mmotm 2020-03-03-22-28 uploaded

mmotm 2020-03-03-22-28 uploaded

[akpm]

The mm-of-the-moment snapshot 2020-03-03-22-28 has been uploaded to

   http://www.ozlabs.org/~akpm/mmotm/

mmotm-readme.txt says

README for mm-of-the-moment:

http://www.ozlabs.org/~akpm/mmotm/

This is a snapshot of my -mm patch queue.  Uploaded at random hopefully
more than once a week.

You will need quilt to apply these patches to the latest Linus release (5.x
or 5.x-rcY).  The series file is in broken-out.tar.gz and is duplicated in
http://ozlabs.org/~akpm/mmotm/series

The file broken-out.tar.gz contains two datestamp files: .DATE and
.DATE-yyyy-mm-dd-hh-mm-ss.  Both contain the string yyyy-mm-dd-hh-mm-ss,
followed by the base kernel version against which this patch series is to
be applied.

This tree is partially included in linux-next.  To see which patches are
included in linux-next, consult the `series' file.  Only the patches
within the #NEXT_PATCHES_START/#NEXT_PATCHES_END markers are included in
linux-next.


A full copy of the full kernel tree with the linux-next and mmotm patches
already applied is available through git within an hour of the mmotm
release.  Individual mmotm releases are tagged.  The master branch always
points to the latest release, so it's constantly rebasing.

	https://github.com/hnaz/linux-mm

The directory http://www.ozlabs.org/~akpm/mmots/ (mm-of-the-second)
contains daily snapshots of the -mm tree.  It is updated more frequently
than mmotm, and is untested.

A git copy of this tree is also available at

	https://github.com/hnaz/linux-mm



This mmotm tree contains the following patches against 5.6-rc4:
(patches marked "*" will be included in linux-next)

* mm-numa-fix-bad-pmd-by-atomically-check-for-pmd_trans_huge-when-marking-page-tables-prot_numa.patch
* mm-numa-fix-bad-pmd-by-atomically-check-for-pmd_trans_huge-when-marking-page-tables-prot_numa-fix.patch
* mm-fix-possible-pmd-dirty-bit-lost-in-set_pmd_migration_entry.patch
* mm-avoid-data-corruption-on-cow-fault-into-pfn-mapped-vma.patch
* mm-hugetlb-fix-a-addressing-exception-caused-by-huge_pte_offset.patch
* fat-fix-uninit-memory-access-for-partial-initialized-inode.patch
* mm-z3fold-do-not-include-rwlockh-directly.patch
* mm-hotplug-fix-page-online-with-debug_pagealloc-compiled-but-not-enabled.patch
* arch-kconfig-update-have_reliable_stacktrace-description.patch
* mm-swap-move-inode_lock-out-of-claim_swapfile.patch
* proc-kpageflags-prevent-an-integer-overflow-in-stable_page_flags.patch
* proc-kpageflags-do-not-use-uninitialized-struct-pages.patch
* mm-fork-fix-kernel_stack-memcg-stats-for-various-stack-implementations.patch
* vfs-partially-revert-dont-allow-writes-to-swap-files.patch
* x86-mm-split-vmalloc_sync_all.patch
* kthread-mark-timer-used-by-delayed-kthread-works-as-irq-safe.patch
* asm-generic-make-more-kernel-space-headers-mandatory.patch
* scripts-spellingtxt-add-syfs-sysfs-pattern.patch
* ocfs2-remove-fs_ocfs2_nm.patch
* ocfs2-remove-unused-macros.patch
* ocfs2-use-ocfs2_sec_bits-in-macro.patch
* ocfs2-remove-dlm_lock_is_remote.patch
* ocfs2-there-is-no-need-to-log-twice-in-several-functions.patch
* ocfs2-correct-annotation-from-l_next_rec-to-l_next_free_rec.patch
* ocfs2-remove-useless-err.patch
* ocfs2-add-missing-annotations-for-ocfs2_refcount_cache_lock-and-ocfs2_refcount_cache_unlock.patch
* ocfs2-replace-zero-length-array-with-flexible-array-member.patch
* ramfs-support-o_tmpfile.patch
* kernel-watchdog-flush-all-printk-nmi-buffers-when-hardlockup-detected.patch
  mm.patch
* mm-slubc-replace-cpu_slab-partial-with-wrapped-apis.patch
* mm-slubc-replace-kmem_cache-cpu_partial-with-wrapped-apis.patch
* mm-kmemleak-use-address-of-operator-on-section-symbols.patch
* mm-disable-kcsan-for-kmemleak.patch
* mm-dont-bother-dropping-mmap_sem-for-zero-size-readahead.patch
* mm-page-writebackc-write_cache_pages-deduplicate-identical-checks.patch
* mm-gup-split-get_user_pages_remote-into-two-routines.patch
* mm-gup-pass-a-flags-arg-to-__gup_device_-functions.patch
* mm-introduce-page_ref_sub_return.patch
* mm-gup-pass-gup-flags-to-two-more-routines.patch
* mm-gup-require-foll_get-for-get_user_pages_fast.patch
* mm-gup-track-foll_pin-pages.patch
* mm-gup-page-hpage_pinned_refcount-exact-pin-counts-for-huge-pages.patch
* mm-gup-proc-vmstat-pin_user_pages-foll_pin-reporting.patch
* mm-gup_benchmark-support-pin_user_pages-and-related-calls.patch
* selftests-vm-run_vmtests-invoke-gup_benchmark-with-basic-foll_pin-coverage.patch
* mm-improve-dump_page-for-compound-pages.patch
* mm-dump_page-additional-diagnostics-for-huge-pinned-pages.patch
* mm-swapfilec-fix-comments-for-swapcache_prepare.patch
* mm-swapc-not-necessary-to-export-__pagevec_lru_add.patch
* mm-swapfile-fix-data-races-in-try_to_unuse.patch
* mm-memcg-fix-build-error-around-the-usage-of-kmem_caches.patch
* mm-allocate-shrinker_map-on-appropriate-numa-node.patch
* mm-memcg-slab-introduce-mem_cgroup_from_obj.patch
* mm-memcg-slab-introduce-mem_cgroup_from_obj-v2.patch
* mm-kmem-cleanup-__memcg_kmem_charge_memcg-arguments.patch
* mm-kmem-cleanup-memcg_kmem_uncharge_memcg-arguments.patch
* mm-kmem-rename-memcg_kmem_uncharge-into-memcg_kmem_uncharge_page.patch
* mm-kmem-switch-to-nr_pages-in-__memcg_kmem_charge_memcg.patch
* mm-memcg-slab-cache-page-number-in-memcg_uncharge_slab.patch
* mm-kmem-rename-__memcg_kmem_uncharge_memcg-to-__memcg_kmem_uncharge.patch
* mm-memcontrol-fix-memorylow-proportional-distribution.patch
* mm-memcontrol-clean-up-and-document-effective-low-min-calculations.patch
* mm-memcontrol-recursive-memorylow-protection.patch
* memcg-css_tryget_online-cleanups.patch
* mm-vmscan-remove-unnecessary-lruvec-adding.patch
* mm-vmscan-remove-unnecessary-lruvec-adding-checkpatch-fixes.patch
* mm-memcg-fold-lock_page_lru-into-commit_charge.patch
* mm-page_idle-no-unlikely-double-check-for-idle-page-counting.patch
* mm-thp-move-lru_add_page_tail-func-to-huge_memoryc.patch
* mm-thp-clean-up-lru_add_page_tail.patch
* mm-thp-narrow-lru-locking.patch
* mm-mapping_dirty_helpers-update-huge-page-table-entry-callbacks.patch
* mm-dont-prepare-anon_vma-if-vma-has-vm_wipeonfork.patch
* revert-mm-rmapc-reuse-mergeable-anon_vma-as-parent-when-fork.patch
* mm-set-vm_next-and-vm_prev-to-null-in-vm_area_dup.patch
* mm-vma-add-missing-vma-flag-readable-name-for-vm_sync.patch
* mm-vma-make-vma_is_accessible-available-for-general-use.patch
* mm-vma-replace-all-remaining-open-encodings-with-is_vm_hugetlb_page.patch
* mm-vma-replace-all-remaining-open-encodings-with-vma_is_anonymous.patch
* mm-vma-append-unlikely-while-testing-vma-access-permissions.patch
* mm-mmap-fix-the-adjusted-length-error.patch
* mm-vma-move-vm_no_khugepaged-into-generic-header.patch
* mm-vma-make-vma_is_foreign-available-for-general-use.patch
* mm-vma-make-is_vma_temporary_stack-available-for-general-use.patch
* mm-add-pagemaph-to-the-fine-documentation.patch
* mm-add-mremap_dontunmap-to-mremap.patch
* mm-add-mremap_dontunmap-to-mremap-v6.patch
* mm-add-mremap_dontunmap-to-mremap-v7.patch
* selftest-add-mremap_dontunmap-selftest.patch
* selftest-add-mremap_dontunmap-selftest-fix.patch
* selftest-add-mremap_dontunmap-selftest-v7.patch
* selftest-add-mremap_dontunmap-selftest-v7-checkpatch-fixes.patch
* mm-sparsemem-get-address-to-page-struct-instead-of-address-to-pfn.patch
* mm-sparse-rename-pfn_present-as-pfn_in_present_section.patch
* kasan-detect-negative-size-in-memory-operation-function.patch
* kasan-add-test-for-invalid-size-in-memmove.patch
* mm-page_alloc-increase-default-min_free_kbytes-bound.patch
* mm-vmpressure-dont-need-call-kfree-if-kstrndup-fails.patch
* mm-vmpressure-use-mem_cgroup_is_root-api.patch
* mm-vmscan-replace-open-codings-to-numa_no_node.patch
* mm-vmscanc-remove-cpu-online-notification-for-now.patch
* mm-vmscan-fix-data-races-at-kswapd_classzone_idx.patch
* mm-vmscanc-clean-code-by-removing-unnecessary-assignment.patch
* mmcompactioncma-add-alloc_contig-flag-to-compact_control.patch
* mmthpcompactioncma-allow-thp-migration-for-cma-allocations.patch
* mmthpcompactioncma-allow-thp-migration-for-cma-allocations-fix.patch
* mm-compaction-fully-assume-capture-is-not-null-in-compact_zone_order.patch
* really-limit-compact_unevictable_allowed-to-0-and-1.patch
* mm-compaction-disable-compact_unevictable_allowed-on-rt.patch
* mm-mempolicy-support-mpol_mf_strict-for-huge-page-mapping.patch
* mm-mempolicy-checking-hugepage-migration-is-supported-by-arch-in-vma_migratable.patch
* mm-mempolicy-use-vm_bug_on_vma-in-queue_pages_test_walk.patch
* mm-memblock-remove-redundant-assignment-to-variable-max_addr.patch
* hugetlb_cgroup-add-hugetlb_cgroup-reservation-counter.patch
* hugetlb_cgroup-add-interface-for-charge-uncharge-hugetlb-reservations.patch
* mm-hugetlb_cgroup-fix-hugetlb_cgroup-migration.patch
* hugetlb_cgroup-add-reservation-accounting-for-private-mappings.patch
* hugetlb_cgroup-add-reservation-accounting-for-private-mappings-fix.patch
* hugetlb-disable-region_add-file_region-coalescing.patch
* hugetlb-disable-region_add-file_region-coalescing-fix.patch
* hugetlb_cgroup-add-accounting-for-shared-mappings.patch
* hugetlb_cgroup-add-accounting-for-shared-mappings-fix.patch
* hugetlb_cgroup-support-noreserve-mappings.patch
* hugetlb-support-file_region-coalescing-again.patch
* hugetlb-support-file_region-coalescing-again-fix.patch
* hugetlb-support-file_region-coalescing-again-fix-2.patch
* hugetlb_cgroup-add-hugetlb_cgroup-reservation-tests.patch
* hugetlb_cgroup-add-hugetlb_cgroup-reservation-docs.patch
* mm-hugetlbc-clean-code-by-removing-unnecessary-initialization.patch
* mm-migratec-no-need-to-check-for-i-start-in-do_pages_move.patch
* mm-migratec-wrap-do_move_pages_to_node-and-store_status.patch
* mm-migratec-check-pagelist-in-move_pages_and_store_status.patch
* mm-migratec-unify-not-queued-for-migration-handling-in-do_pages_move.patch
* mm-migratec-migrate-pg_readahead-flag.patch
* mm-migratec-migrate-pg_readahead-flag-fix.patch
* mm-ksmc-update-get_user_pages-in-comment.patch
* drivers-base-memoryc-cache-memory-blocks-in-xarray-to-accelerate-lookup.patch
* drivers-base-memoryc-cache-memory-blocks-in-xarray-to-accelerate-lookup-fix.patch
* mm-pass-task-and-mm-to-do_madvise.patch
* mm-introduce-external-memory-hinting-api.patch
* mm-introduce-external-memory-hinting-api-fix.patch
* mm-check-fatal-signal-pending-of-target-process.patch
* pid-move-pidfd_get_pid-function-to-pidc.patch
* mm-support-both-pid-and-pidfd-for-process_madvise.patch
* mm-madvise-employ-mmget_still_valid-for-write-lock.patch
* mm-madvise-allow-ksm-hints-for-remote-api.patch
* mm-adjust-shuffle-code-to-allow-for-future-coalescing.patch
* mm-use-zone-and-order-instead-of-free-area-in-free_list-manipulators.patch
* mm-add-function-__putback_isolated_page.patch
* mm-introduce-reported-pages.patch
* virtio-balloon-pull-page-poisoning-config-out-of-free-page-hinting.patch
* virtio-balloon-add-support-for-providing-free-page-reports-to-host.patch
* mm-page_reporting-rotate-reported-pages-to-the-tail-of-the-list.patch
* mm-page_reporting-add-budget-limit-on-how-many-pages-can-be-reported-per-pass.patch
* mm-page_reporting-add-free-page-reporting-documentation.patch
* drivers-base-memoryc-indicate-all-memory-blocks-as-removable.patch
* drivers-base-memoryc-drop-section_count.patch
* drivers-base-memoryc-drop-pages_correctly_probed.patch
* mm-page_extc-drop-pfn_present-check-when-onlining.patch
* mm-hotplug-only-respect-mem=-parameter-during-boot-stage.patch
* mm-memory_hotplug-simplify-calculation-of-number-of-pages-in-__remove_pages.patch
* mm-memory_hotplug-cleanup-__add_pages.patch
* shmem-distribute-switch-variables-for-initialization.patch
* mm-shmemc-clean-code-by-removing-unnecessary-assignment.patch
* huge-tmpfs-try-to-split_huge_page-when-punching-hole.patch
* mm-elide-a-warning-when-casting-void-enum.patch
* zswap-allow-setting-default-status-compressor-and-allocator-in-kconfig.patch
* mm-compaction-add-missing-annotation-for-compact_lock_irqsave.patch
* mm-hugetlb-add-missing-annotation-for-gather_surplus_pages.patch
* mm-mempolicy-add-missing-annotation-for-queue_pages_pmd.patch
* mm-slub-add-missing-annotation-for-get_map.patch
* mm-slub-add-missing-annotation-for-put_map.patch
* mm-zsmalloc-add-missing-annotation-for-migrate_read_lock.patch
* mm-zsmalloc-add-missing-annotation-for-migrate_read_unlock.patch
* mm-zsmalloc-add-missing-annotation-for-pin_tag.patch
* mm-zsmalloc-add-missing-annotation-for-unpin_tag.patch
* mm-fix-ambiguous-comments-for-better-code-readability.patch
* mm-mm_initc-clean-code-use-build_bug_on-when-comparing-compile-time-constant.patch
* info-task-hung-in-generic_file_write_iter.patch
* info-task-hung-in-generic_file_write-fix.patch
* kernel-hung_taskc-monitor-killed-tasks.patch
* proc-annotate-close_pdeo-for-sparse.patch
* proc-faster-open-read-close-with-permanent-files.patch
* proc-faster-open-read-close-with-permanent-files-checkpatch-fixes.patch
* asm-generic-fix-unistd_32h-generation-format.patch
* kernel-extable-use-address-of-operator-on-section-symbols.patch
* maintainers-add-an-entry-for-kfifo.patch
* bitops-always-inline-sign-extension-helpers.patch
* lib-test_lockup-test-module-to-generate-lockups.patch
* lib-bch-replace-zero-length-array-with-flexible-array-member.patch
* lib-ts_bm-replace-zero-length-array-with-flexible-array-member.patch
* lib-ts_fsm-replace-zero-length-array-with-flexible-array-member.patch
* lib-ts_kmp-replace-zero-length-array-with-flexible-array-member.patch
* lib-scatterlist-fix-sg_copy_buffer-kerneldoc.patch
* lib-test_stackinitc-xfail-switch-variable-init-tests.patch
* stackdepot-check-depot_index-before-accessing-the-stack-slab.patch
* stackdepot-build-with-fno-builtin.patch
* kasan-stackdepot-move-filter_irq_stacks-to-stackdepotc.patch
* percpu_counter-fix-a-data-race-at-vm_committed_as.patch
* lib-test_lockup-fix-spelling-mistake-iteraions-iterations.patch
* lib-test_bitmap-make-use-of-exp2_in_bits.patch
* lib-rbtree-fix-coding-style-of-assignments.patch
* lib-test_kmod-remove-a-null-test.patch
* string-add-stracpy-and-stracpy_pad-mechanisms.patch
* documentation-checkpatch-prefer-stracpy-strscpy-over-strcpy-strlcpy-strncpy.patch
* lib-optimize-cpumask_local_spread.patch
* checkpatch-remove-email-address-comment-from-email-address-comparisons.patch
* checkpatch-check-spdx-tags-in-yaml-files.patch
* checkpatch-support-base-commit-format.patch
* checkpatch-prefer-fallthrough-over-fallthrough-comments.patch
* checkpatch-fix-minor-typo-and-mixed-spacetab-in-indentation.patch
* checkpatch-fix-multiple-const-types.patch
* checkpatch-add-command-line-option-for-tab-size.patch
* checkpatch-improve-gerrit-change-id-test.patch
* epoll-fix-possible-lost-wakeup-on-epoll_ctl-path.patch
* kselftest-introduce-new-epoll-test-case.patch
* fs-epoll-make-nesting-accounting-safe-for-rt-kernel.patch
* elf-delete-loc-variable.patch
* elf-allocate-less-for-static-executable.patch
* elf-dont-free-interpreters-elf-pheaders-on-common-path.patch
* samples-hw_breakpoint-drop-hw_breakpoint_r-when-reporting-writes.patch
* samples-hw_breakpoint-drop-use-of-kallsyms_lookup_name.patch
* kallsyms-unexport-kallsyms_lookup_name-and-kallsyms_on_each_symbol.patch
* gcov-gcc_4_7-replace-zero-length-array-with-flexible-array-member.patch
* gcov-gcc_3_4-replace-zero-length-array-with-flexible-array-member.patch
* gcov-fs-replace-zero-length-array-with-flexible-array-member.patch
* kernel-relayc-fix-read_pos-error-when-multiple-readers.patch
* aio-simplify-read_events.patch
* init-cleanup-anon_inodes-and-old-io-schedulers-options.patch
* ubsan-add-trap-instrumentation-option.patch
* ubsan-split-bounds-checker-from-other-options.patch
* lkdtm-bugs-add-arithmetic-overflow-and-array-bounds-checks.patch
* ubsan-check-panic_on_warn.patch
* kasan-unset-panic_on_warn-before-calling-panic.patch
* ubsan-include-bug-type-in-report-header.patch
* ipc-mqueuec-fixed-a-brace-coding-style-issue.patch
  linux-next.patch
  linux-next-rejects.patch
  linux-next-fix.patch
* dmaengine-tegra-apb-fix-platform_get_irqcocci-warnings.patch
* mm-frontswap-mark-various-intentional-data-races.patch
* mm-page_io-mark-various-intentional-data-races.patch
* mm-page_io-mark-various-intentional-data-races-v2.patch
* mm-swap_state-mark-various-intentional-data-races.patch
* mm-filemap-fix-a-data-race-in-filemap_fault.patch
* mm-swapfile-fix-and-annotate-various-data-races.patch
* mm-swapfile-fix-and-annotate-various-data-races-v2.patch
* mm-page_counter-fix-various-data-races-at-memsw.patch
* mm-memcontrol-fix-a-data-race-in-scan-count.patch
* mm-list_lru-fix-a-data-race-in-list_lru_count_one.patch
* mm-mempool-fix-a-data-race-in-mempool_free.patch
* mm-util-annotate-an-data-race-at-vm_committed_as.patch
* mm-rmap-annotate-a-data-race-at-tlb_flush_batched.patch
* mm-annotate-a-data-race-in-page_zonenum.patch
* mm-swap-annotate-data-races-for-lru_rotate_pvecs.patch
* mm-refactor-insert_page-to-prepare-for-batched-lock-insert.patch
* mm-bring-sparc-pte_index-semantics-inline-with-other-platforms.patch
* mm-define-pte_index-as-macro-for-x86.patch
* mm-add-vm_insert_pages.patch
* mm-add-vm_insert_pages-fix.patch
* mm-add-vm_insert_pages-2.patch
* mm-add-vm_insert_pages-2-fix.patch
* net-zerocopy-use-vm_insert_pages-for-tcp-rcv-zerocopy.patch
* net-zerocopy-use-vm_insert_pages-for-tcp-rcv-zerocopy-fix.patch
* arm-arm64-add-support-for-folded-p4d-page-tables.patch
* arm-arm64-add-support-for-folded-p4d-page-tables-fix.patch
* arm-arm64-add-support-for-folded-p4d-page-tables-fix-fix.patch
* h8300-remove-usage-of-__arch_use_5level_hack.patch
* hexagon-remove-__arch_use_5level_hack.patch
* ia64-add-support-for-folded-p4d-page-tables.patch
* nios2-add-support-for-folded-p4d-page-tables.patch
* openrisc-add-support-for-folded-p4d-page-tables.patch
* powerpc-32-drop-get_pteptr.patch
* powerpc-add-support-for-folded-p4d-page-tables.patch
* powerpc-add-support-for-folded-p4d-page-tables-fix.patch
* sh-fault-modernize-printing-of-kernel-messages.patch
* sh-drop-__pxd_offset-macros-that-duplicate-pxd_index-ones.patch
* sh-add-support-for-folded-p4d-page-tables.patch
* unicore32-remove-__arch_use_5level_hack.patch
* asm-generic-remove-pgtable-nop4d-hackh.patch
* mm-remove-__arch_has_5level_hack-and-include-asm-generic-5level-fixuph.patch
* seq_read-info-message-about-buggy-next-functions.patch
* seq_read-info-message-about-buggy-next-functions-fix.patch
* gcov_seq_next-should-increase-position-index.patch
* sysvipc_find_ipc-should-increase-position-index.patch
* drivers-tty-serial-sh-scic-suppress-warning.patch
* fix-read-buffer-overflow-in-delta-ipc.patch
  make-sure-nobodys-leaking-resources.patch
  releasing-resources-with-children.patch
  mutex-subsystem-synchro-test-module.patch
  kernel-forkc-export-kernel_thread-to-modules.patch
  workaround-for-a-pci-restoring-bug.patch

Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

[Peter Zijlstra]

On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> On 3/3/20 10:28 PM, akpm@linux-foundation.org wrote:
> > The mm-of-the-moment snapshot 2020-03-03-22-28 has been uploaded to
> > 
> >    http://www.ozlabs.org/~akpm/mmotm/
> > 
> > mmotm-readme.txt says
> > 
> > README for mm-of-the-moment:
> > 
> > http://www.ozlabs.org/~akpm/mmotm/
> > 
> > This is a snapshot of my -mm patch queue.  Uploaded at random hopefully
> > more than once a week.
> > 
> > You will need quilt to apply these patches to the latest Linus release (5.x
> > or 5.x-rcY).  The series file is in broken-out.tar.gz and is duplicated in
> > http://ozlabs.org/~akpm/mmotm/series
> 
> on x86_64:
> 
> mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled

I used next/master instead, and found the below broken commit
responsible for this.

---

commit 97f4ea76d4f40a401b84825f038710c9a96ec294
Author: Walter Wu <walter-zh.wu@mediatek.com>
Date:   Wed Mar 4 22:31:15 2020 +1100

    kasan: detect negative size in memory operation function
    
    Patch series "fix the missing underflow in memory operation function", v4.
    
    The patchset helps to produce a KASAN report when size is negative in
    memory operation functions.  It is helpful for programmer to solve an
    undefined behavior issue.  Patch 1 based on Dmitry's review and
    suggestion, patch 2 is a test in order to verify the patch 1.
    
    [1]https://bugzilla.kernel.org/show_bug.cgi?id=199341
    [2]https://lore.kernel.org/linux-arm-kernel/20190927034338.15813-1-walter-zh.wu@mediatek.com/
    
    This patch (of 2):
    
    KASAN missed detecting size is a negative number in memset(), memcpy(),
    and memmove(), it will cause out-of-bounds bug.  So needs to be detected
    by KASAN.
    
    If size is a negative number, then it has a reason to be defined as
    out-of-bounds bug type.  Casting negative numbers to size_t would indeed
    turn up as a large size_t and its value will be larger than ULONG_MAX/2,
    so that this can qualify as out-of-bounds.
    
    KASAN report is shown below:
    
     BUG: KASAN: out-of-bounds in kmalloc_memmove_invalid_size+0x70/0xa0
     Read of size 18446744073709551608 at addr ffffff8069660904 by task cat/72
    
     CPU: 2 PID: 72 Comm: cat Not tainted 5.4.0-rc1-next-20191004ajb-00001-gdb8af2f372b2-dirty #1
     Hardware name: linux,dummy-virt (DT)
     Call trace:
      dump_backtrace+0x0/0x288
      show_stack+0x14/0x20
      dump_stack+0x10c/0x164
      print_address_description.isra.9+0x68/0x378
      __kasan_report+0x164/0x1a0
      kasan_report+0xc/0x18
      check_memory_region+0x174/0x1d0
      memmove+0x34/0x88
      kmalloc_memmove_invalid_size+0x70/0xa0
    
    [1] https://bugzilla.kernel.org/show_bug.cgi?id=199341
    
    Link: http://lkml.kernel.org/r/20191112065302.7015-1-walter-zh.wu@mediatek.com
    Signed-off-by: Walter Wu <walter-zh.wu@mediatek.com>
    Reported-by: kernel test robot <lkp@intel.com>
    Reported-by: Dmitry Vyukov <dvyukov@google.com>
    Suggested-by: Dmitry Vyukov <dvyukov@google.com>
    Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
    Reviewed-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
    Cc: Alexander Potapenko <glider@google.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>

diff --git a/include/linux/kasan.h b/include/linux/kasan.h
index 5cde9e7c2664..31314ca7c635 100644
--- a/include/linux/kasan.h
+++ b/include/linux/kasan.h
@@ -190,7 +190,7 @@ void kasan_init_tags(void);
 
 void *kasan_reset_tag(const void *addr);
 
-void kasan_report(unsigned long addr, size_t size,
+bool kasan_report(unsigned long addr, size_t size,
 		bool is_write, unsigned long ip);
 
 #else /* CONFIG_KASAN_SW_TAGS */
diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index 6aa51723b92b..c798b12323d7 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -105,7 +105,8 @@ EXPORT_SYMBOL(__kasan_check_write);
 #undef memset
 void *memset(void *addr, int c, size_t len)
 {
-	check_memory_region((unsigned long)addr, len, true, _RET_IP_);
+	if (!check_memory_region((unsigned long)addr, len, true, _RET_IP_))
+		return NULL;
 
 	return __memset(addr, c, len);
 }
@@ -114,8 +115,9 @@ void *memset(void *addr, int c, size_t len)
 #undef memmove
 void *memmove(void *dest, const void *src, size_t len)
 {
-	check_memory_region((unsigned long)src, len, false, _RET_IP_);
-	check_memory_region((unsigned long)dest, len, true, _RET_IP_);
+	if (!check_memory_region((unsigned long)src, len, false, _RET_IP_) ||
+	    !check_memory_region((unsigned long)dest, len, true, _RET_IP_))
+		return NULL;
 
 	return __memmove(dest, src, len);
 }
@@ -124,8 +126,9 @@ void *memmove(void *dest, const void *src, size_t len)
 #undef memcpy
 void *memcpy(void *dest, const void *src, size_t len)
 {
-	check_memory_region((unsigned long)src, len, false, _RET_IP_);
-	check_memory_region((unsigned long)dest, len, true, _RET_IP_);
+	if (!check_memory_region((unsigned long)src, len, false, _RET_IP_) ||
+	    !check_memory_region((unsigned long)dest, len, true, _RET_IP_))
+		return NULL;
 
 	return __memcpy(dest, src, len);
 }
@@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
 #endif
 
 extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
+extern bool report_enabled(void);
 
-void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
+bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
 {
-	unsigned long flags = user_access_save();
+	unsigned long flags;
+
+	if (likely(!report_enabled()))
+		return false;
+
+	flags = user_access_save();
 	__kasan_report(addr, size, is_write, ip);
 	user_access_restore(flags);
+
+	return true;
 }
 
 #ifdef CONFIG_MEMORY_HOTPLUG
diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index 616f9dd82d12..56ff8885fe2e 100644
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -173,17 +173,18 @@ static __always_inline bool check_memory_region_inline(unsigned long addr,
 	if (unlikely(size == 0))
 		return true;
 
+	if (unlikely(addr + size < addr))
+		return !kasan_report(addr, size, write, ret_ip);
+
 	if (unlikely((void *)addr <
 		kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) {
-		kasan_report(addr, size, write, ret_ip);
-		return false;
+		return !kasan_report(addr, size, write, ret_ip);
 	}
 
 	if (likely(!memory_is_poisoned(addr, size)))
 		return true;
 
-	kasan_report(addr, size, write, ret_ip);
-	return false;
+	return !kasan_report(addr, size, write, ret_ip);
 }
 
 bool check_memory_region(unsigned long addr, size_t size, bool write,
diff --git a/mm/kasan/generic_report.c b/mm/kasan/generic_report.c
index 2d97efd4954f..e200acb2d292 100644
--- a/mm/kasan/generic_report.c
+++ b/mm/kasan/generic_report.c
@@ -110,6 +110,17 @@ static const char *get_wild_bug_type(struct kasan_access_info *info)
 
 const char *get_bug_type(struct kasan_access_info *info)
 {
+	/*
+	 * If access_size is a negative number, then it has reason to be
+	 * defined as out-of-bounds bug type.
+	 *
+	 * Casting negative numbers to size_t would indeed turn up as
+	 * a large size_t and its value will be larger than ULONG_MAX/2,
+	 * so that this can qualify as out-of-bounds.
+	 */
+	if (info->access_addr + info->access_size < info->access_addr)
+		return "out-of-bounds";
+
 	if (addr_has_shadow(info->access_addr))
 		return get_shadow_bug_type(info);
 	return get_wild_bug_type(info);
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index 3a083274628e..e8f37199d885 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -153,7 +153,7 @@ bool check_memory_region(unsigned long addr, size_t size, bool write,
 void *find_first_bad_addr(void *addr, size_t size);
 const char *get_bug_type(struct kasan_access_info *info);
 
-void kasan_report(unsigned long addr, size_t size,
+bool kasan_report(unsigned long addr, size_t size,
 		bool is_write, unsigned long ip);
 void kasan_report_invalid_free(void *object, unsigned long ip);
 
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 5ef9f24f566b..cf5c17d5e361 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -446,7 +446,7 @@ static void print_shadow_for_address(const void *addr)
 	}
 }
 
-static bool report_enabled(void)
+bool report_enabled(void)
 {
 	if (current->kasan_depth)
 		return false;
@@ -478,9 +478,6 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
 	void *untagged_addr;
 	unsigned long flags;
 
-	if (likely(!report_enabled()))
-		return;
-
 	disable_trace_on_warning();
 
 	tagged_addr = (void *)addr;
diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
index 0e987c9ca052..25b7734e7013 100644
--- a/mm/kasan/tags.c
+++ b/mm/kasan/tags.c
@@ -86,6 +86,9 @@ bool check_memory_region(unsigned long addr, size_t size, bool write,
 	if (unlikely(size == 0))
 		return true;
 
+	if (unlikely(addr + size < addr))
+		return !kasan_report(addr, size, write, ret_ip);
+
 	tag = get_tag((const void *)addr);
 
 	/*
@@ -111,15 +114,13 @@ bool check_memory_region(unsigned long addr, size_t size, bool write,
 	untagged_addr = reset_tag((const void *)addr);
 	if (unlikely(untagged_addr <
 			kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) {
-		kasan_report(addr, size, write, ret_ip);
-		return false;
+		return !kasan_report(addr, size, write, ret_ip);
 	}
 	shadow_first = kasan_mem_to_shadow(untagged_addr);
 	shadow_last = kasan_mem_to_shadow(untagged_addr + size - 1);
 	for (shadow = shadow_first; shadow <= shadow_last; shadow++) {
 		if (*shadow != tag) {
-			kasan_report(addr, size, write, ret_ip);
-			return false;
+			return !kasan_report(addr, size, write, ret_ip);
 		}
 	}
 
diff --git a/mm/kasan/tags_report.c b/mm/kasan/tags_report.c
index 969ae08f59d7..1d412760551a 100644
--- a/mm/kasan/tags_report.c
+++ b/mm/kasan/tags_report.c
@@ -36,6 +36,17 @@
 
 const char *get_bug_type(struct kasan_access_info *info)
 {
+	/*
+	 * If access_size is a negative number, then it has reason to be
+	 * defined as out-of-bounds bug type.
+	 *
+	 * Casting negative numbers to size_t would indeed turn up as
+	 * a large size_t and its value will be larger than ULONG_MAX/2,
+	 * so that this can qualify as out-of-bounds.
+	 */
+	if (info->access_addr + info->access_size < info->access_addr)
+		return "out-of-bounds";
+
 #ifdef CONFIG_KASAN_SW_TAGS_IDENTIFY
 	struct kasan_alloc_meta *alloc_meta;
 	struct kmem_cache *cache;

Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

[Peter Zijlstra]

On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:

> > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> 
> I used next/master instead, and found the below broken commit
> responsible for this.

> @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
>  #endif
>  
>  extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> +extern bool report_enabled(void);
>  
> -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
>  {
> -	unsigned long flags = user_access_save();
> +	unsigned long flags;
> +
> +	if (likely(!report_enabled()))
> +		return false;

This adds an explicit call before the user_access_save() and that is a
straight on bug.

> +
> +	flags = user_access_save();
>  	__kasan_report(addr, size, is_write, ip);
>  	user_access_restore(flags);
> +
> +	return true;
>  }

Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

[Walter Wu]

On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
> On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> > On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> 
> > > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> > 
> > I used next/master instead, and found the below broken commit
> > responsible for this.
> 
> > @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> >  #endif
> >  
> >  extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> > +extern bool report_enabled(void);
> >  
> > -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> >  {
> > -	unsigned long flags = user_access_save();
> > +	unsigned long flags;
> > +
> > +	if (likely(!report_enabled()))
> > +		return false;
> 
> This adds an explicit call before the user_access_save() and that is a
> straight on bug.
> 
Hi Peter,

Thanks for your help. Unfortunately, I don't reproduce it in our
environment, so I have asked Stephen, if I can reproduce it, then we
will send new patch.


Thanks.

Walter

> > +
> > +	flags = user_access_save();
> >  	__kasan_report(addr, size, is_write, ip);
> >  	user_access_restore(flags);
> > +
> > +	return true;
> >  }

Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

[Peter Zijlstra]

On Thu, Mar 05, 2020 at 05:16:22PM +0800, Walter Wu wrote:
> On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
> > On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> > > On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> > 
> > > > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> > > 
> > > I used next/master instead, and found the below broken commit
> > > responsible for this.
> > 
> > > @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> > >  #endif
> > >  
> > >  extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> > > +extern bool report_enabled(void);
> > >  
> > > -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > >  {
> > > -	unsigned long flags = user_access_save();
> > > +	unsigned long flags;
> > > +
> > > +	if (likely(!report_enabled()))
> > > +		return false;
> > 
> > This adds an explicit call before the user_access_save() and that is a
> > straight on bug.
> > 
> Hi Peter,
> 
> Thanks for your help. Unfortunately, I don't reproduce it in our
> environment, so I have asked Stephen, if I can reproduce it, then we
> will send new patch.

The patch is trivial; and all you need is an x86_64 (cross) compiler to
reproduce.


diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index ad2dc0c9cc17..2906358e42f0 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -618,16 +618,17 @@ extern bool report_enabled(void);
 
 bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
 {
-	unsigned long flags;
+	unsigned long flags = user_access_save();
+	bool ret = false;
 
-	if (likely(!report_enabled()))
-		return false;
+	if (likely(report_enabled())) {
+		__kasan_report(addr, size, is_write, ip);
+		ret = true;
+	}
 
-	flags = user_access_save();
-	__kasan_report(addr, size, is_write, ip);
 	user_access_restore(flags);
 
-	return true;
+	return ret;
 }
 
 #ifdef CONFIG_MEMORY_HOTPLUG

Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

[Randy Dunlap]

On 3/5/20 1:54 AM, Peter Zijlstra wrote:
> On Thu, Mar 05, 2020 at 05:16:22PM +0800, Walter Wu wrote:
>> On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
>>> On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
>>>> On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
>>>
>>>>> mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
>>>>
>>>> I used next/master instead, and found the below broken commit
>>>> responsible for this.

Yes, I see that same warning in linux-next of 20200305.

>>>> @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
>>>>  #endif
>>>>  
>>>>  extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
>>>> +extern bool report_enabled(void);
>>>>  
>>>> -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
>>>> +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
>>>>  {
>>>> -	unsigned long flags = user_access_save();
>>>> +	unsigned long flags;
>>>> +
>>>> +	if (likely(!report_enabled()))
>>>> +		return false;
>>>
>>> This adds an explicit call before the user_access_save() and that is a
>>> straight on bug.
>>>
>> Hi Peter,
>>
>> Thanks for your help. Unfortunately, I don't reproduce it in our
>> environment, so I have asked Stephen, if I can reproduce it, then we
>> will send new patch.
> 
> The patch is trivial; and all you need is an x86_64 (cross) compiler to
> reproduce.
> 
> 
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index ad2dc0c9cc17..2906358e42f0 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -618,16 +618,17 @@ extern bool report_enabled(void);
>  
>  bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
>  {
> -	unsigned long flags;
> +	unsigned long flags = user_access_save();
> +	bool ret = false;
>  
> -	if (likely(!report_enabled()))
> -		return false;
> +	if (likely(report_enabled())) {
> +		__kasan_report(addr, size, is_write, ip);
> +		ret = true;
> +	}
>  
> -	flags = user_access_save();
> -	__kasan_report(addr, size, is_write, ip);
>  	user_access_restore(flags);
>  
> -	return true;
> +	return ret;
>  }
>  
>  #ifdef CONFIG_MEMORY_HOTPLUG
> 

and that fixes the warning.  Thanks.

Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested

-- 
~Randy

Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

[Walter Wu]

On Thu, 2020-03-05 at 10:54 +0100, Peter Zijlstra wrote:
> On Thu, Mar 05, 2020 at 05:16:22PM +0800, Walter Wu wrote:
> > On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
> > > On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> > > > On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> > > 
> > > > > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> > > > 
> > > > I used next/master instead, and found the below broken commit
> > > > responsible for this.
> > > 
> > > > @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> > > >  #endif
> > > >  
> > > >  extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> > > > +extern bool report_enabled(void);
> > > >  
> > > > -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > > +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > >  {
> > > > -	unsigned long flags = user_access_save();
> > > > +	unsigned long flags;
> > > > +
> > > > +	if (likely(!report_enabled()))
> > > > +		return false;
> > > 
> > > This adds an explicit call before the user_access_save() and that is a
> > > straight on bug.
> > > 
> > Hi Peter,
> > 
> > Thanks for your help. Unfortunately, I don't reproduce it in our
> > environment, so I have asked Stephen, if I can reproduce it, then we
> > will send new patch.
> 
> The patch is trivial; and all you need is an x86_64 (cross) compiler to
> reproduce.
> 
> 
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index ad2dc0c9cc17..2906358e42f0 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -618,16 +618,17 @@ extern bool report_enabled(void);
>  
>  bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
>  {
> -	unsigned long flags;
> +	unsigned long flags = user_access_save();
> +	bool ret = false;
>  
> -	if (likely(!report_enabled()))
> -		return false;
> +	if (likely(report_enabled())) {
> +		__kasan_report(addr, size, is_write, ip);
> +		ret = true;
> +	}
>  
> -	flags = user_access_save();
> -	__kasan_report(addr, size, is_write, ip);
>  	user_access_restore(flags);
>  
> -	return true;
> +	return ret;
>  }
>  
>  #ifdef CONFIG_MEMORY_HOTPLUG

Reviewed-and-tested-by:

Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

[Walter Wu]

On Thu, 2020-03-05 at 10:54 +0100, Peter Zijlstra wrote:
> On Thu, Mar 05, 2020 at 05:16:22PM +0800, Walter Wu wrote:
> > On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
> > > On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> > > > On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> > > 
> > > > > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> > > > 
> > > > I used next/master instead, and found the below broken commit
> > > > responsible for this.
> > > 
> > > > @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> > > >  #endif
> > > >  
> > > >  extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> > > > +extern bool report_enabled(void);
> > > >  
> > > > -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > > +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > >  {
> > > > -	unsigned long flags = user_access_save();
> > > > +	unsigned long flags;
> > > > +
> > > > +	if (likely(!report_enabled()))
> > > > +		return false;
> > > 
> > > This adds an explicit call before the user_access_save() and that is a
> > > straight on bug.
> > > 
> > Hi Peter,
> > 
> > Thanks for your help. Unfortunately, I don't reproduce it in our
> > environment, so I have asked Stephen, if I can reproduce it, then we
> > will send new patch.
> 
> The patch is trivial; and all you need is an x86_64 (cross) compiler to
> reproduce.
> 
> 
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index ad2dc0c9cc17..2906358e42f0 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -618,16 +618,17 @@ extern bool report_enabled(void);
>  
>  bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
>  {
> -	unsigned long flags;
> +	unsigned long flags = user_access_save();
> +	bool ret = false;
>  
> -	if (likely(!report_enabled()))
> -		return false;
> +	if (likely(report_enabled())) {
> +		__kasan_report(addr, size, is_write, ip);
> +		ret = true;
> +	}
>  
> -	flags = user_access_save();
> -	__kasan_report(addr, size, is_write, ip);
>  	user_access_restore(flags);
>  
> -	return true;
> +	return ret;
>  }
>  
>  #ifdef CONFIG_MEMORY_HOTPLUG

Reviewed-and-tested-by: Walter Wu <walter-zh.wu@mediatek.com>

It need newer GCC compiler(>7.4) enough to reproduce.
Thanks.

Walter