August 2023 - Linux-stable-mirror

[PATCH] selftests/rseq: Fix build with undefined __weak

by Mark Brown

Commit 3bcbc20942db ("selftests/rseq: Play nice with binaries statically linked against glibc 2.35+") which is now in Linus' tree introduced uses of __weak but did nothing to ensure that a definition is provided for it resulting in build failures for the rseq tests: rseq.c:41:1: error: unknown type name '__weak' __weak ptrdiff_t __rseq_offset; ^ rseq.c:41:17: error: expected ';' after top level declarator __weak ptrdiff_t __rseq_offset; ^ ; rseq.c:42:1: error: unknown type name '__weak' __weak unsigned int __rseq_size; ^ rseq.c:43:1: error: unknown type name '__weak' __weak unsigned int __rseq_flags; Fix this by using the definition from tools/include compiler.h. Fixes: 3bcbc20942db ("selftests/rseq: Play nice with binaries statically linked against glibc 2.35+") Signed-off-by: Mark Brown <broonie(a)kernel.org> --- It'd be good if the KVM testing could include builds of the rseq selftests, the KVM tests pull in code from rseq but not the build system which has resulted in multiple failures like this. --- tools/testing/selftests/rseq/Makefile | 4 +++- tools/testing/selftests/rseq/rseq.c | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/rseq/Makefile b/tools/testing/selftests/rseq/Makefile index b357ba24af06..7a957c7d459a 100644 --- a/tools/testing/selftests/rseq/Makefile +++ b/tools/testing/selftests/rseq/Makefile @@ -4,8 +4,10 @@ ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) CLANG_FLAGS += -no-integrated-as endif +top_srcdir = ../../../.. + CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -L$(OUTPUT) -Wl,-rpath=./ \ - $(CLANG_FLAGS) + $(CLANG_FLAGS) -I$(top_srcdir)/tools/include LDLIBS += -lpthread -ldl # Own dependencies because we only want to build against 1st prerequisite, but diff --git a/tools/testing/selftests/rseq/rseq.c b/tools/testing/selftests/rseq/rseq.c index a723da253244..96e812bdf8a4 100644 --- a/tools/testing/selftests/rseq/rseq.c +++ b/tools/testing/selftests/rseq/rseq.c @@ -31,6 +31,8 @@ #include <sys/auxv.h> #include <linux/auxvec.h> +#include <linux/compiler.h> + #include "../kselftest.h" #include "rseq.h" --- base-commit: 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 change-id: 20230804-kselftest-rseq-build-9d537942b1de Best regards, -- Mark Brown <broonie(a)kernel.org>

