December 2024 - Linux-stable-mirror

[PATCH 5/8] btrfs: do proper folio cleanup when run_delalloc_nocow() failed

by Qu Wenruo

[BUG] With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crash with the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, start 1146880 end 1253375 len 106496 ret -28 BTRFS error (device dm-3): run_delalloc_nocow failed, start 1146880 end 1253375 len 106496 ret -28 page: refcount:4 mapcount:0 mapping:00000000592787cc index:0x12 pfn:0x10664 aops:btrfs_aops [btrfs] ino:101 dentry name(?):"f1774" flags: 0x2fffff80004028(uptodate|lru|private|node=0|zone=2|lastcpupid=0xfffff) page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio)) ------------[ cut here ]------------ kernel BUG at mm/page-writeback.c:2992! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 2 UID: 0 PID: 3943513 Comm: kworker/u24:15 Tainted: G OE 6.12.0-rc7-custom+ #87 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : folio_clear_dirty_for_io+0x128/0x258 lr : folio_clear_dirty_for_io+0x128/0x258 Call trace: folio_clear_dirty_for_io+0x128/0x258 btrfs_folio_clamp_clear_dirty+0x80/0xd0 [btrfs] __process_folios_contig+0x154/0x268 [btrfs] extent_clear_unlock_delalloc+0x5c/0x80 [btrfs] run_delalloc_nocow+0x5f8/0x760 [btrfs] btrfs_run_delalloc_range+0xa8/0x220 [btrfs] writepage_delalloc+0x230/0x4c8 [btrfs] extent_writepage+0xb8/0x358 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x150 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x88/0xc8 start_delalloc_inodes+0x178/0x3a8 [btrfs] btrfs_start_delalloc_roots+0x174/0x280 [btrfs] shrink_delalloc+0x114/0x280 [btrfs] flush_space+0x250/0x2f8 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x164/0x408 worker_thread+0x25c/0x388 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: 910a8021 a90363f7 a9046bf9 94012379 (d4210000) ---[ end trace 0000000000000000 ]--- [CAUSE] The first two lines of extra debug messages show the problem is caused by the error handling of run_delalloc_nocow(). E.g. we have the following dirtied range (4K blocksize 4K page size): 0 16K 32K |//////////////////////////////////////| | Pre-allocated | And the range [0, 16K) has a preallocated extent. - Enter run_delalloc_nocow() for range [0, 16K) Which found range [0, 16K) is preallocated, can do the proper NOCOW write. - Enter fallback_to_fow() for range [16K, 32K) Since the range [16K, 32K) is not backed by preallocated extent, we have to go COW. - cow_file_range() failed for range [16K, 32K) So cow_file_range() will do the clean up by clearing folio dirty, unlock the folios. Now the folios in range [16K, 32K) is unlocked. - Enter extent_clear_unlock_delalloc() from run_delalloc_nocow() Which is called with PAGE_START_WRITEBACK to start page writeback. But folios can only be marked writeback when it's properly locked, thus this triggered the VM_BUG_ON_FOLIO(). Furthermore there is another hidden but common bug that run_delalloc_nocow() is not clearing the folio dirty flags in its error handling path. This is the common bug shared between run_delalloc_nocow() and cow_file_range(). [FIX] - Clear folio dirty for range [@start, @cur_offset) Introduce a helper, cleanup_dirty_folios(), which will find and lock the folio in the range, clear the dirty flag and start/end the writeback, with the extra handling for the @locked_folio. - Introduce a helper to record the last failed COW range end This is to trace which range we should skip, to avoid double unlocking. - Skip the failed COW range for the error handling Cc: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/inode.c | 93 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 57e9b7deee88..75b7956a7b4c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1961,6 +1961,48 @@ static int can_nocow_file_extent(struct btrfs_path *path, return ret < 0 ? ret : can_nocow; } +static void cleanup_dirty_folios(struct btrfs_inode *inode, + struct folio *locked_folio, + u64 start, u64 end, int error) +{ + struct btrfs_fs_info *fs_info = inode->root->fs_info; + struct address_space *mapping = inode->vfs_inode.i_mapping; + pgoff_t start_index = start >> PAGE_SHIFT; + pgoff_t end_index = end >> PAGE_SHIFT; + u32 len; + + ASSERT(end + 1 - start < U32_MAX); + ASSERT(IS_ALIGNED(start, fs_info->sectorsize) && + IS_ALIGNED(end + 1, fs_info->sectorsize)); + len = end + 1 - start; + + /* + * Handle the locked folio first. + * btrfs_folio_clamp_*() helpers can handle range out of the folio case. + */ + btrfs_folio_clamp_clear_dirty(fs_info, locked_folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, locked_folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, locked_folio, start, len); + + for (pgoff_t index = start_index; index <= end_index; index++) { + struct folio *folio; + + /* Already handled at the beginning. */ + if (index == locked_folio->index) + continue; + folio = __filemap_get_folio(mapping, index, FGP_LOCK, GFP_NOFS); + /* Cache already dropped, no need to do any cleanup. */ + if (IS_ERR(folio)) + continue; + btrfs_folio_clamp_clear_dirty(fs_info, folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, folio, start, len); + folio_unlock(folio); + folio_put(folio); + } + mapping_set_error(mapping, error); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -1976,6 +2018,11 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, struct btrfs_root *root = inode->root; struct btrfs_path *path; u64 cow_start = (u64)-1; + /* + * If not 0, represents the inclusive end of the last fallback_to_cow() + * range. Only for error handling. + */ + u64 cow_end = 0; u64 cur_offset = start; int ret; bool check_prev = true; @@ -2136,6 +2183,7 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, found_key.offset - 1); cow_start = (u64)-1; if (ret) { + cow_end = found_key.offset - 1; btrfs_dec_nocow_writers(nocow_bg); goto error; } @@ -2209,11 +2257,12 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, cow_start = cur_offset; if (cow_start != (u64)-1) { - cur_offset = end; ret = fallback_to_cow(inode, locked_folio, cow_start, end); cow_start = (u64)-1; - if (ret) + if (ret) { + cow_end = end; goto error; + } } btrfs_free_path(path); @@ -2221,12 +2270,42 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, error: /* - * If an error happened while a COW region is outstanding, cur_offset - * needs to be reset to cow_start to ensure the COW region is unlocked - * as well. + * There are several error cases: + * + * 1) Failed without falling back to COW + * start cur_start end + * |/////////////| | + * + * For range [start, cur_start) the folios are already unlocked (except + * @locked_folio), EXTENT_DELALLOC already removed. + * Only need to clear the dirty flag as they will never be submitted. + * Ordered extent and extent maps are handled by + * btrfs_mark_ordered_io_finished() inside run_delalloc_range(). + * + * 2) Failed with error from fallback_to_cow() + * start cur_start cow_end end + * |/////////////|-----------| | + * + * For range [start, cur_start) it's the same as case 1). + * But for range [cur_start, cow_end), the folios have dirty flag + * cleared and unlocked, EXTENT_DEALLLOC cleared. + * There may or may not be any ordered extents/extent maps allocated. + * + * We should not call extent_clear_unlock_delalloc() on range [cur_start, + * cow_end), as the folios are already unlocked. + * + * So clear the folio dirty flags for [start, cur_offset) first. */ - if (cow_start != (u64)-1) - cur_offset = cow_start; + if (cur_offset > start) + cleanup_dirty_folios(inode, locked_folio, start, cur_offset - 1, ret); + + /* + * If an error happened while a COW region is outstanding, cur_offset + * needs to be reset to @cow_end + 1 to skip the COW range, as + * cow_file_range() will do the proper cleanup at error. + */ + if (cow_end) + cur_offset = cow_end + 1; /* * We need to lock the extent here because we're clearing DELALLOC and -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 4/8] btrfs: do proper folio cleanup when cow_file_range() failed

