- Linux-stable-mirror - lists.linaro.org

[linux-stable-rc CI] Test report for 4.14.226-rc1/x86

by hulkrobot＠huawei.com

Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Branch: linux-4.14.y Arch: x86 Version: 4.14.226-rc1 Commit: 0088e727abadbf182f6ea2066ef2ccbd46d8f290 Compiler: gcc version 7.3.0 (GCC) -------------------------------------------------------------------- All testcases PASSED. -------------------------------------------------------------------- Testcase Result Summary: total_num: 4728 succeed_num: 4728 failed_num: 0 timeout_num: 0 -------------------------------------------------------------------- Tested-by: Hulk Robot <hulkrobot(a)huawei.com>

4 years, 7 months

1
0
0 0

[PATCH v2 1/2] gcov: fix clang-11+ support

by Nick Desaulniers

LLVM changed the expected function signatures for llvm_gcda_start_file() and llvm_gcda_emit_function() in the clang-11 release. Users of clang-11 or newer may have noticed their kernels failing to boot due to a panic when enabling CONFIG_GCOV_KERNEL=y +CONFIG_GCOV_PROFILE_ALL=y. Fix up the function signatures so calling these functions doesn't panic the kernel. Link: https://reviews.llvm.org/rGcdd683b516d147925212724b09ec6fb792a40041 Link: https://reviews.llvm.org/rG13a633b438b6500ecad9e4f936ebadf3411d0f44 Cc: stable(a)vger.kernel.org # 5.4 Reported-by: Prasad Sodagudi <psodagud(a)quicinc.com> Suggested-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Fangrui Song <maskray(a)google.com> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> Tested-by: Nathan Chancellor <nathan(a)kernel.org> --- Changes V1 -> V2: * Use CONFIG_CLANG_VERSION instead of __clang_major__. * Pick up and retain Suggested-by, Tested-by, and Reviewed-by tags. * Drop note from commit message about `git blame`; I did what was sugguested in V1, but it still looks to git like I wrote those functions. Oh well. kernel/gcov/clang.c | 69 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/kernel/gcov/clang.c b/kernel/gcov/clang.c index c94b820a1b62..8743150db2ac 100644 --- a/kernel/gcov/clang.c +++ b/kernel/gcov/clang.c @@ -75,7 +75,9 @@ struct gcov_fn_info { u32 num_counters; u64 *counters; +#if CONFIG_CLANG_VERSION < 110000 const char *function_name; +#endif }; static struct gcov_info *current_info; @@ -105,6 +107,7 @@ void llvm_gcov_init(llvm_gcov_callback writeout, llvm_gcov_callback flush) } EXPORT_SYMBOL(llvm_gcov_init); +#if CONFIG_CLANG_VERSION < 110000 void llvm_gcda_start_file(const char *orig_filename, const char version[4], u32 checksum) { @@ -113,7 +116,17 @@ void llvm_gcda_start_file(const char *orig_filename, const char version[4], current_info->checksum = checksum; } EXPORT_SYMBOL(llvm_gcda_start_file); +#else +void llvm_gcda_start_file(const char *orig_filename, u32 version, u32 checksum) +{ + current_info->filename = orig_filename; + current_info->version = version; + current_info->checksum = checksum; +} +EXPORT_SYMBOL(llvm_gcda_start_file); +#endif +#if CONFIG_CLANG_VERSION < 110000 void llvm_gcda_emit_function(u32 ident, const char *function_name, u32 func_checksum, u8 use_extra_checksum, u32 cfg_checksum) { @@ -133,6 +146,24 @@ void llvm_gcda_emit_function(u32 ident, const char *function_name, list_add_tail(&info->head, &current_info->functions); } EXPORT_SYMBOL(llvm_gcda_emit_function); +#else +void llvm_gcda_emit_function(u32 ident, u32 func_checksum, + u8 use_extra_checksum, u32 cfg_checksum) +{ + struct gcov_fn_info *info = kzalloc(sizeof(*info), GFP_KERNEL); + + if (!info) + return; + + INIT_LIST_HEAD(&info->head); + info->ident = ident; + info->checksum = func_checksum; + info->use_extra_checksum = use_extra_checksum; + info->cfg_checksum = cfg_checksum; + list_add_tail(&info->head, &current_info->functions); +} +EXPORT_SYMBOL(llvm_gcda_emit_function); +#endif void llvm_gcda_emit_arcs(u32 num_counters, u64 *counters) { @@ -295,6 +326,7 @@ void gcov_info_add(struct gcov_info *dst, struct gcov_info *src) } } +#if CONFIG_CLANG_VERSION < 110000 static struct gcov_fn_info *gcov_fn_info_dup(struct gcov_fn_info *fn) { size_t cv_size; /* counter values size */ @@ -322,6 +354,28 @@ static struct gcov_fn_info *gcov_fn_info_dup(struct gcov_fn_info *fn) kfree(fn_dup); return NULL; } +#else +static struct gcov_fn_info *gcov_fn_info_dup(struct gcov_fn_info *fn) +{ + size_t cv_size; /* counter values size */ + struct gcov_fn_info *fn_dup = kmemdup(fn, sizeof(*fn), + GFP_KERNEL); + if (!fn_dup) + return NULL; + INIT_LIST_HEAD(&fn_dup->head); + + cv_size = fn->num_counters * sizeof(fn->counters[0]); + fn_dup->counters = vmalloc(cv_size); + if (!fn_dup->counters) { + kfree(fn_dup); + return NULL; + } + + memcpy(fn_dup->counters, fn->counters, cv_size); + + return fn_dup; +} +#endif /** * gcov_info_dup - duplicate profiling data set @@ -362,6 +416,7 @@ struct gcov_info *gcov_info_dup(struct gcov_info *info) * gcov_info_free - release memory for profiling data set duplicate * @info: profiling data set duplicate to free */ +#if CONFIG_CLANG_VERSION < 110000 void gcov_info_free(struct gcov_info *info) { struct gcov_fn_info *fn, *tmp; @@ -375,6 +430,20 @@ void gcov_info_free(struct gcov_info *info) kfree(info->filename); kfree(info); } +#else +void gcov_info_free(struct gcov_info *info) +{ + struct gcov_fn_info *fn, *tmp; + + list_for_each_entry_safe(fn, tmp, &info->functions, head) { + vfree(fn->counters); + list_del(&fn->head); + kfree(fn); + } + kfree(info->filename); + kfree(info); +} +#endif #define ITER_STRIDE PAGE_SIZE base-commit: f78d76e72a4671ea52d12752d92077788b4f5d50 -- 2.31.0.rc2.261.g7f71774620-goog

