February 2024 - Linux-stable-mirror

[PATCH 1/1] nvmem: meson-efuse: fix function pointer type mismatch

by srinivas.kandagatla＠linaro.org

From: Jerome Brunet <jbrunet(a)baylibre.com> clang-16 warns about casting functions to incompatible types, as is done here to call clk_disable_unprepare: drivers/nvmem/meson-efuse.c:78:12: error: cast from 'void (*)(struct clk *)' to 'void (*)(void *)' converts to incompatible function type [-Werror,-Wcast-function-type-strict] 78 | (void(*)(void *))clk_disable_unprepare, The pattern of getting, enabling and setting a disable callback for a clock can be replaced with devm_clk_get_enabled(), which also fixes this warning. Fixes: 611fbca1c861 ("nvmem: meson-efuse: add peripheral clock") Cc: <Stable(a)vger.kernel.org> Reported-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Jerome Brunet <jbrunet(a)baylibre.com> Reviewed-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Acked-by: Arnd Bergmann <arnd(a)arndb.de> Reviewed-by: Justin Stitt <justinstitt(a)google.com> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> --- drivers/nvmem/meson-efuse.c | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/drivers/nvmem/meson-efuse.c b/drivers/nvmem/meson-efuse.c index b922df99f9bc..33678d0af2c2 100644 --- a/drivers/nvmem/meson-efuse.c +++ b/drivers/nvmem/meson-efuse.c @@ -47,7 +47,6 @@ static int meson_efuse_probe(struct platform_device *pdev) struct nvmem_config *econfig; struct clk *clk; unsigned int size; - int ret; sm_np = of_parse_phandle(pdev->dev.of_node, "secure-monitor", 0); if (!sm_np) { @@ -60,27 +59,9 @@ static int meson_efuse_probe(struct platform_device *pdev) if (!fw) return -EPROBE_DEFER; - clk = devm_clk_get(dev, NULL); - if (IS_ERR(clk)) { - ret = PTR_ERR(clk); - if (ret != -EPROBE_DEFER) - dev_err(dev, "failed to get efuse gate"); - return ret; - } - - ret = clk_prepare_enable(clk); - if (ret) { - dev_err(dev, "failed to enable gate"); - return ret; - } - - ret = devm_add_action_or_reset(dev, - (void(*)(void *))clk_disable_unprepare, - clk); - if (ret) { - dev_err(dev, "failed to add disable callback"); - return ret; - } + clk = devm_clk_get_enabled(dev, NULL); + if (IS_ERR(clk)) + return dev_err_probe(dev, PTR_ERR(clk), "failed to get efuse gate"); if (meson_sm_call(fw, SM_EFUSE_USER_MAX, &size, 0, 0, 0, 0, 0) < 0) { dev_err(dev, "failed to get max user"); -- 2.25.1

1 year

1
0
0 0

[PATCH v2] kbuild: tools: drop overridden CFLAGS from MAKEOVERRIDES

by Max Filippov

Some Makefiles under tools/ use the 'override CFLAGS += ...' construct to add a few required options to CFLAGS passed by the user. Unfortunately that only works when user passes CFLAGS as an environment variable, i.e. CFLAGS=... make ... and not in case when CFLAGS are passed as make command line arguments: make ... CFLAGS=... It happens because in the latter case CFLAGS=... is recorded in the make variable MAKEOVERRIDES and this variable is passed in its original form to all $(MAKE) subcommands, taking precedence over modified CFLAGS value passed in the environment variable. E.g. this causes build failure for gpio and iio tools when the build is run with user CFLAGS because of missing _GNU_SOURCE definition needed for the asprintf(). One way to fix it is by removing overridden variables from the MAKEOVERRIDES. Add macro 'drop-var-from-overrides' that removes a definition of a variable passed to it from the MAKEOVERRIDES and use it to fix CFLAGS passing for tools/gpio and tools/iio. This implementation tries to be precise in string processing and handle variables with embedded spaces and backslashes correctly. To achieve that it replaces every '\\' sequence with '\-' to make sure that every '\' in the resulting string is an escape character. It then replaces every '\ ' sequence with '\_' to turn string values with embedded spaces into single words. After filtering the overridden variable definition out of the resulting string these two transformations are reversed. Cc: stable(a)vger.kernel.org Fixes: 4ccc98a48958 ("tools gpio: Allow overriding CFLAGS") Fixes: 572974610273 ("tools iio: Override CFLAGS assignments") Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- Changes v1->v2: - make drop-var-from-overrides-code work correctly with arbitrary variables, including thoses ending with '\'. tools/gpio/Makefile | 1 + tools/iio/Makefile | 1 + tools/scripts/Makefile.include | 9 +++++++++ 3 files changed, 11 insertions(+) diff --git a/tools/gpio/Makefile b/tools/gpio/Makefile index d29c9c49e251..46fc38d51639 100644 --- a/tools/gpio/Makefile +++ b/tools/gpio/Makefile @@ -24,6 +24,7 @@ ALL_PROGRAMS := $(patsubst %,$(OUTPUT)%,$(ALL_TARGETS)) all: $(ALL_PROGRAMS) export srctree OUTPUT CC LD CFLAGS +$(call drop-var-from-overrides,CFLAGS) include $(srctree)/tools/build/Makefile.include # diff --git a/tools/iio/Makefile b/tools/iio/Makefile index fa720f062229..04307588dd3f 100644 --- a/tools/iio/Makefile +++ b/tools/iio/Makefile @@ -20,6 +20,7 @@ ALL_PROGRAMS := $(patsubst %,$(OUTPUT)%,$(ALL_TARGETS)) all: $(ALL_PROGRAMS) export srctree OUTPUT CC LD CFLAGS +$(call drop-var-from-overrides,CFLAGS) include $(srctree)/tools/build/Makefile.include # diff --git a/tools/scripts/Makefile.include b/tools/scripts/Makefile.include index 6fba29f3222d..0f68b95cf55c 100644 --- a/tools/scripts/Makefile.include +++ b/tools/scripts/Makefile.include @@ -51,6 +51,15 @@ define allow-override $(eval $(1) = $(2))) endef +# When a Makefile overrides a variable and exports it for the nested $(MAKE) +# invocations to use its modified value, it must remove that variable definition +# from the MAKEOVERRIDES variable, otherwise the original definition from the +# MAKEOVERRIDES takes precedence over the exported value. +drop-var-from-overrides = $(eval $(drop-var-from-overrides-code)) +define drop-var-from-overrides-code +MAKEOVERRIDES := $(subst \-,\\,$(subst \_,\ ,$(filter-out $(1)=%,$(subst \ ,\_,$(subst \\,\-,$(MAKEOVERRIDES)))))) +endef + ifneq ($(LLVM),) ifneq ($(filter %/,$(LLVM)),) LLVM_PREFIX := $(LLVM) -- 2.39.2

1 year

2
2
0 0

Re: [PATCH 6.7 000/313] 6.7.6-rc2 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year

3
7
0 0

FAILED: patch "[PATCH] erofs: fix lz4 inplace decompression" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3c12466b6b7bf1e56f9b32c366a3d83d87afb4de # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024012648-backwater-colt-7290@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 3c12466b6b7b ("erofs: fix lz4 inplace decompression") 123ec246ebe3 ("erofs: get rid of the remaining kmap_atomic()") ab749badf9f4 ("erofs: support unaligned data decompression") 10e5f6e482e1 ("erofs: introduce z_erofs_fixup_insize") d67aee76d418 ("erofs: tidy up z_erofs_lz4_decompress") 7e508f2ca8bb ("erofs: rename lz4_0pading to zero_padding") eaa9172ad988 ("erofs: get rid of ->lru usage") 622ceaddb764 ("erofs: lzma compression support") 966edfb0a3dc ("erofs: rename some generic methods in decompressor") 386292919c25 ("erofs: introduce readmore decompression strategy") 8f89926290c4 ("erofs: get compression algorithms directly on mapping") dfeab2e95a75 ("erofs: add multiple device support") e62424651f43 ("erofs: decouple basic mount options from fs_context") 5b6e7e120e71 ("erofs: remove the fast path of per-CPU buffer decompression") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3c12466b6b7bf1e56f9b32c366a3d83d87afb4de Mon Sep 17 00:00:00 2001 From: Gao Xiang <xiang(a)kernel.org> Date: Wed, 6 Dec 2023 12:55:34 +0800 Subject: [PATCH] erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like most simple LZ77 algorithms, LZ4 expects the compressed data is arranged at the end of the decompressed buffer and it explicitly uses memmove() to handle overlapping: __________________________________________________________ |_ direction of decompression --> ____ |_ compressed data _| Although EROFS arranges compressed data like this, it typically maps two individual virtual buffers so the relative order is uncertain. Previously, it was hardly observed since LZ4 only uses memmove() for short overlapped literals and x86/arm64 memmove implementations seem to completely cover it up and they don't have this issue. Juhyung reported that EROFS data corruption can be found on a new Intel x86 processor. After some analysis, it seems that recent x86 processors with the new FSRM feature expose this issue with "rep movsb". Let's strictly use the decompressed buffer for lz4 inplace decompression for now. Later, as an useful improvement, we could try to tie up these two buffers together in the correct order. Reported-and-tested-by: Juhyung Park <qkrwngud825(a)gmail.com> Closes: https://lore.kernel.org/r/CAD14+f2AVKf8Fa2OO1aAUdDNTDsVzzR6ctU_oJSmTyd6zSYR… Fixes: 0ffd71bcc3a0 ("staging: erofs: introduce LZ4 decompression inplace") Fixes: 598162d05080 ("erofs: support decompress big pcluster for lz4 backend") Cc: stable <stable(a)vger.kernel.org> # 5.4+ Tested-by: Yifan Zhao <zhaoyifan(a)sjtu.edu.cn> Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> Link: https://lore.kernel.org/r/20231206045534.3920847-1-hsiangkao@linux.alibaba.… diff --git a/fs/erofs/decompressor.c b/fs/erofs/decompressor.c index 021be5feb1bc..e0d609c3958f 100644 --- a/fs/erofs/decompressor.c +++ b/fs/erofs/decompressor.c @@ -121,11 +121,11 @@ static int z_erofs_lz4_prepare_dstpages(struct z_erofs_lz4_decompress_ctx *ctx, } static void *z_erofs_lz4_handle_overlap(struct z_erofs_lz4_decompress_ctx *ctx, - void *inpage, unsigned int *inputmargin, int *maptype, - bool may_inplace) + void *inpage, void *out, unsigned int *inputmargin, + int *maptype, bool may_inplace) { struct z_erofs_decompress_req *rq = ctx->rq; - unsigned int omargin, total, i, j; + unsigned int omargin, total, i; struct page **in; void *src, *tmp; @@ -135,12 +135,13 @@ static void *z_erofs_lz4_handle_overlap(struct z_erofs_lz4_decompress_ctx *ctx, omargin < LZ4_DECOMPRESS_INPLACE_MARGIN(rq->inputsize)) goto docopy; - for (i = 0; i < ctx->inpages; ++i) { - DBG_BUGON(rq->in[i] == NULL); - for (j = 0; j < ctx->outpages - ctx->inpages + i; ++j) - if (rq->out[j] == rq->in[i]) - goto docopy; - } + for (i = 0; i < ctx->inpages; ++i) + if (rq->out[ctx->outpages - ctx->inpages + i] != + rq->in[i]) + goto docopy; + kunmap_local(inpage); + *maptype = 3; + return out + ((ctx->outpages - ctx->inpages) << PAGE_SHIFT); } if (ctx->inpages <= 1) { @@ -148,7 +149,6 @@ static void *z_erofs_lz4_handle_overlap(struct z_erofs_lz4_decompress_ctx *ctx, return inpage; } kunmap_local(inpage); - might_sleep(); src = erofs_vm_map_ram(rq->in, ctx->inpages); if (!src) return ERR_PTR(-ENOMEM); @@ -204,12 +204,12 @@ int z_erofs_fixup_insize(struct z_erofs_decompress_req *rq, const char *padbuf, } static int z_erofs_lz4_decompress_mem(struct z_erofs_lz4_decompress_ctx *ctx, - u8 *out) + u8 *dst) { struct z_erofs_decompress_req *rq = ctx->rq; bool support_0padding = false, may_inplace = false; unsigned int inputmargin; - u8 *headpage, *src; + u8 *out, *headpage, *src; int ret, maptype; DBG_BUGON(*rq->in == NULL); @@ -230,11 +230,12 @@ static int z_erofs_lz4_decompress_mem(struct z_erofs_lz4_decompress_ctx *ctx, } inputmargin = rq->pageofs_in; - src = z_erofs_lz4_handle_overlap(ctx, headpage, &inputmargin, + src = z_erofs_lz4_handle_overlap(ctx, headpage, dst, &inputmargin, &maptype, may_inplace); if (IS_ERR(src)) return PTR_ERR(src); + out = dst + rq->pageofs_out; /* legacy format could compress extra data in a pcluster. */ if (rq->partial_decoding || !support_0padding) ret = LZ4_decompress_safe_partial(src + inputmargin, out, @@ -265,7 +266,7 @@ static int z_erofs_lz4_decompress_mem(struct z_erofs_lz4_decompress_ctx *ctx, vm_unmap_ram(src, ctx->inpages); } else if (maptype == 2) { erofs_put_pcpubuf(src); - } else { + } else if (maptype != 3) { DBG_BUGON(1); return -EFAULT; } @@ -308,7 +309,7 @@ static int z_erofs_lz4_decompress(struct z_erofs_decompress_req *rq, } dstmap_out: - ret = z_erofs_lz4_decompress_mem(&ctx, dst + rq->pageofs_out); + ret = z_erofs_lz4_decompress_mem(&ctx, dst); if (!dst_maptype) kunmap_local(dst); else if (dst_maptype == 2)

1 year

2
2
0 0

[PATCH 0/6] sparc32: build fixes for all{yes,mod}config builds

by Sam Ravnborg via B4 Relay

This is a small set of patches that address build breakage with allyesconfig / allmodconfig. This solves some, but not all, build breakage. The parport fix depends on the previous patch, the rest are independent fixes. Signed-off-by: Sam Ravnborg <sam(a)ravnborg.org> --- Sam Ravnborg (6): sparc32: Use generic cmpdi2/ucmpdi2 variants sparc32: Fix build with trapbase mtd: maps: sun_uflash: Declare uflash_devinit static usb: host: uhci-grlib.c: Fix build, add platform_device sparc32: Do not select GENERIC_ISA_DMA sparc32: Fix parport build with sparc32 arch/sparc/Kconfig | 6 +- arch/sparc/include/asm/parport.h | 259 +----------------------------------- arch/sparc/include/asm/parport_64.h | 256 +++++++++++++++++++++++++++++++++++ arch/sparc/kernel/irq_32.c | 6 +- arch/sparc/kernel/kernel.h | 8 +- arch/sparc/kernel/kgdb_32.c | 4 +- arch/sparc/kernel/leon_smp.c | 6 +- arch/sparc/kernel/setup_32.c | 4 +- arch/sparc/lib/Makefile | 4 +- arch/sparc/lib/cmpdi2.c | 28 ---- arch/sparc/lib/ucmpdi2.c | 20 --- drivers/mtd/maps/sun_uflash.c | 2 +- drivers/usb/host/uhci-grlib.c | 1 + 13 files changed, 283 insertions(+), 321 deletions(-) --- base-commit: 626db6ee8ee1edac206610db407114aa83b53fd3 change-id: 20240223-sam-fix-sparc32-all-builds-0a0403d6e1b3 Best regards, -- Sam Ravnborg <sam(a)ravnborg.org>

1 year

3
3
0 0

[PATCH 4/7] ext4: add positive int attr pointer to avoid sysfs variables overflow

by Baokun Li

We can easily trigger a BUG_ON by using the following commands: mount /dev/$disk /tmp/test echo 2147483650 > /sys/fs/ext4/$disk/mb_group_prealloc echo test > /tmp/test/file && sync ================================================================== kernel BUG at fs/ext4/mballoc.c:2029! invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 320 Comm: kworker/u36:1 Not tainted 6.8.0-rc1 #462 RIP: 0010:mb_mark_used+0x358/0x370 [...] Call Trace: ext4_mb_use_best_found+0x56/0x140 ext4_mb_complex_scan_group+0x196/0x2f0 ext4_mb_regular_allocator+0xa92/0xf00 ext4_mb_new_blocks+0x302/0xbc0 ext4_ext_map_blocks+0x95a/0xef0 ext4_map_blocks+0x2b1/0x680 ext4_do_writepages+0x733/0xbd0 [...] ================================================================== In ext4_mb_normalize_group_request(): ac->ac_g_ex.fe_len = EXT4_SB(sb)->s_mb_group_prealloc; Here fe_len is of type int, but s_mb_group_prealloc is of type unsigned int, so setting s_mb_group_prealloc to 2147483650 overflows fe_len to a negative number, which ultimately triggers a BUG_ON() in mb_mark_used(). Therefore, we add attr_pointer_pi (aka positive int attr pointer) with a value range of 0-INT_MAX to avoid the above problem. In addition to the mb_group_prealloc sysfs interface, the following interfaces also have uint to int conversions that result in overflows, and are also fixed. err_ratelimit_burst msg_ratelimit_burst warning_ratelimit_burst err_ratelimit_interval_ms msg_ratelimit_interval_ms warning_ratelimit_interval_ms mb_best_avail_max_trim_order CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/sysfs.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index a5d657fa05cb..6f9f96e00f2f 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -30,6 +30,7 @@ typedef enum { attr_first_error_time, attr_last_error_time, attr_feature, + attr_pointer_pi, attr_pointer_ui, attr_pointer_ul, attr_pointer_u64, @@ -178,6 +179,9 @@ static struct ext4_attr ext4_attr_##_name = { \ #define EXT4_RO_ATTR_ES_STRING(_name,_elname,_size) \ EXT4_ATTR_STRING(_name, 0444, _size, ext4_super_block, _elname) +#define EXT4_RW_ATTR_SBI_PI(_name,_elname) \ + EXT4_ATTR_OFFSET(_name, 0644, pointer_pi, ext4_sb_info, _elname) + #define EXT4_RW_ATTR_SBI_UI(_name,_elname) \ EXT4_ATTR_OFFSET(_name, 0644, pointer_ui, ext4_sb_info, _elname) @@ -213,17 +217,17 @@ EXT4_RW_ATTR_SBI_UI(mb_max_to_scan, s_mb_max_to_scan); EXT4_RW_ATTR_SBI_UI(mb_min_to_scan, s_mb_min_to_scan); EXT4_RW_ATTR_SBI_UI(mb_order2_req, s_mb_order2_reqs); EXT4_RW_ATTR_SBI_UI(mb_stream_req, s_mb_stream_request); -EXT4_RW_ATTR_SBI_UI(mb_group_prealloc, s_mb_group_prealloc); +EXT4_RW_ATTR_SBI_PI(mb_group_prealloc, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(mb_max_linear_groups, s_mb_max_linear_groups); EXT4_RW_ATTR_SBI_UI(extent_max_zeroout_kb, s_extent_max_zeroout_kb); EXT4_ATTR(trigger_fs_error, 0200, trigger_test_error); -EXT4_RW_ATTR_SBI_UI(err_ratelimit_interval_ms, s_err_ratelimit_state.interval); -EXT4_RW_ATTR_SBI_UI(err_ratelimit_burst, s_err_ratelimit_state.burst); -EXT4_RW_ATTR_SBI_UI(warning_ratelimit_interval_ms, s_warning_ratelimit_state.interval); -EXT4_RW_ATTR_SBI_UI(warning_ratelimit_burst, s_warning_ratelimit_state.burst); -EXT4_RW_ATTR_SBI_UI(msg_ratelimit_interval_ms, s_msg_ratelimit_state.interval); -EXT4_RW_ATTR_SBI_UI(msg_ratelimit_burst, s_msg_ratelimit_state.burst); -EXT4_RW_ATTR_SBI_UI(mb_best_avail_max_trim_order, s_mb_best_avail_max_trim_order); +EXT4_RW_ATTR_SBI_PI(err_ratelimit_interval_ms, s_err_ratelimit_state.interval); +EXT4_RW_ATTR_SBI_PI(err_ratelimit_burst, s_err_ratelimit_state.burst); +EXT4_RW_ATTR_SBI_PI(warning_ratelimit_interval_ms, s_warning_ratelimit_state.interval); +EXT4_RW_ATTR_SBI_PI(warning_ratelimit_burst, s_warning_ratelimit_state.burst); +EXT4_RW_ATTR_SBI_PI(msg_ratelimit_interval_ms, s_msg_ratelimit_state.interval); +EXT4_RW_ATTR_SBI_PI(msg_ratelimit_burst, s_msg_ratelimit_state.burst); +EXT4_RW_ATTR_SBI_PI(mb_best_avail_max_trim_order, s_mb_best_avail_max_trim_order); #ifdef CONFIG_EXT4_DEBUG EXT4_RW_ATTR_SBI_UL(simulate_fail, s_simulate_fail); #endif @@ -376,6 +380,7 @@ static ssize_t ext4_generic_attr_show(struct ext4_attr *a, switch (a->attr_id) { case attr_inode_readahead: + case attr_pointer_pi: case attr_pointer_ui: if (a->attr_ptr == ptr_ext4_super_block_offset) return sysfs_emit(buf, "%u\n", le32_to_cpup(ptr)); @@ -448,6 +453,10 @@ static ssize_t ext4_generic_attr_store(struct ext4_attr *a, return ret; switch (a->attr_id) { + case attr_pointer_pi: + if ((int)t < 0) + return -EINVAL; + fallthrough; case attr_pointer_ui: if (t != (unsigned int)t) return -EINVAL; -- 2.31.1

