- Linux-stable-mirror - lists.linaro.org

[merged mm-stable] mm-memory-tier-fix-abstract-distance-calculation-overflow.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-tier: fix abstract distance calculation overflow has been removed from the -mm tree. Its filename was mm-memory-tier-fix-abstract-distance-calculation-overflow.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Li Zhijian <lizhijian(a)fujitsu.com> Subject: mm/memory-tier: fix abstract distance calculation overflow Date: Tue, 10 Jun 2025 14:27:51 +0800 In mt_perf_to_adistance(), the calculation of abstract distance (adist) involves multiplying several int values including MEMTIER_ADISTANCE_DRAM. *adist = MEMTIER_ADISTANCE_DRAM * (perf->read_latency + perf->write_latency) / (default_dram_perf.read_latency + default_dram_perf.write_latency) * (default_dram_perf.read_bandwidth + default_dram_perf.write_bandwidth) / (perf->read_bandwidth + perf->write_bandwidth); Since these values can be large, the multiplication may exceed the maximum value of an int (INT_MAX) and overflow (Our platform did), leading to an incorrect adist. User-visible impact: The memory tiering subsystem will misinterpret slow memory (like CXL) as faster than DRAM, causing inappropriate demotion of pages from CXL (slow memory) to DRAM (fast memory). For example, we will see the following demotion chains from the dmesg, where Node0,1 are DRAM, and Node2,3 are CXL node: Demotion targets for Node 0: null Demotion targets for Node 1: null Demotion targets for Node 2: preferred: 0-1, fallback: 0-1 Demotion targets for Node 3: preferred: 0-1, fallback: 0-1 Change MEMTIER_ADISTANCE_DRAM to be a long constant by writing it with the 'L' suffix. This prevents the overflow because the multiplication will then be done in the long type which has a larger range. Link: https://lkml.kernel.org/r/20250611023439.2845785-1-lizhijian@fujitsu.com Link: https://lkml.kernel.org/r/20250610062751.2365436-1-lizhijian@fujitsu.com Fixes: 3718c02dbd4c ("acpi, hmat: calculate abstract distance with HMAT") Signed-off-by: Li Zhijian <lizhijian(a)fujitsu.com> Reviewed-by: Huang Ying <ying.huang(a)linux.alibaba.com> Acked-by: Balbir Singh <balbirs(a)nvidia.com> Reviewed-by: Donet Tom <donettom(a)linux.ibm.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/memory-tiers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/memory-tiers.h~mm-memory-tier-fix-abstract-distance-calculation-overflow +++ a/include/linux/memory-tiers.h @@ -18,7 +18,7 @@ * adistance value (slightly faster) than default DRAM adistance to be part of * the same memory tier. */ -#define MEMTIER_ADISTANCE_DRAM ((4 * MEMTIER_CHUNK_SIZE) + (MEMTIER_CHUNK_SIZE >> 1)) +#define MEMTIER_ADISTANCE_DRAM ((4L * MEMTIER_CHUNK_SIZE) + (MEMTIER_CHUNK_SIZE >> 1)) struct memory_tier; struct memory_dev_type { _ Patches currently in -mm which might be from lizhijian(a)fujitsu.com are

2 days

1
0
0 0

[merged mm-stable] readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: readahead: fix return value of page_cache_next_miss() when no hole is found has been removed from the -mm tree. Its filename was readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Chi Zhiling <chizhiling(a)kylinos.cn> Subject: readahead: fix return value of page_cache_next_miss() when no hole is found Date: Thu, 5 Jun 2025 13:49:35 +0800 max_scan in page_cache_next_miss always decreases to zero when no hole is found, causing the return value to be index + 0. Fix this by preserving the max_scan value throughout the loop. Jan said "From what I know and have seen in the past, wrong responses from page_cache_next_miss() can lead to readahead window reduction and thus reduced read speeds." Link: https://lkml.kernel.org/r/20250605054935.2323451-1-chizhiling@163.com Fixes: 901a269ff3d5 ("filemap: fix page_cache_next_miss() when no hole found") Signed-off-by: Chi Zhiling <chizhiling(a)kylinos.cn> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Josef Bacik <josef(a)toxicpanda.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/filemap.c~readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found +++ a/mm/filemap.c @@ -1778,8 +1778,9 @@ pgoff_t page_cache_next_miss(struct addr pgoff_t index, unsigned long max_scan) { XA_STATE(xas, &mapping->i_pages, index); + unsigned long nr = max_scan; - while (max_scan--) { + while (nr--) { void *entry = xas_next(&xas); if (!entry || xa_is_value(entry)) return xas.xa_index; _ Patches currently in -mm which might be from chizhiling(a)kylinos.cn are

2 days

1
0
0 0

VMware Workstation Pro w/ recent Kernel-6.15.4

by Christopher Turcotte

Good morning I'm hoping for a resolution to an issue I'm currently having with the latest kernel release and Workstation Pro (Free Edition). Every time I try to open Workstation, it's prompting me to reinstall modules that ultimately fail (see screenshots). Also see the attached log file. After doing some research, I see the issue is that several header files are missing. I've tried to manually compile and install original modules, but with no success. I'm still faced with an incompatibility issue and the latest kernel. This problem does not occur when I switch back to kernel 6.14. I'm currently running the latest kernel (6.15.4) on Fedora 42. My hardware specs: CPU: AMD Ryzen 7840U Memory: Crucial 96 GB 5600 DDR5 [Screenshot From 2025-07-08 16-53-52.png][Screenshot From 2025-07-08 16-54-06.png],