by Qu Wenruo

[BUG] When testing with COW fixup marked as BUG_ON() (this is involved with the new pin_user_pages*() change, which should not result new out-of-band dirty pages), I hit a crash triggered by the BUG_ON() from hitting COW fixup path. This BUG_ON() happens just after a failed btrfs_run_delalloc_range(): BTRFS error (device dm-2): failed to run delalloc range, root 348 ino 405 folio 65536 submit_bitmap 6-15 start 90112 len 106496: -28 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1444! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 0 UID: 0 PID: 434621 Comm: kworker/u24:8 Tainted: G OE 6.12.0-rc7-custom+ #86 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : extent_writepage_io+0x2d4/0x308 [btrfs] lr : extent_writepage_io+0x2d4/0x308 [btrfs] Call trace: extent_writepage_io+0x2d4/0x308 [btrfs] extent_writepage+0x218/0x330 [btrfs] extent_write_cache_pages+0x1d4/0x4b0 [btrfs] btrfs_writepages+0x94/0x150 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x88/0xc8 start_delalloc_inodes+0x180/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x174/0x280 [btrfs] shrink_delalloc+0x114/0x280 [btrfs] flush_space+0x250/0x2f8 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x164/0x408 worker_thread+0x25c/0x388 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: aa1403e1 9402f3ef aa1403e0 9402f36f (d4210000) ---[ end trace 0000000000000000 ]--- [CAUSE] That failure is mostly from cow_file_range(), where we can hit -ENOSPC. Although the -ENOSPC is already a bug related to our space reservation code, let's just focus on the error handling. For example, we have the following dirty range [0, 64K) of an inode, with 4K sector size and 4K page size: 0 16K 32K 48K 64K |///////////////////////////////////////| |#######################################| Where |///| means page are still dirty, and |###| means the extent io tree has EXTENT_DELALLOC flag. - Enter extent_writepage() for page 0 - Enter btrfs_run_delalloc_range() for range [0, 64K) - Enter cow_file_range() for range [0, 64K) - Function btrfs_reserve_extent() only reserved one 16K extent So we created extent map and ordered extent for range [0, 16K) 0 16K 32K 48K 64K |////////|//////////////////////////////| |<- OE ->|##############################| And range [0, 16K) has its delalloc flag cleared. But since we haven't yet submit any bio, involved 4 pages are still dirty. - Function btrfs_reserve_extent() return with -ENOSPC Now we have to run error cleanup, which will clear all EXTENT_DELALLOC* flags and clear the dirty flags for the remaining ranges: 0 16K 32K 48K 64K |////////| | | | | Note that range [0, 16K) still has their pages dirty. - Some time later, writeback are triggered again for the range [0, 16K) since the page range still have dirty flags. - btrfs_run_delalloc_range() will do nothing because there is no EXTENT_DELALLOC flag. - extent_writepage_io() find page 0 has no ordered flag Which falls into the COW fixup path, triggering the BUG_ON(). Unfortunately this error handling bug dates back to the introduction of btrfs. Thankfully with the abuse of cow fixup, at least it won't crash the kernel. [FIX] Instead of immediately unlock the extent and folios, we keep the extent and folios locked until either erroring out or the whole delalloc range finished. When the whole delalloc range finished without error, we just unlock the whole range with PAGE_SET_ORDERED (and PAGE_UNLOCK for !keep_locked cases), with EXTENT_DELALLOC and EXTENT_LOCKED cleared. And those involved folios will be properly submitted, with their dirty flags cleared during submission. For the error path, it will be a little more complex: - The range with ordered extent allocated (range (1)) We only clear the EXTENT_DELALLOC and EXTENT_LOCKED, as the remaining flags are cleaned up by btrfs_mark_ordered_io_finished()->btrfs_finish_one_ordered(). For folios we finish the IO (clear dirty, start writeback and immediately finish the writeback) and unlock the folios. - The range with reserved extent but no ordered extent (range(2)) - The range we never touched (range(3)) For both range (2) and range(3) the behavior is not changed. Now even if cow_file_range() failed halfway with some successfully reserved extents/ordered extents, we will keep all folios clean, so there will be no future writeback triggered on them. Cc: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/inode.c | 65 ++++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 33 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index aee172abad1c..57e9b7deee88 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1364,6 +1364,17 @@ static noinline int cow_file_range(struct btrfs_inode *inode, alloc_hint = btrfs_get_extent_allocation_hint(inode, start, num_bytes); + /* + * We're not doing compressed IO, don't unlock the first page + * (which the caller expects to stay locked), don't clear any + * dirty bits and don't set any writeback bits + * + * Do set the Ordered (Private2) bit so we know this page was + * properly setup for writepage. + */ + page_ops = (keep_locked ? 0 : PAGE_UNLOCK); + page_ops |= PAGE_SET_ORDERED; + /* * Relocation relies on the relocated extents to have exactly the same * size as the original extents. Normally writeback for relocation data @@ -1423,6 +1434,10 @@ static noinline int cow_file_range(struct btrfs_inode *inode, file_extent.offset = 0; file_extent.compression = BTRFS_COMPRESS_NONE; + /* + * Locked range will be released either during error clean up or + * after the whole range is finished. + */ lock_extent(&inode->io_tree, start, start + cur_alloc_size - 1, &cached); @@ -1468,21 +1483,6 @@ static noinline int cow_file_range(struct btrfs_inode *inode, btrfs_dec_block_group_reservations(fs_info, ins.objectid); - /* - * We're not doing compressed IO, don't unlock the first page - * (which the caller expects to stay locked), don't clear any - * dirty bits and don't set any writeback bits - * - * Do set the Ordered flag so we know this page was - * properly setup for writepage. - */ - page_ops = (keep_locked ? 0 : PAGE_UNLOCK); - page_ops |= PAGE_SET_ORDERED; - - extent_clear_unlock_delalloc(inode, start, start + cur_alloc_size - 1, - locked_folio, &cached, - EXTENT_LOCKED | EXTENT_DELALLOC, - page_ops); if (num_bytes < cur_alloc_size) num_bytes = 0; else @@ -1499,6 +1499,9 @@ static noinline int cow_file_range(struct btrfs_inode *inode, if (ret) goto out_unlock; } + extent_clear_unlock_delalloc(inode, orig_start, end, locked_folio, &cached, + EXTENT_LOCKED | EXTENT_DELALLOC, + page_ops); done: if (done_offset) *done_offset = end; @@ -1519,35 +1522,31 @@ static noinline int cow_file_range(struct btrfs_inode *inode, * We process each region below. */ - clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC | EXTENT_DELALLOC_NEW | - EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV; - page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; - /* * For the range (1). We have already instantiated the ordered extents * for this region. They are cleaned up by * btrfs_cleanup_ordered_extents() in e.g, - * btrfs_run_delalloc_range(). EXTENT_LOCKED | EXTENT_DELALLOC are - * already cleared in the above loop. And, EXTENT_DELALLOC_NEW | - * EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV are handled by the cleanup - * function. + * btrfs_run_delalloc_range(). + * EXTENT_DELALLOC_NEW | EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV + * are also handled by the cleanup function. * - * However, in case of @keep_locked, we still need to unlock the pages - * (except @locked_folio) to ensure all the pages are unlocked. + * So here we only clear EXTENT_LOCKED and EXTENT_DELALLOC flag, + * and finish the writeback of the involved folios, which will be + * never submitted. */ - if (keep_locked && orig_start < start) { + if (orig_start < start) { + clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC; + page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; + if (!locked_folio) mapping_set_error(inode->vfs_inode.i_mapping, ret); extent_clear_unlock_delalloc(inode, orig_start, start - 1, - locked_folio, NULL, 0, page_ops); + locked_folio, NULL, clear_bits, page_ops); } - /* - * At this point we're unlocked, we want to make sure we're only - * clearing these flags under the extent lock, so lock the rest of the - * range and clear everything up. - */ - lock_extent(&inode->io_tree, start, end, NULL); + clear_bits = EXTENT_LOCKED | EXTENT_DELALLOC | EXTENT_DELALLOC_NEW | + EXTENT_DEFRAG | EXTENT_CLEAR_META_RESV; + page_ops = PAGE_UNLOCK | PAGE_START_WRITEBACK | PAGE_END_WRITEBACK; /* * For the range (2). If we reserved an extent for our delalloc range -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 2/8] btrfs: fix double accounting race when extent_writepage_io() failed

