* incoming
@ 2020-12-11 21:35 Andrew Morton
2020-12-11 21:36 ` [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked" Andrew Morton
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:35 UTC (permalink / raw)
To: Linus Torvalds; +Cc: mm-commits, linux-mm
8 patches, based on 33dc9614dc208291d0c4bcdeb5d30d481dcd2c4c.
Subsystems affected by this patch series:
mm/pagecache
proc
selftests
kbuild
mm/kasan
mm/hugetlb
Subsystem: mm/pagecache
Andrew Morton <akpm@linux-foundation.org>:
revert "mm/filemap: add static for function __add_to_page_cache_locked"
Subsystem: proc
Miles Chen <miles.chen@mediatek.com>:
proc: use untagged_addr() for pagemap_read addresses
Subsystem: selftests
Arnd Bergmann <arnd@arndb.de>:
selftest/fpu: avoid clang warning
Subsystem: kbuild
Arnd Bergmann <arnd@arndb.de>:
kbuild: avoid static_assert for genksyms
initramfs: fix clang build failure
elfcore: fix building with clang
Subsystem: mm/kasan
Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>:
kasan: fix object remaining in offline per-cpu quarantine
Subsystem: mm/hugetlb
Gerald Schaefer <gerald.schaefer@linux.ibm.com>:
mm/hugetlb: clear compound_nr before freeing gigantic pages
fs/proc/task_mmu.c | 8 ++++++--
include/linux/build_bug.h | 5 +++++
include/linux/elfcore.h | 22 ++++++++++++++++++++++
init/initramfs.c | 2 +-
kernel/Makefile | 1 -
kernel/elfcore.c | 26 --------------------------
lib/Makefile | 3 ++-
mm/filemap.c | 2 +-
mm/hugetlb.c | 1 +
mm/kasan/quarantine.c | 39 +++++++++++++++++++++++++++++++++++++++
10 files changed, 77 insertions(+), 32 deletions(-)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked"
2020-12-11 21:35 incoming Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 2/8] proc: use untagged_addr() for pagemap_read addresses Andrew Morton
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, alex.shi, ast, daniel, gthelen, jmforbes, josef,
jrdr.linux, linux-mm, mkubecek, mm-commits, tony.luck, torvalds
From: Andrew Morton <akpm@linux-foundation.org>
Subject: revert "mm/filemap: add static for function __add_to_page_cache_locked"
Revert 3351b16af494 ("mm/filemap: add static for function
__add_to_page_cache_locked") due to incompatibility with
ALLOW_ERROR_INJECTION which result in build errors.
Link: https://lkml.kernel.org/r/CAADnVQJ6tmzBXvtroBuEH6QA0H+q7yaSKxrVvVxhqr3KBZdEXg@mail.gmail.com
Tested-by: Justin Forbes <jmforbes@linuxtx.org>
Tested-by: Greg Thelen <gthelen@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Michal Kubecek <mkubecek@suse.cz>
Cc: Alex Shi <alex.shi@linux.alibaba.com>
Cc: Souptick Joarder <jrdr.linux@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Tony Luck <tony.luck@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
mm/filemap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/filemap.c~revert-mm-filemap-add-static-for-function-__add_to_page_cache_locked
+++ a/mm/filemap.c
@@ -827,7 +827,7 @@ int replace_page_cache_page(struct page
}
EXPORT_SYMBOL_GPL(replace_page_cache_page);
-static noinline int __add_to_page_cache_locked(struct page *page,
+noinline int __add_to_page_cache_locked(struct page *page,
struct address_space *mapping,
pgoff_t offset, gfp_t gfp,
void **shadowp)
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 2/8] proc: use untagged_addr() for pagemap_read addresses
2020-12-11 21:35 incoming Andrew Morton
2020-12-11 21:36 ` [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked" Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 3/8] selftest/fpu: avoid clang warning Andrew Morton
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: adobriyan, akpm, andreyknvl, aryabinin, catalin.marinas, dvyukov,
ebiederm, elver, glider, linux-mm, miles.chen, mm-commits,
song.bao.hua, stable, torvalds, vincenzo.frascino, will
From: Miles Chen <miles.chen@mediatek.com>
Subject: proc: use untagged_addr() for pagemap_read addresses
When we try to visit the pagemap of a tagged userspace pointer, we find
that the start_vaddr is not correct because of the tag.