1 year, 5 months

3
2
0 0

[PATCH v2] tpm: Disable RNG for all AMD fTPMs

by Mario Limonciello

The TPM RNG functionality is not necessary for entropy when the CPU already supports the RDRAND instruction. The TPM RNG functionality was previously disabled on a subset of AMD fTPM series, but reports continue to show problems on some systems causing stutter root caused to TPM RNG functionality. Expand disabling TPM RNG use for all AMD fTPMs whether they have versions that claim to have fixed or not. To accomplish this, move the detection into part of the TPM CRB registration and add a flag indicating that the TPM should opt-out of registration to hwrng. Cc: stable(a)vger.kernel.org # 6.1.y+ Fixes: b006c439d58d ("hwrng: core - start hwrng kthread also for untrusted sources") Fixes: f1324bbc4011 ("tpm: disable hwrng for fTPM on some AMD designs") Reported-by: daniil.stas(a)posteo.net Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217719 Reported-by: bitlord0xff(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217212 Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- v1->v2: * switch from callback to everything in tpm_crb * switch to open coded flags check instead of new inline --- drivers/char/tpm/tpm-chip.c | 68 ++----------------------------------- drivers/char/tpm/tpm_crb.c | 30 ++++++++++++++++ include/linux/tpm.h | 1 + 3 files changed, 33 insertions(+), 66 deletions(-) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index cf5499e51999b..e904aae9771be 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -510,70 +510,6 @@ static int tpm_add_legacy_sysfs(struct tpm_chip *chip) return 0; } -/* - * Some AMD fTPM versions may cause stutter - * https://www.amd.com/en/support/kb/faq/pa-410 - * - * Fixes are available in two series of fTPM firmware: - * 6.x.y.z series: 6.0.18.6 + - * 3.x.y.z series: 3.57.y.5 + - */ -#ifdef CONFIG_X86 -static bool tpm_amd_is_rng_defective(struct tpm_chip *chip) -{ - u32 val1, val2; - u64 version; - int ret; - - if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) - return false; - - ret = tpm_request_locality(chip); - if (ret) - return false; - - ret = tpm2_get_tpm_pt(chip, TPM2_PT_MANUFACTURER, &val1, NULL); - if (ret) - goto release; - if (val1 != 0x414D4400U /* AMD */) { - ret = -ENODEV; - goto release; - } - ret = tpm2_get_tpm_pt(chip, TPM2_PT_FIRMWARE_VERSION_1, &val1, NULL); - if (ret) - goto release; - ret = tpm2_get_tpm_pt(chip, TPM2_PT_FIRMWARE_VERSION_2, &val2, NULL); - -release: - tpm_relinquish_locality(chip); - - if (ret) - return false; - - version = ((u64)val1 << 32) | val2; - if ((version >> 48) == 6) { - if (version >= 0x0006000000180006ULL) - return false; - } else if ((version >> 48) == 3) { - if (version >= 0x0003005700000005ULL) - return false; - } else { - return false; - } - - dev_warn(&chip->dev, - "AMD fTPM version 0x%llx causes system stutter; hwrng disabled\n", - version); - - return true; -} -#else -static inline bool tpm_amd_is_rng_defective(struct tpm_chip *chip) -{ - return false; -} -#endif /* CONFIG_X86 */ - static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait) { struct tpm_chip *chip = container_of(rng, struct tpm_chip, hwrng); @@ -588,7 +524,7 @@ static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait) static int tpm_add_hwrng(struct tpm_chip *chip) { if (!IS_ENABLED(CONFIG_HW_RANDOM_TPM) || tpm_is_firmware_upgrade(chip) || - tpm_amd_is_rng_defective(chip)) + chip->flags & TPM_CHIP_FLAG_HWRNG_DISABLED) return 0; snprintf(chip->hwrng_name, sizeof(chip->hwrng_name), @@ -719,7 +655,7 @@ void tpm_chip_unregister(struct tpm_chip *chip) { tpm_del_legacy_sysfs(chip); if (IS_ENABLED(CONFIG_HW_RANDOM_TPM) && !tpm_is_firmware_upgrade(chip) && - !tpm_amd_is_rng_defective(chip)) + !(chip->flags & TPM_CHIP_FLAG_HWRNG_DISABLED)) hwrng_unregister(&chip->hwrng); tpm_bios_log_teardown(chip); if (chip->flags & TPM_CHIP_FLAG_TPM2 && !tpm_is_firmware_upgrade(chip)) diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c index 1a5d09b185134..9eb1a18590123 100644 --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -463,6 +463,28 @@ static bool crb_req_canceled(struct tpm_chip *chip, u8 status) return (cancel & CRB_CANCEL_INVOKE) == CRB_CANCEL_INVOKE; } +static int crb_check_flags(struct tpm_chip *chip) +{ + u32 val; + int ret; + + ret = crb_request_locality(chip, 0); + if (ret) + return ret; + + ret = tpm2_get_tpm_pt(chip, TPM2_PT_MANUFACTURER, &val, NULL); + if (ret) + goto release; + + if (val == 0x414D4400U /* AMD */) + chip->flags |= TPM_CHIP_FLAG_HWRNG_DISABLED; + +release: + crb_relinquish_locality(chip, 0); + + return ret; +} + static const struct tpm_class_ops tpm_crb = { .flags = TPM_OPS_AUTO_STARTUP, .status = crb_status, @@ -800,6 +822,14 @@ static int crb_acpi_add(struct acpi_device *device) chip->acpi_dev_handle = device->handle; chip->flags = TPM_CHIP_FLAG_TPM2; + rc = tpm_chip_bootstrap(chip); + if (rc) + goto out; + + rc = crb_check_flags(chip); + if (rc) + goto out; + rc = tpm_chip_register(chip); out: diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 6a1e8f1572551..4ee9d13749adc 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -283,6 +283,7 @@ enum tpm_chip_flags { TPM_CHIP_FLAG_FIRMWARE_POWER_MANAGED = BIT(6), TPM_CHIP_FLAG_FIRMWARE_UPGRADE = BIT(7), TPM_CHIP_FLAG_SUSPENDED = BIT(8), + TPM_CHIP_FLAG_HWRNG_DISABLED = BIT(9), }; #define to_tpm_chip(d) container_of(d, struct tpm_chip, dev) -- 2.34.1

1 year, 5 months

3
3
0 0

[merged mm-hotfixes-stable] mm-damon-core-initialize-damo_filter-list-from-damos_new_filter.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: initialize damo_filter->list from damos_new_filter() has been removed from the -mm tree. Its filename was mm-damon-core-initialize-damo_filter-list-from-damos_new_filter.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: initialize damo_filter->list from damos_new_filter() Date: Sat, 29 Jul 2023 20:37:32 +0000 damos_new_filter() is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMON_RECLAIM are not initializing it after calling damos_new_filter(). As a result, accessing uninitialized memory is possible. Actually, adding multiple DAMOS filters via DAMON sysfs interface caused NULL pointer dereferencing. Initialize the field just after the allocation from damos_new_filter(). Link: https://lkml.kernel.org/r/20230729203733.38949-2-sj@kernel.org Fixes: 98def236f63c ("mm/damon/core: implement damos filter") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/core.c~mm-damon-core-initialize-damo_filter-list-from-damos_new_filter +++ a/mm/damon/core.c @@ -273,6 +273,7 @@ struct damos_filter *damos_new_filter(en return NULL; filter->type = type; filter->matching = matching; + INIT_LIST_HEAD(&filter->list); return filter; } _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-test-add-a-test-for-damos_new_filter.patch mm-damon-sysfs-schemes-implement-damos-tried-total-bytes-file.patch mm-damon-sysfs-implement-a-command-for-updating-only-schemes-tried-total-bytes.patch selftests-damon-sysfs-test-tried_regions-total_bytes-file.patch docs-abi-damon-update-for-tried_regions-total_bytes.patch docs-admin-guide-mm-damon-usage-update-for-tried_regions-total_bytes.patch mm-damon-core-introduce-address-range-type-damos-filter.patch mm-damon-sysfs-schemes-support-address-range-type-damos-filter.patch mm-damon-core-test-add-a-unit-test-for-__damos_filter_out.patch selftests-damon-sysfs-test-address-range-damos-filter.patch docs-mm-damon-design-update-for-address-range-filters.patch docs-abi-damon-update-for-address-range-damos-filter.patch docs-admin-guide-mm-damon-usage-update-for-address-range-type-damos-filter.patch mm-damon-core-implement-target-type-damos-filter.patch mm-damon-sysfs-schemes-support-target-damos-filter.patch selftests-damon-sysfs-test-damon_target-filter.patch docs-mm-damon-design-update-for-damon-monitoring-target-type-damos-filter.patch docs-abi-damon-update-for-damon-monitoring-target-type-damos-filter.patch docs-admin-guide-mm-damon-usage-update-for-damon-monitoring-target-type-damos-filter.patch

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-use-after-free-of-nilfs_root-in-dirtying-inodes-via-iput.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput has been removed from the -mm tree. Its filename was nilfs2-fix-use-after-free-of-nilfs_root-in-dirtying-inodes-via-iput.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput Date: Sat, 29 Jul 2023 04:13:18 +0900 During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). Previously, nilfs_evict_inode() could cause use-after-free read for nilfs_root if inodes are left in "garbage_list" and released by nilfs_dispose_list at the end of nilfs_detach_log_writer(), and this bug was fixed by commit 9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()"). However, it turned out that there is another possibility of UAF in the call path where mark_inode_dirty_sync() is called from iput(): nilfs_detach_log_writer() nilfs_dispose_list() iput() mark_inode_dirty_sync() __mark_inode_dirty() nilfs_dirty_inode() __nilfs_mark_inode_dirty() nilfs_load_inode_block() --> causes UAF of nilfs_root struct This can happen after commit 0ae45f63d4ef ("vfs: add support for a lazytime mount option"), which changed iput() to call mark_inode_dirty_sync() on its final reference if i_state has I_DIRTY_TIME flag and i_nlink is non-zero. This issue appears after commit 28a65b49eb53 ("nilfs2: do not write dirty data after degenerating to read-only") when using the syzbot reproducer, but the issue has potentially existed before. Fix this issue by adding a "purging flag" to the nilfs structure, setting that flag while disposing the "garbage_list" and checking it in __nilfs_mark_inode_dirty(). Unlike commit 9b5a04ac3ad9 ("nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()"), this patch does not rely on ns_writer to determine whether to skip operations, so as not to break recovery on mount. The nilfs_salvage_orphan_logs routine dirties the buffer of salvaged data before attaching the log writer, so changing __nilfs_mark_inode_dirty() to skip the operation when ns_writer is NULL will cause recovery write to fail. The purpose of using the cleanup-only flag is to allow for narrowing of such conditions. Link: https://lkml.kernel.org/r/20230728191318.33047-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+74db8b3087f293d3a13a(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/000000000000b4e906060113fd63@google.com Fixes: 0ae45f63d4ef ("vfs: add support for a lazytime mount option") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> # 4.0+ Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/inode.c | 8 ++++++++ fs/nilfs2/segment.c | 2 ++ fs/nilfs2/the_nilfs.h | 2 ++ 3 files changed, 12 insertions(+) --- a/fs/nilfs2/inode.c~nilfs2-fix-use-after-free-of-nilfs_root-in-dirtying-inodes-via-iput +++ a/fs/nilfs2/inode.c @@ -1101,9 +1101,17 @@ int nilfs_set_file_dirty(struct inode *i int __nilfs_mark_inode_dirty(struct inode *inode, int flags) { + struct the_nilfs *nilfs = inode->i_sb->s_fs_info; struct buffer_head *ibh; int err; + /* + * Do not dirty inodes after the log writer has been detached + * and its nilfs_root struct has been freed. + */ + if (unlikely(nilfs_purging(nilfs))) + return 0; + err = nilfs_load_inode_block(inode, &ibh); if (unlikely(err)) { nilfs_warn(inode->i_sb, --- a/fs/nilfs2/segment.c~nilfs2-fix-use-after-free-of-nilfs_root-in-dirtying-inodes-via-iput +++ a/fs/nilfs2/segment.c @@ -2845,6 +2845,7 @@ void nilfs_detach_log_writer(struct supe nilfs_segctor_destroy(nilfs->ns_writer); nilfs->ns_writer = NULL; } + set_nilfs_purging(nilfs); /* Force to free the list of dirty files */ spin_lock(&nilfs->ns_inode_lock); @@ -2857,4 +2858,5 @@ void nilfs_detach_log_writer(struct supe up_write(&nilfs->ns_segctor_sem); nilfs_dispose_list(nilfs, &garbage_list, 1); + clear_nilfs_purging(nilfs); } --- a/fs/nilfs2/the_nilfs.h~nilfs2-fix-use-after-free-of-nilfs_root-in-dirtying-inodes-via-iput +++ a/fs/nilfs2/the_nilfs.h @@ -29,6 +29,7 @@ enum { THE_NILFS_DISCONTINUED, /* 'next' pointer chain has broken */ THE_NILFS_GC_RUNNING, /* gc process is running */ THE_NILFS_SB_DIRTY, /* super block is dirty */ + THE_NILFS_PURGING, /* disposing dirty files for cleanup */ }; /** @@ -208,6 +209,7 @@ THE_NILFS_FNS(INIT, init) THE_NILFS_FNS(DISCONTINUED, discontinued) THE_NILFS_FNS(GC_RUNNING, gc_running) THE_NILFS_FNS(SB_DIRTY, sb_dirty) +THE_NILFS_FNS(PURGING, purging) /* * Mount option operations _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-kcore-reinstate-bounce-buffer-for-kcore_text-regions.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions has been removed from the -mm tree. Its filename was fs-proc-kcore-reinstate-bounce-buffer-for-kcore_text-regions.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lstoakes(a)gmail.com> Subject: fs/proc/kcore: reinstate bounce buffer for KCORE_TEXT regions Date: Mon, 31 Jul 2023 22:50:21 +0100 Some architectures do not populate the entire range categorised by KCORE_TEXT, so we must ensure that the kernel address we read from is valid. Unfortunately there is no solution currently available to do so with a purely iterator solution so reinstate the bounce buffer in this instance so we can use copy_from_kernel_nofault() in order to avoid page faults when regions are unmapped. This change partly reverts commit 2e1c0170771e ("fs/proc/kcore: avoid bounce buffer for ktext data"), reinstating the bounce buffer, but adapts the code to continue to use an iterator. [lstoakes(a)gmail.com: correct comment to be strictly correct about reasoning] Link: https://lkml.kernel.org/r/525a3f14-74fa-4c22-9fca-9dab4de8a0c3@lucifer.local Link: https://lkml.kernel.org/r/20230731215021.70911-1-lstoakes@gmail.com Fixes: 2e1c0170771e ("fs/proc/kcore: avoid bounce buffer for ktext data") Signed-off-by: Lorenzo Stoakes <lstoakes(a)gmail.com> Reported-by: Jiri Olsa <olsajiri(a)gmail.com> Closes: https://lore.kernel.org/all/ZHc2fm+9daF6cgCE@krava Tested-by: Jiri Olsa <jolsa(a)kernel.org> Tested-by: Will Deacon <will(a)kernel.org> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Liu Shixin <liushixin2(a)huawei.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Mike Galbraith <efault(a)gmx.de> Cc: Thorsten Leemhuis <regressions(a)leemhuis.info> Cc: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/kcore.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) --- a/fs/proc/kcore.c~fs-proc-kcore-reinstate-bounce-buffer-for-kcore_text-regions +++ a/fs/proc/kcore.c @@ -309,6 +309,8 @@ static void append_kcore_note(char *note static ssize_t read_kcore_iter(struct kiocb *iocb, struct iov_iter *iter) { + struct file *file = iocb->ki_filp; + char *buf = file->private_data; loff_t *fpos = &iocb->ki_pos; size_t phdrs_offset, notes_offset, data_offset; size_t page_offline_frozen = 1; @@ -555,10 +557,21 @@ static ssize_t read_kcore_iter(struct ki case KCORE_VMEMMAP: case KCORE_TEXT: /* - * We use _copy_to_iter() to bypass usermode hardening - * which would otherwise prevent this operation. + * Sadly we must use a bounce buffer here to be able to + * make use of copy_from_kernel_nofault(), as these + * memory regions might not always be mapped on all + * architectures. */ - if (_copy_to_iter((char *)start, tsz, iter) != tsz) { + if (copy_from_kernel_nofault(buf, (void *)start, tsz)) { + if (iov_iter_zero(tsz, iter) != tsz) { + ret = -EFAULT; + goto out; + } + /* + * We know the bounce buffer is safe to copy from, so + * use _copy_to_iter() directly. + */ + } else if (_copy_to_iter(buf, tsz, iter) != tsz) { ret = -EFAULT; goto out; } @@ -595,6 +608,10 @@ static int open_kcore(struct inode *inod if (ret) return ret; + filp->private_data = kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!filp->private_data) + return -ENOMEM; + if (kcore_need_update) kcore_update_ram(); if (i_size_read(inode) != proc_root_kcore->size) { @@ -605,9 +622,16 @@ static int open_kcore(struct inode *inod return 0; } +static int release_kcore(struct inode *inode, struct file *file) +{ + kfree(file->private_data); + return 0; +} + static const struct proc_ops kcore_proc_ops = { .proc_read_iter = read_kcore_iter, .proc_open = open_kcore, + .proc_release = release_kcore, .proc_lseek = default_llseek, }; _ Patches currently in -mm which might be from lstoakes(a)gmail.com are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-ksm-fix-incorrect-evaluation-of-parameter.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests: mm: ksm: fix incorrect evaluation of parameter has been removed from the -mm tree. Its filename was selftests-mm-ksm-fix-incorrect-evaluation-of-parameter.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ayush Jain <ayush.jain3(a)amd.com> Subject: selftests: mm: ksm: fix incorrect evaluation of parameter Date: Fri, 28 Jul 2023 22:09:51 +0530 A missing break in kms_tests leads to kselftest hang when the parameter -s is used. In current code flow because of missing break in -s, -t parses args spilled from -s and as -t accepts only valid values as 0,1 so any arg in -s >1 or <0, gets in ksm_test failure This went undetected since, before the addition of option -t, the next case -M would immediately break out of the switch statement but that is no longer the case Add the missing break statement. ----Before---- ./ksm_tests -H -s 100 Invalid merge type ----After---- ./ksm_tests -H -s 100 Number of normal pages: 0 Number of huge pages: 50 Total size: 100 MiB Total time: 0.401732682 s Average speed: 248.922 MiB/s Link: https://lkml.kernel.org/r/20230728163952.4634-1-ayush.jain3@amd.com Fixes: 07115fcc15b4 ("selftests/mm: add new selftests for KSM") Signed-off-by: Ayush Jain <ayush.jain3(a)amd.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/ksm_tests.c | 1 + 1 file changed, 1 insertion(+) --- a/tools/testing/selftests/mm/ksm_tests.c~selftests-mm-ksm-fix-incorrect-evaluation-of-parameter +++ a/tools/testing/selftests/mm/ksm_tests.c @@ -831,6 +831,7 @@ int main(int argc, char *argv[]) printf("Size must be greater than 0\n"); return KSFT_FAIL; } + break; case 't': { int tmp = atoi(optarg); _ Patches currently in -mm which might be from ayush.jain3(a)amd.com are selftests-mm-add-ksm_merge_time-tests.patch

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] hugetlb-do-not-clear-hugetlb-dtor-until-allocating-vmemmap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: hugetlb: do not clear hugetlb dtor until allocating vmemmap has been removed from the -mm tree. Its filename was hugetlb-do-not-clear-hugetlb-dtor-until-allocating-vmemmap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: hugetlb: do not clear hugetlb dtor until allocating vmemmap Date: Tue, 11 Jul 2023 15:09:41 -0700 Patch series "Fix hugetlb free path race with memory errors". In the discussion of Jiaqi Yan's series "Improve hugetlbfs read on HWPOISON hugepages" the race window was discovered. https://lore.kernel.org/linux-mm/20230616233447.GB7371@monkey/ Freeing a hugetlb page back to low level memory allocators is performed in two steps. 1) Under hugetlb lock, remove page from hugetlb lists and clear destructor 2) Outside lock, allocate vmemmap if necessary and call low level free Between these two steps, the hugetlb page will appear as a normal compound page. However, vmemmap for tail pages could be missing. If a memory error occurs at this time, we could try to update page flags non-existant page structs. A much more detailed description is in the first patch. The first patch addresses the race window. However, it adds a hugetlb_lock lock/unlock cycle to every vmemmap optimized hugetlb page free operation. This could lead to slowdowns if one is freeing a large number of hugetlb pages. The second path optimizes the update_and_free_pages_bulk routine to only take the lock once in bulk operations. The second patch is technically not a bug fix, but includes a Fixes tag and Cc stable to avoid a performance regression. It can be combined with the first, but was done separately make reviewing easier. This patch (of 2): Freeing a hugetlb page and releasing base pages back to the underlying allocator such as buddy or cma is performed in two steps: - remove_hugetlb_folio() is called to remove the folio from hugetlb lists, get a ref on the page and remove hugetlb destructor. This all must be done under the hugetlb lock. After this call, the page can be treated as a normal compound page or a collection of base size pages. - update_and_free_hugetlb_folio() is called to allocate vmemmap if needed and the free routine of the underlying allocator is called on the resulting page. We can not hold the hugetlb lock here. One issue with this scheme is that a memory error could occur between these two steps. In this case, the memory error handling code treats the old hugetlb page as a normal compound page or collection of base pages. It will then try to SetPageHWPoison(page) on the page with an error. If the page with error is a tail page without vmemmap, a write error will occur when trying to set the flag. Address this issue by modifying remove_hugetlb_folio() and update_and_free_hugetlb_folio() such that the hugetlb destructor is not cleared until after allocating vmemmap. Since clearing the destructor requires holding the hugetlb lock, the clearing is done in remove_hugetlb_folio() if the vmemmap is present. This saves a lock/unlock cycle. Otherwise, destructor is cleared in update_and_free_hugetlb_folio() after allocating vmemmap. Note that this will leave hugetlb pages in a state where they are marked free (by hugetlb specific page flag) and have a ref count. This is not a normal state. The only code that would notice is the memory error code, and it is set up to retry in such a case. A subsequent patch will create a routine to do bulk processing of vmemmap allocation. This will eliminate a lock/unlock cycle for each hugetlb page in the case where we are freeing a large number of pages. Link: https://lkml.kernel.org/r/20230711220942.43706-1-mike.kravetz@oracle.com Link: https://lkml.kernel.org/r/20230711220942.43706-2-mike.kravetz@oracle.com Fixes: ad2fa3717b74 ("mm: hugetlb: alloc the vmemmap pages associated with each HugeTLB page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reviewed-by: Muchun Song <songmuchun(a)bytedance.com> Tested-by: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: James Houghton <jthoughton(a)google.com> Cc: Jiaqi Yan <jiaqiyan(a)google.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 75 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 51 insertions(+), 24 deletions(-) --- a/mm/hugetlb.c~hugetlb-do-not-clear-hugetlb-dtor-until-allocating-vmemmap +++ a/mm/hugetlb.c @@ -1579,9 +1579,37 @@ static inline void destroy_compound_giga unsigned int order) { } #endif +static inline void __clear_hugetlb_destructor(struct hstate *h, + struct folio *folio) +{ + lockdep_assert_held(&hugetlb_lock); + + /* + * Very subtle + * + * For non-gigantic pages set the destructor to the normal compound + * page dtor. This is needed in case someone takes an additional + * temporary ref to the page, and freeing is delayed until they drop + * their reference. + * + * For gigantic pages set the destructor to the null dtor. This + * destructor will never be called. Before freeing the gigantic + * page destroy_compound_gigantic_folio will turn the folio into a + * simple group of pages. After this the destructor does not + * apply. + * + */ + if (hstate_is_gigantic(h)) + folio_set_compound_dtor(folio, NULL_COMPOUND_DTOR); + else + folio_set_compound_dtor(folio, COMPOUND_PAGE_DTOR); +} + /* - * Remove hugetlb folio from lists, and update dtor so that the folio appears - * as just a compound page. + * Remove hugetlb folio from lists. + * If vmemmap exists for the folio, update dtor so that the folio appears + * as just a compound page. Otherwise, wait until after allocating vmemmap + * to update dtor. * * A reference is held on the folio, except in the case of demote. * @@ -1612,31 +1640,19 @@ static void __remove_hugetlb_folio(struc } /* - * Very subtle - * - * For non-gigantic pages set the destructor to the normal compound - * page dtor. This is needed in case someone takes an additional - * temporary ref to the page, and freeing is delayed until they drop - * their reference. - * - * For gigantic pages set the destructor to the null dtor. This - * destructor will never be called. Before freeing the gigantic - * page destroy_compound_gigantic_folio will turn the folio into a - * simple group of pages. After this the destructor does not - * apply. - * - * This handles the case where more than one ref is held when and - * after update_and_free_hugetlb_folio is called. - * - * In the case of demote we do not ref count the page as it will soon - * be turned into a page of smaller size. + * We can only clear the hugetlb destructor after allocating vmemmap + * pages. Otherwise, someone (memory error handling) may try to write + * to tail struct pages. + */ + if (!folio_test_hugetlb_vmemmap_optimized(folio)) + __clear_hugetlb_destructor(h, folio); + + /* + * In the case of demote we do not ref count the page as it will soon + * be turned into a page of smaller size. */ if (!demote) folio_ref_unfreeze(folio, 1); - if (hstate_is_gigantic(h)) - folio_set_compound_dtor(folio, NULL_COMPOUND_DTOR); - else - folio_set_compound_dtor(folio, COMPOUND_PAGE_DTOR); h->nr_huge_pages--; h->nr_huge_pages_node[nid]--; @@ -1705,6 +1721,7 @@ static void __update_and_free_hugetlb_fo { int i; struct page *subpage; + bool clear_dtor = folio_test_hugetlb_vmemmap_optimized(folio); if (hstate_is_gigantic(h) && !gigantic_page_runtime_supported()) return; @@ -1735,6 +1752,16 @@ static void __update_and_free_hugetlb_fo if (unlikely(folio_test_hwpoison(folio))) folio_clear_hugetlb_hwpoison(folio); + /* + * If vmemmap pages were allocated above, then we need to clear the + * hugetlb destructor under the hugetlb lock. + */ + if (clear_dtor) { + spin_lock_irq(&hugetlb_lock); + __clear_hugetlb_destructor(h, folio); + spin_unlock_irq(&hugetlb_lock); + } + for (i = 0; i < pages_per_huge_page(h); i++) { subpage = folio_page(folio, i); subpage->flags &= ~(1 << PG_locked | 1 << PG_error | _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mm-memory-failure-avoid-false-hwpoison-page-mapped-error-info.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: memory-failure: avoid false hwpoison page mapped error info has been removed from the -mm tree. Its filename was mm-memory-failure-avoid-false-hwpoison-page-mapped-error-info.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm: memory-failure: avoid false hwpoison page mapped error info Date: Thu, 27 Jul 2023 19:56:42 +0800 folio->_mapcount is overloaded in SLAB, so folio_mapped() has to be done after folio_test_slab() is checked. Otherwise slab folio might be treated as a mapped folio leading to false 'Someone maps the hwpoison page' error info. Link: https://lkml.kernel.org/r/20230727115643.639741-4-linmiaohe@huawei.com Fixes: 230ac719c500 ("mm/hwpoison: don't try to unpoison containment-failed pages") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Acked-by: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-avoid-false-hwpoison-page-mapped-error-info +++ a/mm/memory-failure.c @@ -2499,6 +2499,13 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } + if (folio_test_slab(folio) || PageTable(&folio->page) || folio_test_reserved(folio)) + goto unlock_mutex; + + /* + * Note that folio->_mapcount is overloaded in SLAB, so the simple test + * in folio_mapped() has to be done after folio_test_slab() is checked. + */ if (folio_mapped(folio)) { unpoison_pr_info("Unpoison: Someone maps the hwpoison page %#lx\n", pfn, &unpoison_rs); @@ -2511,9 +2518,6 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } - if (folio_test_slab(folio) || PageTable(&folio->page) || folio_test_reserved(folio)) - goto unlock_mutex; - ghp = get_hwpoison_page(p, MF_UNPOISON); if (!ghp) { if (PageHuge(p)) { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-mm_initc-update-obsolete-comment-in-get_pfn_range_for_nid.patch mm-memory-failure-fix-unexpected-return-value-in-soft_offline_page.patch mm-memory-failure-fix-potential-page-refcnt-leak-in-memory_failure.patch mm-memory-failure-remove-unneeded-page-state-check-in-shake_page.patch memory-tier-use-helper-function-destroy_memory_type.patch mm-memory-failure-remove-unneeded-inline-annotation.patch mm-mm_initc-remove-obsolete-macro-hash_small.patch mm-page_alloc-avoid-false-page-outside-zone-error-info.patch memory-tier-rename-destroy_memory_type-to-put_memory_type.patch mm-remove-obsolete-comment-above-struct-per_cpu_pages.patch mm-memcg-minor-cleanup-for-mem_cgroup_id_max.patch mm-memory-failure-remove-unneeded-pagehuge-check.patch mm-memory-failure-ensure-moving-hwpoison-flag-to-the-raw-error-pages.patch mm-memory-failure-dont-account-hwpoison_filter-filtered-pages.patch mm-memory-failure-use-local-variable-huge-to-check-hugetlb-page.patch mm-memory-failure-remove-unneeded-header-files.patch mm-memory-failure-minor-cleanup-for-comments-and-codestyle.patch mm-memory-failure-fetch-compound-head-after-extra-page-refcnt-is-held.patch mm-memory-failure-fix-race-window-when-trying-to-get-hugetlb-folio.patch mm-huge_memory-use-rmap_none-when-calling-page_add_anon_rmap.patch mm-memcg-fix-obsolete-comment-above-mem_cgroup_max_reclaim_loops.patch mm-memcg-minor-cleanup-for-mc_handle_present_pte.patch memory-tier-use-helper-macro-__attr_rw.patch mm-fix-obsolete-function-name-above-debug_pagealloc_enabled_static.patch mm-mprotect-fix-obsolete-function-name-in-change_pte_range.patch mm-memcg-fix-obsolete-function-name-in-mem_cgroup_protection.patch mm-memory-failure-add-pageoffline-check.patch mm-page_alloc-avoid-unneeded-alike_pages-calculation.patch mm-memcg-update-obsolete-comment-above-parent_mem_cgroup.patch mm-page_alloc-remove-unneeded-variable-base.patch mm-memcg-fix-wrong-function-name-above-obj_cgroup_charge_zswap.patch

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mm-memory-failure-fix-potential-unexpected-return-value-from-unpoison_memory.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: memory-failure: fix potential unexpected return value from unpoison_memory() has been removed from the -mm tree. Its filename was mm-memory-failure-fix-potential-unexpected-return-value-from-unpoison_memory.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm: memory-failure: fix potential unexpected return value from unpoison_memory() Date: Thu, 27 Jul 2023 19:56:41 +0800 If unpoison_memory() fails to clear page hwpoisoned flag, return value ret is expected to be -EBUSY. But when get_hwpoison_page() returns 1 and fails to clear page hwpoisoned flag due to races, return value will be unexpected 1 leading to users being confused. And there's a code smell that the variable "ret" is used not only to save the return value of unpoison_memory(), but also the return value from get_hwpoison_page(). Make a further cleanup by using another auto-variable solely to save the return value of get_hwpoison_page() as suggested by Naoya. Link: https://lkml.kernel.org/r/20230727115643.639741-3-linmiaohe@huawei.com Fixes: bf181c582588 ("mm/hwpoison: fix unpoison_memory()") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-potential-unexpected-return-value-from-unpoison_memory +++ a/mm/memory-failure.c @@ -2466,7 +2466,7 @@ int unpoison_memory(unsigned long pfn) { struct folio *folio; struct page *p; - int ret = -EBUSY; + int ret = -EBUSY, ghp; unsigned long count = 1; bool huge = false; static DEFINE_RATELIMIT_STATE(unpoison_rs, DEFAULT_RATELIMIT_INTERVAL, @@ -2514,29 +2514,28 @@ int unpoison_memory(unsigned long pfn) if (folio_test_slab(folio) || PageTable(&folio->page) || folio_test_reserved(folio)) goto unlock_mutex; - ret = get_hwpoison_page(p, MF_UNPOISON); - if (!ret) { + ghp = get_hwpoison_page(p, MF_UNPOISON); + if (!ghp) { if (PageHuge(p)) { huge = true; count = folio_free_raw_hwp(folio, false); - if (count == 0) { - ret = -EBUSY; + if (count == 0) goto unlock_mutex; - } } ret = folio_test_clear_hwpoison(folio) ? 0 : -EBUSY; - } else if (ret < 0) { - if (ret == -EHWPOISON) { + } else if (ghp < 0) { + if (ghp == -EHWPOISON) { ret = put_page_back_buddy(p) ? 0 : -EBUSY; - } else + } else { + ret = ghp; unpoison_pr_info("Unpoison: failed to grab page %#lx\n", pfn, &unpoison_rs); + } } else { if (PageHuge(p)) { huge = true; count = folio_free_raw_hwp(folio, false); if (count == 0) { - ret = -EBUSY; folio_put(folio); goto unlock_mutex; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-mm_initc-update-obsolete-comment-in-get_pfn_range_for_nid.patch mm-memory-failure-fix-unexpected-return-value-in-soft_offline_page.patch mm-memory-failure-fix-potential-page-refcnt-leak-in-memory_failure.patch mm-memory-failure-remove-unneeded-page-state-check-in-shake_page.patch memory-tier-use-helper-function-destroy_memory_type.patch mm-memory-failure-remove-unneeded-inline-annotation.patch mm-mm_initc-remove-obsolete-macro-hash_small.patch mm-page_alloc-avoid-false-page-outside-zone-error-info.patch memory-tier-rename-destroy_memory_type-to-put_memory_type.patch mm-remove-obsolete-comment-above-struct-per_cpu_pages.patch mm-memcg-minor-cleanup-for-mem_cgroup_id_max.patch mm-memory-failure-remove-unneeded-pagehuge-check.patch mm-memory-failure-ensure-moving-hwpoison-flag-to-the-raw-error-pages.patch mm-memory-failure-dont-account-hwpoison_filter-filtered-pages.patch mm-memory-failure-use-local-variable-huge-to-check-hugetlb-page.patch mm-memory-failure-remove-unneeded-header-files.patch mm-memory-failure-minor-cleanup-for-comments-and-codestyle.patch mm-memory-failure-fetch-compound-head-after-extra-page-refcnt-is-held.patch mm-memory-failure-fix-race-window-when-trying-to-get-hugetlb-folio.patch mm-huge_memory-use-rmap_none-when-calling-page_add_anon_rmap.patch mm-memcg-fix-obsolete-comment-above-mem_cgroup_max_reclaim_loops.patch mm-memcg-minor-cleanup-for-mc_handle_present_pte.patch memory-tier-use-helper-macro-__attr_rw.patch mm-fix-obsolete-function-name-above-debug_pagealloc_enabled_static.patch mm-mprotect-fix-obsolete-function-name-in-change_pte_range.patch mm-memcg-fix-obsolete-function-name-in-mem_cgroup_protection.patch mm-memory-failure-add-pageoffline-check.patch mm-page_alloc-avoid-unneeded-alike_pages-calculation.patch mm-memcg-update-obsolete-comment-above-parent_mem_cgroup.patch mm-page_alloc-remove-unneeded-variable-base.patch mm-memcg-fix-wrong-function-name-above-obj_cgroup_charge_zswap.patch

1 year, 5 months

1
0
0 0

[merged mm-hotfixes-stable] mm-swapfile-fix-wrong-swap-entry-type-for-hwpoisoned-swapcache-page.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/swapfile: fix wrong swap entry type for hwpoisoned swapcache page has been removed from the -mm tree. Its filename was mm-swapfile-fix-wrong-swap-entry-type-for-hwpoisoned-swapcache-page.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/swapfile: fix wrong swap entry type for hwpoisoned swapcache page Date: Thu, 27 Jul 2023 19:56:40 +0800 Patch series "A few fixup patches for mm", v2. This series contains a few fixup patches to fix potential unexpected return value, fix wrong swap entry type for hwpoisoned swapcache page and so on. More details can be found in the respective changelogs. This patch (of 3): Hwpoisoned dirty swap cache page is kept in the swap cache and there's simple interception code in do_swap_page() to catch it. But when trying to swapoff, unuse_pte() will wrongly install a general sense of "future accesses are invalid" swap entry for hwpoisoned swap cache page due to unaware of such type of page. The user will receive SIGBUS signal without expected BUS_MCEERR_AR payload. BTW, typo 'hwposioned' is fixed. Link: https://lkml.kernel.org/r/20230727115643.639741-1-linmiaohe@huawei.com Link: https://lkml.kernel.org/r/20230727115643.639741-2-linmiaohe@huawei.com Fixes: 6b970599e807 ("mm: hwpoison: support recovery from ksm_might_need_to_copy()") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/ksm.c | 2 ++ mm/swapfile.c | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) --- a/mm/ksm.c~mm-swapfile-fix-wrong-swap-entry-type-for-hwpoisoned-swapcache-page +++ a/mm/ksm.c @@ -2784,6 +2784,8 @@ struct page *ksm_might_need_to_copy(stru anon_vma->root == vma->anon_vma->root) { return page; /* still no need to copy it */ } + if (PageHWPoison(page)) + return ERR_PTR(-EHWPOISON); if (!PageUptodate(page)) return page; /* let do_swap_page report the error */ --- a/mm/swapfile.c~mm-swapfile-fix-wrong-swap-entry-type-for-hwpoisoned-swapcache-page +++ a/mm/swapfile.c @@ -1746,7 +1746,7 @@ static int unuse_pte(struct vm_area_stru struct page *swapcache; spinlock_t *ptl; pte_t *pte, new_pte, old_pte; - bool hwposioned = false; + bool hwpoisoned = PageHWPoison(page); int ret = 1; swapcache = page; @@ -1754,7 +1754,7 @@ static int unuse_pte(struct vm_area_stru if (unlikely(!page)) return -ENOMEM; else if (unlikely(PTR_ERR(page) == -EHWPOISON)) - hwposioned = true; + hwpoisoned = true; pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl); if (unlikely(!pte || !pte_same_as_swp(ptep_get(pte), @@ -1765,11 +1765,11 @@ static int unuse_pte(struct vm_area_stru old_pte = ptep_get(pte); - if (unlikely(hwposioned || !PageUptodate(page))) { + if (unlikely(hwpoisoned || !PageUptodate(page))) { swp_entry_t swp_entry; dec_mm_counter(vma->vm_mm, MM_SWAPENTS); - if (hwposioned) { + if (hwpoisoned) { swp_entry = make_hwpoison_entry(swapcache); page = swapcache; } else { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-mm_initc-update-obsolete-comment-in-get_pfn_range_for_nid.patch mm-memory-failure-fix-unexpected-return-value-in-soft_offline_page.patch mm-memory-failure-fix-potential-page-refcnt-leak-in-memory_failure.patch mm-memory-failure-remove-unneeded-page-state-check-in-shake_page.patch memory-tier-use-helper-function-destroy_memory_type.patch mm-memory-failure-remove-unneeded-inline-annotation.patch mm-mm_initc-remove-obsolete-macro-hash_small.patch mm-page_alloc-avoid-false-page-outside-zone-error-info.patch memory-tier-rename-destroy_memory_type-to-put_memory_type.patch mm-remove-obsolete-comment-above-struct-per_cpu_pages.patch mm-memcg-minor-cleanup-for-mem_cgroup_id_max.patch mm-memory-failure-remove-unneeded-pagehuge-check.patch mm-memory-failure-ensure-moving-hwpoison-flag-to-the-raw-error-pages.patch mm-memory-failure-dont-account-hwpoison_filter-filtered-pages.patch mm-memory-failure-use-local-variable-huge-to-check-hugetlb-page.patch mm-memory-failure-remove-unneeded-header-files.patch mm-memory-failure-minor-cleanup-for-comments-and-codestyle.patch mm-memory-failure-fetch-compound-head-after-extra-page-refcnt-is-held.patch mm-memory-failure-fix-race-window-when-trying-to-get-hugetlb-folio.patch mm-huge_memory-use-rmap_none-when-calling-page_add_anon_rmap.patch mm-memcg-fix-obsolete-comment-above-mem_cgroup_max_reclaim_loops.patch mm-memcg-minor-cleanup-for-mc_handle_present_pte.patch memory-tier-use-helper-macro-__attr_rw.patch mm-fix-obsolete-function-name-above-debug_pagealloc_enabled_static.patch mm-mprotect-fix-obsolete-function-name-in-change_pte_range.patch mm-memcg-fix-obsolete-function-name-in-mem_cgroup_protection.patch mm-memory-failure-add-pageoffline-check.patch mm-page_alloc-avoid-unneeded-alike_pages-calculation.patch mm-memcg-update-obsolete-comment-above-parent_mem_cgroup.patch mm-page_alloc-remove-unneeded-variable-base.patch mm-memcg-fix-wrong-function-name-above-obj_cgroup_charge_zswap.patch

1 year, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2023