by Qu Wenruo

[BUG] If submit_one_sector() failed inside extent_writepage_io() for sector size < page size cases (e.g. 4K sector size and 64K page size), then we can hit double ordered extent accounting error. This should be very rare, as submit_one_sector() only fails when we failed to grab the extent map, and such extent map should exist inside the memory and have been pinned. [CAUSE] For example we have the following folio layout: 0 4K 32K 48K 60K 64K |//| |//////| |///| Where |///| is the dirty range we need to writeback. The 3 different dirty ranges are submitted for regular COW. Now we hit the following sequence: - submit_one_sector() returned 0 for [0, 4K) - submit_one_sector() returned 0 for [32K, 48K) - submit_one_sector() returned error for [60K, 64K) - btrfs_mark_ordered_io_finished() called for the whole folio This will mark the following ranges as finished: * [0, 4K) * [32K, 48K) Both ranges have their IO already submitted, this cleanup will lead to double accounting. * [60K, 64K) That's the correct cleanup. The only good news is, this error is only theoretical, as the target extent map is always pinned, thus we should directly grab it from memory, other than reading it from the disk. [FIX] Instead of calling btrfs_mark_ordered_io_finished() for the whole folio range, which can touch ranges we should not touch, instead move the error handling inside extent_writepage_io(). So that we can cleanup exact sectors that are ought to be submitted but failed. This provide much more accurate cleanup, avoiding the double accounting. Cc: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 417c710c55ca..b6a4f1765b4c 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1418,6 +1418,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_fs_info *fs_info = inode->root->fs_info; unsigned long range_bitmap = 0; bool submitted_io = false; + bool error = false; const u64 folio_start = folio_pos(folio); u64 cur; int bit; @@ -1460,11 +1461,21 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, break; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); - if (ret < 0) - goto out; + if (unlikely(ret < 0)) { + submit_one_bio(bio_ctrl); + /* + * Failed to grab the extent map which should be very rare. + * Since there is no bio submitted to finish the ordered + * extent, we have to manually finish this sector. + */ + btrfs_mark_ordered_io_finished(inode, folio, cur, + fs_info->sectorsize, false); + error = true; + continue; + } submitted_io = true; } -out: + /* * If we didn't submitted any sector (>= i_size), folio dirty get * cleared but PAGECACHE_TAG_DIRTY is not cleared (only cleared @@ -1472,8 +1483,11 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * * Here we set writeback and clear for the range. If the full folio * is no longer dirty then we clear the PAGECACHE_TAG_DIRTY tag. + * + * If we hit any error, the corresponding sector will still be dirty + * thus no need to clear PAGECACHE_TAG_DIRTY. */ - if (!submitted_io) { + if (!submitted_io && !error) { btrfs_folio_set_writeback(fs_info, folio, start, len); btrfs_folio_clear_writeback(fs_info, folio, start, len); } @@ -1493,7 +1507,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl { struct inode *inode = folio->mapping->host; struct btrfs_fs_info *fs_info = inode_to_fs_info(inode); - const u64 page_start = folio_pos(folio); int ret; size_t pg_offset; loff_t i_size = i_size_read(inode); @@ -1536,10 +1549,6 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl bio_ctrl->wbc->nr_to_write--; - if (ret) - btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, - page_start, PAGE_SIZE, !ret); - done: if (ret < 0) mapping_set_error(folio->mapping, ret); @@ -2319,11 +2328,8 @@ void extent_write_locked_range(struct inode *inode, const struct folio *locked_f if (ret == 1) goto next_page; - if (ret) { - btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, - cur, cur_len, !ret); + if (ret) mapping_set_error(mapping, ret); - } btrfs_folio_end_lock(fs_info, folio, cur, cur_len); if (ret < 0) found_error = true; -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 1/8] btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

by Qu Wenruo

[BUG] There are several double accounting case, where the WARN_ON_ONCE() is triggered inside can_finish_ordered_extent(). And all such cases points back to the btrfs_mark_ordered_io_finished() call inside extent_writepage() when it hits some error. [CAUSE] With extra debug patches to show where the error is from, it turns out to be btrfs_run_delalloc_range() can fail with -ENOSPC. Such failure itself is already a symptom of some bad data/metadata space reservation, but here we need to focus on the error handling part. For example, we have the following dirty page layout (4K sector size and 4K page size): 0 16K 32K |/////|/////|/////|/////|/////|/////|/////|/////| Where the range [0, 32K) is dirty and we need to write all the 8 pages back. When handling the first page 0, we go the following sequence: - btrfs_run_delalloc_range() for range [0, 32k) We enter cow_file_range() for [0, 32K) - btrfs_reserve_extent() only returned a 16K data extent. This can be caused by fragmentation, and it's already an indication we're almost running of space. Now we have the following layout: 0 16K 32K |<----- Reserved ------>|/////|/////|/////|/////| The range [0, 16K) has ordered extent allocated. - btrfs_reserve_extent() returned -ENOSPC We really run out of space. But since we have reserved space for range [0, 16K) we need to clean them up. But that cleanup for ordered extent only happens inside btrfs_run_delalloc_range(). - btrfs_run_delalloc_range() cleanup the reserved ordered extent By calling btrfs_mark_ordered_io_finished() for range [0, 32K). It will locate the ordered extent [0, 16K) and mark it as IOERR. Also since the ordered extent is only 16K, we're finishing the whole ordered extent. Thus we call btrfs_queue_ordered_fn() to queue to finish the ordered extent. But still, the ordered extent [0, 16K) is still in the btrfs_inode::ordered_tree. - extent_writepage() cleanup the ordered extent inside the folio We call btrfs_mark_ordered_io_finished() for range [0, 4K). Since the finished ordered extent [0, 16K) is not yet removed (racy, depends on when btrfs_finish_one_ordered() is called), if btrfs_mark_ordered_io_finished() is called before btrfs_finish_one_ordered(), we will double account and trigger the warning inside can_finish_ordered_extent(). So the root cause is, we're relying on btrfs_mark_ordered_io_finished() to handle ranges which is already cleaned up. Unfortunately the bug dates back to the early days when btrfs_mark_ordered_io_finished() is introduced as a no-brain choice for error paths, but such no-brain solution just hides all the race and make us less cautious when handling errors. [FIX] Instead of relying on the btrfs_mark_ordered_io_finished() call to cleanup the whole folio range, record the last successfully ran delalloc range. And combined with bio_ctrl->submit_bitmap to properly clean up any newly created ordered extents. Since we have cleaned up the ordered extents in range, we should not rely on the btrfs_mark_ordered_io_finished() inside extent_writepage() anymore. By this, we ensure btrfs_mark_ordered_io_finished() is only called once when writepage_delalloc() failed. Cc: stable(a)vger.kernel.org # 5.15+ Fixes: e65f152e4348 ("btrfs: refactor how we finish ordered extent io for endio functions") Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_io.c | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 9725ff7f274d..417c710c55ca 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1167,6 +1167,12 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, * last delalloc end. */ u64 last_delalloc_end = 0; + /* + * Save the last successfully ran delalloc range end (exclusive). + * This is for error handling to avoid ranges with ordered extent created + * but no IO will be submitted due to error. + */ + u64 last_finished = page_start; u64 delalloc_start = page_start; u64 delalloc_end = page_end; u64 delalloc_to_write = 0; @@ -1235,11 +1241,19 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, found_len = last_delalloc_end + 1 - found_start; if (ret >= 0) { + /* + * Some delalloc range may be created by previous folios. + * Thus we still need to clean those range up during error + * handling. + */ + last_finished = found_start; /* No errors hit so far, run the current delalloc range. */ ret = btrfs_run_delalloc_range(inode, folio, found_start, found_start + found_len - 1, wbc); + if (ret >= 0) + last_finished = found_start + found_len; } else { /* * We've hit an error during previous delalloc range, @@ -1274,8 +1288,21 @@ static noinline_for_stack int writepage_delalloc(struct btrfs_inode *inode, delalloc_start = found_start + found_len; } - if (ret < 0) + /* + * It's possible we have some ordered extents created before we hit + * an error, cleanup non-async successfully created delalloc ranges. + */ + if (unlikely(ret < 0)) { + unsigned int bitmap_size = min( + (last_finished - page_start) >> fs_info->sectorsize_bits, + fs_info->sectors_per_page); + + for_each_set_bit(bit, &bio_ctrl->submit_bitmap, bitmap_size) + btrfs_mark_ordered_io_finished(inode, folio, + page_start + (bit << fs_info->sectorsize_bits), + fs_info->sectorsize, false); return ret; + } out: if (last_delalloc_end) delalloc_end = last_delalloc_end; @@ -1509,13 +1536,13 @@ static int extent_writepage(struct folio *folio, struct btrfs_bio_ctrl *bio_ctrl bio_ctrl->wbc->nr_to_write--; -done: - if (ret) { + if (ret) btrfs_mark_ordered_io_finished(BTRFS_I(inode), folio, page_start, PAGE_SIZE, !ret); - mapping_set_error(folio->mapping, ret); - } +done: + if (ret < 0) + mapping_set_error(folio->mapping, ret); /* * Only unlock ranges that are submitted. As there can be some async * submitted ranges inside the folio. -- 2.47.1

4 months, 3 weeks

1
0
0 0

[PATCH 6.12 000/146] 6.12.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.4 release. There are 146 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 08 Dec 2024 14:34:52 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.4-rc1 Frederic Weisbecker <frederic(a)kernel.org> posix-timers: Target group sigqueue to current task only if not exiting Ovidiu Bunea <Ovidiu.Bunea(a)amd.com> drm/amd/display: Remove PIPE_DTO_SRC_SEL programming from set_dtbclk_dto Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: update pipe selection policy to check head pipe Joshua Aberback <joshua.aberback(a)amd.com> drm/amd/display: Fix handling of plane refcount Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Remove arcturus min power limit Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: disable pcie speed switching on Intel platform for smu v14.0.2/3 Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix initialization mistake for NBIO 7.11 devices Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: skip setting the power source on smu v14.0.2/3 Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu: fix usage slab after free Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add some missing straps from NBIO 7.11.0 Kenneth Feng <kenneth.feng(a)amd.com> drm/amdgpu/pm: add gen5 display to the user on smu v14.0.2/3 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdkfd: Use the correct wptr size Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: fix race around suspend_pending Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: use XE_BO_FLAG_PAGETABLE Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/radeon: Delay Connector detecting when HPD singals is unstable" Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: fix pat index usage Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/xe/xe_guc_ads: save/restore OA registers and allowlist regs Steffen Dirkwinkel <s.dirkwinkel(a)beckhoff.com> drm: xlnx: zynqmp_dpsub: fix hotplug detection Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: flush shader L1 cache after user commandstream Chen-Yu Tsai <wenst(a)chromium.org> drm/bridge: it6505: Fix inverted reset polarity Javier Carrasco <javier.carrasco.cruz(a)gmail.com> drm/mediatek: Fix child node refcount handling in early exit Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Select FB_DEFERRED_IO Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da-h3: Remove unused num_init_cmds structure member Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check Lyude Paul <lyude(a)redhat.com> drm/panic: Fix uninitialized spinlock acquisition with CONFIG_DRM_PANIC=n Francesco Dolcini <francesco.dolcini(a)toradex.com> net: fec: make PPS channel configurable Francesco Dolcini <francesco.dolcini(a)toradex.com> net: fec: refactor PPS channel configuration Francesco Dolcini <francesco.dolcini(a)toradex.com> dt-bindings: net: fec: add pps channel property Carlos Llamas <cmllamas(a)google.com> binder: add delivered_freeze to debugfs output Carlos Llamas <cmllamas(a)google.com> binder: fix memleak of proc->delivered_freeze Carlos Llamas <cmllamas(a)google.com> binder: allow freeze notification for dead nodes Carlos Llamas <cmllamas(a)google.com> binder: fix BINDER_WORK_CLEAR_FREEZE_NOTIFICATION debug logs Carlos Llamas <cmllamas(a)google.com> binder: fix BINDER_WORK_FROZEN_BINDER debug logs Carlos Llamas <cmllamas(a)google.com> binder: fix freeze UAF in binder_release_work() Carlos Llamas <cmllamas(a)google.com> binder: fix OOB in binder_add_freeze_work() Carlos Llamas <cmllamas(a)google.com> binder: fix node UAF in binder_add_freeze_work() Nathan Chancellor <nathan(a)kernel.org> powerpc: Adjust adding stack protector flags to KBUILD_CLAGS for clang Nathan Chancellor <nathan(a)kernel.org> powerpc: Fix stack protector Kconfig test for clang Zicheng Qu <quzicheng(a)huawei.com> iio: gts: fix infinite loop for gain_to_scaletables() Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer Zicheng Qu <quzicheng(a)huawei.com> iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: invensense: fix multiple odr switch when FIFO is off Matti Vaittinen <mazziesaccount(a)gmail.com> iio: accel: kx022a: Fix raw read format Yang Erkun <yangerkun(a)huawei.com> nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur Yang Erkun <yangerkun(a)huawei.com> nfsd: make sure exp active before svc_export_show Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip-ep: Fix address translation unit programming Andrea della Porta <andrea.porta(a)suse.com> PCI: of_property: Assign PCI instead of CPU bus address to dynamic PCI nodes Niklas Cassel <cassel(a)kernel.org> PCI: dwc: ep: Fix advertised resizable BAR size regression Yuan Can <yuancan(a)huawei.com> dm thin: Add missing destroy_work_on_stack() Ssuhung Yeh <ssuhung(a)gmail.com> dm: Fix typo in error message Adrian Huang <ahuang12(a)lenovo.com> mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation Oleksandr Tymoshenko <ovt(a)google.com> ovl: properly handle large files in ovl_security_fileattr Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error paths Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int3400: Fix reading of current_uuid for active policy Jiri Olsa <jolsa(a)kernel.org> fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful iov_iter_zero Geert Uytterhoeven <geert(a)linux-m68k.org> slab: Fix too strict alignment check in create_cache() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() Kishon Vijay Abraham I <kishon(a)kernel.org> PCI: keystone: Add link up check to ks_pcie_other_map_bus() Kishon Vijay Abraham I <kishon(a)kernel.org> PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix possible assignment of the same address to two devices Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() Jinjie Ruan <ruanjinjie(a)huawei.com> i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Fix hibern8 notify callbacks Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() Heiko Carstens <hca(a)linux.ibm.com> s390/stacktrace: Use break instead of return statement Alexandru Ardelean <aardelean(a)baylibre.com> util_macros.h: fix/rework find_closest() macros Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spinand: winbond: Fix 512GW and 02JW OOB layout Max Kellermann <max.kellermann(a)ionos.com> ceph: fix cred leak in ceph_mds_check_access() Max Kellermann <max.kellermann(a)ionos.com> ceph: pass cred pointer to ceph_mds_auth_match() Patrick Donnelly <pdonnell(a)redhat.com> ceph: extract entity name from device id Chao Yu <chao(a)kernel.org> f2fs: fix to drop all discards after creating snapshot on lvm device yuan.gao <yuan.gao(a)ucloud.cn> mm/slub: Avoid list corruption when removing a slab from the full list Stefan Eichenberger <stefan.eichenberger(a)toradex.com> PCI: imx6: Fix suspend/resume support on i.MX6QDL Balaji Pothunoori <quic_bpothuno(a)quicinc.com> remoteproc: qcom_q6v5_pas: disable auto boot for wpss Xu Yang <xu.yang_2(a)nxp.com> perf jevents: fix breakage when do perf stat on system metric Qiang Yu <quic_qianyu(a)quicinc.com> PCI: qcom: Disable ASPM L0s for X1E80100 Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> vfio/qat: fix overflow check in qat_vf_resume_write() Choong Yong Liang <yong.liang.choong(a)linux.intel.com> net: stmmac: set initial EEE policy configuration Linus Walleij <linus.walleij(a)linaro.org> ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire() Linus Walleij <linus.walleij(a)linaro.org> ARM: 9430/1: entry: Do a dummy read from VMAP shadow Vasily Gorbik <gor(a)linux.ibm.com> s390/entry: Mark IRQ entries to fix stack depot warnings Linus Walleij <linus.walleij(a)linaro.org> ARM: 9429/1: ioremap: Sync PGDs for VMALLOC shadow Javier Carrasco <javier.carrasco.cruz(a)gmail.com> spmi: pmic-arb: fix return path in for_each_available_child_of_node() Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Stop trying to optimize cycle detection logic Marek Vasut <marex(a)denx.de> nvmem: core: Check read_only flag for force_ro in bin_attr_nvmem_write() Zicheng Qu <quzicheng(a)huawei.com> ad7780: fix division by zero in ad7780_write_raw() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-qcs404: fix initial rate of GPLL3 Sibi Sankar <quic_sibis(a)quicinc.com> cpufreq: scmi: Fix cleanup path when boost enablement fails Nathan Chancellor <nathan(a)kernel.org> powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit files with clang Zheng Yejian <zhengyejian(a)huaweicloud.com> mm/damon/vaddr: fix issue in damon_va_evenly_split_region() Michal Vokáč <michal.vokac(a)ysoft.com> leds: lp55xx: Remove redundant test for invalid channel number Pratyush Brahma <quic_pbrahma(a)quicinc.com> iommu/arm-smmu: Defer probe of clients after smmu device bound Mostafa Saleh <smostafa(a)google.com> iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: clear IDLE flag after recompression MengEn Sun <mengensun(a)tencent.com> vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event guoweikang <guoweikang.kernel(a)gmail.com> ftrace: Fix regression with module command in stack_trace_filter Wei Yang <richard.weiyang(a)gmail.com> maple_tree: refine mas_store_root() on storing NULL Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: Filter invalid inodes with missing lookup function Jinjie Ruan <ruanjinjie(a)huawei.com> kunit: string-stream: Fix a UAF bug in kunit_init_suite() Zichen Xie <zichenxie0106(a)gmail.com> kunit: Fix potential null dereference in kunit_device_driver_test() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: Fix function timing profiler to initialize hashtable Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> media: uvcvideo: Require entities to have a non-zero unique ID Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Stop stream during unregister Gaosheng Cui <cuigaosheng1(a)huawei.com> media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: ov08x40: Fix burst write sequence Jinjie Ruan <ruanjinjie(a)huawei.com> media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() Jinjie Ruan <ruanjinjie(a)huawei.com> media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled Jinjie Ruan <ruanjinjie(a)huawei.com> media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled Romain Gantois <romain.gantois(a)bootlin.com> net: phy: dp83869: fix status reporting for 1000base-x autonegotiation Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Free correct pointer on failure Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available Li Zetao <lizetao1(a)huawei.com> media: ts2020: fix null-ptr-deref in ts2020_probe() Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: av1: Fix reference video buffer pointer assignment John Keeping <jkeeping(a)inmusicbrands.com> media: platform: rga: fix 32-bit DMA limitation Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Ensure power suppliers be suspended before detach them Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: tc358743: Fix crash in the probe error path when using polling Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay Jinjie Ruan <ruanjinjie(a)huawei.com> media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled Guoqing Jiang <guoqing.jiang(a)canonical.com> media: mtk-jpeg: Fix null-ptr-deref during unload module Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Set video drvdata before register video device Ming Qian <ming.qian(a)nxp.com> media: amphion: Set video drvdata before register video device Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: fix error path on configuration of power domains Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-corsola: Fix IT6505 reset line polarity Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: ti: k3-am62-verdin: Fix SD regulator startup delay Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-corsola: Fix GPU supply coupling max-spread Dragan Simic <dsimic(a)manjaro.org> arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer Yuan Can <yuancan(a)huawei.com> md/md-bitmap: Add missing destroy_work_on_stack() Xiao Ni <xni(a)redhat.com> md/raid5: Wait sync io to finish before changing group cnt Daniel Borkmann <daniel(a)iogearbox.net> netkit: Add option for scrubbing skb meta data Will Deacon <will(a)kernel.org> iommu/tegra241-cmdqv: Fix unused variable warning Filipe Manana <fdmanana(a)suse.com> btrfs: ref-verify: fix use-after-free after invalid ref action Lizhi Xu <lizhi.xu(a)windriver.com> btrfs: add a sanity check for btrfs root in btrfs_search_slot() Filipe Manana <fdmanana(a)suse.com> btrfs: don't loop for nowait writes when checking for cross references Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix use-after-free in btrfs_encoded_read_endio() Mark Harmstone <maharmstone(a)fb.com> btrfs: move priv off stack in btrfs_encoded_read_regular_fill_pages() Mark Harmstone <maharmstone(a)fb.com> btrfs: change btrfs_encoded_read() so that reading of extent is done by caller David Sterba <dsterba(a)suse.com> btrfs: drop unused parameter file_offset from btrfs_encoded_read_regular_fill_pages() Ojaswin Mujoo <ojaswin(a)linux.ibm.com> quota: flush quota_release_work upon quota writeback Long Li <leo.lilong(a)huawei.com> xfs: remove unknown compat feature check in superblock write validation ------------- Diffstat: Documentation/devicetree/bindings/net/fsl,fec.yaml | 7 ++ Makefile | 4 +- arch/arm/kernel/entry-armv.S | 8 ++ arch/arm/mm/ioremap.c | 35 ++++++- .../boot/dts/allwinner/sun50i-a64-pinephone.dtsi | 3 + arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8mp-verdin.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 6 +- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 +- arch/powerpc/Kconfig | 4 +- arch/powerpc/Makefile | 13 +-- arch/powerpc/kernel/vdso/Makefile | 8 +- arch/s390/kernel/entry.S | 4 + arch/s390/kernel/kprobes.c | 6 ++ arch/s390/kernel/stacktrace.c | 2 +- drivers/android/binder.c | 64 ++++++++++--- drivers/base/core.c | 55 +++++------ drivers/block/zram/zram_drv.c | 7 ++ drivers/clk/qcom/gcc-qcs404.c | 1 + drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/firmware/efi/libstub/efi-stub.c | 2 +- drivers/gpu/drm/Kconfig | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 +- drivers/gpu/drm/amd/amdgpu/nbio_v7_11.c | 9 ++ drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 3 + .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 15 +-- .../amd/display/dc/dml2/dml2_dc_resource_mgmt.c | 23 ++++- .../amd/include/asic_reg/nbio/nbio_7_11_0_offset.h | 2 + .../include/asic_reg/nbio/nbio_7_11_0_sh_mask.h | 13 +++ drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 8 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v14_0.h | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 6 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 2 + drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 37 ++++++-- drivers/gpu/drm/bridge/ite-it6505.c | 8 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 3 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 1 - drivers/gpu/drm/radeon/radeon_connectors.c | 10 -- drivers/gpu/drm/sti/sti_cursor.c | 3 + drivers/gpu/drm/sti/sti_gdp.c | 3 + drivers/gpu/drm/sti/sti_hqvdp.c | 3 + drivers/gpu/drm/xe/xe_guc_ads.c | 14 +++ drivers/gpu/drm/xe/xe_guc_submit.c | 17 +++- drivers/gpu/drm/xe/xe_migrate.c | 6 +- drivers/gpu/drm/xlnx/zynqmp_kms.c | 4 +- drivers/i3c/master.c | 2 +- drivers/i3c/master/svc-i3c-master.c | 39 +++++--- drivers/iio/accel/kionix-kx022a.c | 2 +- drivers/iio/adc/ad7780.c | 2 +- drivers/iio/adc/ad7923.c | 4 +- .../iio/common/inv_sensors/inv_sensors_timestamp.c | 4 + drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 2 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 3 - drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 1 - drivers/iio/industrialio-gts-helper.c | 2 +- drivers/iio/inkern.c | 2 +- drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu.c | 11 +++ drivers/iommu/io-pgtable-arm.c | 18 +++- drivers/leds/flash/leds-mt6360.c | 3 +- drivers/leds/leds-lp55xx-common.c | 3 - drivers/md/dm-thin.c | 1 + drivers/md/md-bitmap.c | 1 + drivers/md/persistent-data/dm-space-map-common.c | 2 +- drivers/md/raid5.c | 4 + drivers/media/dvb-frontends/ts2020.c | 8 +- drivers/media/i2c/dw9768.c | 10 +- drivers/media/i2c/ov08x40.c | 33 ++++++- drivers/media/i2c/tc358743.c | 4 +- drivers/media/platform/allegro-dvt/allegro-core.c | 4 +- drivers/media/platform/amphion/vpu_drv.c | 2 +- drivers/media/platform/amphion/vpu_v4l2.c | 2 +- .../media/platform/mediatek/jpeg/mtk_jpeg_core.c | 10 ++ .../media/platform/mediatek/jpeg/mtk_jpeg_dec_hw.c | 11 --- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 19 ++-- drivers/media/platform/qcom/venus/core.c | 2 +- drivers/media/platform/rockchip/rga/rga.c | 2 +- .../media/platform/samsung/exynos4-is/media-dev.h | 5 +- .../verisilicon/rockchip_vpu981_hw_av1_dec.c | 3 +- drivers/media/usb/gspca/ov534.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 102 +++++++++++++++------ drivers/mtd/nand/spi/winbond.c | 16 ++-- drivers/net/ethernet/freescale/fec_ptp.c | 11 ++- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 + drivers/net/netkit.c | 68 +++++++++++--- drivers/net/phy/dp83869.c | 20 +++- drivers/nvmem/core.c | 2 +- drivers/pci/controller/dwc/pci-imx6.c | 57 +++++++++--- drivers/pci/controller/dwc/pci-keystone.c | 12 +++ drivers/pci/controller/dwc/pcie-designware-ep.c | 2 +- drivers/pci/controller/dwc/pcie-qcom.c | 2 +- drivers/pci/controller/pcie-rockchip-ep.c | 16 +++- drivers/pci/controller/pcie-rockchip.h | 4 + drivers/pci/endpoint/pci-epc-core.c | 11 +-- drivers/pci/of_property.c | 2 +- drivers/remoteproc/qcom_q6v5_pas.c | 2 +- drivers/spmi/spmi-pmic-arb.c | 3 +- .../intel/int340x_thermal/int3400_thermal.c | 2 +- drivers/ufs/host/ufs-exynos.c | 23 +++-- drivers/vfio/pci/qat/main.c | 2 +- fs/btrfs/btrfs_inode.h | 12 ++- fs/btrfs/ctree.c | 6 +- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/inode.c | 94 ++++++++++--------- fs/btrfs/ioctl.c | 32 ++++++- fs/btrfs/ref-verify.c | 1 + fs/btrfs/send.c | 2 +- fs/ceph/mds_client.c | 7 +- fs/ceph/super.c | 10 +- fs/f2fs/segment.c | 16 ++-- fs/f2fs/super.c | 12 +++ fs/nfsd/export.c | 5 +- fs/nfsd/nfs4state.c | 19 ++++ fs/overlayfs/inode.c | 7 +- fs/overlayfs/util.c | 3 + fs/proc/kcore.c | 1 + fs/quota/dquot.c | 2 + fs/xfs/libxfs/xfs_sb.c | 7 -- include/drm/drm_panic.h | 14 +++ include/linux/kasan.h | 12 ++- include/linux/util_macros.h | 56 +++++++---- include/uapi/linux/if_link.h | 15 +++ kernel/signal.c | 9 +- kernel/trace/ftrace.c | 7 ++ lib/kunit/debugfs.c | 5 +- lib/kunit/kunit-test.c | 2 + lib/maple_tree.c | 13 ++- mm/damon/tests/vaddr-kunit.h | 1 + mm/damon/vaddr.c | 4 +- mm/kasan/shadow.c | 14 ++- mm/slab.h | 5 + mm/slab_common.c | 2 +- mm/slub.c | 9 +- mm/vmalloc.c | 34 +++++-- mm/vmstat.c | 1 + tools/perf/pmu-events/empty-pmu-events.c | 12 +-- tools/perf/pmu-events/jevents.py | 12 +-- 143 files changed, 1071 insertions(+), 434 deletions(-)