2 days, 1 hour

3
2
0 0

[PATCH 6.15 000/178] 6.15.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.6 release. There are 178 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.6-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov <bp(a)alien8.de> KVM: x86: Sort CPUID_8000_0021_EAX leaf bits properly Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Jeongjun Park <aha310510(a)gmail.com> mm/vmalloc: fix data race in show_numa_info() Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Vivian Wang <wangruikang(a)iscas.ac.cn> riscv: cpu_ops_sbi: Use static array for boot_data Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Assign devtlb cache tag on ATS enablement Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Jens Wiklander <jens.wiklander(a)linaro.org> optee: ffa: fix sleep in atomic context Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: i2c: realtek,rtl9301: Fix missing 'reg' constraint Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Shyam Prasad N <sprasad(a)microsoft.com> cifs: all initializations for tcon should happen in tcon_info_alloc Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: acpi: fix device link removal Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume SCHNEIDER Johannes <johannes.schneider(a)leica-geosystems.com> usb: dwc3: gadget: Fix TRB reclaim logic for short transfers and ZLPs Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix memory corruption of input_handler_list Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Roy Luo <royluo(a)google.com> Revert "usb: xhci: Implement xhci_handshake_check_state() helper" Roy Luo <royluo(a)google.com> usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Gyeyoung Baek <gye976(a)gmail.com> genirq/irq_sim: Initialize work context pointers properly Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Jake Hillion <jake(a)hillion.co.uk> x86/platform/amd: move final timeout check to after final sleep Harry Austen <hpausten(a)protonmail.com> drm/xe: Allow dropping kunit dependency as built-in David Howells <dhowells(a)redhat.com> netfs: Fix double put of request Paulo Alcantara <pc(a)manguebit.org> smb: client: fix native SMB symlink traversal Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Antoine Tenart <atenart(a)kernel.org> net: ipv4: fix stat increase when udp early demux drops the packet Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_22019338487 Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_14022085890 Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Split xe_device_td_flush() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/guc_pc: Add _locked variant for min/max freq John Harrison <John.C.Harrison(a)Intel.com> drm/xe/guc: Enable w/a 16026508708 David Howells <dhowells(a)redhat.com> netfs: Fix i_size updating Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_writev_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_readv_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in smb2_writev_callback() David Howells <dhowells(a)redhat.com> netfs: Fix ref leak on inserted extra subreq in write retry David Howells <dhowells(a)redhat.com> netfs: Fix looping in wait functions David Howells <dhowells(a)redhat.com> netfs: Fix hang due to missing case in final DIO read result collection Jia Yao <jia.yao(a)intel.com> drm/xe: Fix out-of-bounds field write in MI_STORE_DATA_IMM Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: convert control queue mutex to a spinlock Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> idpf: return 0 size for RSS key if not supported Geliang Tang <geliang(a)kernel.org> nvme-multipath: fix suspicious RCU usage warning Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Marko Kiiskila <marko.kiiskila(a)broadcom.com> drm/vmwgfx: Fix guests running with TDX/SEV Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: aux-hpd-bridge: fix assignment of the of_node Dmitry Baryshkov <lumag(a)kernel.org> drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Eugen Hristev <eugen.hristev(a)linaro.org> nvme-pci: refresh visible attrs after being checked Dmitry Bogdanov <d.bogdanov(a)yadro.com> nvmet: fix memory leak of bio integrity Alok Tiwari <alok.a.tiwari(a)oracle.com> nvme: Fix incorrect cdw15 value in passthru error logging Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: reallocate BAM transactions Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: record new subvolume in parent dir earlier to avoid dir logging races Filipe Manana <fdmanana(a)suse.com> btrfs: fix inode lookup error handling during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix failure to rebuild free space tree using multiple transactions Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Armin Wolf <W_Armin(a)gmx.de> platform/x86: wmi: Fix WMI event enablement Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Or Har-Toov <ohartoov(a)nvidia.com> IB/mlx5: Fix potential deadlock in MR deregistration Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Christoph Hellwig <hch(a)lst.de> scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set jackysliu <1972843537(a)qq.com> scsi: sd: Fix VPD page 0xb7 length check Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Sven Peter <sven(a)kernel.org> arm64: dts: apple: Move touchbar mipi {address,size}-cells from dtsi to dts Sven Peter <sven(a)kernel.org> arm64: dts: apple: Drop {address,size}-cells from SPI NOR Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Arnd Bergmann <arnd(a)arndb.de> RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup Tudor Ambarus <tudor.ambarus(a)linaro.org> firmware: exynos-acpm: fix timeouts on xfers handling Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Fix the missing entry in struct ffa_indirect_msg_hdr Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Move memory allocation outside the mutex locking Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Fix memory leak by freeing notifier callback node Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Christian Brauner <brauner(a)kernel.org> anon_inode: rework assertions Yunshui Jiang <jiangyunshui(a)kylinos.cn> Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Christian Eggers <ceggers(a)arri.de> Bluetooth: HCI: Set extended advertising data synchronously Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: core: Adjust some error messages for SD UHS-II cards Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-uhs2: Adjust some error messages and register dump for SD UHS-II card Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Darrick J. Wong <djwong(a)kernel.org> xfs: actually use the xfs_growfs_check_rtgeom tracepoint Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the incorrect display of the queue number Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Add asserts testing global mfd Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Add missing close(mfd) in memfd_mmap() HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: request MISC IRQ in ndo_open Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: net: sophgo,sg2044-dwmac: Drop status from the example Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: xsk: rx: fix the frame's length check Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 ++ .../bindings/i2c/realtek,rtl9301-i2c.yaml | 3 +- .../bindings/net/sophgo,sg2044-dwmac.yaml | 3 +- Makefile | 4 +- arch/arm64/boot/dts/apple/spi1-nvram.dtsi | 2 - arch/arm64/boot/dts/apple/t8103-j293.dts | 2 + arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/apple/t8103.dtsi | 2 - arch/arm64/boot/dts/apple/t8112-j493.dts | 2 + arch/arm64/boot/dts/apple/t8112.dtsi | 2 - arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/riscv/kernel/cpu_ops_sbi.c | 6 +- arch/s390/pci/pci_event.c | 15 ++ arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpufeatures.h | 5 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mwait.h | 28 ++- arch/x86/include/asm/nospec-branch.h | 37 +-- arch/x86/kernel/cpu/amd.c | 44 ++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 +- arch/x86/kvm/cpuid.c | 15 +- arch/x86/kvm/reverse_cpuid.h | 7 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/libata-acpi.c | 24 +- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/firmware/arm_ffa/driver.c | 71 +++--- drivers/firmware/samsung/exynos-acpm.c | 27 +-- drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 +- drivers/gpu/drm/bridge/panel.c | 5 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 ++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- drivers/gpu/drm/xe/Kconfig | 3 +- drivers/gpu/drm/xe/abi/guc_klvs_abi.h | 1 + drivers/gpu/drm/xe/xe_device.c | 72 +++--- drivers/gpu/drm/xe/xe_guc_ads.c | 5 + drivers/gpu/drm/xe/xe_guc_pc.c | 249 ++++++++++++++++----- drivers/gpu/drm/xe/xe_guc_pc.h | 2 + drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 + drivers/gpu/drm/xe/xe_migrate.c | 18 +- drivers/gpu/drm/xe/xe_wa_oob.rules | 6 + drivers/hid/hid-appletb-kbd.c | 14 +- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 10 +- drivers/infiniband/hw/mlx5/main.c | 33 +++ drivers/infiniband/hw/mlx5/mr.c | 61 +++-- drivers/infiniband/hw/mlx5/odp.c | 8 +- drivers/input/joystick/xpad.c | 2 + drivers/input/misc/cs40l50-vibra.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/intel/cache.c | 5 +- drivers/iommu/intel/iommu.c | 11 +- drivers/iommu/intel/iommu.h | 2 + drivers/iommu/rockchip-iommu.c | 3 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/core/sd_uhs2.c | 4 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci-uhs2.c | 20 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 ++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 ++ drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++++-- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 ++- drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 +- .../net/ethernet/intel/idpf/idpf_controlq_api.h | 2 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 ++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 + drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 +- drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 60 ++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/multipath.c | 3 +- drivers/nvme/host/pci.c | 6 +- drivers/nvme/target/nvmet.h | 2 + drivers/platform/mellanox/mlxbf-pmc.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/hsmp/hsmp.c | 6 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 4 +- drivers/platform/x86/think-lmi.c | 94 +++----- drivers/platform/x86/wmi.c | 16 +- drivers/powercap/intel_rapl_common.c | 18 +- drivers/regulator/fan53555.c | 14 ++ drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/hosts.c | 18 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/sd.c | 2 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/spi/spi-qpic-snand.c | 16 ++ drivers/target/target_core_pr.c | 4 +- drivers/tee/optee/ffa_abi.c | 41 +++- drivers/tee/optee/optee_private.h | 2 + drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-debug.h | 5 +- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.h | 6 + drivers/usb/cdns3/cdnsp-ring.c | 7 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/hub.c | 3 + drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb-acpi.c | 4 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 24 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 +++ drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/host/xhci.c | 31 +-- drivers/usb/host/xhci.h | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- fs/anon_inodes.c | 23 +- fs/btrfs/block-group.h | 2 + fs/btrfs/free-space-tree.c | 40 ++++ fs/btrfs/inode.c | 36 +-- fs/btrfs/ioctl.c | 4 +- fs/btrfs/tree-log.c | 137 ++++++------ fs/exec.c | 9 +- fs/libfs.c | 8 +- fs/namei.c | 2 +- fs/netfs/buffered_write.c | 2 + fs/netfs/direct_write.c | 8 +- fs/netfs/misc.c | 26 ++- fs/netfs/write_retry.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 120 +++++++--- fs/nfs/inode.c | 17 +- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifsproto.h | 1 + fs/smb/client/cifssmb.c | 2 + fs/smb/client/connect.c | 15 +- fs/smb/client/fs_context.c | 17 +- fs/smb/client/misc.c | 6 + fs/smb/client/readdir.c | 2 +- fs/smb/client/reparse.c | 22 +- fs/smb/client/smb2pdu.c | 11 +- fs/xfs/xfs_rtalloc.c | 2 + include/linux/arm_ffa.h | 1 + include/linux/cpu.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/libata.h | 7 +- include/linux/usb.h | 2 + include/linux/usb/typec_dp.h | 1 + include/trace/events/netfs.h | 1 + kernel/irq/irq_sim.c | 2 +- kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- mm/secretmem.c | 9 +- mm/vmalloc.c | 63 +++--- net/bluetooth/hci_event.c | 36 --- net/bluetooth/hci_sync.c | 227 +++++++++++-------- net/bluetooth/mgmt.c | 25 ++- net/ipv4/ip_input.c | 7 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ tools/testing/selftests/iommu/iommufd.c | 32 ++- tools/testing/selftests/iommu/iommufd_utils.h | 9 +- 212 files changed, 2312 insertions(+), 986 deletions(-)

2 days, 1 hour

14
194
0 0

[merged mm-hotfixes-stable] mm-fix-the-inaccurate-memory-statistics-issue-for-users.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix the inaccurate memory statistics issue for users has been removed from the -mm tree. Its filename was mm-fix-the-inaccurate-memory-statistics-issue-for-users.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Subject: mm: fix the inaccurate memory statistics issue for users Date: Thu, 5 Jun 2025 20:58:29 +0800 On some large machines with a high number of CPUs running a 64K pagesize kernel, we found that the 'RES' field is always 0 displayed by the top command for some processes, which will cause a lot of confusion for users. PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 875525 root 20 0 12480 0 0 R 0.3 0.0 0:00.08 top 1 root 20 0 172800 0 0 S 0.0 0.0 0:04.52 systemd The main reason is that the batch size of the percpu counter is quite large on these machines, caching a significant percpu value, since converting mm's rss stats into percpu_counter by commit f1a7941243c1 ("mm: convert mm's rss stats into percpu_counter"). Intuitively, the batch number should be optimized, but on some paths, performance may take precedence over statistical accuracy. Therefore, introducing a new interface to add the percpu statistical count and display it to users, which can remove the confusion. In addition, this change is not expected to be on a performance-critical path, so the modification should be acceptable. In addition, the 'mm->rss_stat' is updated by using add_mm_counter() and dec/inc_mm_counter(), which are all wrappers around percpu_counter_add_batch(). In percpu_counter_add_batch(), there is percpu batch caching to avoid 'fbc->lock' contention. This patch changes task_mem() and task_statm() to get the accurate mm counters under the 'fbc->lock', but this should not exacerbate kernel 'mm->rss_stat' lock contention due to the percpu batch caching of the mm counters. The following test also confirm the theoretical analysis. I run the stress-ng that stresses anon page faults in 32 threads on my 32 cores machine, while simultaneously running a script that starts 32 threads to busy-loop pread each stress-ng thread's /proc/pid/status interface. From the following data, I did not observe any obvious impact of this patch on the stress-ng tests. w/o patch: stress-ng: info: [6848] 4,399,219,085,152 CPU Cycles 67.327 B/sec stress-ng: info: [6848] 1,616,524,844,832 Instructions 24.740 B/sec (0.367 instr. per cycle) stress-ng: info: [6848] 39,529,792 Page Faults Total 0.605 M/sec stress-ng: info: [6848] 39,529,792 Page Faults Minor 0.605 M/sec w/patch: stress-ng: info: [2485] 4,462,440,381,856 CPU Cycles 68.382 B/sec stress-ng: info: [2485] 1,615,101,503,296 Instructions 24.750 B/sec (0.362 instr. per cycle) stress-ng: info: [2485] 39,439,232 Page Faults Total 0.604 M/sec stress-ng: info: [2485] 39,439,232 Page Faults Minor 0.604 M/sec On comparing a very simple app which just allocates & touches some memory against v6.1 (which doesn't have f1a7941243c1) and latest Linus tree (4c06e63b9203) I can see that on latest Linus tree the values for VmRSS, RssAnon and RssFile from /proc/self/status are all zeroes while they do report values on v6.1 and a Linus tree with this patch. Link: https://lkml.kernel.org/r/f4586b17f66f97c174f7fd1f8647374fdb53de1c.17491190… Fixes: f1a7941243c1 ("mm: convert mm's rss stats into percpu_counter") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reviewed-by: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Tested-by: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Tested-by Donet Tom <donettom(a)linux.ibm.com> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Acked-by: SeongJae Park <sj(a)kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: David Hildenbrand <david(a)redhat.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 14 +++++++------- include/linux/mm.h | 5 +++++ 2 files changed, 12 insertions(+), 7 deletions(-) --- a/fs/proc/task_mmu.c~mm-fix-the-inaccurate-memory-statistics-issue-for-users +++ a/fs/proc/task_mmu.c @@ -36,9 +36,9 @@ void task_mem(struct seq_file *m, struct unsigned long text, lib, swap, anon, file, shmem; unsigned long hiwater_vm, total_vm, hiwater_rss, total_rss; - anon = get_mm_counter(mm, MM_ANONPAGES); - file = get_mm_counter(mm, MM_FILEPAGES); - shmem = get_mm_counter(mm, MM_SHMEMPAGES); + anon = get_mm_counter_sum(mm, MM_ANONPAGES); + file = get_mm_counter_sum(mm, MM_FILEPAGES); + shmem = get_mm_counter_sum(mm, MM_SHMEMPAGES); /* * Note: to minimize their overhead, mm maintains hiwater_vm and @@ -59,7 +59,7 @@ void task_mem(struct seq_file *m, struct text = min(text, mm->exec_vm << PAGE_SHIFT); lib = (mm->exec_vm << PAGE_SHIFT) - text; - swap = get_mm_counter(mm, MM_SWAPENTS); + swap = get_mm_counter_sum(mm, MM_SWAPENTS); SEQ_PUT_DEC("VmPeak:\t", hiwater_vm); SEQ_PUT_DEC(" kB\nVmSize:\t", total_vm); SEQ_PUT_DEC(" kB\nVmLck:\t", mm->locked_vm); @@ -92,12 +92,12 @@ unsigned long task_statm(struct mm_struc unsigned long *shared, unsigned long *text, unsigned long *data, unsigned long *resident) { - *shared = get_mm_counter(mm, MM_FILEPAGES) + - get_mm_counter(mm, MM_SHMEMPAGES); + *shared = get_mm_counter_sum(mm, MM_FILEPAGES) + + get_mm_counter_sum(mm, MM_SHMEMPAGES); *text = (PAGE_ALIGN(mm->end_code) - (mm->start_code & PAGE_MASK)) >> PAGE_SHIFT; *data = mm->data_vm + mm->stack_vm; - *resident = *shared + get_mm_counter(mm, MM_ANONPAGES); + *resident = *shared + get_mm_counter_sum(mm, MM_ANONPAGES); return mm->total_vm; } --- a/include/linux/mm.h~mm-fix-the-inaccurate-memory-statistics-issue-for-users +++ a/include/linux/mm.h @@ -2568,6 +2568,11 @@ static inline unsigned long get_mm_count return percpu_counter_read_positive(&mm->rss_stat[member]); } +static inline unsigned long get_mm_counter_sum(struct mm_struct *mm, int member) +{ + return percpu_counter_sum_positive(&mm->rss_stat[member]); +} + void mm_trace_rss_stat(struct mm_struct *mm, int member); static inline void add_mm_counter(struct mm_struct *mm, int member, long value) _ Patches currently in -mm which might be from baolin.wang(a)linux.alibaba.com are selftests-khugepaged-fix-the-shmem-collapse-failure.patch selftests-mm-add-shmem-collapse-as-a-default-test-item.patch mm-huge_memory-fix-the-check-for-allowed-huge-orders-in-shmem.patch khugepaged-allow-khugepaged-to-check-all-anonymous-mthp-orders.patch khugepaged-kick-khugepaged-for-enabling-none-pmd-sized-mthps.patch mm-fault-in-complete-folios-instead-of-individual-pages-for-tmpfs.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-fix-divide-by-zero-in-damon_get_intervals_score.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon: fix divide by zero in damon_get_intervals_score() has been removed from the -mm tree. Its filename was mm-damon-fix-divide-by-zero-in-damon_get_intervals_score.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: mm/damon: fix divide by zero in damon_get_intervals_score() Date: Wed, 2 Jul 2025 09:02:04 +0900 The current implementation allows having zero size regions with no special reasons, but damon_get_intervals_score() gets crashed by divide by zero when the region size is zero. [ 29.403950] Oops: divide error: 0000 [#1] SMP NOPTI This patch fixes the bug, but does not disallow zero size regions to keep the backward compatibility since disallowing zero size regions might be a breaking change for some users. In addition, the same crash can happen when intervals_goal.access_bp is zero so this should be fixed in stable trees as well. Link: https://lkml.kernel.org/r/20250702000205.1921-5-honggyu.kim@sk.com Fixes: f04b0fedbe71 ("mm/damon/core: implement intervals auto-tuning") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/core.c~mm-damon-fix-divide-by-zero-in-damon_get_intervals_score +++ a/mm/damon/core.c @@ -1449,6 +1449,7 @@ static unsigned long damon_get_intervals } } target_access_events = max_access_events * goal_bp / 10000; + target_access_events = target_access_events ? : 1; return access_events * 10000 / target_access_events; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-mtier-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample mtier for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-mtier-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample mtier for start failure Date: Wed, 2 Jul 2025 09:02:03 +0900 The damon_sample_mtier_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the similar crash with mtier because damon sample start failed but the "enable" stays as Y. Link: https://lkml.kernel.org/r/20250702000205.1921-4-honggyu.kim@sk.com Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/mtier.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/mtier.c~samples-damon-fix-damon-sample-mtier-for-start-failure +++ a/samples/damon/mtier.c @@ -164,8 +164,12 @@ static int damon_sample_mtier_enable_sto if (enable == enabled) return 0; - if (enable) - return damon_sample_mtier_start(); + if (enable) { + err = damon_sample_mtier_start(); + if (err) + enable = false; + return err; + } damon_sample_mtier_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-wsse-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample wsse for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-wsse-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample wsse for start failure Date: Wed, 2 Jul 2025 09:02:02 +0900 The damon_sample_wsse_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the similar crash with wsse because damon sample start failed but the "enable" stays as Y. Link: https://lkml.kernel.org/r/20250702000205.1921-3-honggyu.kim@sk.com Fixes: b757c6cfc696 ("samples/damon/wsse: start and stop DAMON as the user requests") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/wsse.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/wsse.c~samples-damon-fix-damon-sample-wsse-for-start-failure +++ a/samples/damon/wsse.c @@ -102,8 +102,12 @@ static int damon_sample_wsse_enable_stor if (enable == enabled) return 0; - if (enable) - return damon_sample_wsse_start(); + if (enable) { + err = damon_sample_wsse_start(); + if (err) + enable = false; + return err; + } damon_sample_wsse_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-prcl-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample prcl for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-prcl-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample prcl for start failure Date: Wed, 2 Jul 2025 09:02:01 +0900 Patch series "mm/damon: fix divide by zero and its samples", v3. This series includes fixes against damon and its samples to make it safer when damon sample starting fails. It includes the following changes. - fix unexpected divide by zero crash for zero size regions - fix bugs for damon samples in case of start failures This patch (of 4): The damon_sample_prcl_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the following crash because damon sample start failed but the "enable" stays as Y. [ 2441.419649] damon_sample_prcl: start [ 2454.146817] damon_sample_prcl: stop [ 2454.146862] ------------[ cut here ]------------ [ 2454.146865] kernel BUG at mm/slub.c:546! [ 2454.148183] Oops: invalid opcode: 0000 [#1] SMP NOPTI ... [ 2454.167555] Call Trace: [ 2454.167822] <TASK> [ 2454.168061] damon_destroy_ctx+0x78/0x140 [ 2454.168454] damon_sample_prcl_enable_store+0x8d/0xd0 [ 2454.168932] param_attr_store+0xa1/0x120 [ 2454.169315] module_attr_store+0x20/0x50 [ 2454.169695] sysfs_kf_write+0x72/0x90 [ 2454.170065] kernfs_fop_write_iter+0x150/0x1e0 [ 2454.170491] vfs_write+0x315/0x440 [ 2454.170833] ksys_write+0x69/0xf0 [ 2454.171162] __x64_sys_write+0x19/0x30 [ 2454.171525] x64_sys_call+0x18b2/0x2700 [ 2454.171900] do_syscall_64+0x7f/0x680 [ 2454.172258] ? exit_to_user_mode_loop+0xf6/0x180 [ 2454.172694] ? clear_bhb_loop+0x30/0x80 [ 2454.173067] ? clear_bhb_loop+0x30/0x80 [ 2454.173439] entry_SYSCALL_64_after_hwframe+0x76/0x7e Link: https://lkml.kernel.org/r/20250702000205.1921-1-honggyu.kim@sk.com Link: https://lkml.kernel.org/r/20250702000205.1921-2-honggyu.kim@sk.com Fixes: 2aca254620a8 ("samples/damon: introduce a skeleton of a smaple DAMON module for proactive reclamation") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/prcl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/prcl.c~samples-damon-fix-damon-sample-prcl-for-start-failure +++ a/samples/damon/prcl.c @@ -122,8 +122,12 @@ static int damon_sample_prcl_enable_stor if (enable == enabled) return 0; - if (enable) - return damon_sample_prcl_start(); + if (enable) { + err = damon_sample_prcl_start(); + if (err) + enable = false; + return err; + } damon_sample_prcl_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kasan: remove kasan_find_vm_area() to prevent possible deadlock has been removed from the -mm tree. Its filename was kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yeoreum Yun <yeoreum.yun(a)arm.com> Subject: kasan: remove kasan_find_vm_area() to prevent possible deadlock Date: Thu, 3 Jul 2025 19:10:18 +0100 find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock! To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). Link: https://lkml.kernel.org/r/20250703181018.580833-1-yeoreum.yun@arm.com Fixes: c056a364e954 ("kasan: print virtual mapping info in reports") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Reported-by: Yunseong Kim <ysk(a)kzalloc.com> Reviewed-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/report.c | 45 +------------------------------------------- 1 file changed, 2 insertions(+), 43 deletions(-) --- a/mm/kasan/report.c~kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock +++ a/mm/kasan/report.c @@ -370,36 +370,6 @@ static inline bool init_task_stack_addr( sizeof(init_thread_union.stack)); } -/* - * This function is invoked with report_lock (a raw_spinlock) held. A - * PREEMPT_RT kernel cannot call find_vm_area() as it will acquire a sleeping - * rt_spinlock. - * - * For !RT kernel, the PROVE_RAW_LOCK_NESTING config option will print a - * lockdep warning for this raw_spinlock -> spinlock dependency. This config - * option is enabled by default to ensure better test coverage to expose this - * kind of RT kernel problem. This lockdep splat, however, can be suppressed - * by using DEFINE_WAIT_OVERRIDE_MAP() if it serves a useful purpose and the - * invalid PREEMPT_RT case has been taken care of. - */ -static inline struct vm_struct *kasan_find_vm_area(void *addr) -{ - static DEFINE_WAIT_OVERRIDE_MAP(vmalloc_map, LD_WAIT_SLEEP); - struct vm_struct *va; - - if (IS_ENABLED(CONFIG_PREEMPT_RT)) - return NULL; - - /* - * Suppress lockdep warning and fetch vmalloc area of the - * offending address. - */ - lock_map_acquire_try(&vmalloc_map); - va = find_vm_area(addr); - lock_map_release(&vmalloc_map); - return va; -} - static void print_address_description(void *addr, u8 tag, struct kasan_report_info *info) { @@ -429,19 +399,8 @@ static void print_address_description(vo } if (is_vmalloc_addr(addr)) { - struct vm_struct *va = kasan_find_vm_area(addr); - - if (va) { - pr_err("The buggy address belongs to the virtual mapping at\n" - " [%px, %px) created by:\n" - " %pS\n", - va->addr, va->addr + va->size, va->caller); - pr_err("\n"); - - page = vmalloc_to_page(addr); - } else { - pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); - } + pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); + page = vmalloc_to_page(addr); } if (page) { _ Patches currently in -mm which might be from yeoreum.yun(a)arm.com are

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-vfs-support-external-dentry-names.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts: gdb: vfs: support external dentry names has been removed from the -mm tree. Its filename was scripts-gdb-vfs-support-external-dentry-names.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Illia Ostapyshyn <illia(a)yshyn.com> Subject: scripts: gdb: vfs: support external dentry names Date: Sun, 29 Jun 2025 02:38:11 +0200 d_shortname of struct dentry only reserves D_NAME_INLINE_LEN characters and contains garbage for longer names. Use d_name instead, which always references the valid name. Link: https://lore.kernel.org/all/20250525213709.878287-2-illia@yshyn.com/ Link: https://lkml.kernel.org/r/20250629003811.2420418-1-illia@yshyn.com Fixes: 79300ac805b6 ("scripts/gdb: fix dentry_name() lookup") Signed-off-by: Illia Ostapyshyn <illia(a)yshyn.com> Tested-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/vfs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/vfs.py~scripts-gdb-vfs-support-external-dentry-names +++ a/scripts/gdb/linux/vfs.py @@ -22,7 +22,7 @@ def dentry_name(d): if parent == d or parent == 0: return "" p = dentry_name(d['d_parent']) + "/" - return p + d['d_shortname']['string'].string() + return p + d['d_name']['name'].string() class DentryName(gdb.Function): """Return string of the full path of a dentry. _ Patches currently in -mm which might be from illia(a)yshyn.com are

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: handle damon_call_control as normal under kdmond deactivation has been removed from the -mm tree. Its filename was mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: handle damon_call_control as normal under kdmond deactivation Date: Sun, 29 Jun 2025 13:49:14 -0700 DAMON sysfs interface internally uses damon_call() to update DAMON parameters as users requested, online. However, DAMON core cancels any damon_call() requests when it is deactivated by DAMOS watermarks. As a result, users cannot change DAMON parameters online while DAMON is deactivated. Note that users can turn DAMON off and on with different watermarks to work around. Since deactivated DAMON is nearly same to stopped DAMON, the work around should have no big problem. Anyway, a bug is a bug. There is no real good reason to cancel the damon_call() request under DAMOS deactivation. Fix it by simply handling the request as normal, rather than cancelling under the situation. Link: https://lkml.kernel.org/r/20250629204914.54114-1-sj@kernel.org Fixes: 42b7491af14c ("mm/damon/core: introduce damon_call()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/damon/core.c~mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation +++ a/mm/damon/core.c @@ -2355,9 +2355,8 @@ static void kdamond_usleep(unsigned long * * If there is a &struct damon_call_control request that registered via * &damon_call() on @ctx, do or cancel the invocation of the function depending - * on @cancel. @cancel is set when the kdamond is deactivated by DAMOS - * watermarks, or the kdamond is already out of the main loop and therefore - * will be terminated. + * on @cancel. @cancel is set when the kdamond is already out of the main loop + * and therefore will be terminated. */ static void kdamond_call(struct damon_ctx *ctx, bool cancel) { @@ -2405,7 +2404,7 @@ static int kdamond_wait_activation(struc if (ctx->callback.after_wmarks_check && ctx->callback.after_wmarks_check(ctx)) break; - kdamond_call(ctx, true); + kdamond_call(ctx, false); damos_walk_cancel(ctx); } return -EBUSY; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-introduce-damon_stat-module.patch mm-damon-introduce-damon_stat-module-fix.patch mm-damon-introduce-damon_stat-module-fix-2.patch mm-damon-stat-calculate-and-expose-estimated-memory-bandwidth.patch mm-damon-stat-calculate-and-expose-idle-time-percentiles.patch docs-admin-guide-mm-damon-add-damon_stat-usage-document.patch mm-damon-paddr-use-alloc_migartion_target-with-no-migration-fallback-nodemask.patch revert-mm-rename-alloc_demote_folio-to-alloc_migrate_folio.patch revert-mm-make-alloc_demote_folio-externally-invokable-for-migration.patch selftets-damon-add-a-test-for-memcg_path-leak.patch mm-damon-sysfs-schemes-decouple-from-damos_quota_goal_metric.patch mm-damon-sysfs-schemes-decouple-from-damos_action.patch mm-damon-sysfs-schemes-decouple-from-damos_wmark_metric.patch mm-damon-sysfs-schemes-decouple-from-damos_filter_type.patch mm-damon-sysfs-decouple-from-damon_ops_id.patch selftests-damon-add-drgn-script-for-extracting-damon-status.patch selftests-damon-_damon_sysfs-set-kdamondpid-in-start.patch selftests-damon-add-python-and-drgn-based-damon-sysfs-test.patch selftests-damon-sysfspy-test-monitoring-attribute-parameters.patch selftests-damon-sysfspy-test-adaptive-targets-parameter.patch selftests-damon-sysfspy-test-damos-schemes-parameters-setup.patch mm-damon-add-trace-event-for-auto-tuned-monitoring-intervals.patch mm-damon-add-trace-event-for-effective-size-quota.patch mm-damon-add-trace-event-for-effective-size-quota-fix.patch mm-damon-add-trace-event-for-effective-size-quota-fix-2.patch samples-damon-wsse-fix-boot-time-enable-handling.patch samples-damon-prcl-fix-boot-time-enable-crash.patch samples-damon-mtier-support-boot-time-enable-setup.patch mm-damon-reclaim-reset-enabled-when-damon-start-failed.patch mm-damon-lru_sort-reset-enabled-when-damon-start-failed.patch mm-damon-reclaim-use-parameter-context-correctly.patch samples-damon-wsse-rename-to-have-damon_sample_-prefix.patch samples-damon-prcl-rename-to-have-damon_sample_-prefix.patch samples-damon-mtier-rename-to-have-damon_sample_-prefix.patch mm-damon-sysfs-use-damon-core-api-damon_is_running.patch mm-damon-sysfs-dont-hold-kdamond_lock-in-before_terminate.patch docs-mm-damon-maintainer-profile-update-for-mm-new-tree.patch mm-damon-add-struct-damos_migrate_dests.patch mm-damon-core-add-damos-migrate_dests-field.patch mm-damon-sysfs-schemes-implement-damos-action-destinations-directory.patch mm-damon-sysfs-schemes-set-damos-migrate_dests.patch docs-abi-damon-document-schemes-dests-directory.patch docs-admin-guide-mm-damon-usage-document-dests-directory.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap has been removed from the -mm tree. Its filename was mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lance Yang <lance.yang(a)linux.dev> Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap Date: Fri, 27 Jun 2025 14:23:19 +0800 As pointed out by David[1], the batched unmap logic in try_to_unmap_one() may read past the end of a PTE table when a large folio's PTE mappings are not fully contained within a single page table. While this scenario might be rare, an issue triggerable from userspace must be fixed regardless of its likelihood. This patch fixes the out-of-bounds access by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper correctly calculates the safe batch size by capping the scan at both the VMA and PMD boundaries. To simplify the code, it also supports partial batching (i.e., any number of pages from 1 up to the calculated safe maximum), as there is no strong reason to special-case for fully mapped folios. Link: https://lkml.kernel.org/r/20250701143100.6970-1-lance.yang@linux.dev Link: https://lkml.kernel.org/r/20250630011305.23754-1-lance.yang@linux.dev Link: https://lkml.kernel.org/r/20250627062319.84936-1-lance.yang@linux.dev Link: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… [1] Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Signed-off-by: Lance Yang <lance.yang(a)linux.dev> Suggested-by: David Hildenbrand <david(a)redhat.com> Reported-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Suggested-by: Barry Song <baohua(a)kernel.org> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <huang.ying.caritas(a)gmail.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Lance Yang <lance.yang(a)linux.dev> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Mingzhe Yang <mingzhe.yang(a)ly.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) --- a/mm/rmap.c~mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap +++ a/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct foli if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ discard: hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: _ Patches currently in -mm which might be from lance.yang(a)linux.dev are locking-rwsem-make-owner-helpers-globally-available.patch hung_task-extend-hung-task-blocker-tracking-to-rwsems.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-de-reference-per-cpu-mce-interrupts.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: de-reference per-CPU MCE interrupts has been removed from the -mm tree. Its filename was scripts-gdb-de-reference-per-cpu-mce-interrupts.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: de-reference per-CPU MCE interrupts Date: Mon, 23 Jun 2025 20:00:19 -0700 The per-CPU MCE interrupts are looked up by reference and need to be de-referenced before printing, otherwise we print the addresses of the variables instead of their contents: MCE: 18379471554386948492 Machine check exceptions MCP: 18379471554386948488 Machine check polls The corrected output looks like this instead now: MCE: 0 Machine check exceptions MCP: 1 Machine check polls Link: https://lkml.kernel.org/r/20250625021109.1057046-1-florian.fainelli@broadco… Link: https://lkml.kernel.org/r/20250624030020.882472-1-florian.fainelli@broadcom… Fixes: b0969d7687a7 ("scripts/gdb: print interrupts") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/interrupts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-de-reference-per-cpu-mce-interrupts +++ a/scripts/gdb/linux/interrupts.py @@ -110,7 +110,7 @@ def x86_show_mce(prec, var, pfx, desc): pvar = gdb.parse_and_eval(var) text = "%*s: " % (prec, pfx) for cpu in cpus.each_online_cpu(): - text += "%10u " % (cpus.per_cpu(pvar, cpu)) + text += "%10u " % (cpus.per_cpu(pvar, cpu).dereference()) text += " %s\n" % (desc) return text _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-fix-interruptspy-after-maple-tree-conversion.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: fix interrupts.py after maple tree conversion has been removed from the -mm tree. Its filename was scripts-gdb-fix-interruptspy-after-maple-tree-conversion.