tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge mm-hotfixes-stable into mm-stable to pick up depended-upon changes.
+262
-75
+4
-2
.mailmap
+4
-2
.mailmap
···
87
87
Baolin Wang <baolin.wang@linux.alibaba.com> <baolin.wang7@gmail.com>
88
88
Bart Van Assche <bvanassche@acm.org> <bart.vanassche@sandisk.com>
89
89
Bart Van Assche <bvanassche@acm.org> <bart.vanassche@wdc.com>
90
+
Bartosz Golaszewski <brgl@bgdev.pl> <bgolaszewski@baylibre.com>
90
91
Ben Dooks <ben-linux@fluff.org> <ben.dooks@simtec.co.uk>
91
92
Ben Dooks <ben-linux@fluff.org> <ben.dooks@sifive.com>
92
93
Ben Gardner <bgardner@wabtec.com>
···
450
449
Oleksij Rempel <linux@rempel-privat.de> <bug-track@fisher-privat.net>
451
450
Oleksij Rempel <linux@rempel-privat.de> <external.Oleksij.Rempel@de.bosch.com>
452
451
Oleksij Rempel <linux@rempel-privat.de> <fixed-term.Oleksij.Rempel@de.bosch.com>
453
-
Oleksij Rempel <linux@rempel-privat.de> <o.rempel@pengutronix.de>
454
-
Oleksij Rempel <linux@rempel-privat.de> <ore@pengutronix.de>
452
+
Oleksij Rempel <o.rempel@pengutronix.de>
453
+
Oleksij Rempel <o.rempel@pengutronix.de> <ore@pengutronix.de>
455
454
Oliver Upton <oliver.upton@linux.dev> <oupton@google.com>
455
+
Ondřej Jirman <megi@xff.cz> <megous@megous.com>
456
456
Oza Pawandeep <quic_poza@quicinc.com> <poza@codeaurora.org>
457
457
Pali Rohár <pali@kernel.org> <pali.rohar@gmail.com>
458
458
Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
+1
-1
MAINTAINERS
+1
-1
MAINTAINERS
···
6748
6748
DRM DRIVER FOR SITRONIX ST7703 PANELS
6749
6749
M: Guido Günther <agx@sigxcpu.org>
6750
6750
R: Purism Kernel Team <kernel@puri.sm>
6751
-
R: Ondrej Jirman <megous@megous.com>
6751
+
R: Ondrej Jirman <megi@xff.cz>
6752
6752
S: Maintained
6753
6753
F: Documentation/devicetree/bindings/display/panel/rocktech,jh057n00900.yaml
6754
6754
F: drivers/gpu/drm/panel/panel-sitronix-st7703.c
+1
-1
arch/riscv/mm/fault.c
+1
-1
arch/riscv/mm/fault.c
···
72
72
}
73
73
pagefault_out_of_memory();
74
74
return;
75
-
} else if (fault & VM_FAULT_SIGBUS) {
75
+
} else if (fault & (VM_FAULT_SIGBUS | VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE)) {
76
76
/* Kernel mode? Handle exceptions or die */
77
77
if (!user_mode(regs)) {
78
78
no_context(regs, addr);
+13
-6
arch/riscv/mm/hugetlbpage.c
+13
-6
arch/riscv/mm/hugetlbpage.c
···
183
183
pte_t pte,
184
184
unsigned long sz)
185
185
{
186
+
unsigned long hugepage_shift;
186
187
int i, pte_num;
187
188
188
-
if (!pte_napot(pte)) {
189
-
set_pte_at(mm, addr, ptep, pte);
190
-
return;
191
-
}
189
+
if (sz >= PGDIR_SIZE)
190
+
hugepage_shift = PGDIR_SHIFT;
191
+
else if (sz >= P4D_SIZE)
192
+
hugepage_shift = P4D_SHIFT;
193
+
else if (sz >= PUD_SIZE)
194
+
hugepage_shift = PUD_SHIFT;
195
+
else if (sz >= PMD_SIZE)
196
+
hugepage_shift = PMD_SHIFT;
197
+
else
198
+
hugepage_shift = PAGE_SHIFT;
192
199
193
-
pte_num = napot_pte_num(napot_cont_order(pte));
194
-
for (i = 0; i < pte_num; i++, ptep++, addr += PAGE_SIZE)
200
+
pte_num = sz >> hugepage_shift;
201
+
for (i = 0; i < pte_num; i++, ptep++, addr += (1 << hugepage_shift))
195
202
set_pte_at(mm, addr, ptep, pte);
196
203
}
197
204
+39
-2
include/linux/hugetlb.h
+39
-2
include/linux/hugetlb.h
···
60
60
long adds_in_progress;
61
61
struct list_head region_cache;
62
62
long region_cache_count;
63
+
struct rw_semaphore rw_sema;
63
64
#ifdef CONFIG_CGROUP_HUGETLB
64
65
/*
65
66
* On private mappings, the counter to uncharge reservations is stored
···
139
138
void unmap_hugepage_range(struct vm_area_struct *,
140
139
unsigned long, unsigned long, struct page *,
141
140
zap_flags_t);
142
-
void __unmap_hugepage_range_final(struct mmu_gather *tlb,
141
+
void __unmap_hugepage_range(struct mmu_gather *tlb,
143
142
struct vm_area_struct *vma,
144
143
unsigned long start, unsigned long end,
145
144
struct page *ref_page, zap_flags_t zap_flags);
···
246
245
void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma,
247
246
unsigned long *start, unsigned long *end);
248
247
248
+
extern void __hugetlb_zap_begin(struct vm_area_struct *vma,
249
+
unsigned long *begin, unsigned long *end);
250
+
extern void __hugetlb_zap_end(struct vm_area_struct *vma,
251
+
struct zap_details *details);
252
+
253
+
static inline void hugetlb_zap_begin(struct vm_area_struct *vma,
254
+
unsigned long *start, unsigned long *end)
255
+
{
256
+
if (is_vm_hugetlb_page(vma))
257
+
__hugetlb_zap_begin(vma, start, end);
258
+
}
259
+
260
+
static inline void hugetlb_zap_end(struct vm_area_struct *vma,
261
+
struct zap_details *details)
262
+
{
263
+
if (is_vm_hugetlb_page(vma))
264
+
__hugetlb_zap_end(vma, details);
265
+
}
266
+
249
267
void hugetlb_vma_lock_read(struct vm_area_struct *vma);
250
268
void hugetlb_vma_unlock_read(struct vm_area_struct *vma);
251
269
void hugetlb_vma_lock_write(struct vm_area_struct *vma);
···
313
293
static inline void adjust_range_if_pmd_sharing_possible(
314
294
struct vm_area_struct *vma,
315
295
unsigned long *start, unsigned long *end)
296
+
{
297
+
}
298
+
299
+
static inline void hugetlb_zap_begin(
300
+
struct vm_area_struct *vma,
301
+
unsigned long *start, unsigned long *end)
302
+
{
303
+
}
304
+
305
+
static inline void hugetlb_zap_end(
306
+
struct vm_area_struct *vma,
307
+
struct zap_details *details)
316
308
{
317
309
}
318
310
···
473
441
return 0;
474
442
}
475
443
476
-
static inline void __unmap_hugepage_range_final(struct mmu_gather *tlb,
444
+
static inline void __unmap_hugepage_range(struct mmu_gather *tlb,
477
445
struct vm_area_struct *vma, unsigned long start,
478
446
unsigned long end, struct page *ref_page,
479
447
zap_flags_t zap_flags)
···
1275
1243
static inline bool __vma_shareable_lock(struct vm_area_struct *vma)
1276
1244
{
1277
1245
return (vma->vm_flags & VM_MAYSHARE) && vma->vm_private_data;
1246
+
}
1247
+
1248
+
static inline bool __vma_private_lock(struct vm_area_struct *vma)
1249
+
{
1250
+
return (!(vma->vm_flags & VM_MAYSHARE)) && vma->vm_private_data;
1278
1251
}
1279
1252
1280
1253
/*
+3
-3
include/linux/kasan.h
+3
-3
include/linux/kasan.h
···
466
466
467
467
#endif /* (CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS) && !CONFIG_KASAN_VMALLOC */
468
468
469
-
#ifdef CONFIG_KASAN_INLINE
469
+
#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
470
470
void kasan_non_canonical_hook(unsigned long addr);
471
-
#else /* CONFIG_KASAN_INLINE */
471
+
#else /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */
472
472
static inline void kasan_non_canonical_hook(unsigned long addr) { }
473
-
#endif /* CONFIG_KASAN_INLINE */
473
+
#endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */
474
474
475
475
#endif /* LINUX_KASAN_H */
+1
-1
lib/maple_tree.c
+1
-1
lib/maple_tree.c
···
5627
5627
/* Internal nodes */
5628
5628
nr_nodes += DIV_ROUND_UP(nr_nodes, nonleaf_cap);
5629
5629
/* Add working room for split (2 nodes) + new parents */
5630
-
mas_node_count(mas, nr_nodes + 3);
5630
+
mas_node_count_gfp(mas, nr_nodes + 3, GFP_KERNEL);
5631
5631
5632
5632
/* Detect if allocations run out */
5633
5633
mas->mas_flags |= MA_STATE_PREALLOC;
+24
-11
lib/test_maple_tree.c
+24
-11
lib/test_maple_tree.c
···
9
9
10
10
#include <linux/maple_tree.h>
11
11
#include <linux/module.h>
12
+
#include <linux/rwsem.h>
12
13
13
14
#define MTREE_ALLOC_MAX 0x2000000000000Ul
14
15
#define CONFIG_MAPLE_SEARCH
···
1842
1841
void *val;
1843
1842
MA_STATE(mas, mt, 0, 0);
1844
1843
MA_STATE(newmas, mt, 0, 0);
1844
+
struct rw_semaphore newmt_lock;
1845
+
1846
+
init_rwsem(&newmt_lock);
1845
1847
1846
1848
for (i = 0; i <= nr_entries; i++)
1847
1849
mtree_store_range(mt, i*10, i*10 + 5,
1848
1850
xa_mk_value(i), GFP_KERNEL);
1849
1851
1850
1852
mt_set_non_kernel(99999);
1851
-
mt_init_flags(&newmt, MT_FLAGS_ALLOC_RANGE);
1853
+
mt_init_flags(&newmt, MT_FLAGS_ALLOC_RANGE | MT_FLAGS_LOCK_EXTERN);
1854
+
mt_set_external_lock(&newmt, &newmt_lock);
1852
1855
newmas.tree = &newmt;
1853
1856
mas_reset(&newmas);
1854
1857
mas_reset(&mas);
1855
-
mas_lock(&newmas);
1858
+
down_write(&newmt_lock);
1856
1859
mas.index = 0;
1857
1860
mas.last = 0;
1858
1861
if (mas_expected_entries(&newmas, nr_entries)) {
···
1871
1866
}
1872
1867
rcu_read_unlock();
1873
1868
mas_destroy(&newmas);
1874
-
mas_unlock(&newmas);
1875
1869
mt_validate(&newmt);
1876
1870
mt_set_non_kernel(0);
1877
-
mtree_destroy(&newmt);
1871
+
__mt_destroy(&newmt);
1872
+
up_write(&newmt_lock);
1878
1873
}
1879
1874
1880
1875
static noinline void __init check_iteration(struct maple_tree *mt)
···
1985
1980
void *val;
1986
1981
MA_STATE(mas, mt, 0, 0);
1987
1982
MA_STATE(newmas, mt, 0, 0);
1983
+
struct rw_semaphore newmt_lock;
1984
+
1985
+
init_rwsem(&newmt_lock);
1986
+
mt_set_external_lock(&newmt, &newmt_lock);
1988
1987
1989
1988
for (i = 0; i <= nr_entries; i++)
1990
1989
mtree_store_range(mt, i*10, i*10 + 5,
···
2003
1994
mas.index = 0;
2004
1995
mas.last = 0;
2005
1996
rcu_read_lock();
2006
-
mas_lock(&newmas);
1997
+
down_write(&newmt_lock);
2007
1998
if (mas_expected_entries(&newmas, nr_entries)) {
2008
1999
printk("OOM!");
2009
2000
BUG_ON(1);
···
2014
2005
mas_store(&newmas, val);
2015
2006
}
2016
2007
mas_destroy(&newmas);
2017
-
mas_unlock(&newmas);
2018
2008
rcu_read_unlock();
2019
2009
mt_validate(&newmt);
2020
2010
mt_set_non_kernel(0);
2021
-
mtree_destroy(&newmt);
2011
+
__mt_destroy(&newmt);
2012
+
up_write(&newmt_lock);
2022
2013
}
2023
2014
}
2024
2015
#endif
···
2625
2616
void *tmp;
2626
2617
MA_STATE(mas, mt, 0, 0);
2627
2618
MA_STATE(newmas, &newmt, 0, 0);
2619
+
struct rw_semaphore newmt_lock;
2620
+
2621
+
init_rwsem(&newmt_lock);
2622
+
mt_set_external_lock(&newmt, &newmt_lock);
2628
2623
2629
2624
if (!zero_start)
2630
2625
i = 1;
···
2638
2625
mtree_store_range(mt, i*10, (i+1)*10 - gap,
2639
2626
xa_mk_value(i), GFP_KERNEL);
2640
2627
2641
-
mt_init_flags(&newmt, MT_FLAGS_ALLOC_RANGE);
2628
+
mt_init_flags(&newmt, MT_FLAGS_ALLOC_RANGE | MT_FLAGS_LOCK_EXTERN);
2642
2629
mt_set_non_kernel(99999);
2643
-
mas_lock(&newmas);
2630
+
down_write(&newmt_lock);
2644
2631
ret = mas_expected_entries(&newmas, nr_entries);
2645
2632