To fix it, we should untag the userspace pointers in pagemap_read().
I tested with 5.10-rc4 and the issue remains.
Explanation from Catalin in [1]:
:Arguably, that's a user-space bug since tagged file offsets were never
:supported. In this case it's not even a tag at bit 56 as per the arm64
:tagged address ABI but rather down to bit 47. You could say that the
:problem is caused by the C library (malloc()) or whoever created the
:tagged vaddr and passed it to this function. It's not a kernel
:regression as we've never supported it.
:
:Now, pagemap is a special case where the offset is usually not generated
:as a classic file offset but rather derived by shifting a user virtual
:address. I guess we can make a concession for pagemap (only) and allow
:such offset with the tag at bit (56 - PAGE_SHIFT + 3).
My test code is based on [2]:
A userspace pointer which has been tagged by 0xb4: 0xb400007662f541c8
=== userspace program ===
uint64 OsLayer::VirtualToPhysical(void *vaddr) {
uint64 frame, paddr, pfnmask, pagemask;
int pagesize = sysconf(_SC_PAGESIZE);
off64_t off = ((uintptr_t)vaddr) / pagesize * 8; // off = 0xb400007662f541c8 / pagesize * 8 = 0x5a00003b317aa0
int fd = open(kPagemapPath, O_RDONLY);
...
if (lseek64(fd, off, SEEK_SET) != off || read(fd, &frame, 8) != 8) {
int err = errno;
string errtxt = ErrorString(err);
if (fd >= 0)
close(fd);
return 0;
}
...
}
=== kernel fs/proc/task_mmu.c ===
static ssize_t pagemap_read(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
...
src = *ppos;
svpfn = src / PM_ENTRY_BYTES; // svpfn == 0xb400007662f54
start_vaddr = svpfn << PAGE_SHIFT; // start_vaddr == 0xb400007662f54000
end_vaddr = mm->task_size;
/* watch out for wraparound */
// svpfn == 0xb400007662f54
// (mm->task_size >> PAGE) == 0x8000000
if (svpfn > mm->task_size >> PAGE_SHIFT) // the condition is true because of the tag 0xb4
start_vaddr = end_vaddr;
ret = 0;
while (count && (start_vaddr < end_vaddr)) { // we cannot visit correct entry because start_vaddr is set to end_vaddr
int len;
unsigned long end;
...
}
...
}
[1] https://lore.kernel.org/patchwork/patch/1343258/
[2] https://github.com/stressapptest/stressapptest/blob/master/src/os.cc#L158
Link: https://lkml.kernel.org/r/20201204024347.8295-1-miles.chen@mediatek.com
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Marco Elver <elver@google.com>
Cc: Will Deacon <will@kernel.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Song Bao Hua (Barry Song) <song.bao.hua@hisilicon.com>
Cc: <stable@vger.kernel.org> [5.4-]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
fs/proc/task_mmu.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/proc/task_mmu.c~proc-use-untagged_addr-for-pagemap_read-addresses
+++ a/fs/proc/task_mmu.c
@@ -1599,11 +1599,15 @@ static ssize_t pagemap_read(struct file
src = *ppos;
svpfn = src / PM_ENTRY_BYTES;
- start_vaddr = svpfn << PAGE_SHIFT;
end_vaddr = mm->task_size;
/* watch out for wraparound */
- if (svpfn > mm->task_size >> PAGE_SHIFT)
+ start_vaddr = end_vaddr;
+ if (svpfn <= (ULONG_MAX >> PAGE_SHIFT))
+ start_vaddr = untagged_addr(svpfn << PAGE_SHIFT);
+
+ /* Ensure the address is inside the task */
+ if (start_vaddr > mm->task_size)
start_vaddr = end_vaddr;
/*
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 3/8] selftest/fpu: avoid clang warning
2020-12-11 21:35 incoming Andrew Morton
2020-12-11 21:36 ` [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked" Andrew Morton
2020-12-11 21:36 ` [patch 2/8] proc: use untagged_addr() for pagemap_read addresses Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 4/8] kbuild: avoid static_assert for genksyms Andrew Morton
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, andriy.shevchenko, arnd, bp, jpa, linux-mm, mm-commits,
natechancellor, ndesaulniers, torvalds
From: Arnd Bergmann <arnd@arndb.de>
Subject: selftest/fpu: avoid clang warning
With extra warnings enabled, clang complains about the redundant
-mhard-float argument:
clang: error: argument unused during compilation: '-mhard-float' [-Werror,-Wunused-command-line-argument]
Move this into the gcc-only part of the Makefile.
Link: https://lkml.kernel.org/r/20201203223652.1320700-1-arnd@kernel.org
Fixes: 4185b3b92792 ("selftests/fpu: Add an FPU selftest")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Petteri Aimonen <jpa@git.mail.kapsi.fi>
Cc: Borislav Petkov <bp@suse.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/lib/Makefile~selftest-fpu-avoid-clang-warning
+++ a/lib/Makefile
@@ -107,7 +107,7 @@ obj-$(CONFIG_TEST_FREE_PAGES) += test_fr
# off the generation of FPU/SSE* instructions for kernel proper but FPU_FLAGS
# get appended last to CFLAGS and thus override those previous compiler options.
#
-FPU_CFLAGS := -mhard-float -msse -msse2
+FPU_CFLAGS := -msse -msse2
ifdef CONFIG_CC_IS_GCC
# Stack alignment mismatch, proceed with caution.
# GCC < 7.1 cannot compile code using `double` and -mpreferred-stack-boundary=3
@@ -120,6 +120,7 @@ ifdef CONFIG_CC_IS_GCC
# -mpreferred-stack-boundary=3 is not between 4 and 12
#
# can be triggered. Otherwise gcc doesn't complain.
+FPU_CFLAGS += -mhard-float
FPU_CFLAGS += $(call cc-option,-msse -mpreferred-stack-boundary=3,-mpreferred-stack-boundary=4)
endif
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 4/8] kbuild: avoid static_assert for genksyms
2020-12-11 21:35 incoming Andrew Morton
` (2 preceding siblings ...)
2020-12-11 21:36 ` [patch 3/8] selftest/fpu: avoid clang warning Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 5/8] initramfs: fix clang build failure Andrew Morton
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, ardb, arnd, elver, keescook, linux-mm, masahiroy,
michal.lkml, mm-commits, rikard.falkeborn, stable, torvalds
From: Arnd Bergmann <arnd@arndb.de>
Subject: kbuild: avoid static_assert for genksyms
genksyms does not know or care about the _Static_assert() built-in,
and sometimes falls back to ignoring the later symbols, which causes
undefined behavior such as
WARNING: modpost: EXPORT symbol "ethtool_set_ethtool_phy_ops" [vmlinux] version generation failed, symbol will not be versioned.
ld: net/ethtool/common.o: relocation R_AARCH64_ABS32 against `__crc_ethtool_set_ethtool_phy_ops' can not be used when making a shared object
net/ethtool/common.o:(_ftrace_annotated_branch+0x0): dangerous relocation: unsupported relocation
Redefine static_assert for genksyms to avoid that.
Link: https://lkml.kernel.org/r/20201203230955.1482058-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Cc: Marco Elver <elver@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
include/linux/build_bug.h | 5 +++++
1 file changed, 5 insertions(+)
--- a/include/linux/build_bug.h~kbuild-avoid-static_assert-for-genksyms
+++ a/include/linux/build_bug.h
@@ -77,4 +77,9 @@
#define static_assert(expr, ...) __static_assert(expr, ##__VA_ARGS__, #expr)
#define __static_assert(expr, msg, ...) _Static_assert(expr, msg)
+#ifdef __GENKSYMS__
+/* genksyms gets confused by _Static_assert */
+#define _Static_assert(expr, ...)
+#endif
+
#endif /* _LINUX_BUILD_BUG_H */
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 5/8] initramfs: fix clang build failure
2020-12-11 21:35 incoming Andrew Morton
` (3 preceding siblings ...)
2020-12-11 21:36 ` [patch 4/8] kbuild: avoid static_assert for genksyms Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 6/8] elfcore: fix building with clang Andrew Morton
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, arnd, brho, linux-mm, mm-commits, natechancellor,
ndesaulniers, torvalds
From: Arnd Bergmann <arnd@arndb.de>
Subject: initramfs: fix clang build failure
There is only one function in init/initramfs.c that is in the .text
section, and it is marked __weak. When building with clang-12 and the
integrated assembler, this leads to a bug with recordmcount:
./scripts/recordmcount "init/initramfs.o"
Cannot find symbol for section 2: .text.
init/initramfs.o: failed
I'm not quite sure what exactly goes wrong, but I notice that this
function is only ever called from an __init function, and normally
inlined. Marking it __init as well is clearly correct and it leads to
recordmcount no longer complaining.
Link: https://lkml.kernel.org/r/20201204165742.3815221-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Barret Rhoden <brho@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
init/initramfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/init/initramfs.c~initramfs-fix-clang-build-failure
+++ a/init/initramfs.c
@@ -535,7 +535,7 @@ extern unsigned long __initramfs_size;
#include <linux/initrd.h>
#include <linux/kexec.h>
-void __weak free_initrd_mem(unsigned long start, unsigned long end)
+void __weak __init free_initrd_mem(unsigned long start, unsigned long end)
{
#ifdef CONFIG_ARCH_KEEP_MEMBLOCK
unsigned long aligned_start = ALIGN_DOWN(start, PAGE_SIZE);
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 6/8] elfcore: fix building with clang
2020-12-11 21:35 incoming Andrew Morton
` (4 preceding siblings ...)
2020-12-11 21:36 ` [patch 5/8] initramfs: fix clang build failure Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 7/8] kasan: fix object remaining in offline per-cpu quarantine Andrew Morton
2020-12-11 21:36 ` [patch 8/8] mm/hugetlb: clear compound_nr before freeing gigantic pages Andrew Morton
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, arnd, brho, linux-mm, mm-commits, natechancellor,
ndesaulniers, torvalds
From: Arnd Bergmann <arnd@arndb.de>
Subject: elfcore: fix building with clang
kernel/elfcore.c only contains weak symbols, which triggers a bug with
clang in combination with recordmcount:
Cannot find symbol for section 2: .text.
kernel/elfcore.o: failed
Move the empty stubs into linux/elfcore.h as inline functions. As only
two architectures use these, just use the architecture specific Kconfig
symbols to key off the declaration.
Link: https://lkml.kernel.org/r/20201204165742.3815221-2-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Barret Rhoden <brho@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
include/linux/elfcore.h | 22 ++++++++++++++++++++++
kernel/Makefile | 1 -
kernel/elfcore.c | 26 --------------------------
3 files changed, 22 insertions(+), 27 deletions(-)
--- a/include/linux/elfcore.h~elfcore-fix-building-with-clang
+++ a/include/linux/elfcore.h
@@ -104,6 +104,7 @@ static inline int elf_core_copy_task_fpr
#endif
}
+#if defined(CONFIG_UM) || defined(CONFIG_IA64)
/*
* These functions parameterize elf_core_dump in fs/binfmt_elf.c to write out
* extra segments containing the gate DSO contents. Dumping its
@@ -118,5 +119,26 @@ elf_core_write_extra_phdrs(struct coredu
extern int
elf_core_write_extra_data(struct coredump_params *cprm);
extern size_t elf_core_extra_data_size(void);
+#else
+static inline Elf_Half elf_core_extra_phdrs(void)
+{
+ return 0;
+}
+
+static inline int elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset)
+{
+ return 1;
+}
+
+static inline int elf_core_write_extra_data(struct coredump_params *cprm)
+{
+ return 1;
+}
+
+static inline size_t elf_core_extra_data_size(void)
+{
+ return 0;
+}
+#endif
#endif /* _LINUX_ELFCORE_H */
--- a/kernel/elfcore.c
+++ /dev/null
@@ -1,26 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-#include <linux/elf.h>
-#include <linux/fs.h>
-#include <linux/mm.h>
-#include <linux/binfmts.h>
-#include <linux/elfcore.h>
-
-Elf_Half __weak elf_core_extra_phdrs(void)
-{
- return 0;
-}
-
-int __weak elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset)
-{
- return 1;
-}
-
-int __weak elf_core_write_extra_data(struct coredump_params *cprm)
-{
- return 1;
-}
-
-size_t __weak elf_core_extra_data_size(void)
-{
- return 0;
-}
--- a/kernel/Makefile~elfcore-fix-building-with-clang
+++ a/kernel/Makefile
@@ -97,7 +97,6 @@ obj-$(CONFIG_TASK_DELAY_ACCT) += delayac
obj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o
obj-$(CONFIG_TRACEPOINTS) += tracepoint.o
obj-$(CONFIG_LATENCYTOP) += latencytop.o
-obj-$(CONFIG_ELFCORE) += elfcore.o
obj-$(CONFIG_FUNCTION_TRACER) += trace/
obj-$(CONFIG_TRACING) += trace/
obj-$(CONFIG_TRACE_CLOCK) += trace/
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 7/8] kasan: fix object remaining in offline per-cpu quarantine
2020-12-11 21:35 incoming Andrew Morton
` (5 preceding siblings ...)
2020-12-11 21:36 ` [patch 6/8] elfcore: fix building with clang Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 8/8] mm/hugetlb: clear compound_nr before freeing gigantic pages Andrew Morton
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, aryabinin, dvyukov, glider, guangye.yang, Kuan-Ying.Lee,
linux-mm, matthias.bgg, miles.chen, mm-commits, nicholas.tang,
qcai, qiang.zhang, sfr, torvalds
From: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Subject: kasan: fix object remaining in offline per-cpu quarantine
We hit this issue in our internal test. When enabling generic kasan, a
kfree()'d object is put into per-cpu quarantine first. If the cpu goes
offline, object still remains in the per-cpu quarantine. If we call
kmem_cache_destroy() now, slub will report "Objects remaining" error.
[ 74.982625] =============================================================================
[ 74.983380] BUG test_module_slab (Not tainted): Objects remaining in test_module_slab on __kmem_cache_shutdown()
[ 74.984145] -----------------------------------------------------------------------------
[ 74.984145]
[ 74.984883] Disabling lock debugging due to kernel taint
[ 74.985561] INFO: Slab 0x(____ptrval____) objects=34 used=1 fp=0x(____ptrval____) flags=0x2ffff00000010200
[ 74.986638] CPU: 3 PID: 176 Comm: cat Tainted: G B 5.10.0-rc1-00007-g4525c8781ec0-dirty #10
[ 74.987262] Hardware name: linux,dummy-virt (DT)
[ 74.987606] Call trace:
[ 74.987924] dump_backtrace+0x0/0x2b0
[ 74.988296] show_stack+0x18/0x68
[ 74.988698] dump_stack+0xfc/0x168
[ 74.989030] slab_err+0xac/0xd4
[ 74.989346] __kmem_cache_shutdown+0x1e4/0x3c8
[ 74.989779] kmem_cache_destroy+0x68/0x130
[ 74.990176] test_version_show+0x84/0xf0
[ 74.990679] module_attr_show+0x40/0x60
[ 74.991218] sysfs_kf_seq_show+0x128/0x1c0
[ 74.991656] kernfs_seq_show+0xa0/0xb8
[ 74.992059] seq_read+0x1f0/0x7e8
[ 74.992415] kernfs_fop_read+0x70/0x338
[ 74.993051] vfs_read+0xe4/0x250
[ 74.993498] ksys_read+0xc8/0x180
[ 74.993825] __arm64_sys_read+0x44/0x58
[ 74.994203] el0_svc_common.constprop.0+0xac/0x228
[ 74.994708] do_el0_svc+0x38/0xa0
[ 74.995088] el0_sync_handler+0x170/0x178
[ 74.995497] el0_sync+0x174/0x180
[ 74.996050] INFO: Object 0x(____ptrval____) @offset=15848
[ 74.996752] INFO: Allocated in test_version_show+0x98/0xf0 age=8188 cpu=6 pid=172
[ 75.000802] stack_trace_save+0x9c/0xd0
[ 75.002420] set_track+0x64/0xf0
[ 75.002770] alloc_debug_processing+0x104/0x1a0
[ 75.003171] ___slab_alloc+0x628/0x648
[ 75.004213] __slab_alloc.isra.0+0x2c/0x58
[ 75.004757] kmem_cache_alloc+0x560/0x588
[ 75.005376] test_version_show+0x98/0xf0
[ 75.005756] module_attr_show+0x40/0x60
[ 75.007035] sysfs_kf_seq_show+0x128/0x1c0
[ 75.007433] kernfs_seq_show+0xa0/0xb8
[ 75.007800] seq_read+0x1f0/0x7e8
[ 75.008128] kernfs_fop_read+0x70/0x338
[ 75.008507] vfs_read+0xe4/0x250
[ 75.008990] ksys_read+0xc8/0x180
[ 75.009462] __arm64_sys_read+0x44/0x58
[ 75.010085] el0_svc_common.constprop.0+0xac/0x228
[ 75.011006] kmem_cache_destroy test_module_slab: Slab cache still has objects
Register a cpu hotplug function to remove all objects in the offline
per-cpu quarantine when cpu is going offline. Set a per-cpu variable to
indicate this cpu is offline.
[qiang.zhang@windriver.com: fix slab double free when cpu-hotplug]
Link: https://lkml.kernel.org/r/20201204102206.20237-1-qiang.zhang@windriver.com
Link: https://lkml.kernel.org/r/1606895585-17382-2-git-send-email-Kuan-Ying.Lee@mediatek.com
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Guangye Yang <guangye.yang@mediatek.com>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Nicholas Tang <nicholas.tang@mediatek.com>
Cc: Miles Chen <miles.chen@mediatek.com>
Cc: Qian Cai <qcai@redhat.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
mm/kasan/quarantine.c | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
--- a/mm/kasan/quarantine.c~kasan-fix-object-remain-in-offline-per-cpu-quarantine
+++ a/mm/kasan/quarantine.c
@@ -29,6 +29,7 @@
#include <linux/srcu.h>
#include <linux/string.h>
#include <linux/types.h>
+#include <linux/cpuhotplug.h>
#include "../slab.h"
#include "kasan.h"
@@ -43,6 +44,7 @@ struct qlist_head {
struct qlist_node *head;
struct qlist_node *tail;
size_t bytes;
+ bool offline;
};
#define QLIST_INIT { NULL, NULL, 0 }
@@ -188,6 +190,10 @@ void quarantine_put(struct kasan_free_me
local_irq_save(flags);
q = this_cpu_ptr(&cpu_quarantine);
+ if (q->offline) {
+ local_irq_restore(flags);
+ return;
+ }
qlist_put(q, &info->quarantine_link, cache->size);
if (unlikely(q->bytes > QUARANTINE_PERCPU_SIZE)) {
qlist_move_all(q, &temp);
@@ -328,3 +334,36 @@ void quarantine_remove_cache(struct kmem
synchronize_srcu(&remove_cache_srcu);
}
+
+static int kasan_cpu_online(unsigned int cpu)
+{
+ this_cpu_ptr(&cpu_quarantine)->offline = false;
+ return 0;
+}
+
+static int kasan_cpu_offline(unsigned int cpu)
+{
+ struct qlist_head *q;
+
+ q = this_cpu_ptr(&cpu_quarantine);
+ /* Ensure the ordering between the writing to q->offline and
+ * qlist_free_all. Otherwise, cpu_quarantine may be corrupted
+ * by interrupt.
+ */
+ WRITE_ONCE(q->offline, true);
+ barrier();
+ qlist_free_all(q, NULL);
+ return 0;
+}
+
+static int __init kasan_cpu_quarantine_init(void)
+{
+ int ret = 0;
+
+ ret = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "mm/kasan:online",
+ kasan_cpu_online, kasan_cpu_offline);
+ if (ret < 0)
+ pr_err("kasan cpu quarantine register failed [%d]\n", ret);
+ return ret;
+}
+late_initcall(kasan_cpu_quarantine_init);
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 8/8] mm/hugetlb: clear compound_nr before freeing gigantic pages
2020-12-11 21:35 incoming Andrew Morton
` (6 preceding siblings ...)
2020-12-11 21:36 ` [patch 7/8] kasan: fix object remaining in offline per-cpu quarantine Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, borntraeger, gerald.schaefer, linux-mm, mike.kravetz,
mm-commits, stable, torvalds, willy
From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Subject: mm/hugetlb: clear compound_nr before freeing gigantic pages
Commit 1378a5ee451a ("mm: store compound_nr as well as compound_order")
added compound_nr counter to first tail struct page, overlaying with
page->mapping. The overlay itself is fine, but while freeing gigantic
hugepages via free_contig_range(), a "bad page" check will trigger for
non-NULL page->mapping on the first tail page:
[ 276.681603] BUG: Bad page state in process bash pfn:380001
[ 276.681614] page:00000000c35f0856 refcount:0 mapcount:0 mapping:00000000126b68aa index:0x0 pfn:0x380001
[ 276.681620] aops:0x0
[ 276.681622] flags: 0x3ffff00000000000()
[ 276.681626] raw: 3ffff00000000000 0000000000000100 0000000000000122 0000000100000000
[ 276.681628] raw: 0000000000000000 0000000000000000 ffffffff00000000 0000000000000000
[ 276.681630] page dumped because: non-NULL mapping
[ 276.681632] Modules linked in:
[ 276.681637] CPU: 6 PID: 616 Comm: bash Not tainted 5.10.0-rc7-next-20201208 #1
[ 276.681639] Hardware name: IBM 3906 M03 703 (LPAR)
[ 276.681641] Call Trace:
[ 276.681648] [<0000000458c252b6>] show_stack+0x6e/0xe8
[ 276.681652] [<000000045971cf60>] dump_stack+0x90/0xc8
[ 276.681656] [<0000000458e8b186>] bad_page+0xd6/0x130
[ 276.681658] [<0000000458e8cdea>] free_pcppages_bulk+0x26a/0x800
[ 276.681661] [<0000000458e8e67e>] free_unref_page+0x6e/0x90
[ 276.681663] [<0000000458e8ea6c>] free_contig_range+0x94/0xe8
[ 276.681666] [<0000000458ea5e54>] update_and_free_page+0x1c4/0x2c8
[ 276.681669] [<0000000458ea784e>] free_pool_huge_page+0x11e/0x138
[ 276.681671] [<0000000458ea8530>] set_max_huge_pages+0x228/0x300
[ 276.681673] [<0000000458ea86c0>] nr_hugepages_store_common+0xb8/0x130
[ 276.681678] [<0000000458fd5b6a>] kernfs_fop_write+0xd2/0x218
[ 276.681681] [<0000000458ef9da0>] vfs_write+0xb0/0x2b8
[ 276.681684] [<0000000458efa15c>] ksys_write+0xac/0xe0
[ 276.681687] [<000000045972c5ca>] system_call+0xe6/0x288
[ 276.681730] Disabling lock debugging due to kernel taint
This is because only the compound_order is cleared in
destroy_compound_gigantic_page(), and compound_nr is set to 1U << order ==
1 for order 0 in set_compound_order(page, 0).
Fix this by explicitly clearing compound_nr for first tail page after
calling set_compound_order(page, 0).
Link: https://lkml.kernel.org/r/20201208182813.66391-2-gerald.schaefer@linux.ibm.com
Fixes: 1378a5ee451a ("mm: store compound_nr as well as compound_order")
Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc; Heiko Carstens <hca@linux.ibm.com>
Cc: <stable@vger.kernel.org> [5.9+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
mm/hugetlb.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/hugetlb.c~mm-hugetlb-clear-compound_nr-before-freeing-gigantic-pages
+++ a/mm/hugetlb.c
@@ -1216,6 +1216,7 @@ static void destroy_compound_gigantic_pa
}
set_compound_order(page, 0);
+ page[1].compound_nr = 0;
__ClearPageHead(page);
}
_
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-12-11 22:39 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-11 21:35 incoming Andrew Morton
2020-12-11 21:36 ` [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked" Andrew Morton
2020-12-11 21:36 ` [patch 2/8] proc: use untagged_addr() for pagemap_read addresses Andrew Morton
2020-12-11 21:36 ` [patch 3/8] selftest/fpu: avoid clang warning Andrew Morton
2020-12-11 21:36 ` [patch 4/8] kbuild: avoid static_assert for genksyms Andrew Morton
2020-12-11 21:36 ` [patch 5/8] initramfs: fix clang build failure Andrew Morton
2020-12-11 21:36 ` [patch 6/8] elfcore: fix building with clang Andrew Morton
2020-12-11 21:36 ` [patch 7/8] kasan: fix object remaining in offline per-cpu quarantine Andrew Morton
2020-12-11 21:36 ` [patch 8/8] mm/hugetlb: clear compound_nr before freeing gigantic pages Andrew Morton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.