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix interrupts.py after maple tree conversion Date: Tue, 24 Jun 2025 19:10:20 -0700 In commit 721255b9826b ("genirq: Use a maple tree for interrupt descriptor management"), the irq_desc_tree was replaced with a sparse_irqs tree using a maple tree structure. Since the script looked for the irq_desc_tree symbol which is no longer available, no interrupts would be printed and the script output would not be useful anymore. In addition to looking up the correct symbol (sparse_irqs), a new module (mapletree.py) is added whose mtree_load() implementation is largely copied after the C version and uses the same variable and intermediate function names wherever possible to ensure that both the C and Python version be updated in the future. This restores the scripts' output to match that of /proc/interrupts. Link: https://lkml.kernel.org/r/20250625021020.1056930-1-florian.fainelli@broadco… Fixes: 721255b9826b ("genirq: Use a maple tree for interrupt descriptor management") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: Shanker Donthineni <sdonthineni(a)nvidia.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/constants.py.in | 7 scripts/gdb/linux/interrupts.py | 12 - scripts/gdb/linux/mapletree.py | 252 ++++++++++++++++++++++++++++ scripts/gdb/linux/xarray.py | 28 +++ 4 files changed, 293 insertions(+), 6 deletions(-) --- a/scripts/gdb/linux/constants.py.in~scripts-gdb-fix-interruptspy-after-maple-tree-conversion +++ a/scripts/gdb/linux/constants.py.in @@ -20,6 +20,7 @@ #include <linux/of_fdt.h> #include <linux/page_ext.h> #include <linux/radix-tree.h> +#include <linux/maple_tree.h> #include <linux/slab.h> #include <linux/threads.h> #include <linux/vmalloc.h> @@ -93,6 +94,12 @@ LX_GDBPARSED(RADIX_TREE_MAP_SIZE) LX_GDBPARSED(RADIX_TREE_MAP_SHIFT) LX_GDBPARSED(RADIX_TREE_MAP_MASK) +/* linux/maple_tree.h */ +LX_VALUE(MAPLE_NODE_SLOTS) +LX_VALUE(MAPLE_RANGE64_SLOTS) +LX_VALUE(MAPLE_ARANGE64_SLOTS) +LX_GDBPARSED(MAPLE_NODE_MASK) + /* linux/vmalloc.h */ LX_VALUE(VM_IOREMAP) LX_VALUE(VM_ALLOC) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-fix-interruptspy-after-maple-tree-conversion +++ a/scripts/gdb/linux/interrupts.py @@ -7,7 +7,7 @@ import gdb from linux import constants from linux import cpus from linux import utils -from linux import radixtree +from linux import mapletree irq_desc_type = utils.CachedType("struct irq_desc") @@ -23,12 +23,12 @@ def irqd_is_level(desc): def show_irq_desc(prec, irq): text = "" - desc = radixtree.lookup(gdb.parse_and_eval("&irq_desc_tree"), irq) + desc = mapletree.mtree_load(gdb.parse_and_eval("&sparse_irqs"), irq) if desc is None: return text - desc = desc.cast(irq_desc_type.get_type()) - if desc is None: + desc = desc.cast(irq_desc_type.get_type().pointer()) + if desc == 0: return text if irq_settings_is_hidden(desc): @@ -221,8 +221,8 @@ class LxInterruptList(gdb.Command): gdb.write("CPU%-8d" % cpu) gdb.write("\n") - if utils.gdb_eval_or_none("&irq_desc_tree") is None: - return + if utils.gdb_eval_or_none("&sparse_irqs") is None: + raise gdb.GdbError("Unable to find the sparse IRQ tree, is CONFIG_SPARSE_IRQ enabled?") for irq in range(nr_irqs): gdb.write(show_irq_desc(prec, irq)) diff --git a/scripts/gdb/linux/mapletree.py a/scripts/gdb/linux/mapletree.py new file mode 100644 --- /dev/null +++ a/scripts/gdb/linux/mapletree.py @@ -0,0 +1,252 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Maple tree helpers +# +# Copyright (c) 2025 Broadcom +# +# Authors: +# Florian Fainelli <florian.fainelli(a)broadcom.com> + +import gdb + +from linux import utils +from linux import constants +from linux import xarray + +maple_tree_root_type = utils.CachedType("struct maple_tree") +maple_node_type = utils.CachedType("struct maple_node") +maple_enode_type = utils.CachedType("void") + +maple_dense = 0 +maple_leaf_64 = 1 +maple_range_64 = 2 +maple_arange_64 = 3 + +class Mas(object): + ma_active = 0 + ma_start = 1 + ma_root = 2 + ma_none = 3 + ma_pause = 4 + ma_overflow = 5 + ma_underflow = 6 + ma_error = 7 + + def __init__(self, mt, first, end): + if mt.type == maple_tree_root_type.get_type().pointer(): + self.tree = mt.dereference() + elif mt.type != maple_tree_root_type.get_type(): + raise gdb.GdbError("must be {} not {}" + .format(maple_tree_root_type.get_type().pointer(), mt.type)) + self.tree = mt + self.index = first + self.last = end + self.node = None + self.status = self.ma_start + self.min = 0 + self.max = -1 + + def is_start(self): + # mas_is_start() + return self.status == self.ma_start + + def is_ptr(self): + # mas_is_ptr() + return self.status == self.ma_root + + def is_none(self): + # mas_is_none() + return self.status == self.ma_none + + def root(self): + # mas_root() + return self.tree['ma_root'].cast(maple_enode_type.get_type().pointer()) + + def start(self): + # mas_start() + if self.is_start() is False: + return None + + self.min = 0 + self.max = ~0 + + while True: + self.depth = 0 + root = self.root() + if xarray.xa_is_node(root): + self.depth = 0 + self.status = self.ma_active + self.node = mte_safe_root(root) + self.offset = 0 + if mte_dead_node(self.node) is True: + continue + + return None + + self.node = None + # Empty tree + if root is None: + self.status = self.ma_none + self.offset = constants.LX_MAPLE_NODE_SLOTS + return None + + # Single entry tree + self.status = self.ma_root + self.offset = constants.LX_MAPLE_NODE_SLOTS + + if self.index != 0: + return None + + return root + + return None + + def reset(self): + # mas_reset() + self.status = self.ma_start + self.node = None + +def mte_safe_root(node): + if node.type != maple_enode_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(mte_safe_root.__name__, maple_enode_type.get_type().pointer(), node.type)) + ulong_type = utils.get_ulong_type() + indirect_ptr = node.cast(ulong_type) & ~0x2 + val = indirect_ptr.cast(maple_enode_type.get_type().pointer()) + return val + +def mte_node_type(entry): + ulong_type = utils.get_ulong_type() + val = None + if entry.type == maple_enode_type.get_type().pointer(): + val = entry.cast(ulong_type) + elif entry.type == ulong_type: + val = entry + else: + raise gdb.GdbError("{} must be {} not {}" + .format(mte_node_type.__name__, maple_enode_type.get_type().pointer(), entry.type)) + return (val >> 0x3) & 0xf + +def ma_dead_node(node): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(ma_dead_node.__name__, maple_node_type.get_type().pointer(), node.type)) + ulong_type = utils.get_ulong_type() + parent = node['parent'] + indirect_ptr = node['parent'].cast(ulong_type) & ~constants.LX_MAPLE_NODE_MASK + return indirect_ptr == node + +def mte_to_node(enode): + ulong_type = utils.get_ulong_type() + if enode.type == maple_enode_type.get_type().pointer(): + indirect_ptr = enode.cast(ulong_type) + elif enode.type == ulong_type: + indirect_ptr = enode + else: + raise gdb.GdbError("{} must be {} not {}" + .format(mte_to_node.__name__, maple_enode_type.get_type().pointer(), enode.type)) + indirect_ptr = indirect_ptr & ~constants.LX_MAPLE_NODE_MASK + return indirect_ptr.cast(maple_node_type.get_type().pointer()) + +def mte_dead_node(enode): + if enode.type != maple_enode_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(mte_dead_node.__name__, maple_enode_type.get_type().pointer(), enode.type)) + node = mte_to_node(enode) + return ma_dead_node(node) + +def ma_is_leaf(tp): + result = tp < maple_range_64 + return tp < maple_range_64 + +def mt_pivots(t): + if t == maple_dense: + return 0 + elif t == maple_leaf_64 or t == maple_range_64: + return constants.LX_MAPLE_RANGE64_SLOTS - 1 + elif t == maple_arange_64: + return constants.LX_MAPLE_ARANGE64_SLOTS - 1 + +def ma_pivots(node, t): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{}: must be {} not {}" + .format(ma_pivots.__name__, maple_node_type.get_type().pointer(), node.type)) + if t == maple_arange_64: + return node['ma64']['pivot'] + elif t == maple_leaf_64 or t == maple_range_64: + return node['mr64']['pivot'] + else: + return None + +def ma_slots(node, tp): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{}: must be {} not {}" + .format(ma_slots.__name__, maple_node_type.get_type().pointer(), node.type)) + if tp == maple_arange_64: + return node['ma64']['slot'] + elif tp == maple_range_64 or tp == maple_leaf_64: + return node['mr64']['slot'] + elif tp == maple_dense: + return node['slot'] + else: + return None + +def mt_slot(mt, slots, offset): + ulong_type = utils.get_ulong_type() + return slots[offset].cast(ulong_type) + +def mtree_lookup_walk(mas): + ulong_type = utils.get_ulong_type() + n = mas.node + + while True: + node = mte_to_node(n) + tp = mte_node_type(n) + pivots = ma_pivots(node, tp) + end = mt_pivots(tp) + offset = 0 + while True: + if pivots[offset] >= mas.index: + break + if offset >= end: + break + offset += 1 + + slots = ma_slots(node, tp) + n = mt_slot(mas.tree, slots, offset) + if ma_dead_node(node) is True: + mas.reset() + return None + break + + if ma_is_leaf(tp) is True: + break + + return n + +def mtree_load(mt, index): + ulong_type = utils.get_ulong_type() + # MT_STATE(...) + mas = Mas(mt, index, index) + entry = None + + while True: + entry = mas.start() + if mas.is_none(): + return None + + if mas.is_ptr(): + if index != 0: + entry = None + return entry + + entry = mtree_lookup_walk(mas) + if entry is None and mas.is_start(): + continue + else: + break + + if xarray.xa_is_zero(entry): + return None + + return entry diff --git a/scripts/gdb/linux/xarray.py a/scripts/gdb/linux/xarray.py new file mode 100644 --- /dev/null +++ a/scripts/gdb/linux/xarray.py @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Xarray helpers +# +# Copyright (c) 2025 Broadcom +# +# Authors: +# Florian Fainelli <florian.fainelli(a)broadcom.com> + +import gdb + +from linux import utils +from linux import constants + +def xa_is_internal(entry): + ulong_type = utils.get_ulong_type() + return ((entry.cast(ulong_type) & 3) == 2) + +def xa_mk_internal(v): + return ((v << 2) | 2) + +def xa_is_zero(entry): + ulong_type = utils.get_ulong_type() + return entry.cast(ulong_type) == xa_mk_internal(257) + +def xa_is_node(entry): + ulong_type = utils.get_ulong_type() + return xa_is_internal(entry) and (entry.cast(ulong_type) > 4096) _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-fix-mt_destroy_walk-on-root-leaf-node.