4 years, 7 months

3
2
0 0

[merged] zram-fix-broken-page-writeback.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: zram: fix broken page writeback has been removed from the -mm tree. Its filename was zram-fix-broken-page-writeback.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Minchan Kim <minchan(a)kernel.org> Subject: zram: fix broken page writeback commit 0d8359620d9b ("zram: support page writeback") introduced two problems. It overwrites writeback_store's return value as kstrtol's return value, which makes return value zero so user could see zero as return value of write syscall even though it wrote data successfully. It also breaks index value in the loop in that it doesn't increase the index any longer. It means it can write only first starting block index so user couldn't write all idle pages in the zram so lose memory saving chance. This patch fixes those issues. Link: https://lkml.kernel.org/r/20210312173949.2197662-2-minchan@kernel.org Fixes: 0d8359620d9b("zram: support page writeback") Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Amos Bianchi <amosbianchi(a)google.com> Cc: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Cc: John Dias <joaodias(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-broken-page-writeback +++ a/drivers/block/zram/zram_drv.c @@ -638,8 +638,8 @@ static ssize_t writeback_store(struct de if (strncmp(buf, PAGE_WB_SIG, sizeof(PAGE_WB_SIG) - 1)) return -EINVAL; - ret = kstrtol(buf + sizeof(PAGE_WB_SIG) - 1, 10, &index); - if (ret || index >= nr_pages) + if (kstrtol(buf + sizeof(PAGE_WB_SIG) - 1, 10, &index) || + index >= nr_pages) return -EINVAL; nr_pages = 1; @@ -663,7 +663,7 @@ static ssize_t writeback_store(struct de goto release_init_lock; } - while (nr_pages--) { + for (; nr_pages != 0; index++, nr_pages--) { struct bio_vec bvec; bvec.bv_page = page; _ Patches currently in -mm which might be from minchan(a)kernel.org are mm-remove-lru_add_drain_all-in-alloc_contig_range.patch mm-page_alloc-dump-migrate-failed-pages.patch mm-vmstat-add-cma-statistics.patch mm-cma-support-sysfs.patch