1 year

3
5
0 0

[merged mm-hotfixes-stable] mm-debug_vm_pgtable-fix-bug_on-with-pud-advanced-test.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test has been removed from the -mm tree. Its filename was mm-debug_vm_pgtable-fix-bug_on-with-pud-advanced-test.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Aneesh Kumar K.V (IBM)" <aneesh.kumar(a)kernel.org> Subject: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Date: Mon, 29 Jan 2024 11:30:22 +0530 Architectures like powerpc add debug checks to ensure we find only devmap PUD pte entries. These debug checks are only done with CONFIG_DEBUG_VM. This patch marks the ptes used for PUD advanced test devmap pte entries so that we don't hit on debug checks on architecture like ppc64 as below. WARNING: CPU: 2 PID: 1 at arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138 .... NIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138 LR [c0000000000a77a8] radix__pudp_huge_get_and_clear+0x28/0x60 Call Trace: [c000000004a2f950] [c000000004a2f9a0] 0xc000000004a2f9a0 (unreliable) [c000000004a2f980] [000d34c100000000] 0xd34c100000000 [c000000004a2f9a0] [c00000000206ba98] pud_advanced_tests+0x118/0x334 [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388 Also kernel BUG at arch/powerpc/mm/book3s64/pgtable.c:202! .... NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174 LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 Call Trace: [c000000004a2f950] [000d34c100000000] 0xd34c100000000 (unreliable) [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388 Link: https://lkml.kernel.org/r/20240129060022.68044-1-aneesh.kumar@kernel.org Fixes: 27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage") Signed-off-by: Aneesh Kumar K.V (IBM) <aneesh.kumar(a)kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/debug_vm_pgtable.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/debug_vm_pgtable.c~mm-debug_vm_pgtable-fix-bug_on-with-pud-advanced-test +++ a/mm/debug_vm_pgtable.c @@ -362,6 +362,12 @@ static void __init pud_advanced_tests(st vaddr &= HPAGE_PUD_MASK; pud = pfn_pud(args->pud_pfn, args->page_prot); + /* + * Some architectures have debug checks to make sure + * huge pud mapping are only found with devmap entries + * For now test with only devmap entries. + */ + pud = pud_mkdevmap(pud); set_pud_at(args->mm, vaddr, args->pudp, pud); flush_dcache_page(page); pudp_set_wrprotect(args->mm, vaddr, args->pudp); @@ -374,6 +380,7 @@ static void __init pud_advanced_tests(st WARN_ON(!pud_none(pud)); #endif /* __PAGETABLE_PMD_FOLDED */ pud = pfn_pud(args->pud_pfn, args->page_prot); + pud = pud_mkdevmap(pud); pud = pud_wrprotect(pud); pud = pud_mkclean(pud); set_pud_at(args->mm, vaddr, args->pudp, pud); @@ -391,6 +398,7 @@ static void __init pud_advanced_tests(st #endif /* __PAGETABLE_PMD_FOLDED */ pud = pfn_pud(args->pud_pfn, args->page_prot); + pud = pud_mkdevmap(pud); pud = pud_mkyoung(pud); set_pud_at(args->mm, vaddr, args->pudp, pud); flush_dcache_page(page); _ Patches currently in -mm which might be from aneesh.kumar(a)kernel.org are

1 year

1
0
0 0

[merged mm-hotfixes-stable] mm-cachestat-fix-folio-read-after-free-in-cache-walk.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: cachestat: fix folio read-after-free in cache walk has been removed from the -mm tree. Its filename was mm-cachestat-fix-folio-read-after-free-in-cache-walk.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Nhat Pham <nphamcs(a)gmail.com> Subject: mm: cachestat: fix folio read-after-free in cache walk Date: Mon, 19 Feb 2024 19:01:21 -0800 In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to the folio before performing these actions, which means the folio can concurrently be released and reused as another folio/page/slab. Get around this altogether by just using xarray's existing machinery for the folio page offsets and dirty/writeback states. This changes behavior for tmpfs files to now always report zeroes in their dirty and writeback counters. This is okay as tmpfs doesn't follow conventional writeback cache behavior: its pages get "cleaned" during swapout, after which they're no longer resident etc. Link: https://lkml.kernel.org/r/20240220153409.GA216065@cmpxchg.org Fixes: cf264e1329fb ("cachestat: implement cachestat syscall") Reported-by: Jann Horn <jannh(a)google.com> Suggested-by: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Nhat Pham <nphamcs(a)gmail.com> Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Tested-by: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> [6.4+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 51 ++++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 25 deletions(-) --- a/mm/filemap.c~mm-cachestat-fix-folio-read-after-free-in-cache-walk +++ a/mm/filemap.c @@ -4111,28 +4111,40 @@ static void filemap_cachestat(struct add rcu_read_lock(); xas_for_each(&xas, folio, last_index) { + int order; unsigned long nr_pages; pgoff_t folio_first_index, folio_last_index; + /* + * Don't deref the folio. It is not pinned, and might + * get freed (and reused) underneath us. + * + * We *could* pin it, but that would be expensive for + * what should be a fast and lightweight syscall. + * + * Instead, derive all information of interest from + * the rcu-protected xarray. + */ + if (xas_retry(&xas, folio)) continue; + order = xa_get_order(xas.xa, xas.xa_index); + nr_pages = 1 << order; + folio_first_index = round_down(xas.xa_index, 1 << order); + folio_last_index = folio_first_index + nr_pages - 1; + + /* Folios might straddle the range boundaries, only count covered pages */ + if (folio_first_index < first_index) + nr_pages -= first_index - folio_first_index; + + if (folio_last_index > last_index) + nr_pages -= folio_last_index - last_index; + if (xa_is_value(folio)) { /* page is evicted */ void *shadow = (void *)folio; bool workingset; /* not used */ - int order = xa_get_order(xas.xa, xas.xa_index); - - nr_pages = 1 << order; - folio_first_index = round_down(xas.xa_index, 1 << order); - folio_last_index = folio_first_index + nr_pages - 1; - - /* Folios might straddle the range boundaries, only count covered pages */ - if (folio_first_index < first_index) - nr_pages -= first_index - folio_first_index; - - if (folio_last_index > last_index) - nr_pages -= folio_last_index - last_index; cs->nr_evicted += nr_pages; @@ -4150,24 +4162,13 @@ static void filemap_cachestat(struct add goto resched; } - nr_pages = folio_nr_pages(folio); - folio_first_index = folio_pgoff(folio); - folio_last_index = folio_first_index + nr_pages - 1; - - /* Folios might straddle the range boundaries, only count covered pages */ - if (folio_first_index < first_index) - nr_pages -= first_index - folio_first_index; - - if (folio_last_index > last_index) - nr_pages -= folio_last_index - last_index; - /* page is in cache */ cs->nr_cache += nr_pages; - if (folio_test_dirty(folio)) + if (xas_get_mark(&xas, PAGECACHE_TAG_DIRTY)) cs->nr_dirty += nr_pages; - if (folio_test_writeback(folio)) + if (xas_get_mark(&xas, PAGECACHE_TAG_WRITEBACK)) cs->nr_writeback += nr_pages; resched: _ Patches currently in -mm which might be from nphamcs(a)gmail.com are

