- 05 6月, 2022 1 次提交
-
-
由 Steve French 提交于
Set default value of ppath to null. Reported-by: Nkernel test robot <lkp@intel.com> Reviewed-by: NPaulo Alcantara (SUSE) <pc@cjr.nz> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
- 04 6月, 2022 1 次提交
-
-
由 Paulo Alcantara 提交于
During DFS failover, prefix paths may change, so make sure to not leave trailing separators when parsing thew in dfs_cache_get_tgt_share(). The separators of prefix paths are already handled by build_path_from_dentry_optional_prefix(). Consider the following DFS link: //dom/dfs/link: [\srv1\share\dir1, \srv2\share\dir1] Before commit: mount.cifs //dom/dfs/link tree connect to \\srv1\share; prefix_path=dir1 disconnect srv1; failover to srv2 tree connect to \\srv2\share; prefix_path=dir1\ mv foo bar ... SMB2 430 Create Request File: dir1\\foo;GetInfo Request FILE_INFO/SMB2_FILE_ALL_INFO;Close Request SMB2 582 Create Response File: dir1\\foo;GetInfo Response;Close Response SMB2 430 Create Request File: dir1\\bar;GetInfo Request FILE_INFO/SMB2_FILE_ALL_INFO;Close Request SMB2 286 Create Response, Error: STATUS_OBJECT_NAME_NOT_FOUND;GetInfo Response, Error: STATUS_OBJECT_NAME_NOT_FOUND;Close Response, Error: STATUS_OBJECT_NAME_NOT_FOUND SMB2 462 Create Request File: dir1\\foo;SetInfo Request FILE_INFO/SMB2_FILE_RENAME_INFO NewName:dir1\\bar;Close Request SMB2 478 Create Response File: dir1\\foo;SetInfo Response, Error: STATUS_OBJECT_NAME_INVALID;Close Response After commit: mount.cifs //dom/dfs/link tree connect to \\srv1\share; prefix_path=dir1 disconnect srv1; failover to srv2 tree connect to \\srv2\share; prefix_path=dir1 mv foo bar ... SMB2 430 Create Request File: dir1\foo;GetInfo Request FILE_INFO/SMB2_FILE_ALL_INFO;Close Request SMB2 582 Create Response File: dir1\foo;GetInfo Response;Close Response SMB2 430 Create Request File: dir1\bar;GetInfo Request FILE_INFO/SMB2_FILE_ALL_INFO;Close Request SMB2 286 Create Response, Error: STATUS_OBJECT_NAME_NOT_FOUND;GetInfo Response, Error: STATUS_OBJECT_NAME_NOT_FOUND;Close Response, Error: STATUS_OBJECT_NAME_NOT_FOUND SMB2 462 Create Request File: dir1\foo;SetInfo Request FILE_INFO/SMB2_FILE_RENAME_INFO NewName:dir1\bar;Close Request SMB2 478 Create Response File: dir1\foo;SetInfo Response;Close Response Signed-off-by: NPaulo Alcantara (SUSE) <pc@cjr.nz> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
- 02 6月, 2022 3 次提交
-
-
由 Steve French 提交于
To 2.37 Signed-off-by: NSteve French <stfrench@microsoft.com>
-
由 Steve French 提交于
We should not be including unused smb20 specific code when legacy support is disabled (CONFIG_CIFS_ALLOW_INSECURE_LEGACY turned off). For example smb2_operations and smb2_values aren't used in that case. Over time we can move more and more SMB1/CIFS and SMB2.0 code into the insecure legacy ifdefs Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
由 Steve French 提交于
We should not be including unused SMB1/CIFS functions when legacy support is disabled (CONFIG_CIFS_ALLOW_INSECURE_LEGACY turned off), but especially obvious is not needing to build smb1ops.c at all when legacy support is disabled. Over time we can move more SMB1/CIFS and SMB2.0 legacy functions into ifdefs but this is a good start (and shrinks the module size a few percent). Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
- 01 6月, 2022 3 次提交
-
-
由 Vincent Whitchurch 提交于
The srv_mutex is used during writeback so cifs should ensure that allocations done when that mutex is held are done with GFP_NOFS, to avoid having direct reclaim ending up waiting for the same mutex and causing a deadlock. This is detected by lockdep with the splat below: ====================================================== WARNING: possible circular locking dependency detected 5.18.0 #70 Not tainted ------------------------------------------------------ kswapd0/49 is trying to acquire lock: ffff8880195782e0 (&tcp_ses->srv_mutex){+.+.}-{3:3}, at: compound_send_recv but task is already holding lock: ffffffffa98e66c0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (fs_reclaim){+.+.}-{0:0}: fs_reclaim_acquire kmem_cache_alloc_trace __request_module crypto_alg_mod_lookup crypto_alloc_tfm_node crypto_alloc_shash cifs_alloc_hash smb311_crypto_shash_allocate smb311_update_preauth_hash compound_send_recv cifs_send_recv SMB2_negotiate smb2_negotiate cifs_negotiate_protocol cifs_get_smb_ses cifs_mount cifs_smb3_do_mount smb3_get_tree vfs_get_tree path_mount __x64_sys_mount do_syscall_64 entry_SYSCALL_64_after_hwframe -> #0 (&tcp_ses->srv_mutex){+.+.}-{3:3}: __lock_acquire lock_acquire __mutex_lock mutex_lock_nested compound_send_recv cifs_send_recv SMB2_write smb2_sync_write cifs_write cifs_writepage_locked cifs_writepage shrink_page_list shrink_lruvec shrink_node balance_pgdat kswapd kthread ret_from_fork other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); lock(&tcp_ses->srv_mutex); lock(fs_reclaim); lock(&tcp_ses->srv_mutex); *** DEADLOCK *** 1 lock held by kswapd0/49: #0: ffffffffa98e66c0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat stack backtrace: CPU: 2 PID: 49 Comm: kswapd0 Not tainted 5.18.0 #70 Call Trace: <TASK> dump_stack_lvl dump_stack print_circular_bug.cold check_noncircular __lock_acquire lock_acquire __mutex_lock mutex_lock_nested compound_send_recv cifs_send_recv SMB2_write smb2_sync_write cifs_write cifs_writepage_locked cifs_writepage shrink_page_list shrink_lruvec shrink_node balance_pgdat kswapd kthread ret_from_fork </TASK> Fix this by using the memalloc_nofs_save/restore APIs around the places where the srv_mutex is held. Do this in a wrapper function for the lock/unlock of the srv_mutex, and rename the srv_mutex to avoid missing call sites in the conversion. Note that there is another lockdep warning involving internal crypto locks, which was masked by this problem and is visible after this fix, see the discussion in this thread: https://lore.kernel.org/all/20220523123755.GA13668@axis.com/ Link: https://lore.kernel.org/r/CANT5p=rqcYfYMVHirqvdnnca4Mo+JQSw5Qu12v=kPfpk5yhhmg@mail.gmail.com/Reported-by: NShyam Prasad N <nspmangalore@gmail.com> Suggested-by: NLars Persson <larper@axis.com> Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com> Reviewed-by: NEnzo Matsumiya <ematsumiya@suse.de> Signed-off-by: NVincent Whitchurch <vincent.whitchurch@axis.com> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
由 Ronnie Sahlberg 提交于
as this is the only way to make sure the region is allocated. Fix the conditional that was wrong and only tried to make already non-sparse files non-sparse. Cc: stable@vger.kernel.org Signed-off-by: NRonnie Sahlberg <lsahlber@redhat.com> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
由 Enzo Matsumiya 提交于
Similar message is printed a few lines later in the same function Signed-off-by: NEnzo Matsumiya <ematsumiya@suse.de> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
- 31 5月, 2022 1 次提交
-
-
由 Ronnie Sahlberg 提交于
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 Cc: stable@vger.kernel.org Signed-off-by: NRoberto Bergantinos <rbergant@redhat.com> Signed-off-by: NRonnie Sahlberg <lsahlber@redhat.com> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
- 28 5月, 2022 31 次提交
-
-
git://git.samba.org/sfrench/cifs-2.6由 Linus Torvalds 提交于
Pull cifs client updates from Steve French: - multichannel fixes to improve reconnect after network failure - improved caching of root directory contents (extending benefit of directory leases) - two DFS fixes - three fixes for improved debugging - an NTLMSSP fix for mounts t0 older servers - new mount parm to allow disabling creating sparse files - various cleanup fixes and minor fixes pointed out by coverity * tag '5.19-rc-smb3-client-fixes-updated' of git://git.samba.org/sfrench/cifs-2.6: (24 commits) smb3: remove unneeded null check in cifs_readdir cifs: fix ntlmssp on old servers cifs: cache the dirents for entries in a cached directory cifs: avoid parallel session setups on same channel cifs: use new enum for ses_status cifs: do not use tcpStatus after negotiate completes smb3: add mount parm nosparse smb3: don't set rc when used and unneeded in query_info_compound smb3: check for null tcon cifs: fix minor compile warning Add various fsctl structs Add defines for various newer FSCTLs smb3: add trace point for oplock not found cifs: return the more nuanced writeback error on close() smb3: add trace point for lease not found issue cifs: smbd: fix typo in comment cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() cifs: check for smb1 in open_cached_dir() cifs: move definition of cifs_fattr earlier in cifsglob.h cifs: print TIDs as hex ...
-
https://github.com/kleikamp/linux-shaggy由 Linus Torvalds 提交于
Pull jfs updates from David Kleikamp: "One bug fix and some code cleanup" * tag 'jfs-5.19' of https://github.com/kleikamp/linux-shaggy: fs/jfs: Remove dead code fs: jfs: fix possible NULL pointer dereference in dbFree()
-
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm由 Linus Torvalds 提交于
Pull libnvdimm and DAX updates from Dan Williams: "New support for clearing memory errors when a file is in DAX mode, alongside with some other fixes and cleanups. Previously it was only possible to clear these errors using a truncate or hole-punch operation to trigger the filesystem to reallocate the block, now, any page aligned write can opportunistically clear errors as well. This change spans x86/mm, nvdimm, and fs/dax, and has received the appropriate sign-offs. Thanks to Jane for her work on this. Summary: - Add support for clearing memory error via pwrite(2) on DAX - Fix 'security overwrite' support in the presence of media errors - Miscellaneous cleanups and fixes for nfit_test (nvdimm unit tests)" * tag 'libnvdimm-for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: pmem: implement pmem_recovery_write() pmem: refactor pmem_clear_poison() dax: add .recovery_write dax_operation dax: introduce DAX_RECOVERY_WRITE dax access mode mce: fix set_mce_nospec to always unmap the whole page x86/mce: relocate set{clear}_mce_nospec() functions acpi/nfit: rely on mce->misc to determine poison granularity testing: nvdimm: asm/mce.h is not needed in nfit.c testing: nvdimm: iomap: make __nfit_test_ioremap a macro nvdimm: Allow overwrite in the presence of disabled dimms tools/testing/nvdimm: remove unneeded flush_workqueue
-
git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd由 Linus Torvalds 提交于
Pull MFD updates from Lee Jones: "New Device Support - Add support for {Power,Home} Keys to MediaTek MT6359 - Add support for SC2730 to Spreadtrum SPRD SC27XX SPI - Add support for additional Alder Lake-P I2C Controllers to Intel LPSS PCI Fix-ups: - Convert GPIO to GPIOD (hi655x-pmic) - Only register devices that exist (cros_ec_dev) - Remove unused code (syscon, reg-mux) - Rework .remove() API to return void (twl-core, rt4831) - Trivial - whitespace, spelling, coding style (tps65218, sprd-sc27xx-spi, google,cros-ec) - DT binding changes (samsung,exynos5433-lpass, rockchip,rk805, rockchip,rk808, rockchip,rk809, rockchip,rk817, rockchip,rk818, wlf,arizona) Bug Fixes: - Fix error handling bugs (ipaq-micro, davinci_voicecodec)" * tag 'mfd-next-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: dt-bindings: cros-ec: Fix a typo in description dt-bindings: mfd: wlf,arizona: Add spi-max-frequency mfd: rt4831: Improve error reporting for problems during .remove() mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() mfd: intel-lpss: Add support for ADL-P i2c6 and i2c7 dt-bindings: mfd: rk808: Convert bindings to yaml mfd: twl4030: Make twl4030_exit_irq() return void mfd: twl6030: Make twl6030_exit_irq() return void dt-bindings: mfd: samsung,exynos5433-lpass: Fix 'dma-channels/requests' properties mfd: sprd: Jugle {of,spi}_device_id tables into numerical order mfd: sprd: Add SC2730 PMIC to SPI device ID table dt-bindings: Drop undocumented i.MX iomuxc-gpr bindings in examples mfd: cros_ec_dev: Only register PCHG device if present mfd: mt6397-core: Add resources for PMIC keys for MT6359 mfd: mt6359: Add missing defines necessary for mtk-pmic-keys support mfd: ipaq-micro: Fix error check return value of platform_get_irq() mfd: hi655x-pmic: Replace legacy gpio interface for gpiod interface mfd: tps65218: Fix trivial typo in comment
-
git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux由 Linus Torvalds 提交于
Pull clk updates from Stephen Boyd: "Mainly driver updates this time around. There's a single patch to the core clk framework that simplifies a runtime PM call. Otherwise the majority of the diff falls to a few SoC drivers: Qualcomm, STM32 and MediaTek. Those SoCs gain some new hardware support and what comes along with that is quite a few lines of data and some clk_ops code. Beyond the new hardware support we have the usual pile of driver updates that add missing clks on already supported SoCs or fix up problems like bad clk tree descriptions. It's nice to see that more drivers are moving to clk_hw based APIs too. New Drivers: - Add STM32MP13 RCC driver (Reset Clock Controller) - MediaTek MT8186 SoC clk support - Airoha EN7523 SoC system clocks - Clock driver for exynosautov9 SoC - Renesas R-Car V4H and RZ/V2M SoCs - Renesas RZ/G2UL SoC - LPASS clk driver for Qualcomm sc7280 SoC - GCC clk driver for Qualcomm SC8280XP SoC Updates: - SDCC uses floor clk ops on Qualcomm MSM8976 - Add modem reset and fix RPM clks on Qualcomm MSM8976 - Add the two missing CLKOUT clocks for U8500/DB8500 SoC - Mark some clks critical on Ingenic X1000 - Convert ux500 to clk_hw - Move MediaTek driver to clk_hw provider APIs - Use i2c driver probe_new to avoid id scans - Convert a number of Rockchip dt bindings to YAML - Mark hclk_vo critical on Rockchip rk3568 - Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage - Various cleanups like memory allocation error checks and plugged leaks - Allwinner H6 RTC clock support - Allwinner H616 32 kHz clock support - Add the Universal Flash Storage clock on Renesas R-Car S4-8 - Add I2C, SSIF-2 (sound), USB, CANFD, OSTM (timer), WDT, SPI Multi I/O Bus, RSPI, TSU (thermal), and ADC clocks and resets on Renesas RZ/G2UL - Add display clock support on Renesas RZ/G2L - Add RPC (QSPI/HyperFlash) clocks on Renesas R-Car E3 and D3 - Add 27 MHz phy PLL ref clock on i.MX - Add mcore_booted module parameter to tell kernel M core has already booted for i.MX - Remove snvs clock on i.MX because it was for secure world only - Add dt bindings for i.MX8MN GPT - Add DISP2 pixel clock for i.MX8MP - Add clkout1/2 for i.MX8MP - Fix parent clock of ubs_root_clk for i.MX8MP - Implement better RCG parking on Qualcomm SoCs using the shared RCG clk ops - Kerneldoc fixes - Switch Tegra BPMP to determine_rate clk op - Add a pointer to dt schema for generic clock bindings" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (168 commits) Revert "clk: qcom: regmap-mux: add pipe clk implementation" Revert "clk: qcom: gcc-sc7280: use new clk_regmap_mux_safe_ops for PCIe pipe clocks" Revert "clk: qcom: gcc-sm8450: use new clk_regmap_mux_safe_ops for PCIe pipe clocks" clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() clk: stm32mp13: add safe mux management clk: stm32mp13: add multi mux function clk: stm32mp13: add all STM32MP13 kernel clocks clk: stm32mp13: add all STM32MP13 peripheral clocks clk: stm32mp13: manage secured clocks clk: stm32mp13: add composite clock clk: stm32mp13: add stm32 divider clock clk: stm32mp13: add stm32_gate management clk: stm32mp13: add stm32_mux clock management clk: stm32: Introduce STM32MP13 RCC drivers (Reset Clock Controller) dt-bindings: rcc: stm32: add new compatible for STM32MP13 SoC clk: ti: clkctrl: replace usage of found with dedicated list iterator variable clk: ti: composite: Prefer kcalloc over open coded arithmetic dt-bindings: clock: exynosautov9: correct count of NR_CLK clk: mediatek: mt8173: Switch to clk_hw provider APIs clk: mediatek: Switch to clk_hw provider APIs ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci由 Linus Torvalds 提交于
Pull pci updates from Bjorn Helgaas: "Resource management: - Restrict E820 clipping to PCI host bridge windows (Bjorn Helgaas) - Log E820 clipping better (Bjorn Helgaas) - Add kernel cmdline options to enable/disable E820 clipping (Hans de Goede) - Disable E820 reserved region clipping for IdeaPads, Yoga, Yoga Slip, Acer Spin 5, Clevo Barebone systems where clipping leaves no usable address space for touchpads, Thunderbolt devices, etc (Hans de Goede) - Disable E820 clipping by default starting in 2023 (Hans de Goede) PCI device hotplug: - Include files to remove implicit dependencies (Christophe Leroy) - Only put Root Ports in D3 if they can signal and wake from D3 so AMD Yellow Carp doesn't miss hotplug events (Mario Limonciello) Power management: - Define pci_restore_standard_config() only for CONFIG_PM_SLEEP since it's unused otherwise (Krzysztof Kozlowski) - Power up devices completely, including anything platform firmware needs to do, during runtime resume (Rafael J. Wysocki) - Move pci_resume_bus() to PM callbacks so we observe the required bridge power-up delays (Rafael J. Wysocki) - Drop unneeded runtime_d3cold device flag (Rafael J. Wysocki) - Split pci_raw_set_power_state() between pci_power_up() and a new pci_set_low_power_state() (Rafael J. Wysocki) - Set current_state to D3cold if config read returns ~0, indicating the device is not accessible (Rafael J. Wysocki) - Do not call pci_update_current_state() from pci_power_up() so BARs and ASPM config are restored correctly (Rafael J. Wysocki) - Write 0 to PMCSR in pci_power_up() in all cases (Rafael J. Wysocki) - Split pci_power_up() to pci_set_full_power_state() to avoid some redundant operations (Rafael J. Wysocki) - Skip restoring BARs if device is not in D0 (Rafael J. Wysocki) - Rearrange and clarify pci_set_power_state() (Rafael J. Wysocki) - Remove redundant BAR restores from pci_pm_thaw_noirq() (Rafael J. Wysocki) Virtualization: - Acquire device lock before config space access lock to avoid AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) Error handling: - Clear MULTI_ERR_COR/UNCOR_RCV bits, which a race could previously leave permanently set (Kuppuswamy Sathyanarayanan) Peer-to-peer DMA: - Whitelist Intel Skylake-E Root Ports regardless of which devfn they are (Shlomo Pongratz) ASPM: - Override L1 acceptable latency advertised by Intel DG2 so ASPM L1 can be enabled (Mika Westerberg) Cadence PCIe controller driver: - Set up device-specific register to allow PTM Responder to be enabled by the normal architected bit (Christian Gmeiner) - Override advertised FLR support since the controller doesn't implement FLR correctly (Parshuram Thombare) Cadence PCIe endpoint driver: - Correct bitmap size for the ob_region_map of outbound window usage (Dan Carpenter) Freescale i.MX6 PCIe controller driver: - Fix PERST# assertion/deassertion so we observe the required delays before accessing device (Francesco Dolcini) Freescale Layerscape PCIe controller driver: - Add "big-endian" DT property (Hou Zhiqiang) - Update SCFG DT property (Hou Zhiqiang) - Add "aer", "pme", "intr" DT properties (Li Yang) - Add DT compatible strings for ls1028a (Xiaowei Bao) Intel VMD host bridge driver: - Assign VMD IRQ domain before enumeration to avoid IOMMU interrupt remapping errors when MSI-X remapping is disabled (Nirmal Patel) - Revert VMD workaround that kept MSI-X remapping enabled when IOMMU remapping was enabled (Nirmal Patel) Marvell MVEBU PCIe controller driver: - Add of_pci_get_slot_power_limit() to parse the 'slot-power-limit-milliwatt' DT property (Pali Rohár) - Add mvebu support for sending Set_Slot_Power_Limit message (Pali Rohár) MediaTek PCIe controller driver: - Fix refcount leak in mtk_pcie_subsys_powerup() (Miaoqian Lin) MediaTek PCIe Gen3 controller driver: - Reset PHY and MAC at probe time (AngeloGioacchino Del Regno) Microchip PolarFlare PCIe controller driver: - Add chained_irq_enter()/chained_irq_exit() calls to mc_handle_msi() and mc_handle_intx() to avoid lost interrupts (Conor Dooley) - Fix interrupt handling race (Daire McNamara) NVIDIA Tegra194 PCIe controller driver: - Drop tegra194 MSI register save/restore, which is unnecessary since the DWC core does it (Jisheng Zhang) Qualcomm PCIe controller driver: - Add SM8150 SoC DT binding and support (Bhupesh Sharma) - Fix pipe clock imbalance (Johan Hovold) - Fix runtime PM imbalance on probe errors (Johan Hovold) - Fix PHY init imbalance on probe errors (Johan Hovold) - Convert DT binding to YAML (Dmitry Baryshkov) - Update DT binding to show that resets aren't required for MSM8996/APQ8096 platforms (Dmitry Baryshkov) - Add explicit register names per chipset in DT binding (Dmitry Baryshkov) - Add sc7280-specific clock and reset definitions to DT binding (Dmitry Baryshkov) Rockchip PCIe controller driver: - Fix bitmap size when searching for free outbound region (Dan Carpenter) Rockchip DesignWare PCIe controller driver: - Remove "snps,dw-pcie" from rockchip-dwc DT "compatible" property because it's not fully compatible with rockchip (Peter Geis) - Reset rockchip-dwc controller at probe (Peter Geis) - Add rockchip-dwc INTx support (Peter Geis) Synopsys DesignWare PCIe controller driver: - Return error instead of success if DMA mapping of MSI area fails (Jiantao Zhang) Miscellaneous: - Change pci_set_dma_mask() documentation references to dma_set_mask() (Alex Williamson)" * tag 'pci-v5.19-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (64 commits) dt-bindings: PCI: qcom: Add schema for sc7280 chipset dt-bindings: PCI: qcom: Specify reg-names explicitly dt-bindings: PCI: qcom: Do not require resets on msm8996 platforms dt-bindings: PCI: qcom: Convert to YAML PCI: qcom: Fix unbalanced PHY init on probe errors PCI: qcom: Fix runtime PM imbalance on probe errors PCI: qcom: Fix pipe clock imbalance PCI: qcom: Add SM8150 SoC support dt-bindings: pci: qcom: Document PCIe bindings for SM8150 SoC x86/PCI: Disable E820 reserved region clipping starting in 2023 x86/PCI: Disable E820 reserved region clipping via quirks x86/PCI: Add kernel cmdline options to use/ignore E820 reserved regions PCI: microchip: Fix potential race in interrupt handling PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits PCI: cadence: Clear FLR in device capabilities register PCI: cadence: Allow PTM Responder to be enabled PCI: vmd: Revert 2565e5b6 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") PCI: vmd: Assign VMD IRQ domain before enumeration PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() PCI: rockchip-dwc: Add legacy interrupt support ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm由 Linus Torvalds 提交于
Pull more MM updates from Andrew Morton: - Two follow-on fixes for the post-5.19 series "Use pageblock_order for cma and alloc_contig_range alignment", from Zi Yan. - A series of z3fold cleanups and fixes from Miaohe Lin. - Some memcg selftests work from Michal Koutný <mkoutny@suse.com> - Some swap fixes and cleanups from Miaohe Lin - Several individual minor fixups * tag 'mm-stable-2022-05-27' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (25 commits) mm/shmem.c: suppress shift warning mm: Kconfig: reorganize misplaced mm options mm: kasan: fix input of vmalloc_to_page() mm: fix is_pinnable_page against a cma page mm: filter out swapin error entry in shmem mapping mm/shmem: fix infinite loop when swap in shmem error at swapoff time mm/madvise: free hwpoison and swapin error entry in madvise_free_pte_range mm/swapfile: fix lost swap bits in unuse_pte() mm/swapfile: unuse_pte can map random data if swap read fails selftests: memcg: factor out common parts of memory.{low,min} tests selftests: memcg: remove protection from top level memcg selftests: memcg: adjust expected reclaim values of protected cgroups selftests: memcg: expect no low events in unprotected sibling selftests: memcg: fix compilation mm/z3fold: fix z3fold_page_migrate races with z3fold_map mm/z3fold: fix z3fold_reclaim_page races with z3fold_free mm/z3fold: always clear PAGE_CLAIMED under z3fold page lock mm/z3fold: put z3fold page back into unbuddied list when reclaim or migration fails revert "mm/z3fold.c: allow __GFP_HIGHMEM in z3fold_alloc" mm/z3fold: throw warning on failure of trylock_page in z3fold_alloc ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm由 Linus Torvalds 提交于
Pull hotfixes from Andrew Morton: "Six hotfixes. The page_table_check one from Miaohe Lin is considered a minor thing so it isn't marked for -stable. The remainder address pre-5.19 issues and are cc:stable" * tag 'mm-hotfixes-stable-2022-05-27' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: mm/page_table_check: fix accessing unmapped ptep kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] mm/page_alloc: always attempt to allocate at least one page during bulk allocation hugetlb: fix huge_pmd_unshare address update zsmalloc: fix races between asynchronous zspage free and page migration Revert "mm/cma.c: remove redundant cma_mutex lock"
-
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm由 Linus Torvalds 提交于
Pull misc updates from Andrew Morton: "The non-MM patch queue for this merge window. Not a lot of material this cycle. Many singleton patches against various subsystems. Most notably some maintenance work in ocfs2 and initramfs" * tag 'mm-nonmm-stable-2022-05-26' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (65 commits) kcov: update pos before writing pc in trace function ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock fs/ntfs: remove redundant variable idx fat: remove time truncations in vfat_create/vfat_mkdir fat: report creation time in statx fat: ignore ctime updates, and keep ctime identical to mtime in memory fat: split fat_truncate_time() into separate functions MAINTAINERS: add Muchun as a memcg reviewer proc/sysctl: make protected_* world readable ia64: mca: drop redundant spinlock initialization tty: fix deadlock caused by calling printk() under tty_port->lock relay: remove redundant assignment to pointer buf fs/ntfs3: validate BOOT sectors_per_clusters lib/string_helpers: fix not adding strarray to device's resource list kernel/crash_core.c: remove redundant check of ck_cmdline ELF, uapi: fixup ELF_ST_TYPE definition ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() ipc: update semtimedop() to use hrtimer ipc/sem: remove redundant assignments ...
-
由 Jason A. Donenfeld 提交于
When CRYPTO_LIB_POLY1305 is unset, CRYPTO_LIB_POLY1305_RSIZE is still set in the Kconfig, cluttering things. Fix this by making CRYPTO_LIB_POLY1305_RSIZE depend on CRYPTO_LIB_POLY1305. Suggested-by: NLinus Torvalds <torvalds@linux-foundation.org> Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Baolin Wang 提交于
Fix the arm64 build error which was caused by commit ae075629 ("mm: change huge_ptep_clear_flush() to return the original pte") interacting with commit fb396bb4 ("arm64/hugetlb: Drop TLB flush from get_clear_flush()"): arch/arm64/mm/hugetlbpage.c: In function ‘huge_ptep_clear_flush’: arch/arm64/mm/hugetlbpage.c:515:9: error: implicit declaration of function ‘get_clear_flush’; did you mean ‘ptep_clear_flush’? [-Werror=implicit-function-declaration] 515 | return get_clear_flush(vma->vm_mm, addr, ptep, pgsize, ncontig); | ^~~~~~~~~~~~~~~ | ptep_clear_flush Due to the new get_clear_contig() has dropped TLB flush, we should add an explicit TLB flush in huge_ptep_clear_flush() to keep original semantics when changing to use new get_clear_contig(). Fixes: fb396bb4 ("arm64/hugetlb: Drop TLB flush from get_clear_flush()"). Fixes: ae075629 ("mm: change huge_ptep_clear_flush() to return the original pte") Reported-and-tested-by: NLinux Kernel Functional Testing <lkft@linaro.org> Reported-by: NSudip Mukherjee <sudipm.mukherjee@gmail.com> Suggested-by: NCatalin Marinas <catalin.marinas@arm.com> Signed-off-by: NBaolin Wang <baolin.wang@linux.alibaba.com> Reviewed-by: NGavin Shan <gshan@redhat.com> Reviewed-by: NAnshuman Khandual <anshuman.khandual@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Anshuman Khandual <anshuman.khandual@arm.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Howells 提交于
pipe_resize_ring() needs to take the pipe->rd_wait.lock spinlock to prevent post_one_notification() from trying to insert into the ring whilst the ring is being replaced. The occupancy check must be done after the lock is taken, and the lock must be taken after the new ring is allocated. The bug can lead to an oops looking something like: BUG: KASAN: use-after-free in post_one_notification.isra.0+0x62e/0x840 Read of size 4 at addr ffff88801cc72a70 by task poc/27196 ... Call Trace: post_one_notification.isra.0+0x62e/0x840 __post_watch_notification+0x3b7/0x650 key_create_or_update+0xb8b/0xd20 __do_sys_add_key+0x175/0x340 __x64_sys_add_key+0xbe/0x140 do_syscall_64+0x5c/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Reported by Selim Enes Karaduman @Enesdex working with Trend Micro Zero Day Initiative. Fixes: c73be61c ("pipe: Add general notification queue support") Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17291 Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Steve French 提交于
Coverity pointed out an unneeded check. Addresses-Coverity: 1518030 ("Null pointer dereferences") Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com> Signed-off-by: NSteve French <stfrench@microsoft.com>
-
由 Andrew Morton 提交于
mm/shmem.c:1948 shmem_getpage_gfp() warn: should '(((1) << 12) / 512) << folio_order(folio)' be a 64 bit type? On i386, so an unsigned long is 32-bit, but i_blocks is a 64-bit blkcnt_t. Reported-by: Nkernel test robot <lkp@intel.com> Reported-by: NJessica Clarke <jrtc27@jrtc27.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Vlastimil Babka 提交于
After commits 7b42f104 ("mm: Kconfig: move swap and slab config options to the MM section") and 519bcb79 ("mm: Kconfig: group swap, slab, hotplug and thp options into submenus") we now have nicely organized mm related config options. I have noticed some that were still misplaced, so this moves them from various places into the new structure: VM_EVENT_COUNTERS, COMPAT_BRK, MMAP_ALLOW_UNINITIALIZED to mm/Kconfig and general MM section. SLUB_STATS to mm/Kconfig and the slab submenu. DEBUG_SLAB, SLUB_DEBUG, SLUB_DEBUG_ON to mm/Kconfig.debug and the Kernel hacking / Memory Debugging submenu. Link: https://lkml.kernel.org/r/20220525112559.1139-1-vbabka@suse.czSigned-off-by: NVlastimil Babka <vbabka@suse.cz> Acked-by: NJohannes Weiner <hannes@cmpxchg.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Kefeng Wang 提交于
When print virtual mapping info for vmalloc address, it should pass the addr not page, fix it. Link: https://lkml.kernel.org/r/20220525120804.38155-1-wangkefeng.wang@huawei.com Fixes: c056a364 ("kasan: print virtual mapping info in reports") Signed-off-by: NKefeng Wang <wangkefeng.wang@huawei.com> Reviewed-by: NAndrey Konovalov <andreyknvl@gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Minchan Kim 提交于
Pages in the CMA area could have MIGRATE_ISOLATE as well as MIGRATE_CMA so the current is_pinnable_page() could miss CMA pages which have MIGRATE_ISOLATE. It ends up pinning CMA pages as longterm for the pin_user_pages() API so CMA allocations keep failing until the pin is released. CPU 0 CPU 1 - Task B cma_alloc alloc_contig_range pin_user_pages_fast(FOLL_LONGTERM) change pageblock as MIGRATE_ISOLATE internal_get_user_pages_fast lockless_pages_from_mm gup_pte_range try_grab_folio is_pinnable_page return true; So, pinned the page successfully. page migration failure with pinned page .. .. After 30 sec unpin_user_page(page) CMA allocation succeeded after 30 sec. The CMA allocation path protects the migration type change race using zone->lock but what GUP path need to know is just whether the page is on CMA area or not rather than exact migration type. Thus, we don't need zone->lock but just checks migration type in either of (MIGRATE_ISOLATE and MIGRATE_CMA). Adding the MIGRATE_ISOLATE check in is_pinnable_page could cause rejecting of pinning pages on MIGRATE_ISOLATE pageblocks even though it's neither CMA nor movable zone if the page is temporarily unmovable. However, such a migration failure by unexpected temporal refcount holding is general issue, not only come from MIGRATE_ISOLATE and the MIGRATE_ISOLATE is also transient state like other temporal elevated refcount problem. Link: https://lkml.kernel.org/r/20220524171525.976723-1-minchan@kernel.orgSigned-off-by: NMinchan Kim <minchan@kernel.org> Reviewed-by: NJohn Hubbard <jhubbard@nvidia.com> Acked-by: NPaul E. McKenney <paulmck@kernel.org> Cc: David Hildenbrand <david@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
There might be swapin error entries in shmem mapping. Filter them out to avoid "Bad swap file entry" complaint. Link: https://lkml.kernel.org/r/20220519125030.21486-6-linmiaohe@huawei.comSigned-off-by: NMiaohe Lin <linmiaohe@huawei.com> Reviewed-by: NNaoya Horiguchi <naoya.horiguchi@nec.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: NeilBrown <neilb@suse.de> Cc: Peter Xu <peterx@redhat.com> Cc: Ralph Campbell <rcampbell@nvidia.com> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
When swap in shmem error at swapoff time, there would be a infinite loop in the while loop in shmem_unuse_inode(). It's because swapin error is deliberately ignored now and thus info->swapped will never reach 0. So we can't escape the loop in shmem_unuse(). In order to fix the issue, swapin_error entry is stored in the mapping when swapin error occurs. So the swapcache page can be freed and the user won't end up with a permanently mounted swap because a sector is bad. If the page is accessed later, the user process will be killed so that corrupted data is never consumed. On the other hand, if the page is never accessed, the user won't even notice it. Link: https://lkml.kernel.org/r/20220519125030.21486-5-linmiaohe@huawei.comSigned-off-by: NMiaohe Lin <linmiaohe@huawei.com> Reported-by: NNaoya Horiguchi <naoya.horiguchi@nec.com> Reviewed-by: NNaoya Horiguchi <naoya.horiguchi@nec.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: NeilBrown <neilb@suse.de> Cc: Peter Xu <peterx@redhat.com> Cc: Ralph Campbell <rcampbell@nvidia.com> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
Once the MADV_FREE operation has succeeded, callers can expect they might get zero-fill pages if accessing the memory again. Therefore it should be safe to delete the hwpoison entry and swapin error entry. There is no reason to kill the process if it has called MADV_FREE on the range. Link: https://lkml.kernel.org/r/20220519125030.21486-4-linmiaohe@huawei.comSigned-off-by: NMiaohe Lin <linmiaohe@huawei.com> Suggested-by: NAlistair Popple <apopple@nvidia.com> Acked-by: NDavid Hildenbrand <david@redhat.com> Reviewed-by: NNaoya Horiguchi <naoya.horiguchi@nec.com> Cc: David Howells <dhowells@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: NeilBrown <neilb@suse.de> Cc: Peter Xu <peterx@redhat.com> Cc: Ralph Campbell <rcampbell@nvidia.com> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
This is observed by code review only but not any real report. When we turn off swapping we could have lost the bits stored in the swap ptes. The new rmap-exclusive bit is fine since that turned into a page flag, but not for soft-dirty and uffd-wp. Add them. Link: https://lkml.kernel.org/r/20220519125030.21486-3-linmiaohe@huawei.comSigned-off-by: NMiaohe Lin <linmiaohe@huawei.com> Suggested-by: NPeter Xu <peterx@redhat.com> Reviewed-by: NDavid Hildenbrand <david@redhat.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: David Howells <dhowells@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Naoya Horiguchi <naoya.horiguchi@nec.com> Cc: NeilBrown <neilb@suse.de> Cc: Ralph Campbell <rcampbell@nvidia.com> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
Patch series "A few fixup patches for mm", v4. This series contains a few patches to avoid mapping random data if swap read fails and fix lost swap bits in unuse_pte. Also we free hwpoison and swapin error entry in madvise_free_pte_range and so on. More details can be found in the respective changelogs. This patch (of 5): There is a bug in unuse_pte(): when swap page happens to be unreadable, page filled with random data is mapped into user address space. In case of error, a special swap entry indicating swap read fails is set to the page table. So the swapcache page can be freed and the user won't end up with a permanently mounted swap because a sector is bad. And if the page is accessed later, the user process will be killed so that corrupted data is never consumed. On the other hand, if the page is never accessed, the user won't even notice it. Link: https://lkml.kernel.org/r/20220519125030.21486-1-linmiaohe@huawei.com Link: https://lkml.kernel.org/r/20220519125030.21486-2-linmiaohe@huawei.comSigned-off-by: NMiaohe Lin <linmiaohe@huawei.com> Acked-by: NDavid Hildenbrand <david@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: David Howells <dhowells@redhat.com> Cc: NeilBrown <neilb@suse.de> Cc: Alistair Popple <apopple@nvidia.com> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Peter Xu <peterx@redhat.com> Cc: Ralph Campbell <rcampbell@nvidia.com> Cc: Naoya Horiguchi <naoya.horiguchi@nec.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Michal Koutný 提交于
The memory protection test setup and runtime is almost equal for memory.low and memory.min cases. It makes modification of the common parts prone to mistakes, since the protections are similar not only in setup but also in principle, factor the common part out. Past exceptions between the tests: - missing memory.min is fine (kept), - test_memcg_low protected orphaned pagecache (adapted like test_memcg_min and we keep the processes of protected memory running). The evaluation in two tests is different (OOM of allocator vs low events of protégés), this is kept different. Link: https://lkml.kernel.org/r/20220518161859.21565-6-mkoutny@suse.comSigned-off-by: NMichal Koutný <mkoutny@suse.com> Acked-by: NRoman Gushchin <roman.gushchin@linux.dev> CC: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Shakeel Butt <shakeelb@google.com> Cc: Richard Palethorpe <rpalethorpe@suse.de> Cc: David Vernet <void@manifault.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Michal Koutný 提交于
The reclaim is triggered by memory limit in a subtree, therefore the testcase does not need configured protection against external reclaim. Also, correct respective comments. Link: https://lkml.kernel.org/r/20220518161859.21565-5-mkoutny@suse.comSigned-off-by: NMichal Koutný <mkoutny@suse.com> Acked-by: NRoman Gushchin <roman.gushchin@linux.dev> Cc: David Vernet <void@manifault.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Richard Palethorpe <rpalethorpe@suse.de> Cc: Shakeel Butt <shakeelb@google.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Michal Koutný 提交于
The numbers are not easy to derive in a closed form (certainly mere protections ratios do not apply), therefore use a simulation to obtain expected numbers. Link: https://lkml.kernel.org/r/20220518161859.21565-4-mkoutny@suse.comSigned-off-by: NMichal Koutný <mkoutny@suse.com> Acked-by: NRoman Gushchin <roman.gushchin@linux.dev> Cc: David Vernet <void@manifault.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Richard Palethorpe <rpalethorpe@suse.de> Cc: Shakeel Butt <shakeelb@google.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Michal Koutný 提交于
This is effectively a revert of commit cdc69458 ("cgroup: account for memory_recursiveprot in test_memcg_low()"). The case test_memcg_low will fail with memory_recursiveprot until resolved in reclaim code. However, this patch preserves the existing helpers and variables for later uses. Link: https://lkml.kernel.org/r/20220518161859.21565-3-mkoutny@suse.comSigned-off-by: NMichal Koutný <mkoutny@suse.com> Reviewed-by: NDavid Vernet <void@manifault.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Richard Palethorpe <rpalethorpe@suse.de> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Shakeel Butt <shakeelb@google.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Michal Koutný 提交于
Patch series "memcontrol selftests fixups", v2. Flushing the patches to make memcontrol selftests check the events behavior we had consensus about (test_memcg_low fails). (test_memcg_reclaim, test_memcg_swap_max fail for me now but it's present even before the refactoring.) The two bigger changes are: - adjustment of the protected values to make tests succeed with the given tolerance, - both test_memcg_low and test_memcg_min check protection of memory in populated cgroups (actually as per Documentation/admin-guide/cgroup-v2.rst memory.min should not apply to empty cgroups, which is not the case currently. Therefore I unified tests with the populated case in order to to bring more broken tests). This patch (of 5): This fixes mis-applied changes from commit 72b1e03a ("cgroup: account for memory_localevents in test_memcg_oom_group_leaf_events()"). Link: https://lkml.kernel.org/r/20220518161859.21565-1-mkoutny@suse.com Link: https://lkml.kernel.org/r/20220518161859.21565-2-mkoutny@suse.comSigned-off-by: NMichal Koutný <mkoutny@suse.com> Reviewed-by: NDavid Vernet <void@manifault.com> Acked-by: NRoman Gushchin <roman.gushchin@linux.dev> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Richard Palethorpe <rpalethorpe@suse.de> Cc: Shakeel Butt <shakeelb@google.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
Think about the below scenario: CPU1 CPU2 z3fold_page_migrate z3fold_map z3fold_page_trylock ... z3fold_page_unlock /* slots still points to old zhdr*/ get_z3fold_header get slots from handle get old zhdr from slots z3fold_page_trylock return *old* zhdr encode_handle(new_zhdr, FIRST|LAST|MIDDLE) put_page(page) /* zhdr is freed! */ but zhdr is still used by caller! z3fold_map can map freed z3fold page and lead to use-after-free bug. To fix it, we add PAGE_MIGRATED to indicate z3fold page is migrated and soon to be released. So get_z3fold_header won't return such page. Link: https://lkml.kernel.org/r/20220429064051.61552-10-linmiaohe@huawei.com Fixes: 1f862989 ("mm/z3fold.c: support page migration") Signed-off-by: NMiaohe Lin <linmiaohe@huawei.com> Reviewed-by: NVitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
Think about the below scenario: CPU1 CPU2 z3fold_reclaim_page z3fold_free spin_lock(&pool->lock) get_z3fold_header -- hold page_lock kref_get_unless_zero kref_put--zhdr->refcount can be 1 now !z3fold_page_trylock kref_put -- zhdr->refcount is 0 now release_z3fold_page WARN_ON(!list_empty(&zhdr->buddy)); -- we're on buddy now! spin_lock(&pool->lock); -- deadlock here! z3fold_reclaim_page might race with z3fold_free and will lead to pool lock deadlock and zhdr buddy non-empty warning. To fix this, defer getting the refcount until page_lock is held just like what __z3fold_alloc does. Note this has the side effect that we won't break the reclaim if we meet a soon to be released z3fold page now. Link: https://lkml.kernel.org/r/20220429064051.61552-9-linmiaohe@huawei.com Fixes: dcf5aedb ("z3fold: stricter locking and more careful reclaim") Signed-off-by: NMiaohe Lin <linmiaohe@huawei.com> Reviewed-by: NVitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
Think about the below race window: CPU1 CPU2 z3fold_reclaim_page z3fold_free test_and_set_bit PAGE_CLAIMED failed to reclaim page z3fold_page_lock(zhdr); add back to the lru list; z3fold_page_unlock(zhdr); get_z3fold_header page_claimed=test_and_set_bit PAGE_CLAIMED clear_bit(PAGE_CLAIMED, &page->private); if (!page_claimed) /* it's false true */ free_handle is not called free_handle won't be called in this case. So z3fold_buddy_slots will leak. Fix it by always clear PAGE_CLAIMED under z3fold page lock. Link: https://lkml.kernel.org/r/20220429064051.61552-8-linmiaohe@huawei.comSigned-off-by: NMiaohe Lin <linmiaohe@huawei.com> Reviewed-by: NVitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-
由 Miaohe Lin 提交于
When doing z3fold page reclaim or migration, the page is removed from unbuddied list. If reclaim or migration succeeds, it's fine as page is released. But in case it fails, the page is not put back into unbuddied list now. The page will be leaked until next compaction work, reclaim or migration is done. Link: https://lkml.kernel.org/r/20220429064051.61552-7-linmiaohe@huawei.comSigned-off-by: NMiaohe Lin <linmiaohe@huawei.com> Reviewed-by: NVitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
-