4 years, 7 months

1
0
0 0

[merged] zram-fix-return-value-on-writeback_store.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: zram: fix return value on writeback_store has been removed from the -mm tree. Its filename was zram-fix-return-value-on-writeback_store.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Minchan Kim <minchan(a)kernel.org> Subject: zram: fix return value on writeback_store writeback_store's return value is overwritten by submit_bio_wait's return value. Thus, writeback_store will return zero since there was no IO error. In the end, write syscall from userspace will see the zero as return value, which could make the process stall to keep trying the write until it will succeed. Link: https://lkml.kernel.org/r/20210312173949.2197662-1-minchan@kernel.org Fixes: 3b82a051c101("drivers/block/zram/zram_drv.c: fix error return codes not being returned in writeback_store") Signed-off-by: Minchan Kim <minchan(a)kernel.org> Cc: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Cc: Colin Ian King <colin.king(a)canonical.com> Cc: John Dias <joaodias(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-return-value-on-writeback_store +++ a/drivers/block/zram/zram_drv.c @@ -627,7 +627,7 @@ static ssize_t writeback_store(struct de struct bio_vec bio_vec; struct page *page; ssize_t ret = len; - int mode; + int mode, err; unsigned long blk_idx = 0; if (sysfs_streq(buf, "idle")) @@ -728,12 +728,17 @@ static ssize_t writeback_store(struct de * XXX: A single page IO would be inefficient for write * but it would be not bad as starter. */ - ret = submit_bio_wait(&bio); - if (ret) { + err = submit_bio_wait(&bio); + if (err) { zram_slot_lock(zram, index); zram_clear_flag(zram, index, ZRAM_UNDER_WB); zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); + /* + * Return last IO error unless every IO were + * not suceeded. + */ + ret = err; continue; } _ Patches currently in -mm which might be from minchan(a)kernel.org are mm-remove-lru_add_drain_all-in-alloc_contig_range.patch mm-page_alloc-dump-migrate-failed-pages.patch mm-vmstat-add-cma-statistics.patch mm-cma-support-sysfs.patch

4 years, 7 months

1
0
0 0

[merged] mm-memcg-set-memcg-when-split-page.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/memcg: set memcg when splitting page has been removed from the -mm tree. Its filename was mm-memcg-set-memcg-when-split-page.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Zhou Guanghui <zhouguanghui1(a)huawei.com> Subject: mm/memcg: set memcg when splitting page As described in the split_page() comment, for the non-compound high order page, the sub-pages must be freed individually. If the memcg of the first page is valid, the tail pages cannot be uncharged when be freed. For example, when alloc_pages_exact is used to allocate 1MB continuous physical memory, 2MB is charged(kmemcg is enabled and __GFP_ACCOUNT is set). When make_alloc_exact free the unused 1MB and free_pages_exact free the applied 1MB, actually, only 4KB(one page) is uncharged. Therefore, the memcg of the tail page needs to be set when splitting a page. Michel: There are at least two explicit users of __GFP_ACCOUNT with alloc_exact_pages added recently. See 7efe8ef274024 ("KVM: arm64: Allocate stage-2 pgd pages with GFP_KERNEL_ACCOUNT") and c419621873713 ("KVM: s390: Add memcg accounting to KVM allocations"), so this is not just a theoretical issue. Link: https://lkml.kernel.org/r/20210304074053.65527-3-zhouguanghui1@huawei.com Signed-off-by: Zhou Guanghui <zhouguanghui1(a)huawei.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Hanjun Guo <guohanjun(a)huawei.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Rui Xiang <rui.xiang(a)huawei.com> Cc: Tianhong Ding <dingtianhong(a)huawei.com> Cc: Weilong Chen <chenweilong(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/page_alloc.c~mm-memcg-set-memcg-when-split-page +++ a/mm/page_alloc.c @@ -3314,6 +3314,7 @@ void split_page(struct page *page, unsig for (i = 1; i < (1 << order); i++) set_page_refcounted(page + i); split_page_owner(page, 1 << order); + split_page_memcg(page, 1 << order); } EXPORT_SYMBOL_GPL(split_page); _ Patches currently in -mm which might be from zhouguanghui1(a)huawei.com are

4 years, 7 months

1
0
0 0

[merged] mm-memcg-rename-mem_cgroup_split_huge_fixup-to-split_page_memcg.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg and add nr_pages argument has been removed from the -mm tree. Its filename was mm-memcg-rename-mem_cgroup_split_huge_fixup-to-split_page_memcg.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Zhou Guanghui <zhouguanghui1(a)huawei.com> Subject: mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg and add nr_pages argument Rename mem_cgroup_split_huge_fixup to split_page_memcg and explicitly pass in page number argument. In this way, the interface name is more common and can be used by potential users. In addition, the complete info(memcg and flag) of the memcg needs to be set to the tail pages. Link: https://lkml.kernel.org/r/20210304074053.65527-2-zhouguanghui1@huawei.com Signed-off-by: Zhou Guanghui <zhouguanghui1(a)huawei.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Hanjun Guo <guohanjun(a)huawei.com> Cc: Tianhong Ding <dingtianhong(a)huawei.com> Cc: Weilong Chen <chenweilong(a)huawei.com> Cc: Rui Xiang <rui.xiang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/memcontrol.h | 6 ++---- mm/huge_memory.c | 2 +- mm/memcontrol.c | 15 ++++++--------- 3 files changed, 9 insertions(+), 14 deletions(-) --- a/include/linux/memcontrol.h~mm-memcg-rename-mem_cgroup_split_huge_fixup-to-split_page_memcg +++ a/include/linux/memcontrol.h @@ -1061,9 +1061,7 @@ static inline void memcg_memory_event_mm rcu_read_unlock(); } -#ifdef CONFIG_TRANSPARENT_HUGEPAGE -void mem_cgroup_split_huge_fixup(struct page *head); -#endif +void split_page_memcg(struct page *head, unsigned int nr); #else /* CONFIG_MEMCG */ @@ -1400,7 +1398,7 @@ unsigned long mem_cgroup_soft_limit_recl return 0; } -static inline void mem_cgroup_split_huge_fixup(struct page *head) +static inline void split_page_memcg(struct page *head, unsigned int nr) { } --- a/mm/huge_memory.c~mm-memcg-rename-mem_cgroup_split_huge_fixup-to-split_page_memcg +++ a/mm/huge_memory.c @@ -2467,7 +2467,7 @@ static void __split_huge_page(struct pag int i; /* complete memcg works before add pages to LRU */ - mem_cgroup_split_huge_fixup(head); + split_page_memcg(head, nr); if (PageAnon(head) && PageSwapCache(head)) { swp_entry_t entry = { .val = page_private(head) }; --- a/mm/memcontrol.c~mm-memcg-rename-mem_cgroup_split_huge_fixup-to-split_page_memcg +++ a/mm/memcontrol.c @@ -3287,24 +3287,21 @@ void obj_cgroup_uncharge(struct obj_cgro #endif /* CONFIG_MEMCG_KMEM */ -#ifdef CONFIG_TRANSPARENT_HUGEPAGE /* - * Because page_memcg(head) is not set on compound tails, set it now. + * Because page_memcg(head) is not set on tails, set it now. */ -void mem_cgroup_split_huge_fixup(struct page *head) +void split_page_memcg(struct page *head, unsigned int nr) { struct mem_cgroup *memcg = page_memcg(head); int i; - if (mem_cgroup_disabled()) + if (mem_cgroup_disabled() || !memcg) return; - for (i = 1; i < HPAGE_PMD_NR; i++) { - css_get(&memcg->css); - head[i].memcg_data = (unsigned long)memcg; - } + for (i = 1; i < nr; i++) + head[i].memcg_data = head->memcg_data; + css_get_many(&memcg->css, nr - 1); } -#endif /* CONFIG_TRANSPARENT_HUGEPAGE */ #ifdef CONFIG_MEMCG_SWAP /** _ Patches currently in -mm which might be from zhouguanghui1(a)huawei.com are

4 years, 7 months

1
0
0 0

[merged] mm-userfaultfd-fix-memory-corruption-due-to-writeprotect.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/userfaultfd: fix memory corruption due to writeprotect has been removed from the -mm tree. Its filename was mm-userfaultfd-fix-memory-corruption-due-to-writeprotect.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Nadav Amit <namit(a)vmware.com> Subject: mm/userfaultfd: fix memory corruption due to writeprotect Userfaultfd self-test fails occasionally, indicating a memory corruption. Analyzing this problem indicates that there is a real bug since mmap_lock is only taken for read in mwriteprotect_range() and defers flushes, and since there is insufficient consideration of concurrent deferred TLB flushes in wp_page_copy(). Although the PTE is flushed from the TLBs in wp_page_copy(), this flush takes place after the copy has already been performed, and therefore changes of the page are possible between the time of the copy and the time in which the PTE is flushed. To make matters worse, memory-unprotection using userfaultfd also poses a problem. Although memory unprotection is logically a promotion of PTE permissions, and therefore should not require a TLB flush, the current userrfaultfd code might actually cause a demotion of the architectural PTE permission: when userfaultfd_writeprotect() unprotects memory region, it unintentionally *clears* the RW-bit if it was already set. Note that this unprotecting a PTE that is not write-protected is a valid use-case: the userfaultfd monitor might ask to unprotect a region that holds both write-protected and write-unprotected PTEs. The scenario that happens in selftests/vm/userfaultfd is as follows: cpu0 cpu1 cpu2 ---- ---- ---- [ Writable PTE cached in TLB ] userfaultfd_writeprotect() [ write-*unprotect* ] mwriteprotect_range() mmap_read_lock() change_protection() change_protection_range() ... change_pte_range() [ *clear* “write”-bit ] [ defer TLB flushes ] [ page-fault ] ... wp_page_copy() cow_user_page() [ copy page ] [ write to old page ] ... set_pte_at_notify() A similar scenario can happen: cpu0 cpu1 cpu2 cpu3 ---- ---- ---- ---- [ Writable PTE cached in TLB ] userfaultfd_writeprotect() [ write-protect ] [ deferred TLB flush ] userfaultfd_writeprotect() [ write-unprotect ] [ deferred TLB flush] [ page-fault ] wp_page_copy() cow_user_page() [ copy page ] ... [ write to page ] set_pte_at_notify() This race exists since commit 292924b26024 ("userfaultfd: wp: apply _PAGE_UFFD_WP bit"). Yet, as Yu Zhao pointed, these races became apparent since commit 09854ba94c6a ("mm: do_wp_page() simplification") which made wp_page_copy() more likely to take place, specifically if page_count(page) > 1. To resolve the aforementioned races, check whether there are pending flushes on uffd-write-protected VMAs, and if there are, perform a flush before doing the COW. Further optimizations will follow to avoid during uffd-write-unprotect unnecassary PTE write-protection and TLB flushes. Link: https://lkml.kernel.org/r/20210304095423.3825684-1-namit@vmware.com Fixes: 09854ba94c6a ("mm: do_wp_page() simplification") Signed-off-by: Nadav Amit <namit(a)vmware.com> Suggested-by: Yu Zhao <yuzhao(a)google.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Tested-by: Peter Xu <peterx(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Pavel Emelyanov <xemul(a)openvz.org> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Will Deacon <will(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> [5.9+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/memory.c~mm-userfaultfd-fix-memory-corruption-due-to-writeprotect +++ a/mm/memory.c @@ -3097,6 +3097,14 @@ static vm_fault_t do_wp_page(struct vm_f return handle_userfault(vmf, VM_UFFD_WP); } + /* + * Userfaultfd write-protect can defer flushes. Ensure the TLB + * is flushed in this case before copying. + */ + if (unlikely(userfaultfd_wp(vmf->vma) && + mm_tlb_flush_pending(vmf->vma->vm_mm))) + flush_tlb_page(vmf->vma, vmf->address); + vmf->page = vm_normal_page(vma, vmf->address, vmf->orig_pte); if (!vmf->page) { /* _ Patches currently in -mm which might be from namit(a)vmware.com are

4 years, 7 months

1
0
0 0

[merged] kasan-fix-kasan_stack-dependency-for-hw_tags.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kasan: fix KASAN_STACK dependency for HW_TAGS has been removed from the -mm tree. Its filename was kasan-fix-kasan_stack-dependency-for-hw_tags.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Andrey Konovalov <andreyknvl(a)google.com> Subject: kasan: fix KASAN_STACK dependency for HW_TAGS There's a runtime failure when running HW_TAGS-enabled kernel built with GCC on hardware that doesn't support MTE. GCC-built kernels always have CONFIG_KASAN_STACK enabled, even though stack instrumentation isn't supported by HW_TAGS. Having that config enabled causes KASAN to issue MTE-only instructions to unpoison kernel stacks, which causes the failure. Fix the issue by disallowing CONFIG_KASAN_STACK when HW_TAGS is used. (The commit that introduced CONFIG_KASAN_HW_TAGS specified proper dependency for CONFIG_KASAN_STACK_ENABLE but not for CONFIG_KASAN_STACK.) Link: https://lkml.kernel.org/r/59e75426241dbb5611277758c8d4d6f5f9298dac.16152154… Fixes: 6a63a63ff1ac ("kasan: introduce CONFIG_KASAN_HW_TAGS") Signed-off-by: Andrey Konovalov <andreyknvl(a)google.com> Reported-by: Catalin Marinas <catalin.marinas(a)arm.com> Cc: <stable(a)vger.kernel.org> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Peter Collingbourne <pcc(a)google.com> Cc: Evgenii Stepanov <eugenis(a)google.com> Cc: Branislav Rankov <Branislav.Rankov(a)arm.com> Cc: Kevin Brodsky <kevin.brodsky(a)arm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/Kconfig.kasan | 1 + 1 file changed, 1 insertion(+) --- a/lib/Kconfig.kasan~kasan-fix-kasan_stack-dependency-for-hw_tags +++ a/lib/Kconfig.kasan @@ -156,6 +156,7 @@ config KASAN_STACK_ENABLE config KASAN_STACK int + depends on KASAN_GENERIC || KASAN_SW_TAGS default 1 if KASAN_STACK_ENABLE || CC_IS_GCC default 0 _ Patches currently in -mm which might be from andreyknvl(a)google.com are kasan-fix-per-page-tags-for-non-page_alloc-pages.patch kasan-initialize-shadow-to-tag_invalid-for-sw_tags.patch mm-kasan-dont-poison-boot-memory-with-tag-based-modes.patch arm64-kasan-allow-to-init-memory-when-setting-tags.patch kasan-init-memory-in-kasan_unpoison-for-hw_tags.patch kasan-mm-integrate-page_alloc-init-with-hw_tags.patch kasan-mm-integrate-slab-init_on_alloc-with-hw_tags.patch kasan-mm-integrate-slab-init_on_free-with-hw_tags.patch kasan-docs-clean-up-sections.patch kasan-docs-update-overview-section.patch kasan-docs-update-usage-section.patch kasan-docs-update-error-reports-section.patch kasan-docs-update-boot-parameters-section.patch kasan-docs-update-generic-implementation-details-section.patch kasan-docs-update-sw_tags-implementation-details-section.patch kasan-docs-update-hw_tags-implementation-details-section.patch kasan-docs-update-shadow-memory-section.patch kasan-docs-update-ignoring-accesses-section.patch kasan-docs-update-tests-section.patch

4 years, 7 months

1
0
0 0

[merged] kasan-mm-fix-crash-with-hw_tags-and-debug_pagealloc.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kasan, mm: fix crash with HW_TAGS and DEBUG_PAGEALLOC has been removed from the -mm tree. Its filename was kasan-mm-fix-crash-with-hw_tags-and-debug_pagealloc.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Andrey Konovalov <andreyknvl(a)google.com> Subject: kasan, mm: fix crash with HW_TAGS and DEBUG_PAGEALLOC Currently, kasan_free_nondeferred_pages()->kasan_free_pages() is called after debug_pagealloc_unmap_pages(). This causes a crash when debug_pagealloc is enabled, as HW_TAGS KASAN can't set tags on an unmapped page. This patch puts kasan_free_nondeferred_pages() before debug_pagealloc_unmap_pages() and arch_free_page(), which can also make the page unavailable. Link: https://lkml.kernel.org/r/24cd7db274090f0e5bc3adcdc7399243668e3171.16149873… Fixes: 94ab5b61ee16 ("kasan, arm64: enable CONFIG_KASAN_HW_TAGS") Signed-off-by: Andrey Konovalov <andreyknvl(a)google.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Peter Collingbourne <pcc(a)google.com> Cc: Evgenii Stepanov <eugenis(a)google.com> Cc: Branislav Rankov <Branislav.Rankov(a)arm.com> Cc: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/mm/page_alloc.c~kasan-mm-fix-crash-with-hw_tags-and-debug_pagealloc +++ a/mm/page_alloc.c @@ -1282,6 +1282,12 @@ static __always_inline bool free_pages_p kernel_poison_pages(page, 1 << order); /* + * With hardware tag-based KASAN, memory tags must be set before the + * page becomes unavailable via debug_pagealloc or arch_free_page. + */ + kasan_free_nondeferred_pages(page, order); + + /* * arch_free_page() can make the page's contents inaccessible. s390 * does this. So nothing which can access the page's contents should * happen after this. @@ -1290,8 +1296,6 @@ static __always_inline bool free_pages_p debug_pagealloc_unmap_pages(page, 1 << order); - kasan_free_nondeferred_pages(page, order); - return true; } _ Patches currently in -mm which might be from andreyknvl(a)google.com are kasan-fix-per-page-tags-for-non-page_alloc-pages.patch kasan-initialize-shadow-to-tag_invalid-for-sw_tags.patch mm-kasan-dont-poison-boot-memory-with-tag-based-modes.patch arm64-kasan-allow-to-init-memory-when-setting-tags.patch kasan-init-memory-in-kasan_unpoison-for-hw_tags.patch kasan-mm-integrate-page_alloc-init-with-hw_tags.patch kasan-mm-integrate-slab-init_on_alloc-with-hw_tags.patch kasan-mm-integrate-slab-init_on_free-with-hw_tags.patch kasan-docs-clean-up-sections.patch kasan-docs-update-overview-section.patch kasan-docs-update-usage-section.patch kasan-docs-update-error-reports-section.patch kasan-docs-update-boot-parameters-section.patch kasan-docs-update-generic-implementation-details-section.patch kasan-docs-update-sw_tags-implementation-details-section.patch kasan-docs-update-hw_tags-implementation-details-section.patch kasan-docs-update-shadow-memory-section.patch kasan-docs-update-ignoring-accesses-section.patch kasan-docs-update-tests-section.patch

4 years, 7 months

1
0
0 0

[merged] mm-madvise-replace-ptrace-attach-requirement-for-process_madvise.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/madvise: replace ptrace attach requirement for process_madvise has been removed from the -mm tree. Its filename was mm-madvise-replace-ptrace-attach-requirement-for-process_madvise.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: mm/madvise: replace ptrace attach requirement for process_madvise process_madvise currently requires ptrace attach capability. PTRACE_MODE_ATTACH gives one process complete control over another process. It effectively removes the security boundary between the two processes (in one direction). Granting ptrace attach capability even to a system process is considered dangerous since it creates an attack surface. This severely limits the usage of this API. The operations process_madvise can perform do not affect the correctness of the operation of the target process; they only affect where the data is physically located (and therefore, how fast it can be accessed). What we want is the ability for one process to influence another process in order to optimize performance across the entire system while leaving the security boundary intact. Replace PTRACE_MODE_ATTACH with a combination of PTRACE_MODE_READ and CAP_SYS_NICE. PTRACE_MODE_READ to prevent leaking ASLR metadata and CAP_SYS_NICE for influencing process performance. Link: https://lkml.kernel.org/r/20210303185807.2160264-1-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Acked-by: Minchan Kim <minchan(a)kernel.org> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Jeff Vander Stoep <jeffv(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: Tim Murray <timmurray(a)google.com> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: James Morris <jmorris(a)namei.org> Cc: <stable(a)vger.kernel.org> [5.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/madvise.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/mm/madvise.c~mm-madvise-replace-ptrace-attach-requirement-for-process_madvise +++ a/mm/madvise.c @@ -1198,12 +1198,22 @@ SYSCALL_DEFINE5(process_madvise, int, pi goto release_task; } - mm = mm_access(task, PTRACE_MODE_ATTACH_FSCREDS); + /* Require PTRACE_MODE_READ to avoid leaking ASLR metadata. */ + mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); if (IS_ERR_OR_NULL(mm)) { ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; goto release_task; } + /* + * Require CAP_SYS_NICE for influencing process performance. Note that + * only non-destructive hints are currently supported. + */ + if (!capable(CAP_SYS_NICE)) { + ret = -EPERM; + goto release_mm; + } + total_len = iov_iter_count(&iter); while (iov_iter_count(&iter)) { @@ -1218,6 +1228,7 @@ SYSCALL_DEFINE5(process_madvise, int, pi if (ret == 0) ret = total_len - iov_iter_count(&iter); +release_mm: mmput(mm); release_task: put_task_struct(task); _ Patches currently in -mm which might be from surenb(a)google.com are

4 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror