Merge tag 'mm-hotfixes-stable-2025-09-01-17-20' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

tjh.dev / kernel

fork atom

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

Merge tag 'mm-hotfixes-stable-2025-09-01-17-20' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull misc fixes from Andrew Morton:
"17 hotfixes. 13 are cc:stable and the remainder address post-6.16
issues or aren't considered necessary for -stable kernels. 11 of these
fixes are for MM.

This includes a three-patch series from Harry Yoo which fixes an
intermittent boot failure which can occur on x86 systems. And a
two-patch series from Alexander Gordeev which fixes a KASAN crash on
S390 systems"

* tag 'mm-hotfixes-stable-2025-09-01-17-20' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
mm: fix possible deadlock in kmemleak
x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
mm: introduce and use {pgd,p4d}_populate_kernel()
mm: move page table sync declarations to linux/pgtable.h
proc: fix missing pde_set_flags() for net proc files
mm: fix accounting of memmap pages
mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota()
kexec: add KEXEC_FILE_NO_CMA as a legal flag
kasan: fix GCC mem-intrinsic prefix with sw tags
mm/kasan: avoid lazy MMU mode hazards
mm/kasan: fix vmalloc shadow memory (de-)population races
kunit: kasan_test: disable fortify string checker on kasan_strings() test
selftests/mm: fix FORCE_READ to read input value correctly
mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE
ocfs2: prevent release journal inode after journal shutdown
rust: mm: mark VmaNew as transparent
of_numa: fix uninitialized memory nodes causing kernel panic

Linus Torvalds 7 months ago 8026aed0 e3c94a53

+190 -94

27 changed files

expand all collapse all

arch

x86

include

asm

pgtable_64_types.h

init_64.c

drivers

of_numa.c

ocfs2

inode.c

proc

generic.c

include

linux

kexec.h

pgalloc.h

pgtable.h

vmalloc.h

damon

core.c

kasan

init.c

kasan_test_c.c

shadow.c

kmemleak.c

percpu.c

sparse-vmemmap.c

sparse.c

userfaultfd.c

rust

kernel

virt.rs

scripts

Makefile.kasan

tools

testing

selftests

cow.c

guard-regions.c

hugetlb-madvise.c

migration.c

pagemap_ioctl.c

split_huge_page_test.c

vm_util.h

arch/x86/include/asm/pgtable_64_types.h

reviewed

··· 36 36 #define pgtable_l5_enabled() cpu_feature_enabled(X86_FEATURE_LA57) 37 37 #endif /* USE_EARLY_PGTABLE_L5 */ 38 38 39 39 + #define ARCH_PAGE_TABLE_SYNC_MASK \ 40 40 + (pgtable_l5_enabled() ? PGTBL_PGD_MODIFIED : PGTBL_P4D_MODIFIED) 41 41 + 39 42 extern unsigned int pgdir_shift; 40 43 extern unsigned int ptrs_per_p4d; 41 44

+18

arch/x86/mm/init_64.c

reviewed

··· 224 224 } 225 225 226 226 /* 227 227 + * Make kernel mappings visible in all page tables in the system. 228 228 + * This is necessary except when the init task populates kernel mappings 229 229 + * during the boot process. In that case, all processes originating from 230 230 + * the init task copies the kernel mappings, so there is no issue. 231 231 + * Otherwise, missing synchronization could lead to kernel crashes due 232 232 + * to missing page table entries for certain kernel mappings. 233 233 + * 234 234 + * Synchronization is performed at the top level, which is the PGD in 235 235 + * 5-level paging systems. But in 4-level paging systems, however, 236 236 + * pgd_populate() is a no-op, so synchronization is done at the P4D level. 237 237 + * sync_global_pgds() handles this difference between paging levels. 238 238 + */ 239 239 + void arch_sync_kernel_mappings(unsigned long start, unsigned long end) 240 240 + { 241 241 + sync_global_pgds(start, end); 242 242 + } 243 243 + 244 244 + /* 227 245 * NOTE: This function is marked __ref because it calls __init function 228 246 * (alloc_bootmem_pages). It's safe to do it ONLY when after_bootmem == 0. 229 247 */

+4 -1

drivers/of/of_numa.c

reviewed

··· 59 59 r = -EINVAL; 60 60 } 61 61 62 62 - for (i = 0; !r && !of_address_to_resource(np, i, &rsrc); i++) 62 62 + for (i = 0; !r && !of_address_to_resource(np, i, &rsrc); i++) { 63 63 r = numa_add_memblk(nid, rsrc.start, rsrc.end + 1); 64 64 + if (!r) 65 65 + node_set(nid, numa_nodes_parsed); 66 66 + } 64 67 65 68 if (!i || r) { 66 69 of_node_put(np);

fs/ocfs2/inode.c

reviewed

··· 1281 1281 * the journal is flushed before journal shutdown. Thus it is safe to 1282 1282 * have inodes get cleaned up after journal shutdown. 1283 1283 */ 1284 1284 + if (!osb->journal) 1285 1285 + return; 1286 1286 + 1284 1287 jbd2_journal_release_jbd_inode(osb->journal->j_journal, 1285 1288 &oi->ip_jinode); 1286 1289 }

+21 -17

fs/proc/generic.c

reviewed

··· 367 367 .setattr = proc_notify_change, 368 368 }; 369 369 370 370 + static void pde_set_flags(struct proc_dir_entry *pde) 371 371 + { 372 372 + const struct proc_ops *proc_ops = pde->proc_ops; 373 373 + 374 374 + if (!proc_ops) 375 375 + return; 376 376 + 377 377 + if (proc_ops->proc_flags & PROC_ENTRY_PERMANENT) 378 378 + pde->flags |= PROC_ENTRY_PERMANENT; 379 379 + if (proc_ops->proc_read_iter) 380 380 + pde->flags |= PROC_ENTRY_proc_read_iter; 381 381 + #ifdef CONFIG_COMPAT 382 382 + if (proc_ops->proc_compat_ioctl) 383 383 + pde->flags |= PROC_ENTRY_proc_compat_ioctl; 384 384 + #endif 385 385 + if (proc_ops->proc_lseek) 386 386 + pde->flags |= PROC_ENTRY_proc_lseek; 387 387 + } 388 388 + 370 389 /* returns the registered entry, or frees dp and returns NULL on failure */ 371 390 struct proc_dir_entry *proc_register(struct proc_dir_entry *dir, 372 391 struct proc_dir_entry *dp) 373 392 { 374 393 if (proc_alloc_inum(&dp->low_ino)) 375 394 goto out_free_entry; 395 395 + 396 396 + pde_set_flags(dp); 376 397 377 398 write_lock(&proc_subdir_lock); 378 399 dp->parent = dir; ··· 582 561 return p; 583 562 } 584 563 585 585 - static void pde_set_flags(struct proc_dir_entry *pde) 586 586 - { 587 587 - if (pde->proc_ops->proc_flags & PROC_ENTRY_PERMANENT) 588 588 - pde->flags |= PROC_ENTRY_PERMANENT; 589 589 - if (pde->proc_ops->proc_read_iter) 590 590 - pde->flags |= PROC_ENTRY_proc_read_iter; 591 591 - #ifdef CONFIG_COMPAT 592 592 - if (pde->proc_ops->proc_compat_ioctl) 593 593 - pde->flags |= PROC_ENTRY_proc_compat_ioctl; 594 594 - #endif 595 595 - if (pde->proc_ops->proc_lseek) 596 596 - pde->flags |= PROC_ENTRY_proc_lseek; 597 597 - } 598 598 - 599 564 struct proc_dir_entry *proc_create_data(const char *name, umode_t mode, 600 565 struct proc_dir_entry *parent, 601 566 const struct proc_ops *proc_ops, void *data) ··· 592 585 if (!p) 593 586 return NULL; 594 587 p->proc_ops = proc_ops; 595 595 - pde_set_flags(p); 596 588 return proc_register(parent, p); 597 589 } 598 590 EXPORT_SYMBOL(proc_create_data); ··· 642 636 p->proc_ops = &proc_seq_ops; 643 637 p->seq_ops = ops; 644 638 p->state_size = state_size; 645 645 - pde_set_flags(p); 646 639 return proc_register(parent, p); 647 640 } 648 641 EXPORT_SYMBOL(proc_create_seq_private); ··· 672 667 return NULL; 673 668 p->proc_ops = &proc_single_ops; 674 669 p->single_show = show; 675 675 - pde_set_flags(p); 676 670 return proc_register(parent, p); 677 671 } 678 672 EXPORT_SYMBOL(proc_create_single_data);

+2 -1

include/linux/kexec.h

reviewed

··· 460 460 461 461 /* List of defined/legal kexec file flags */ 462 462 #define KEXEC_FILE_FLAGS (KEXEC_FILE_UNLOAD | KEXEC_FILE_ON_CRASH | \ 463 463 - KEXEC_FILE_NO_INITRAMFS | KEXEC_FILE_DEBUG) 463 463 + KEXEC_FILE_NO_INITRAMFS | KEXEC_FILE_DEBUG | \ 464 464 + KEXEC_FILE_NO_CMA) 464 465 465 466 /* flag to track if kexec reboot is in progress */ 466 467 extern bool kexec_in_progress;

+29

include/linux/pgalloc.h

reviewed

··· 1 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 2 + #ifndef _LINUX_PGALLOC_H 3 3 + #define _LINUX_PGALLOC_H 4 4 + 5 5 + #include <linux/pgtable.h> 6 6 + #include <asm/pgalloc.h> 7 7 + 8 8 + /* 9 9 + * {pgd,p4d}_populate_kernel() are defined as macros to allow 10 10 + * compile-time optimization based on the configured page table levels. 11 11 + * Without this, linking may fail because callers (e.g., KASAN) may rely 12 12 + * on calls to these functions being optimized away when passing symbols 13 13 + * that exist only for certain page table levels. 14 14 + */ 15 15 + #define pgd_populate_kernel(addr, pgd, p4d) \ 16 16 + do { \ 17 17 + pgd_populate(&init_mm, pgd, p4d); \ 18 18 + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) \ 19 19 + arch_sync_kernel_mappings(addr, addr); \ 20 20 + } while (0) 21 21 + 22 22 + #define p4d_populate_kernel(addr, p4d, pud) \ 23 23 + do { \ 24 24 + p4d_populate(&init_mm, p4d, pud); \ 25 25 + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) \ 26 26 + arch_sync_kernel_mappings(addr, addr); \ 27 27 + } while (0) 28 28 + 29 29 + #endif /* _LINUX_PGALLOC_H */

+21 -4

include/linux/pgtable.h

reviewed

··· 1467 1467 } 1468 1468 #endif 1469 1469 1470 1470 + /* 1471 1471 + * Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values 1472 1472 + * and let generic vmalloc, ioremap and page table update code know when 1473 1473 + * arch_sync_kernel_mappings() needs to be called. 1474 1474 + */ 1475 1475 + #ifndef ARCH_PAGE_TABLE_SYNC_MASK 1476 1476 + #define ARCH_PAGE_TABLE_SYNC_MASK 0 1477 1477 + #endif 1478 1478 + 1479 1479 + /* 1480 1480 + * There is no default implementation for arch_sync_kernel_mappings(). It is 1481 1481 + * relied upon the compiler to optimize calls out if ARCH_PAGE_TABLE_SYNC_MASK 1482 1482 + * is 0. 1483 1483 + */ 1484 1484 + void arch_sync_kernel_mappings(unsigned long start, unsigned long end); 1485 1485 + 1470 1486 #endif /* CONFIG_MMU */ 1471 1487 1472 1488 /* ··· 1954 1938 /* 1955 1939 * Page Table Modification bits for pgtbl_mod_mask. 1956 1940 * 1957 1957 - * These are used by the p?d_alloc_track*() set of functions an in the generic 1958 1958 - * vmalloc/ioremap code to track at which page-table levels entries have been 1959 1959 - * modified. Based on that the code can better decide when vmalloc and ioremap 1960 1960 - * mapping changes need to be synchronized to other page-tables in the system. 1941 1941 + * These are used by the p?d_alloc_track*() and p*d_populate_kernel() 1942 1942 + * functions in the generic vmalloc, ioremap and page table update code 1943 1943 + * to track at which page-table levels entries have been modified. 1944 1944 + * Based on that the code can better decide when page table changes need 1945 1945 + * to be synchronized to other page-tables in the system. 1961 1946 */ 1962 1947 #define __PGTBL_PGD_MODIFIED 0 1963 1948 #define __PGTBL_P4D_MODIFIED 1

-16

include/linux/vmalloc.h

reviewed

··· 220 220 struct page **pages, unsigned int page_shift); 221 221 222 222 /* 223 223 - * Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values 224 224 - * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings() 225 225 - * needs to be called. 226 226 - */ 227 227 - #ifndef ARCH_PAGE_TABLE_SYNC_MASK 228 228 - #define ARCH_PAGE_TABLE_SYNC_MASK 0 229 229 - #endif 230 230 - 231 231 - /* 232 232 - * There is no default implementation for arch_sync_kernel_mappings(). It is 233 233 - * relied upon the compiler to optimize calls out if ARCH_PAGE_TABLE_SYNC_MASK 234 234 - * is 0. 235 235 - */ 236 236 - void arch_sync_kernel_mappings(unsigned long start, unsigned long end); 237 237 - 238 238 - /* 239 223 * Lowlevel-APIs (not for driver use!) 240 224 */ 241 225

+2 -2

mm/damon/core.c

reviewed

··· 2073 2073 2074 2074 if (quota->ms) { 2075 2075 if (quota->total_charged_ns) 2076 2076 - throughput = quota->total_charged_sz * 1000000 / 2077 2077 - quota->total_charged_ns; 2076 2076 + throughput = mult_frac(quota->total_charged_sz, 1000000, 2077 2077 + quota->total_charged_ns); 2078 2078 else 2079 2079 throughput = PAGE_SIZE * 1024; 2080 2080 esz = min(throughput * quota->ms, esz);

+6 -6

mm/kasan/init.c

reviewed

··· 13 13 #include <linux/mm.h> 14 14 #include <linux/pfn.h> 15 15 #include <linux/slab.h> 16 16 + #include <linux/pgalloc.h> 16 17 17 18 #include <asm/page.h> 18 18 - #include <asm/pgalloc.h> 19 19 20 20 #include "kasan.h" 21 21 ··· 191 191 pud_t *pud; 192 192 pmd_t *pmd; 193 193 194 194 - p4d_populate(&init_mm, p4d, 194 194 + p4d_populate_kernel(addr, p4d, 195 195 lm_alias(kasan_early_shadow_pud)); 196 196 pud = pud_offset(p4d, addr); 197 197 pud_populate(&init_mm, pud, ··· 212 212 } else { 213 213 p = early_alloc(PAGE_SIZE, NUMA_NO_NODE); 214 214 pud_init(p); 215 215 - p4d_populate(&init_mm, p4d, p); 215 215 + p4d_populate_kernel(addr, p4d, p); 216 216 } 217 217 } 218 218 zero_pud_populate(p4d, addr, next); ··· 251 251 * puds,pmds, so pgd_populate(), pud_populate() 252 252 * is noops. 253 253 */ 254 254 - pgd_populate(&init_mm, pgd, 254 254 + pgd_populate_kernel(addr, pgd, 255 255 lm_alias(kasan_early_shadow_p4d)); 256 256 p4d = p4d_offset(pgd, addr); 257 257 - p4d_populate(&init_mm, p4d, 257 257 + p4d_populate_kernel(addr, p4d, 258 258 lm_alias(kasan_early_shadow_pud)); 259 259 pud = pud_offset(p4d, addr); 260 260 pud_populate(&init_mm, pud, ··· 273 273 if (!p) 274 274 return -ENOMEM; 275 275 } else { 276 276 - pgd_populate(&init_mm, pgd, 276 276 + pgd_populate_kernel(addr, pgd, 277 277 early_alloc(PAGE_SIZE, NUMA_NO_NODE)); 278 278 } 279 279 }

mm/kasan/kasan_test_c.c

reviewed

··· 1578 1578 1579 1579 ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO); 1580 1580 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); 1581 1581 + OPTIMIZER_HIDE_VAR(ptr); 1581 1582 1582 1583 src = kmalloc(KASAN_GRANULE_SIZE, GFP_KERNEL | __GFP_ZERO); 1583 1584 strscpy(src, "f0cacc1a0000000", KASAN_GRANULE_SIZE); 1585 1585 + OPTIMIZER_HIDE_VAR(src); 1584 1586 1585 1587 /* 1586 1588 * Make sure that strscpy() does not trigger KASAN if it overreads into

+14 -8

mm/kasan/shadow.c

reviewed

··· 305 305 pte_t pte; 306 306 int index; 307 307 308 308 - if (likely(!pte_none(ptep_get(ptep)))) 309 309 - return 0; 308 308 + arch_leave_lazy_mmu_mode(); 310 309 311 310 index = PFN_DOWN(addr - data->start); 312 311 page = data->pages[index]; ··· 318 319 data->pages[index] = NULL; 319 320 } 320 321 spin_unlock(&init_mm.page_table_lock); 322 322 + 323 323 + arch_enter_lazy_mmu_mode(); 321 324 322 325 return 0; 323 326 } ··· 462 461 static int kasan_depopulate_vmalloc_pte(pte_t *ptep, unsigned long addr, 463 462 void *unused) 464 463 { 465 465 - unsigned long page; 464 464 + pte_t pte; 465 465 + int none; 466 466 467 467 - page = (unsigned long)__va(pte_pfn(ptep_get(ptep)) << PAGE_SHIFT); 467 467 + arch_leave_lazy_mmu_mode(); 468 468 469 469 spin_lock(&init_mm.page_table_lock); 470 470 - 471 471 - if (likely(!pte_none(ptep_get(ptep)))) { 470 470 + pte = ptep_get(ptep); 471 471 + none = pte_none(pte); 472 472 + if (likely(!none)) 472 473 pte_clear(&init_mm, addr, ptep); 473 473 - free_page(page); 474 474 - } 475 474 spin_unlock(&init_mm.page_table_lock); 475 475 + 476 476 + if (likely(!none)) 477 477 + __free_page(pfn_to_page(pte_pfn(pte))); 478 478 + 479 479 + arch_enter_lazy_mmu_mode(); 476 480 477 481 return 0; 478 482 }

+20 -7

mm/kmemleak.c

reviewed

··· 437 437 else if (untagged_objp == untagged_ptr || alias) 438 438 return object; 439 439 else { 440 440 + /* 441 441 + * Printk deferring due to the kmemleak_lock held. 442 442 + * This is done to avoid deadlock. 443 443 + */ 444 444 + printk_deferred_enter(); 440 445 kmemleak_warn("Found object by alias at 0x%08lx\n", 441 446 ptr); 442 447 dump_object_info(object); 448 448 + printk_deferred_exit(); 443 449 break; 444 450 } 445 451 } ··· 742 736 else if (untagged_objp + parent->size <= untagged_ptr) 743 737 link = &parent->rb_node.rb_right; 744 738 else { 739 739 + /* 740 740 + * Printk deferring due to the kmemleak_lock held. 741 741 + * This is done to avoid deadlock. 742 742 + */ 743 743 + printk_deferred_enter(); 745 744 kmemleak_stop("Cannot insert 0x%lx into the object search tree (overlaps existing)\n", 746 745 ptr); 747 746 /* ··· 754 743 * be freed while the kmemleak_lock is held. 755 744 */ 756 745 dump_object_info(parent); 746 746 + printk_deferred_exit(); 757 747 return -EEXIST; 758 748 } 759 749 } ··· 868 856 869 857 raw_spin_lock_irqsave(&kmemleak_lock, flags); 870 858 object = __find_and_remove_object(ptr, 1, objflags); 871 871 - if (!object) { 872 872 - #ifdef DEBUG 873 873 - kmemleak_warn("Partially freeing unknown object at 0x%08lx (size %zu)\n", 874 874 - ptr, size); 875 875 - #endif 859 859 + if (!object) 876 860 goto unlock; 877 877 - } 878 861 879 862 /* 880 863 * Create one or two objects that may result from the memory block ··· 889 882 890 883 unlock: 891 884 raw_spin_unlock_irqrestore(&kmemleak_lock, flags); 892 892 - if (object) 885 885 + if (object) { 893 886 __delete_object(object); 887 887 + } else { 888 888 + #ifdef DEBUG 889 889 + kmemleak_warn("Partially freeing unknown object at 0x%08lx (size %zu)\n", 890 890 + ptr, size); 891 891 + #endif 892 892 + } 894 893 895 894 out: 896 895 if (object_l)

+3 -3

mm/percpu.c

reviewed

··· 3108 3108 #endif /* BUILD_EMBED_FIRST_CHUNK */ 3109 3109 3110 3110 #ifdef BUILD_PAGE_FIRST_CHUNK 3111 3111 - #include <asm/pgalloc.h> 3111 3111 + #include <linux/pgalloc.h> 3112 3112 3113 3113 #ifndef P4D_TABLE_SIZE 3114 3114 #define P4D_TABLE_SIZE PAGE_SIZE ··· 3134 3134 3135 3135 if (pgd_none(*pgd)) { 3136 3136 p4d = memblock_alloc_or_panic(P4D_TABLE_SIZE, P4D_TABLE_SIZE); 3137 3137 - pgd_populate(&init_mm, pgd, p4d); 3137 3137 + pgd_populate_kernel(addr, pgd, p4d); 3138 3138 } 3139 3139 3140 3140 p4d = p4d_offset(pgd, addr); 3141 3141 if (p4d_none(*p4d)) { 3142 3142 pud = memblock_alloc_or_panic(PUD_TABLE_SIZE, PUD_TABLE_SIZE); 3143 3143 - p4d_populate(&init_mm, p4d, pud); 3143 3143 + p4d_populate_kernel(addr, p4d, pud); 3144 3144 } 3145 3145 3146 3146 pud = pud_offset(p4d, addr);

+3 -8

mm/sparse-vmemmap.c

reviewed

··· 27 27 #include <linux/spinlock.h> 28 28 #include <linux/vmalloc.h> 29 29 #include <linux/sched.h> 30 30 + #include <linux/pgalloc.h> 30 31 31 32 #include <asm/dma.h> 32 32 - #include <asm/pgalloc.h> 33 33 #include <asm/tlbflush.h> 34 34 35 35 #include "hugetlb_vmemmap.h" ··· 229 229 if (!p) 230 230 return NULL; 231 231 pud_init(p); 232 232 - p4d_populate(&init_mm, p4d, p); 232 232 + p4d_populate_kernel(addr, p4d, p); 233 233 } 234 234 return p4d; 235 235 } ··· 241 241 void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); 242 242 if (!p) 243 243 return NULL; 244 244 - pgd_populate(&init_mm, pgd, p); 244 244 + pgd_populate_kernel(addr, pgd, p); 245 245 } 246 246 return pgd; 247 247 } ··· 577 577 578 578 if (r < 0) 579 579 return NULL; 580 580 - 581 581 - if (system_state == SYSTEM_BOOTING) 582 582 - memmap_boot_pages_add(DIV_ROUND_UP(end - start, PAGE_SIZE)); 583 583 - else 584 584 - memmap_pages_add(DIV_ROUND_UP(end - start, PAGE_SIZE)); 585 580 586 581 return pfn_to_page(pfn); 587 582 }

+9 -6

mm/sparse.c

reviewed

··· 454 454 */ 455 455 sparsemap_buf = memmap_alloc(size, section_map_size(), addr, nid, true); 456 456 sparsemap_buf_end = sparsemap_buf + size; 457 457 - #ifndef CONFIG_SPARSEMEM_VMEMMAP 458 458 - memmap_boot_pages_add(DIV_ROUND_UP(size, PAGE_SIZE)); 459 459 - #endif 460 457 } 461 458 462 459 static void __init sparse_buffer_fini(void) ··· 564 567 sparse_buffer_fini(); 565 568 goto failed; 566 569 } 570 570 + memmap_boot_pages_add(DIV_ROUND_UP(PAGES_PER_SECTION * sizeof(struct page), 571 571 + PAGE_SIZE)); 567 572 sparse_init_early_section(nid, map, pnum, 0); 568 573 } 569 574 } ··· 679 680 unsigned long start = (unsigned long) pfn_to_page(pfn); 680 681 unsigned long end = start + nr_pages * sizeof(struct page); 681 682 682 682 - memmap_pages_add(-1L * (DIV_ROUND_UP(end - start, PAGE_SIZE))); 683 683 vmemmap_free(start, end, altmap); 684 684 } 685 685 static void free_map_bootmem(struct page *memmap) ··· 854 856 * The memmap of early sections is always fully populated. See 855 857 * section_activate() and pfn_valid() . 856 858 */ 857 857 - if (!section_is_early) 859 859 + if (!section_is_early) { 860 860 + memmap_pages_add(-1L * (DIV_ROUND_UP(nr_pages * sizeof(struct page), PAGE_SIZE))); 858 861 depopulate_section_memmap(pfn, nr_pages, altmap); 859 859 - else if (memmap) 862 862 + } else if (memmap) { 863 863 + memmap_boot_pages_add(-1L * (DIV_ROUND_UP(nr_pages * sizeof(struct page), 864 864 + PAGE_SIZE))); 860 865 free_map_bootmem(memmap); 866 866 + } 861 867 862 868 if (empty) 863 869 ms->section_mem_map = (unsigned long)NULL; ··· 906 904 section_deactivate(pfn, nr_pages, altmap); 907 905 return ERR_PTR(-ENOMEM); 908 906 } 907 907 + memmap_pages_add(DIV_ROUND_UP(nr_pages * sizeof(struct page), PAGE_SIZE)); 909 908 910 909 return memmap; 911 910 }

+7 -2

mm/userfaultfd.c

reviewed

··· 1453 1453 folio_unlock(src_folio); 1454 1454 folio_put(src_folio); 1455 1455 } 1456 1456 - if (dst_pte) 1457 1457 - pte_unmap(dst_pte); 1456 1456 + /* 1457 1457 + * Unmap in reverse order (LIFO) to maintain proper kmap_local 1458 1458 + * index ordering when CONFIG_HIGHPTE is enabled. We mapped dst_pte 1459 1459 + * first, then src_pte, so we must unmap src_pte first, then dst_pte. 1460 1460 + */ 1458 1461 if (src_pte) 1459 1462 pte_unmap(src_pte); 1463 1463 + if (dst_pte) 1464 1464 + pte_unmap(dst_pte); 1460 1465 mmu_notifier_invalidate_range_end(&range); 1461 1466 if (si) 1462 1467 put_swap_device(si);

rust/kernel/mm/virt.rs

reviewed

··· 209 209 /// 210 210 /// For the duration of 'a, the referenced vma must be undergoing initialization in an 211 211 /// `f_ops->mmap()` hook. 212 212 + #[repr(transparent)] 212 213 pub struct VmaNew { 213 214 vma: VmaRef, 214 215 }

+8 -4

scripts/Makefile.kasan

reviewed

··· 86 86 hwasan-use-short-granules=0 \ 87 87 hwasan-inline-all-checks=0 88 88 89 89 - # Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*(). 90 90 - ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y) 91 91 - kasan_params += hwasan-kernel-mem-intrinsic-prefix=1 92 92 - endif 89 89 + # Instrument memcpy/memset/memmove calls by using instrumented __(hw)asan_mem*(). 90 90 + ifdef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX 91 91 + ifdef CONFIG_CC_IS_GCC 92 92 + kasan_params += asan-kernel-mem-intrinsic-prefix=1 93 93 + else 94 94 + kasan_params += hwasan-kernel-mem-intrinsic-prefix=1 95 95 + endif 96 96 + endif # CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX 93 97 94 98 endif # CONFIG_KASAN_SW_TAGS 95 99

+2 -2

tools/testing/selftests/mm/cow.c

reviewed

··· 1554 1554 } 1555 1555 1556 1556 /* Read from the page to populate the shared zeropage. */ 1557 1557 - FORCE_READ(mem); 1558 1558 - FORCE_READ(smem); 1557 1557 + FORCE_READ(*mem); 1558 1558 + FORCE_READ(*smem); 1559 1559 1560 1560 fn(mem, smem, pagesize); 1561 1561 munmap:

+1 -1

tools/testing/selftests/mm/guard-regions.c

reviewed

··· 145 145 if (write) 146 146 *ptr = 'x'; 147 147 else 148 148 - FORCE_READ(ptr); 148 148 + FORCE_READ(*ptr); 149 149 } 150 150 151 151 signal_jump_set = false;

+3 -1

tools/testing/selftests/mm/hugetlb-madvise.c

reviewed

··· 50 50 unsigned long i; 51 51 52 52 for (i = 0; i < nr_pages; i++) { 53 53 + unsigned long *addr2 = 54 54 + ((unsigned long *)(addr + (i * huge_page_size))); 53 55 /* Prevent the compiler from optimizing out the entire loop: */ 54 54 - FORCE_READ(((unsigned long *)(addr + (i * huge_page_size)))); 56 56 + FORCE_READ(*addr2); 55 57 } 56 58 } 57 59

+1 -1

tools/testing/selftests/mm/migration.c

reviewed

··· 110 110 * the memory access actually happens and prevents the compiler 111 111 * from optimizing away this entire loop. 112 112 */ 113 113 - FORCE_READ((uint64_t *)ptr); 113 113 + FORCE_READ(*(uint64_t *)ptr); 114 114 } 115 115 116 116 return NULL;

+1 -1

tools/testing/selftests/mm/pagemap_ioctl.c

reviewed

··· 1525 1525 1526 1526 ret = madvise(mem, hpage_size, MADV_HUGEPAGE); 1527 1527 if (!ret) { 1528 1528 - FORCE_READ(mem); 1528 1528 + FORCE_READ(*mem); 1529 1529 1530 1530 ret = pagemap_ioctl(mem, hpage_size, &vec, 1, 0, 1531 1531 0, PAGE_IS_PFNZERO, 0, 0, PAGE_IS_PFNZERO);

+5 -2

tools/testing/selftests/mm/split_huge_page_test.c

reviewed

··· 439 439 } 440 440 madvise(*addr, fd_size, MADV_HUGEPAGE); 441 441 442 442 - for (size_t i = 0; i < fd_size; i++) 443 443 - FORCE_READ((*addr + i)); 442 442 + for (size_t i = 0; i < fd_size; i++) { 443 443 + char *addr2 = *addr + i; 444 444 + 445 445 + FORCE_READ(*addr2); 446 446 + } 444 447 445 448 if (!check_huge_file(*addr, fd_size / pmd_pagesize, pmd_pagesize)) { 446 449 ksft_print_msg("No large pagecache folio generated, please provide a filesystem supporting large folio\n");

+1 -1

tools/testing/selftests/mm/vm_util.h

reviewed

··· 23 23 * anything with it in order to trigger a read page fault. We therefore must use 24 24 * volatile to stop the compiler from optimising this away. 25 25 */ 26 26 - #define FORCE_READ(x) (*(volatile typeof(x) *)x) 26 26 + #define FORCE_READ(x) (*(const volatile typeof(x) *)&(x)) 27 27 28 28 extern unsigned int __page_size; 29 29 extern unsigned int __page_shift;