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: fix mt_destroy_walk() on root leaf node has been removed from the -mm tree. Its filename was maple_tree-fix-mt_destroy_walk-on-root-leaf-node.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wei Yang <richard.weiyang(a)gmail.com> Subject: maple_tree: fix mt_destroy_walk() on root leaf node Date: Tue, 24 Jun 2025 15:18:40 -0400 On destroy, we should set each node dead. But current code miss this when the maple tree has only the root node. The reason is mt_destroy_walk() leverage mte_destroy_descend() to set node dead, but this is skipped since the only root node is a leaf. Fixes this by setting the node dead if it is a leaf. Link: https://lore.kernel.org/all/20250407231354.11771-1-richard.weiyang@gmail.co… Link: https://lkml.kernel.org/r/20250624191841.64682-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reviewed-by: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 1 + 1 file changed, 1 insertion(+) --- a/lib/maple_tree.c~maple_tree-fix-mt_destroy_walk-on-root-leaf-node +++ a/lib/maple_tree.c @@ -5319,6 +5319,7 @@ static void mt_destroy_walk(struct maple struct maple_enode *start; if (mte_is_leaf(enode)) { + mte_set_node_dead(enode); node->type = mte_node_type(enode); goto free_leaf; } _ Patches currently in -mm which might be from richard.weiyang(a)gmail.com are mm-migrate-remove-the-eexist-conversion-for-move_pages.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vmalloc: leave lazy MMU mode on PTE mapping error has been removed from the -mm tree. Its filename was mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: mm/vmalloc: leave lazy MMU mode on PTE mapping error Date: Mon, 23 Jun 2025 09:57:21 +0200 vmap_pages_pte_range() enters the lazy MMU mode, but fails to leave it in case an error is encountered. Link: https://lkml.kernel.org/r/20250623075721.2817094-1-agordeev@linux.ibm.com Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/r/202506132017.T1l1l6ME-lkp@intel.com/ Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error +++ a/mm/vmalloc.c @@ -514,6 +514,7 @@ static int vmap_pages_pte_range(pmd_t *p unsigned long end, pgprot_t prot, struct page **pages, int *nr, pgtbl_mod_mask *mask) { + int err = 0; pte_t *pte; /* @@ -530,12 +531,18 @@ static int vmap_pages_pte_range(pmd_t *p do { struct page *page = pages[*nr]; - if (WARN_ON(!pte_none(ptep_get(pte)))) - return -EBUSY; - if (WARN_ON(!page)) - return -ENOMEM; - if (WARN_ON(!pfn_valid(page_to_pfn(page)))) - return -EINVAL; + if (WARN_ON(!pte_none(ptep_get(pte)))) { + err = -EBUSY; + break; + } + if (WARN_ON(!page)) { + err = -ENOMEM; + break; + } + if (WARN_ON(!pfn_valid(page_to_pfn(page)))) { + err = -EINVAL; + break; + } set_pte_at(&init_mm, addr, pte, mk_pte(page, prot)); (*nr)++; @@ -543,7 +550,8 @@ static int vmap_pages_pte_range(pmd_t *p arch_leave_lazy_mmu_mode(); *mask |= PGTBL_PTE_MODIFIED; - return 0; + + return err; } static int vmap_pages_pmd_range(pud_t *pud, unsigned long addr, _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-fix-interrupts-display-after-mcp-on-x86.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: fix interrupts display after MCP on x86 has been removed from the -mm tree. Its filename was scripts-gdb-fix-interrupts-display-after-mcp-on-x86.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix interrupts display after MCP on x86 Date: Mon, 23 Jun 2025 09:41:52 -0700 The text line would not be appended to as it should have, it should have been a '+=' but ended up being a '==', fix that. Link: https://lkml.kernel.org/r/20250623164153.746359-1-florian.fainelli@broadcom… Fixes: b0969d7687a7 ("scripts/gdb: print interrupts") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/interrupts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-fix-interrupts-display-after-mcp-on-x86 +++ a/scripts/gdb/linux/interrupts.py @@ -142,7 +142,7 @@ def x86_show_interupts(prec): if constants.LX_CONFIG_X86_MCE: text += x86_show_mce(prec, "&mce_exception_count", "MCE", "Machine check exceptions") - text == x86_show_mce(prec, "&mce_poll_count", "MCP", "Machine check polls") + text += x86_show_mce(prec, "&mce_poll_count", "MCP", "Machine check polls") text += show_irq_err_count(prec) _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() has been removed from the -mm tree. Its filename was lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Harry Yoo <harry.yoo(a)oracle.com> Subject: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Date: Sat, 21 Jun 2025 04:53:05 +0900 alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock even when the alloc_tag_cttype is not allocated because: 1) alloc tagging is disabled because mem profiling is disabled (!alloc_tag_cttype) 2) alloc tagging is enabled, but not yet initialized (!alloc_tag_cttype) 3) alloc tagging is enabled, but failed initialization (!alloc_tag_cttype or IS_ERR(alloc_tag_cttype)) In all cases, alloc_tag_cttype is not allocated, and therefore alloc_tag_top_users() should not attempt to acquire the semaphore. This leads to a crash on memory allocation failure by attempting to acquire a non-existent semaphore: Oops: general protection fault, probably for non-canonical address 0xdffffc000000001b: 0000 [#3] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df] CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G D 6.16.0-rc2 #1 VOLUNTARY Tainted: [D]=DIE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:down_read_trylock+0xaa/0x3b0 Code: d0 7c 08 84 d2 0f 85 a0 02 00 00 8b 0d df 31 dd 04 85 c9 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 6b 68 48 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 88 02 00 00 48 3b 5b 68 0f 85 53 01 00 00 65 ff RSP: 0000:ffff8881002ce9b8 EFLAGS: 00010016 RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000000 RDX: 000000000000001b RSI: 000000000000000a RDI: 0000000000000070 RBP: 00000000000000d8 R08: 0000000000000001 R09: ffffed107dde49d1 R10: ffff8883eef24e8b R11: ffff8881002cec20 R12: 1ffff11020059d37 R13: 00000000003fff7b R14: ffff8881002cec20 R15: dffffc0000000000 FS: 00007f963f21d940(0000) GS:ffff888458ca6000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f963f5edf71 CR3: 000000010672c000 CR4: 0000000000350ef0 Call Trace: <TASK> codetag_trylock_module_list+0xd/0x20 alloc_tag_top_users+0x369/0x4b0 __show_mem+0x1cd/0x6e0 warn_alloc+0x2b1/0x390 __alloc_frozen_pages_noprof+0x12b9/0x21a0 alloc_pages_mpol+0x135/0x3e0 alloc_slab_page+0x82/0xe0 new_slab+0x212/0x240 ___slab_alloc+0x82a/0xe00 </TASK> As David Wang points out, this issue became easier to trigger after commit 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init"). Before the commit, the issue occurred only when it failed to allocate and initialize alloc_tag_cttype or if a memory allocation fails before alloc_tag_init() is called. After the commit, it can be easily triggered when memory profiling is compiled but disabled at boot. To properly determine whether alloc_tag_init() has been called and its data structures initialized, verify that alloc_tag_cttype is a valid pointer before acquiring the semaphore. If the variable is NULL or an error value, it has not been properly initialized. In such a case, just skip and do not attempt to acquire the semaphore. [harry.yoo(a)oracle.com: v3] Link: https://lkml.kernel.org/r/20250624072513.84219-1-harry.yoo@oracle.com Link: https://lkml.kernel.org/r/20250620195305.1115151-1-harry.yoo@oracle.com Fixes: 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init") Fixes: 1438d349d16b ("lib: add memory allocations report in show_mem()") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202506181351.bba867dd-lkp@intel.com Acked-by: Suren Baghdasaryan <surenb(a)google.com> Tested-by: Raghavendra K T <raghavendra.kt(a)amd.com> Cc: Casey Chen <cachen(a)purestorage.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Yuanyuan Zhong <yzhong(a)purestorage.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/alloc_tag.c | 3 +++ 1 file changed, 3 insertions(+) --- a/lib/alloc_tag.c~lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users +++ a/lib/alloc_tag.c @@ -135,6 +135,9 @@ size_t alloc_tag_top_users(struct codeta struct codetag_bytes n; unsigned int i, nr = 0; + if (IS_ERR_OR_NULL(alloc_tag_cttype)) + return 0; + if (can_sleep) codetag_lock_module_list(alloc_tag_cttype, true); else if (!codetag_trylock_module_list(alloc_tag_cttype)) _ Patches currently in -mm which might be from harry.yoo(a)oracle.com are mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary.patch

2 days, 2 hours

1
0
0 0

[merged mm-hotfixes-stable] kallsyms-fix-build-without-execinfo.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kallsyms: fix build without execinfo has been removed from the -mm tree. Its filename was kallsyms-fix-build-without-execinfo.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Achill Gilgenast <fossdd(a)pwned.life> Subject: kallsyms: fix build without execinfo Date: Sun, 22 Jun 2025 03:45:49 +0200 Some libc's like musl libc don't provide execinfo.h since it's not part of POSIX. In order to fix compilation on musl, only include execinfo.h if available (HAVE_BACKTRACE_SUPPORT) This was discovered with c104c16073b7 ("Kunit to check the longest symbol length") which starts to include linux/kallsyms.h with Alpine Linux' configs. Link: https://lkml.kernel.org/r/20250622014608.448718-1-fossdd@pwned.life Fixes: c104c16073b7 ("Kunit to check the longest symbol length") Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: Luis Henriques <luis(a)igalia.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) --- a/tools/include/linux/kallsyms.h~kallsyms-fix-build-without-execinfo +++ a/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_looku return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const ch free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif _ Patches currently in -mm which might be from fossdd(a)pwned.life are

2 days, 2 hours

1
0
0 0

[folded-merged] lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 has been removed from the -mm tree. Its filename was lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3.patch This patch was dropped because it was folded into lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch ------------------------------------------------------ From: Harry Yoo <harry.yoo(a)oracle.com> Subject: lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 Date: Tue, 24 Jun 2025 16:25:13 +0900 Link: https://lkml.kernel.org/r/20250624072513.84219-1-harry.yoo@oracle.com Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202506181351.bba867dd-lkp@intel.com Closes: https://lore.kernel.org/oe-lkp/202506131711.5b41931c-lkp@intel.com Fixes: 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init") Fixes: 1438d349d16b ("lib: add memory allocations report in show_mem()") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> Cc: Casey Chen <cachen(a)purestorage.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Yuanyuan Zhong <yzhong(a)purestorage.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/alloc_tag.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/lib/alloc_tag.c~lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 +++ a/lib/alloc_tag.c @@ -137,7 +137,8 @@ size_t alloc_tag_top_users(struct codeta if (IS_ERR_OR_NULL(alloc_tag_cttype)) return 0; - else if (can_sleep) + + if (can_sleep) codetag_lock_module_list(alloc_tag_cttype, true); else if (!codetag_trylock_module_list(alloc_tag_cttype)) return 0; _ Patches currently in -mm which might be from harry.yoo(a)oracle.com are lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary.patch

2 days, 2 hours

1
0
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Thu, 10 Jul 2025 11:36:59 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in", v5. The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio), !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (24 samples each): Before: Avg: 10.67s, stddev: 0.04 After patch 1: Avg: 10.49s, stddev: 0.04 After patch 2: Avg: 10.42s, stddev: 0.05 After patch 3: Avg: 10.45s, stddev: 0.05 After patch 4: Avg: 10.49s, stddev: 0.04 After patch 5: Avg: 9.67s, stddev: 0.03 After patch 6: Avg: 9.67s, stddev: 0.04 After patch 7: Avg: 9.68s, stddev: 0.05 After patch 8: Avg: 9.66s, stddev: 0.04 Several patches improve the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j48 with defconfig in a 768M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 test runs): Before: avg: 3353.66s, stddev: 33.73 After patch 1: avg: 3354.19s, stddev: 42.54 After patch 2: avg: 3364.16s, stddev: 52.74 After patch 3: avg: 3355.73s, stddev: 36.17 After patch 4: avg: 3352.78s, stddev: 39.80 After patch 5: avg: 3355.19s, stddev: 50.78 After patch 6: avg: 3333.63s, stddev: 32.50 After patch 7: avg: 3297.70s, stddev: 38.93 After patch 8: avg: 3302.35s, stddev: 50.61 This patch (of 8): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250710033706.71042-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250710033706.71042-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Dev Jain <dev.jain(a)arm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-tidy-up-thp-swapin-checks.patch mm-shmem-swap-tidy-up-swap-entry-splitting.patch mm-shmem-swap-never-use-swap-cache-and-readahead-for-swp_synchronous_io.patch mm-shmem-swap-simplify-swapin-path-and-result-handling.patch mm-shmem-swap-rework-swap-entry-and-index-calculation-for-large-swapin.patch mm-shmem-swap-fix-major-fault-counting.patch

2 days, 2 hours

1
0
0 0

[PATCH v5 1/8] mm/shmem, swap: improve cached mTHP handling and fix potential hung

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index 334b7b4a61a0..e3c9a1365ff4 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struct folio *folio, pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struct folio *folio, gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } -- 2.50.0

2 days, 3 hours

1
0
0 0

[PATCH v2] zynq_fpga: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of statterlists related calls. dma_unmap_sg() function has to be called with the number of elements originally passed to the dma_map_sg() function, not the one returned in sgtable's nents. CC: stable(a)vger.kernel.org Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v2: - fixed build break (missing flags parameter) --- drivers/fpga/zynq-fpga.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git drivers/fpga/zynq-fpga.c drivers/fpga/zynq-fpga.c index f7e08f7ea9ef..0be0d569589d 100644 --- drivers/fpga/zynq-fpga.c +++ drivers/fpga/zynq-fpga.c @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) } priv->dma_nelms = - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); if (priv->dma_nelms == 0) { dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n"); return -ENOMEM; @@ -478,7 +478,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) clk_disable(priv->clk); out_free: - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); return err; } -- 2.34.1

2 days, 4 hours

2
1
0 0

[PATCH v2 wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000

by Nick Morrow

From 17bf632a10e843af7a5f80d9e1449c5c26bb8486 Mon Sep 17 00:00:00 2001 From: Nick Morrow <morrownr(a)gmail.com> Date: Tue, 8 Jul 2025 16:40:42 -0500 Subject: [PATCH v2 wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 Add VID/PID 0846/9072 for recently released Netgear A9000. Signed-off-by: Nick Morrow <morrownr(a)gmail.com> Cc: stable(a)vger.kernel.org --- v2: - No change. --- drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c index 4dfbc1b6cfdd..bf040f34e4b9 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c @@ -12,6 +12,9 @@ static const struct usb_device_id mt7925u_device_table[] = { { USB_DEVICE_AND_INTERFACE_INFO(0x0e8d, 0x7925, 0xff, 0xff, 0xff), .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, + /* Netgear, Inc. A9000 */ + { USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9072, 0xff, 0xff, 0xff), + .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, { }, }; -- 2.48.1

2 days, 7 hours

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror