm-page_isolation-fix-potential-missing-call-to-unset_migratetype_isolate.patch mm-page_isolation-guard-against-possible-putback-unisolated-page.patch mm-memory_hotplug-make-hwpoisoned-dirty-swapcache-pages-unmovable.patch mm-zsmallocc-close-race-window-between-zs_pool_dec_isolated-and-zs_unregister_migration.patch mm-zsmallocc-combine-two-atomic-ops-in-zs_pool_dec_isolated.patch

3 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2021