1 year

1
0
0 0

[merged mm-hotfixes-stable] mm-vmscan-fix-a-bug-calling-wakeup_kswapd-with-a-wrong-zone-index.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index has been removed from the -mm tree. Its filename was mm-vmscan-fix-a-bug-calling-wakeup_kswapd-with-a-wrong-zone-index.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Byungchul Park <byungchul(a)sk.com> Subject: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Date: Fri, 16 Feb 2024 20:15:02 +0900 With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK> Link: https://lkml.kernel.org/r/20240216111502.79759-1-byungchul@sk.com Signed-off-by: Byungchul Park <byungchul(a)sk.com> Reported-by: Hyeongtak Ji <hyeongtak.ji(a)sk.com> Fixes: c574bbe917036 ("NUMA balancing: optimize page placement for memory tiering system") Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/migrate.c~mm-vmscan-fix-a-bug-calling-wakeup_kswapd-with-a-wrong-zone-index +++ a/mm/migrate.c @@ -2519,6 +2519,14 @@ static int numamigrate_isolate_folio(pg_ if (managed_zone(pgdat->node_zones + z)) break; } + + /* + * If there are no managed zones, it should not proceed + * further. + */ + if (z < 0) + return 0; + wakeup_kswapd(pgdat->node_zones + z, 0, folio_order(folio), ZONE_MOVABLE); return 0; _ Patches currently in -mm which might be from byungchul(a)sk.com are sched-numa-mm-do-not-try-to-migrate-memory-to-memoryless-nodes.patch mm-vmscan-do-not-turn-on-cache_trim_mode-if-it-doesnt-work.patch

1 year

1
0
0 0

+ init-kconfig-lower-gcc-version-check-for-warray-bounds.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: init/Kconfig: lower GCC version check for -Warray-bounds has been added to the -mm mm-hotfixes-unstable branch. Its filename is init-kconfig-lower-gcc-version-check-for-warray-bounds.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kees Cook <keescook(a)chromium.org> Subject: init/Kconfig: lower GCC version check for -Warray-bounds Date: Fri, 23 Feb 2024 09:08:27 -0800 We continue to see false positives from -Warray-bounds even in GCC 10, which is getting reported in a few places[1] still: security/security.c:811:2: warning: `memcpy' offset 32 is out of the bounds [0, 0] [-Warray-bounds] Lower the GCC version check from 11 to 10. Link: https://lkml.kernel.org/r/20240223170824.work.768-kees@kernel.org Reported-by: Lu Yao <yaolu(a)kylinos.cn> Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/ Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.c… [1] Signed-off-by: Kees Cook <keescook(a)chromium.org> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: "Gustavo A. R. Silva" <gustavoars(a)kernel.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Marc Aur��le La France <tsi(a)tuyoix.net> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Paul Moore <paul(a)paul-moore.com> Cc: Petr Mladek <pmladek(a)suse.com> Cc: Randy Dunlap <rdunlap(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- init/Kconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/init/Kconfig~init-kconfig-lower-gcc-version-check-for-warray-bounds +++ a/init/Kconfig @@ -876,14 +876,14 @@ config CC_IMPLICIT_FALLTHROUGH default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5) default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough) -# Currently, disable gcc-11+ array-bounds globally. +# Currently, disable gcc-10+ array-bounds globally. # It's still broken in gcc-13, so no upper bound yet. -config GCC11_NO_ARRAY_BOUNDS +config GCC10_NO_ARRAY_BOUNDS def_bool y config CC_NO_ARRAY_BOUNDS bool - default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS + default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS # Currently, disable -Wstringop-overflow for GCC globally. config GCC_NO_STRINGOP_OVERFLOW _ Patches currently in -mm which might be from keescook(a)chromium.org are init-kconfig-lower-gcc-version-check-for-warray-bounds.patch

1 year

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2024