4 months, 3 weeks

10
156
0 0

[stable-kernel-only][5.15.y][5.10.y][PATCH] serial: sc16is7xx: the reg needs to shift in regmap_noinc

by Hui Wang

Recently we found the fifo_read() and fifo_write() are broken in our 5.15 and 5.4 kernels after cherry-pick the commit e635f652696e ("serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO"), that is because the reg needs to shift if we don't cherry-pick a prerequiste commit 3837a0379533 ("serial: sc16is7xx: improve regmap debugfs by using one regmap per port"). Here fix it by shifting the reg as regmap_volatile() does. Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- drivers/tty/serial/sc16is7xx.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index d274a847c6ab..87e34099f369 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -487,7 +487,14 @@ static bool sc16is7xx_regmap_precious(struct device *dev, unsigned int reg) static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) { - return reg == SC16IS7XX_RHR_REG; + switch (reg >> SC16IS7XX_REG_SHIFT) { + case SC16IS7XX_RHR_REG: + return true; + default: + break; + } + + return false; } /* -- 2.34.1

4 months, 3 weeks

4
4
0 0

[PATCH v3] x86/hyper-v: Fix hv tsc page based sched_clock for hibernation

by Naman Jain

read_hv_sched_clock_tsc() assumes that the Hyper-V clock counter is bigger than the variable hv_sched_clock_offset, which is cached during early boot, but depending on the timing this assumption may be false when a hibernated VM starts again (the clock counter starts from 0 again) and is resuming back (Note: hv_init_tsc_clocksource() is not called during hibernation/resume); consequently, read_hv_sched_clock_tsc() may return a negative integer (which is interpreted as a huge positive integer since the return type is u64) and new kernel messages are prefixed with huge timestamps before read_hv_sched_clock_tsc() grows big enough (which typically takes several seconds). Fix the issue by saving the Hyper-V clock counter just before the suspend, and using it to correct the hv_sched_clock_offset in resume. This makes hv tsc page based sched_clock continuous and ensures that post resume, it starts from where it left off during suspend. Override x86_platform.save_sched_clock_state and x86_platform.restore_sched_clock_state routines to correct this as soon as possible. Note: if Invariant TSC is available, the issue doesn't happen because 1) we don't register read_hv_sched_clock_tsc() for sched clock: See commit e5313f1c5404 ("clocksource/drivers/hyper-v: Rework clocksource and sched clock setup"); 2) the common x86 code adjusts TSC similarly: see __restore_processor_state() -> tsc_verify_tsc_adjust(true) and x86_platform.restore_sched_clock_state(). Cc: stable(a)vger.kernel.org Fixes: 1349401ff1aa ("clocksource/drivers/hyper-v: Suspend/resume Hyper-V clocksource for hibernation") Co-developed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> --- Changes from v2: https://lore.kernel.org/all/20240911045632.3757-1-namjain@linux.microsoft.c… Addressed Michael's comments: * Changed commit msg to include information on making timestamps continuous * Changed subject to reflect the new file being changed * Changed variable name for saving offset/counters * Moved comment on new function introduced from header file to function definition. * Removed the equations in comments * Rebased to latest linux-next tip Changes from v1: https://lore.kernel.org/all/20240909053923.8512-1-namjain@linux.microsoft.c… * Reorganized code as per Michael's comment, and moved the logic to x86 specific files, to keep hyperv_timer.c arch independent. --- arch/x86/kernel/cpu/mshyperv.c | 58 ++++++++++++++++++++++++++++++ drivers/clocksource/hyperv_timer.c | 14 +++++++- include/clocksource/hyperv_timer.h | 2 ++ 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index ead967479fa6..e8e25d6e64cd 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -224,6 +224,63 @@ static void hv_machine_crash_shutdown(struct pt_regs *regs) hyperv_cleanup(); } #endif /* CONFIG_CRASH_DUMP */ + +static u64 hv_ref_counter_at_suspend; +static void (*old_save_sched_clock_state)(void); +static void (*old_restore_sched_clock_state)(void); + +/* + * Hyper-V clock counter resets during hibernation. Save and restore clock + * offset during suspend/resume, while also considering the time passed + * before suspend. This is to make sure that sched_clock using hv tsc page + * based clocksource, proceeds from where it left off during suspend and + * it shows correct time for the timestamps of kernel messages after resume. + */ +static void save_hv_clock_tsc_state(void) +{ + hv_ref_counter_at_suspend = hv_read_reference_counter(); +} + +static void restore_hv_clock_tsc_state(void) +{ + /* + * Adjust the offsets used by hv tsc clocksource to + * account for the time spent before hibernation. + * adjusted value = reference counter (time) at suspend + * - reference counter (time) now. + */ + hv_adj_sched_clock_offset(hv_ref_counter_at_suspend - hv_read_reference_counter()); +} + +/* + * Functions to override save_sched_clock_state and restore_sched_clock_state + * functions of x86_platform. The Hyper-V clock counter is reset during + * suspend-resume and the offset used to measure time needs to be + * corrected, post resume. + */ +static void hv_save_sched_clock_state(void) +{ + old_save_sched_clock_state(); + save_hv_clock_tsc_state(); +} + +static void hv_restore_sched_clock_state(void) +{ + restore_hv_clock_tsc_state(); + old_restore_sched_clock_state(); +} + +static void __init x86_setup_ops_for_tsc_pg_clock(void) +{ + if (!(ms_hyperv.features & HV_MSR_REFERENCE_TSC_AVAILABLE)) + return; + + old_save_sched_clock_state = x86_platform.save_sched_clock_state; + x86_platform.save_sched_clock_state = hv_save_sched_clock_state; + + old_restore_sched_clock_state = x86_platform.restore_sched_clock_state; + x86_platform.restore_sched_clock_state = hv_restore_sched_clock_state; +} #endif /* CONFIG_HYPERV */ static uint32_t __init ms_hyperv_platform(void) @@ -590,6 +647,7 @@ static void __init ms_hyperv_init_platform(void) /* Register Hyper-V specific clocksource */ hv_init_clocksource(); + x86_setup_ops_for_tsc_pg_clock(); hv_vtl_init_platform(); #endif /* diff --git a/drivers/clocksource/hyperv_timer.c b/drivers/clocksource/hyperv_timer.c index 99177835cade..b39dee7b93af 100644 --- a/drivers/clocksource/hyperv_timer.c +++ b/drivers/clocksource/hyperv_timer.c @@ -27,7 +27,8 @@ #include <asm/mshyperv.h> static struct clock_event_device __percpu *hv_clock_event; -static u64 hv_sched_clock_offset __ro_after_init; +/* Note: offset can hold negative values after hibernation. */ +static u64 hv_sched_clock_offset __read_mostly; /* * If false, we're using the old mechanism for stimer0 interrupts @@ -470,6 +471,17 @@ static void resume_hv_clock_tsc(struct clocksource *arg) hv_set_msr(HV_MSR_REFERENCE_TSC, tsc_msr.as_uint64); } +/* + * Called during resume from hibernation, from overridden + * x86_platform.restore_sched_clock_state routine. This is to adjust offsets + * used to calculate time for hv tsc page based sched_clock, to account for + * time spent before hibernation. + */ +void hv_adj_sched_clock_offset(u64 offset) +{ + hv_sched_clock_offset -= offset; +} + #ifdef HAVE_VDSO_CLOCKMODE_HVCLOCK static int hv_cs_enable(struct clocksource *cs) { diff --git a/include/clocksource/hyperv_timer.h b/include/clocksource/hyperv_timer.h index 6cdc873ac907..aa5233b1eba9 100644 --- a/include/clocksource/hyperv_timer.h +++ b/include/clocksource/hyperv_timer.h @@ -38,6 +38,8 @@ extern void hv_remap_tsc_clocksource(void); extern unsigned long hv_get_tsc_pfn(void); extern struct ms_hyperv_tsc_page *hv_get_tsc_page(void); +extern void hv_adj_sched_clock_offset(u64 offset); + static __always_inline bool hv_read_tsc_page_tsc(const struct ms_hyperv_tsc_page *tsc_pg, u64 *cur_tsc, u64 *time) base-commit: a430d95c5efa2b545d26a094eb5f624e36732af0 -- 2.34.1

4 months, 3 weeks

3
3
0 0

[PATCH] tools: hv: Fix a complier warning in the fcopy uio daemon

by Dexuan Cui

hv_fcopy_uio_daemon.c:436:53: warning: '%s' directive output may be truncated writing up to 14 bytes into a region of size 10 [-Wformat-truncation=] 436 | snprintf(uio_dev_path, sizeof(uio_dev_path), "/dev/%s", uio_name); Also added 'static' for the array 'desc[]'. Fixes: 82b0945ce2c2 ("tools: hv: Add new fcopy application based on uio driver") Cc: stable(a)vger.kernel.org # 6.10+ Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- tools/hv/hv_fcopy_uio_daemon.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tools/hv/hv_fcopy_uio_daemon.c b/tools/hv/hv_fcopy_uio_daemon.c index 3ce316cc9f97..f7741af08a79 100644 --- a/tools/hv/hv_fcopy_uio_daemon.c +++ b/tools/hv/hv_fcopy_uio_daemon.c @@ -35,8 +35,6 @@ #define WIN8_SRV_MINOR 1 #define WIN8_SRV_VERSION (WIN8_SRV_MAJOR << 16 | WIN8_SRV_MINOR) -#define MAX_FOLDER_NAME 15 -#define MAX_PATH_LEN 15 #define FCOPY_UIO "/sys/bus/vmbus/devices/eb765408-105f-49b6-b4aa-c123b64d17d4/uio" #define FCOPY_VER_COUNT 1 @@ -51,7 +49,7 @@ static const int fw_versions[] = { #define HV_RING_SIZE 0x4000 /* 16KB ring buffer size */ -unsigned char desc[HV_RING_SIZE]; +static unsigned char desc[HV_RING_SIZE]; static int target_fd; static char target_fname[PATH_MAX]; @@ -402,8 +400,8 @@ int main(int argc, char *argv[]) struct vmbus_br txbr, rxbr; void *ring; uint32_t len = HV_RING_SIZE; - char uio_name[MAX_FOLDER_NAME] = {0}; - char uio_dev_path[MAX_PATH_LEN] = {0}; + char uio_name[NAME_MAX] = {0}; + char uio_dev_path[PATH_MAX] = {0}; static struct option long_options[] = { {"help", no_argument, 0, 'h' }, -- 2.25.1

4 months, 3 weeks

3
5
0 0

[PATCH 1/2] drm/amd/display: Skip Invalid Streams from DSC Policy

by Alex Deucher

From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Streams with invalid new connector state should be elimiated from dsc policy. Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3405 Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 9afeda04964281e9f708b92c2a9c4f8a1387b46e) Cc: stable(a)vger.kernel.org --- .../drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index a08e8a0b696c..f756640048fe 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -1120,6 +1120,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int i, k, ret; bool debugfs_overwrite = false; uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); + struct drm_connector_state *new_conn_state; memset(params, 0, sizeof(params)); @@ -1127,7 +1128,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, return PTR_ERR(mst_state); /* Set up params */ - DRM_DEBUG_DRIVER("%s: MST_DSC Set up params for %d streams\n", __func__, dc_state->stream_count); + DRM_DEBUG_DRIVER("%s: MST_DSC Try to set up params from %d streams\n", __func__, dc_state->stream_count); for (i = 0; i < dc_state->stream_count; i++) { struct dc_dsc_policy dsc_policy = {0}; @@ -1143,6 +1144,14 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (!aconnector->mst_output_port) continue; + new_conn_state = drm_atomic_get_new_connector_state(state, &aconnector->base); + + if (!new_conn_state) { + DRM_DEBUG_DRIVER("%s:%d MST_DSC Skip the stream 0x%p with invalid new_conn_state\n", + __func__, __LINE__, stream); + continue; + } + stream->timing.flags.DSC = 0; params[count].timing = &stream->timing; @@ -1175,6 +1184,8 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, count++; } + DRM_DEBUG_DRIVER("%s: MST_DSC Params set up for %d streams\n", __func__, count); + if (count == 0) { ASSERT(0); return 0; -- 2.47.0

4 months, 3 weeks

4
6
0 0

FAILED: patch "[PATCH] mm/damon/vaddr: fix issue in damon_va_evenly_split_region()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f3c7a1ede435e2e45177d7a490a85fb0a0ec96d1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-postcard-cringe-b986@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f3c7a1ede435e2e45177d7a490a85fb0a0ec96d1 Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian(a)huaweicloud.com> Date: Tue, 22 Oct 2024 16:39:26 +0800 Subject: [PATCH] mm/damon/vaddr: fix issue in damon_va_evenly_split_region() Patch series "mm/damon/vaddr: Fix issue in damon_va_evenly_split_region()". v2. According to the logic of damon_va_evenly_split_region(), currently following split case would not meet the expectation: Suppose DAMON_MIN_REGION=0x1000, Case: Split [0x0, 0x3000) into 2 pieces, then the result would be acutually 3 regions: [0x0, 0x1000), [0x1000, 0x2000), [0x2000, 0x3000) but NOT the expected 2 regions: [0x0, 0x1000), [0x1000, 0x3000) !!! The root cause is that when calculating size of each split piece in damon_va_evenly_split_region(): `sz_piece = ALIGN_DOWN(sz_orig / nr_pieces, DAMON_MIN_REGION);` both the dividing and the ALIGN_DOWN may cause loss of precision, then each time split one piece of size 'sz_piece' from origin 'start' to 'end' would cause more pieces are split out than expected!!! To fix it, count for each piece split and make sure no more than 'nr_pieces'. In addition, add above case into damon_test_split_evenly(). And add 'nr_piece == 1' check in damon_va_evenly_split_region() for better code readability and add a corresponding kunit testcase. This patch (of 2): According to the logic of damon_va_evenly_split_region(), currently following split case would not meet the expectation: Suppose DAMON_MIN_REGION=0x1000, Case: Split [0x0, 0x3000) into 2 pieces, then the result would be acutually 3 regions: [0x0, 0x1000), [0x1000, 0x2000), [0x2000, 0x3000) but NOT the expected 2 regions: [0x0, 0x1000), [0x1000, 0x3000) !!! The root cause is that when calculating size of each split piece in damon_va_evenly_split_region(): `sz_piece = ALIGN_DOWN(sz_orig / nr_pieces, DAMON_MIN_REGION);` both the dividing and the ALIGN_DOWN may cause loss of precision, then each time split one piece of size 'sz_piece' from origin 'start' to 'end' would cause more pieces are split out than expected!!! To fix it, count for each piece split and make sure no more than 'nr_pieces'. In addition, add above case into damon_test_split_evenly(). After this patch, damon-operations test passed: # ./tools/testing/kunit/kunit.py run damon-operations [...] ============== damon-operations (6 subtests) =============== [PASSED] damon_test_three_regions_in_vmas [PASSED] damon_test_apply_three_regions1 [PASSED] damon_test_apply_three_regions2 [PASSED] damon_test_apply_three_regions3 [PASSED] damon_test_apply_three_regions4 [PASSED] damon_test_split_evenly ================ [PASSED] damon-operations ================= Link: https://lkml.kernel.org/r/20241022083927.3592237-1-zhengyejian@huaweicloud.… Link: https://lkml.kernel.org/r/20241022083927.3592237-2-zhengyejian@huaweicloud.… Fixes: 3f49584b262c ("mm/damon: implement primitives for the virtual memory address spaces") Signed-off-by: Zheng Yejian <zhengyejian(a)huaweicloud.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Fernand Sieber <sieberf(a)amazon.com> Cc: Leonard Foerster <foersleo(a)amazon.de> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Ye Weihua <yeweihua4(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/damon/tests/vaddr-kunit.h b/mm/damon/tests/vaddr-kunit.h index 3dad8dfd9005..fcdccb614fd8 100644 --- a/mm/damon/tests/vaddr-kunit.h +++ b/mm/damon/tests/vaddr-kunit.h @@ -300,6 +300,7 @@ static void damon_test_split_evenly(struct kunit *test) damon_test_split_evenly_fail(test, 0, 100, 0); damon_test_split_evenly_succ(test, 0, 100, 10); damon_test_split_evenly_succ(test, 5, 59, 5); + damon_test_split_evenly_succ(test, 0, 3, 2); damon_test_split_evenly_fail(test, 5, 6, 2); } diff --git a/mm/damon/vaddr.c b/mm/damon/vaddr.c index 821990d0141a..86f612fbf886 100644 --- a/mm/damon/vaddr.c +++ b/mm/damon/vaddr.c @@ -67,6 +67,7 @@ static int damon_va_evenly_split_region(struct damon_target *t, unsigned long sz_orig, sz_piece, orig_end; struct damon_region *n = NULL, *next; unsigned long start; + unsigned int i; if (!r || !nr_pieces) return -EINVAL; @@ -80,8 +81,7 @@ static int damon_va_evenly_split_region(struct damon_target *t, r->ar.end = r->ar.start + sz_piece; next = damon_next_region(r); - for (start = r->ar.end; start + sz_piece <= orig_end; - start += sz_piece) { + for (start = r->ar.end, i = 1; i < nr_pieces; start += sz_piece, i++) { n = damon_new_region(start, start + sz_piece); if (!n) return -ENOMEM;

4 months, 3 weeks

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2024