mt_set_non_kernel(0);
2646
2633
MT_BUG_ON(mt, ret != 0);
···
2653
2640
}
2654
2641
rcu_read_unlock();
2655
2642
mas_destroy(&newmas);
2656
-
mas_unlock(&newmas);
2657
2643
2658
-
mtree_destroy(&newmt);
2644
+
__mt_destroy(&newmt);
2645
+
up_write(&newmt_lock);
2659
2646
}
2660
2647
2661
2648
/* Duplicate many sizes of trees. Mainly to test expected entry values */
+5
-2
mm/damon/sysfs.c
+5
-2
mm/damon/sysfs.c
···
1208
1208
return 0;
1209
1209
}
1210
1210
1211
+
static bool damon_sysfs_schemes_regions_updating;
1212
+
1211
1213
static void damon_sysfs_before_terminate(struct damon_ctx *ctx)
1212
1214
{
1213
1215
struct damon_target *t, *next;
···
1221
1219
cmd = damon_sysfs_cmd_request.cmd;
1222
1220
if (kdamond && ctx == kdamond->damon_ctx &&
1223
1221
(cmd == DAMON_SYSFS_CMD_UPDATE_SCHEMES_TRIED_REGIONS ||
1224
-
cmd == DAMON_SYSFS_CMD_UPDATE_SCHEMES_TRIED_BYTES)) {
1222
+
cmd == DAMON_SYSFS_CMD_UPDATE_SCHEMES_TRIED_BYTES) &&
1223
+
damon_sysfs_schemes_regions_updating) {
1225
1224
damon_sysfs_schemes_update_regions_stop(ctx);
1225
+
damon_sysfs_schemes_regions_updating = false;
1226
1226
mutex_unlock(&damon_sysfs_lock);
1227
1227
}
1228
1228
···
1344
1340
static int damon_sysfs_cmd_request_callback(struct damon_ctx *c)
1345
1341
{
1346
1342
struct damon_sysfs_kdamond *kdamond;
1347
-
static bool damon_sysfs_schemes_regions_updating;
1348
1343
bool total_bytes_only = false;
1349
1344
int err = 0;
1350
1345
+64
-20
mm/hugetlb.c
+64
-20
mm/hugetlb.c
···
97
97
static void __hugetlb_vma_unlock_write_free(struct vm_area_struct *vma);
98
98
static void hugetlb_unshare_pmds(struct vm_area_struct *vma,
99
99
unsigned long start, unsigned long end);
100
+
static struct resv_map *vma_resv_map(struct vm_area_struct *vma);
100
101
101
102
static inline bool subpool_is_free(struct hugepage_subpool *spool)
102
103
{
···
268
267
struct hugetlb_vma_lock *vma_lock = vma->vm_private_data;
269
268
270
269
down_read(&vma_lock->rw_sema);
270
+
} else if (__vma_private_lock(vma)) {
271
+
struct resv_map *resv_map = vma_resv_map(vma);
272
+
273
+
down_read(&resv_map->rw_sema);
271
274
}
272
275
}
273
276
···
281
276
struct hugetlb_vma_lock *vma_lock = vma->vm_private_data;
282
277
283
278
up_read(&vma_lock->rw_sema);
279
+
} else if (__vma_private_lock(vma)) {
280
+
struct resv_map *resv_map = vma_resv_map(vma);
281
+
282
+
up_read(&resv_map->rw_sema);
284
283
}
285
284
}
286
285
···
294
285
struct hugetlb_vma_lock *vma_lock = vma->vm_private_data;
295
286
296
287
down_write(&vma_lock->rw_sema);
288
+
} else if (__vma_private_lock(vma)) {
289
+
struct resv_map *resv_map = vma_resv_map(vma);
290
+
291
+
down_write(&resv_map->rw_sema);
297
292
}
298
293
}
299
294
···
307
294
struct hugetlb_vma_lock *vma_lock = vma->vm_private_data;
308
295
309
296
up_write(&vma_lock->rw_sema);
297
+
} else if (__vma_private_lock(vma)) {
298
+
struct resv_map *resv_map = vma_resv_map(vma);
299
+
300
+
up_write(&resv_map->rw_sema);
310
301
}
311
302
}
312
303
313
304
int hugetlb_vma_trylock_write(struct vm_area_struct *vma)
314
305
{
315
-
struct hugetlb_vma_lock *vma_lock = vma->vm_private_data;
316
306
317
-
if (!__vma_shareable_lock(vma))
318
-
return 1;
307
+
if (__vma_shareable_lock(vma)) {
308
+
struct hugetlb_vma_lock *vma_lock = vma->vm_private_data;
319
309
320
-
return down_write_trylock(&vma_lock->rw_sema);
310
+
return down_write_trylock(&vma_lock->rw_sema);
311
+
} else if (__vma_private_lock(vma)) {
312
+
struct resv_map *resv_map = vma_resv_map(vma);
313
+
314
+
return down_write_trylock(&resv_map->rw_sema);
315
+
}
316
+
317
+
return 1;
321
318
}
322
319
323
320
void hugetlb_vma_assert_locked(struct vm_area_struct *vma)
···
336
313
struct hugetlb_vma_lock *vma_lock = vma->vm_private_data;
337
314
338
315
lockdep_assert_held(&vma_lock->rw_sema);
316
+
} else if (__vma_private_lock(vma)) {
317
+
struct resv_map *resv_map = vma_resv_map(vma);
318
+
319
+
lockdep_assert_held(&resv_map->rw_sema);
339
320
}
340
321
}
341
322
···
372
345
struct hugetlb_vma_lock *vma_lock = vma->vm_private_data;
373
346
374
347
__hugetlb_vma_unlock_write_put(vma_lock);
348
+
} else if (__vma_private_lock(vma)) {
349
+
struct resv_map *resv_map = vma_resv_map(vma);
350
+
351
+
/* no free for anon vmas, but still need to unlock */
352
+
up_write(&resv_map->rw_sema);
375
353
}
376
354
}
377
355
···
1093
1061
kref_init(&resv_map->refs);
1094
1062
spin_lock_init(&resv_map->lock);
1095
1063
INIT_LIST_HEAD(&resv_map->regions);
1064
+
init_rwsem(&resv_map->rw_sema);
1096
1065
1097
1066
resv_map->adds_in_progress = 0;
1098
1067
/*
···
1164
1131
VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma);
1165
1132
VM_BUG_ON_VMA(vma->vm_flags & VM_MAYSHARE, vma);
1166
1133
1167
-
set_vma_private_data(vma, (get_vma_private_data(vma) &
1168
-
HPAGE_RESV_MASK) | (unsigned long)map);
1134
+
set_vma_private_data(vma, (unsigned long)map);
1169
1135
}
1170
1136
1171
1137
static void set_vma_resv_flags(struct vm_area_struct *vma, unsigned long flags)
···
5347
5315
return len + old_addr - old_end;
5348
5316
}
5349
5317
5350
-
static void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
5351
-
unsigned long start, unsigned long end,
5352
-
struct page *ref_page, zap_flags_t zap_flags)
5318
+
void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
5319
+
unsigned long start, unsigned long end,
5320
+
struct page *ref_page, zap_flags_t zap_flags)
5353
5321
{
5354
5322
struct mm_struct *mm = vma->vm_mm;
5355
5323
unsigned long address;
···
5478
5446
tlb_flush_mmu_tlbonly(tlb);
5479
5447
}
5480
5448
5481
-
void __unmap_hugepage_range_final(struct mmu_gather *tlb,
5482
-
struct vm_area_struct *vma, unsigned long start,
5483
-
unsigned long end, struct page *ref_page,
5484
-
zap_flags_t zap_flags)
5449
+
void __hugetlb_zap_begin(struct vm_area_struct *vma,
5450
+
unsigned long *start, unsigned long *end)
5485
5451
{
5486
-
hugetlb_vma_lock_write(vma);
5487
-
i_mmap_lock_write(vma->vm_file->f_mapping);
5452
+
if (!vma->vm_file) /* hugetlbfs_file_mmap error */
5453
+
return;
5488
5454
5489
-
/* mmu notification performed in caller */
5490
-
__unmap_hugepage_range(tlb, vma, start, end, ref_page, zap_flags);
5455
+
adjust_range_if_pmd_sharing_possible(vma, start, end);
5456
+
hugetlb_vma_lock_write(vma);
5457
+
if (vma->vm_file)
5458
+
i_mmap_lock_write(vma->vm_file->f_mapping);
5459
+
}
5460
+
5461
+
void __hugetlb_zap_end(struct vm_area_struct *vma,
5462
+
struct zap_details *details)
5463
+
{
5464
+
zap_flags_t zap_flags = details ? details->zap_flags : 0;
5465
+
5466
+
if (!vma->vm_file) /* hugetlbfs_file_mmap error */
5467
+
return;
5491
5468
5492
5469
if (zap_flags & ZAP_FLAG_UNMAP) { /* final unmap */
5493
5470
/*
···
5509
5468
* someone else.
5510
5469
*/
5511
5470
__hugetlb_vma_unlock_write_free(vma);
5512
-
i_mmap_unlock_write(vma->vm_file->f_mapping);
5513
5471
} else {
5514
-
i_mmap_unlock_write(vma->vm_file->f_mapping);
5515
5472
hugetlb_vma_unlock_write(vma);
5516
5473
}
5474
+
5475
+
if (vma->vm_file)
5476
+
i_mmap_unlock_write(vma->vm_file->f_mapping);
5517
5477
}
5518
5478
5519
5479
void unmap_hugepage_range(struct vm_area_struct *vma, unsigned long start,
···
6895
6853
*/
6896
6854
if (chg >= 0 && add < 0)
6897
6855
region_abort(resv_map, from, to, regions_needed);
6898
-
if (vma && is_vma_resv_set(vma, HPAGE_RESV_OWNER))
6856
+
if (vma && is_vma_resv_set(vma, HPAGE_RESV_OWNER)) {
6899
6857
kref_put(&resv_map->refs, resv_map_release);
6858
+
set_vma_resv_map(vma, NULL);
6859
+
}
6900
6860
return false;
6901
6861
}
6902
6862
+1
-1
mm/kasan/report.c
+1
-1
mm/kasan/report.c
···
621
621
}
622
622
#endif /* CONFIG_KASAN_HW_TAGS */
623
623
624
-
#ifdef CONFIG_KASAN_INLINE
624
+
#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
625
625
/*
626
626
* With CONFIG_KASAN_INLINE, accesses to bogus pointers (outside the high
627
627
* canonical half of the address space) cause out-of-bounds shadow memory reads
+8
-5
mm/memory.c
+8
-5
mm/memory.c
···
1691
1691
if (vma->vm_file) {
1692
1692
zap_flags_t zap_flags = details ?
1693
1693
details->zap_flags : 0;
1694
-
__unmap_hugepage_range_final(tlb, vma, start, end,
1694
+
__unmap_hugepage_range(tlb, vma, start, end,
1695
1695
NULL, zap_flags);
1696
1696
}
1697
1697
} else
···
1736
1736
start_addr, end_addr);
1737
1737
mmu_notifier_invalidate_range_start(&range);
1738
1738
do {
1739
-
unmap_single_vma(tlb, vma, start_addr, end_addr, &details,
1739
+
unsigned long start = start_addr;
1740
+
unsigned long end = end_addr;
1741
+
hugetlb_zap_begin(vma, &start, &end);
1742
+
unmap_single_vma(tlb, vma, start, end, &details,
1740
1743
mm_wr_locked);
1744
+
hugetlb_zap_end(vma, &details);
1741
1745
} while ((vma = mas_find(mas, tree_end - 1)) != NULL);
1742
1746
mmu_notifier_invalidate_range_end(&range);
1743
1747
}
···
1765
1761
lru_add_drain();
1766
1762
mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, vma->vm_mm,
1767
1763
address, end);
1768
-
if (is_vm_hugetlb_page(vma))
1769
-
adjust_range_if_pmd_sharing_possible(vma, &range.start,
1770
-
&range.end);
1764
+
hugetlb_zap_begin(vma, &range.start, &range.end);
1771
1765
tlb_gather_mmu(&tlb, vma->vm_mm);
1772
1766
update_hiwater_rss(vma->vm_mm);
1773
1767
mmu_notifier_invalidate_range_start(&range);
···
1776
1774
unmap_single_vma(&tlb, vma, address, end, details, false);
1777
1775
mmu_notifier_invalidate_range_end(&range);
1778
1776
tlb_finish_mmu(&tlb);
1777
+
hugetlb_zap_end(vma, details);
1779
1778
}
1780
1779
1781
1780
/**
+3
-1
mm/mempolicy.c
+3
-1
mm/mempolicy.c
···
1543
1543
* the home node for vmas we already updated before.
1544
1544
*/
1545
1545
old = vma_policy(vma);
1546
-
if (!old)
1546
+
if (!old) {
1547
+
prev = vma;
1547
1548
continue;
1549
+
}
1548
1550
if (old->mode != MPOL_BIND && old->mode != MPOL_PREFERRED_MANY) {
1549
1551
err = -EOPNOTSUPP;
1550
1552
break;
+12
-2
mm/migrate.c
+12
-2
mm/migrate.c
···
2155
2155
const int __user *nodes,
2156
2156
int __user *status, int flags)
2157
2157
{
2158
+
compat_uptr_t __user *compat_pages = (void __user *)pages;
2158
2159
int current_node = NUMA_NO_NODE;
2159
2160
LIST_HEAD(pagelist);
2160
2161
int start, i;
···
2168
2167
int node;
2169
2168
2170
2169
err = -EFAULT;
2171
-
if (get_user(p, pages + i))
2172
-
goto out_flush;
2170
+
if (in_compat_syscall()) {
2171
+
compat_uptr_t cp;
2172
+
2173
+
if (get_user(cp, compat_pages + i))
2174
+
goto out_flush;
2175
+
2176
+
p = compat_ptr(cp);
2177
+
} else {
2178
+
if (get_user(p, pages + i))
2179
+
goto out_flush;
2180
+
}
2173
2181
if (get_user(node, nodes + i))
2174
2182
goto out_flush;
2175
2183
+33
-13
mm/mmap.c
+33
-13
mm/mmap.c
···
583
583
* dup_anon_vma() - Helper function to duplicate anon_vma
584
584
* @dst: The destination VMA
585
585
* @src: The source VMA
586
+
* @dup: Pointer to the destination VMA when successful.
586
587
*
587
588
* Returns: 0 on success.
588
589
*/
589
590
static inline int dup_anon_vma(struct vm_area_struct *dst,
590
-
struct vm_area_struct *src)
591
+
struct vm_area_struct *src, struct vm_area_struct **dup)
591
592
{
592
593
/*
593
594
* Easily overlooked: when mprotect shifts the boundary, make sure the
···
596
595
* anon pages imported.
597
596
*/
598
597
if (src->anon_vma && !dst->anon_vma) {
598
+
int ret;
599
+
599
600
vma_assert_write_locked(dst);
600
601
dst->anon_vma = src->anon_vma;
601
-
return anon_vma_clone(dst, src);
602
+
ret = anon_vma_clone(dst, src);
603
+
if (ret)
604
+
return ret;
605
+
606
+
*dup = dst;
602
607
}
603
608
604
609
return 0;
···
631
624
unsigned long start, unsigned long end, pgoff_t pgoff,
632
625
struct vm_area_struct *next)
633
626
{
627
+
struct vm_area_struct *anon_dup = NULL;
634
628
bool remove_next = false;
635
629
struct vma_prepare vp;
636
630
···
641
633
642
634
remove_next = true;
643
635
vma_start_write(next);
644
-
ret = dup_anon_vma(vma, next);
636
+
ret = dup_anon_vma(vma, next, &anon_dup);
645
637
if (ret)
646
638
return ret;
647
639
}
···
669
661
return 0;
670
662
671
663
nomem:
664
+
if (anon_dup)
665
+
unlink_anon_vmas(anon_dup);
672
666
return -ENOMEM;
673
667
}
674
668
···
870
860
{
871
861
struct vm_area_struct *curr, *next, *res;
872
862
struct vm_area_struct *vma, *adjust, *remove, *remove2;
863
+
struct vm_area_struct *anon_dup = NULL;
873
864
struct vma_prepare vp;
874
865
pgoff_t vma_pgoff;
875
866
int err = 0;
···
938
927
vma_start_write(next);
939
928
remove = next; /* case 1 */
940
929
vma_end = next->vm_end;
941
-
err = dup_anon_vma(prev, next);
930
+
err = dup_anon_vma(prev, next, &anon_dup);
942
931
if (curr) { /* case 6 */
943
932
vma_start_write(curr);
944
933
remove = curr;
945
934
remove2 = next;
946
935
if (!next->anon_vma)
947
-
err = dup_anon_vma(prev, curr);
936
+
err = dup_anon_vma(prev, curr, &anon_dup);
948
937
}
949
938
} else if (merge_prev) { /* case 2 */
950
939
if (curr) {
951
940
vma_start_write(curr);
952
-
err = dup_anon_vma(prev, curr);
941
+
err = dup_anon_vma(prev, curr, &anon_dup);
953
942
if (end == curr->vm_end) { /* case 7 */
954
943
remove = curr;
955
944
} else { /* case 5 */
···
965
954
vma_end = addr;
966
955
adjust = next;
967
956
adj_start = -(prev->vm_end - addr);
968
-
err = dup_anon_vma(next, prev);
957
+
err = dup_anon_vma(next, prev, &anon_dup);
969
958
} else {
970
959
/*
971
960
* Note that cases 3 and 8 are the ONLY ones where prev
···
979
968
vma_pgoff = curr->vm_pgoff;
980
969
vma_start_write(curr);
981
970
remove = curr;
982
-
err = dup_anon_vma(next, curr);
971
+
err = dup_anon_vma(next, curr, &anon_dup);
983
972
}
984
973
}
985
974
}
986
975
987
976
/* Error in anon_vma clone. */
988
977
if (err)
989
-
return NULL;
978
+
goto anon_vma_fail;
990
979
991
980
if (vma_start < vma->vm_start || vma_end > vma->vm_end)
992
981
vma_expanded = true;
···
999
988
}
1000
989
1001
990
if (vma_iter_prealloc(vmi, vma))
1002
-
return NULL;
991
+
goto prealloc_fail;
1003
992
1004
993
init_multi_vma_prep(&vp, vma, adjust, remove, remove2);
1005
994
VM_WARN_ON(vp.anon_vma && adjust && adjust->anon_vma &&
···
1027
1016
vma_complete(&vp, vmi, mm);
1028
1017
khugepaged_enter_vma(res, vm_flags);
1029
1018
return res;
1019
+
1020
+
prealloc_fail:
1021
+
if (anon_dup)
1022
+
unlink_anon_vmas(anon_dup);
1023
+
1024
+
anon_vma_fail:
1025
+
vma_iter_set(vmi, addr);
1026
+
vma_iter_load(vmi);
1027
+
return NULL;
1030
1028
}
1031
1029
1032
1030
/*
···
3161
3141
if (!len)
3162
3142
return 0;
3163
3143
3164
-
if (mmap_write_lock_killable(mm))
3165
-
return -EINTR;
3166
-
3167
3144
/* Until we need other flags, refuse anything except VM_EXEC. */
3168
3145
if ((flags & (~VM_EXEC)) != 0)
3169
3146
return -EINVAL;
3147
+
3148
+
if (mmap_write_lock_killable(mm))
3149
+
return -EINTR;
3170
3150
3171
3151
ret = check_brk_limits(addr, len);
3172
3152
if (ret)
+1
-1
mm/page_alloc.c
+1
-1
mm/page_alloc.c
···
6475
6475
next_page = page;
6476
6476
current_buddy = page + size;
6477
6477
}
6478
+
page = next_page;
6478
6479
6479
6480
if (set_page_guard(zone, current_buddy, high, migratetype))
6480
6481
continue;
···
6483
6482
if (current_buddy != target) {
6484
6483
add_to_free_list(current_buddy, zone, high, migratetype);
6485
6484
set_buddy_order(current_buddy, high);
6486
-
page = next_page;
6487
6485
}
6488
6486
}
6489
6487
}
+2
-2
mm/zswap.c
+2
-2
mm/zswap.c
+40
tools/include/linux/rwsem.h
+40
tools/include/linux/rwsem.h
···
1
+
/* SPDX-License-Identifier: GPL-2.0+ */
2
+
#ifndef _TOOLS__RWSEM_H
3
+
#define _TOOLS__RWSEM_H
4
+
5
+
#include <pthread.h>
6
+
7
+
struct rw_semaphore {
8
+
pthread_rwlock_t lock;
9
+
};
10
+
11
+
static inline int init_rwsem(struct rw_semaphore *sem)
12
+
{
13
+
return pthread_rwlock_init(&sem->lock, NULL);
14
+
}
15
+
16
+
static inline int exit_rwsem(struct rw_semaphore *sem)
17
+
{
18
+
return pthread_rwlock_destroy(&sem->lock);
19
+
}
20
+
21
+
static inline int down_read(struct rw_semaphore *sem)
22
+
{
23
+
return pthread_rwlock_rdlock(&sem->lock);
24
+
}
25
+
26
+
static inline int up_read(struct rw_semaphore *sem)
27
+
{
28
+
return pthread_rwlock_unlock(&sem->lock);
29
+
}
30
+
31
+
static inline int down_write(struct rw_semaphore *sem)
32
+
{
33
+
return pthread_rwlock_wrlock(&sem->lock);
34
+
}
35
+
36
+
static inline int up_write(struct rw_semaphore *sem)
37
+
{
38
+
return pthread_rwlock_unlock(&sem->lock);
39
+
}
40
+
#endif /* _TOOLS_RWSEM_H */
+6
-1
tools/testing/selftests/clone3/clone3.c
+6
-1
tools/testing/selftests/clone3/clone3.c
···
196
196
CLONE3_ARGS_NO_TEST);
197
197
198
198
/* Do a clone3() in a new time namespace */
199
-
test_clone3(CLONE_NEWTIME, 0, 0, CLONE3_ARGS_NO_TEST);
199
+
if (access("/proc/self/ns/time", F_OK) == 0) {
200
+
test_clone3(CLONE_NEWTIME, 0, 0, CLONE3_ARGS_NO_TEST);
201
+
} else {
202
+
ksft_print_msg("Time namespaces are not supported\n");
203
+
ksft_test_result_skip("Skipping clone3() with CLONE_NEWTIME\n");
204
+
}
200
205
201
206
/* Do a clone3() with exit signal (SIGCHLD) in flags */
202
207
test_clone3(SIGCHLD, 0, -EINVAL, CLONE3_ARGS_NO_TEST);