mm-commits.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* incoming
@ 2020-04-21  1:13 Andrew Morton
  2020-04-21  1:13 ` [patch 01/15] sh: fix build error in mm/init.c Andrew Morton
                   ` (67 more replies)
  0 siblings, 68 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:13 UTC (permalink / raw)
  To: Linus Torvalds; +Cc: mm-commits, linux-mm


15 fixes, based on ae83d0b416db002fe95601e7f97f64b59514d936:


    Masahiro Yamada <masahiroy@kernel.org>:
      sh: fix build error in mm/init.c

    Kees Cook <keescook@chromium.org>:
      slub: avoid redzone when choosing freepointer location

    Peter Xu <peterx@redhat.com>:
      mm/userfaultfd: disable userfaultfd-wp on x86_32

    Bartosz Golaszewski <bgolaszewski@baylibre.com>:
      MAINTAINERS: add an entry for kfifo

    Longpeng <longpeng2@huawei.com>:
      mm/hugetlb: fix a addressing exception caused by huge_pte_offset

    Michal Hocko <mhocko@suse.com>:
      mm, gup: return EINTR when gup is interrupted by fatal signals

    Christophe JAILLET <christophe.jaillet@wanadoo.fr>:
      checkpatch: fix a typo in the regex for $allocFunctions

    George Burgess IV <gbiv@google.com>:
      tools/build: tweak unused value workaround

    Muchun Song <songmuchun@bytedance.com>:
      mm/ksm: fix NULL pointer dereference when KSM zero page is enabled

    Hugh Dickins <hughd@google.com>:
      mm/shmem: fix build without THP

    Jann Horn <jannh@google.com>:
      vmalloc: fix remap_vmalloc_range() bounds checks

    Hugh Dickins <hughd@google.com>:
      shmem: fix possible deadlocks on shmlock_user_lock

    Yang Shi <yang.shi@linux.alibaba.com>:
      mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path

    Sudip Mukherjee <sudipm.mukherjee@gmail.com>:
      coredump: fix null pointer dereference on coredump

    Lucas Stach <l.stach@pengutronix.de>:
      tools/vm: fix cross-compile build

 MAINTAINERS                                      |    7 +++++++
 arch/sh/mm/init.c                                |    2 +-
 arch/x86/Kconfig                                 |    2 +-
 fs/coredump.c                                    |    2 ++
 fs/proc/vmcore.c                                 |    5 +++--
 include/linux/vmalloc.h                          |    2 +-
 mm/gup.c                                         |    2 +-
 mm/hugetlb.c                                     |   14 ++++++++------
 mm/ksm.c                                         |   12 ++++++++++--
 mm/shmem.c                                       |   13 ++++++++-----
 mm/slub.c                                        |   12 ++++++++++--
 mm/vmalloc.c                                     |   16 +++++++++++++---
 samples/vfio-mdev/mdpy.c                         |    2 +-
 scripts/checkpatch.pl                            |    2 +-
 tools/build/feature/test-sync-compare-and-swap.c |    2 +-
 tools/vm/Makefile                                |    2 ++
 16 files changed, 70 insertions(+), 27 deletions(-)

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 01/15] sh: fix build error in mm/init.c
  2020-04-21  1:13 incoming Andrew Morton
@ 2020-04-21  1:13 ` Andrew Morton
  2020-04-21  1:13 ` [patch 02/15] slub: avoid redzone when choosing freepointer location Andrew Morton
                   ` (66 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:13 UTC (permalink / raw)
  To: akpm, dalias, geert+renesas, linux-mm, linux, logang, masahiroy,
	mm-commits, sfr, torvalds, ysato

From: Masahiro Yamada <masahiroy@kernel.org>
Subject: sh: fix build error in mm/init.c

The closing parenthesis is missing.

Link: http://lkml.kernel.org/r/20200413014743.16353-1-masahiroy@kernel.org
Fixes: bfeb022f8fe4 ("mm/memory_hotplug: add pgprot_t to mhp_params")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/sh/mm/init.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/sh/mm/init.c~sh-fix-build-error-in-mm-initc
+++ a/arch/sh/mm/init.c
@@ -412,7 +412,7 @@ int arch_add_memory(int nid, u64 start,
 	unsigned long nr_pages = size >> PAGE_SHIFT;
 	int ret;
 
-	if (WARN_ON_ONCE(params->pgprot.pgprot != PAGE_KERNEL.pgprot)
+	if (WARN_ON_ONCE(params->pgprot.pgprot != PAGE_KERNEL.pgprot))
 		return -EINVAL;
 
 	/* We only have ZONE_NORMAL, so this is easy.. */
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 02/15] slub: avoid redzone when choosing freepointer location
  2020-04-21  1:13 incoming Andrew Morton
  2020-04-21  1:13 ` [patch 01/15] sh: fix build error in mm/init.c Andrew Morton
@ 2020-04-21  1:13 ` Andrew Morton
  2020-04-21  1:13 ` [patch 03/15] mm/userfaultfd: disable userfaultfd-wp on x86_32 Andrew Morton
                   ` (65 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:13 UTC (permalink / raw)
  To: akpm, cl, elver, iamjoonsoo.kim, keescook, linux-mm, mm-commits,
	penberg, rientjes, torvalds

From: Kees Cook <keescook@chromium.org>
Subject: slub: avoid redzone when choosing freepointer location

Marco Elver reported system crashes when booting with "slub_debug=Z".  The
freepointer location (s->offset) was not taking into account that the
"inuse" size that includes the redzone area should not be used by the
freelist pointer.  Change the calculation to save the area of the object
that an inline freepointer may be written into.

Link: http://lkml.kernel.org/r/202004151054.BD695840@keescook
Link: https://lore.kernel.org/linux-mm/20200415164726.GA234932@google.com
Fixes: 3202fa62fb43 ("slub: relocate freelist pointer to middle of object")
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Marco Elver <elver@google.com>
Tested-by: Marco Elver <elver@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/slub.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- a/mm/slub.c~slub-avoid-redzone-when-choosing-freepointer-location
+++ a/mm/slub.c
@@ -3533,6 +3533,7 @@ static int calculate_sizes(struct kmem_c
 {
 	slab_flags_t flags = s->flags;
 	unsigned int size = s->object_size;
+	unsigned int freepointer_area;
 	unsigned int order;
 
 	/*
@@ -3541,6 +3542,13 @@ static int calculate_sizes(struct kmem_c
 	 * the possible location of the free pointer.
 	 */
 	size = ALIGN(size, sizeof(void *));
+	/*
+	 * This is the area of the object where a freepointer can be
+	 * safely written. If redzoning adds more to the inuse size, we
+	 * can't use that portion for writing the freepointer, so
+	 * s->offset must be limited within this for the general case.
+	 */
+	freepointer_area = size;
 
 #ifdef CONFIG_SLUB_DEBUG
 	/*
@@ -3582,13 +3590,13 @@ static int calculate_sizes(struct kmem_c
 		 */
 		s->offset = size;
 		size += sizeof(void *);
-	} else if (size > sizeof(void *)) {
+	} else if (freepointer_area > sizeof(void *)) {
 		/*
 		 * Store freelist pointer near middle of object to keep
 		 * it away from the edges of the object to avoid small
 		 * sized over/underflows from neighboring allocations.
 		 */
-		s->offset = ALIGN(size / 2, sizeof(void *));
+		s->offset = ALIGN(freepointer_area / 2, sizeof(void *));
 	}
 
 #ifdef CONFIG_SLUB_DEBUG
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 03/15] mm/userfaultfd: disable userfaultfd-wp on x86_32
  2020-04-21  1:13 incoming Andrew Morton
  2020-04-21  1:13 ` [patch 01/15] sh: fix build error in mm/init.c Andrew Morton
  2020-04-21  1:13 ` [patch 02/15] slub: avoid redzone when choosing freepointer location Andrew Morton
@ 2020-04-21  1:13 ` Andrew Morton
  2020-04-21  1:13 ` [patch 04/15] MAINTAINERS: add an entry for kfifo Andrew Morton
                   ` (64 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:13 UTC (permalink / raw)
  To: aarcange, akpm, hdanton, linux-mm, lkp, mm-commits,
	naresh.kamboju, peterx, torvalds

From: Peter Xu <peterx@redhat.com>
Subject: mm/userfaultfd: disable userfaultfd-wp on x86_32

Userfaultfd-wp is not yet working on 32bit hosts, but it's accidentally
enabled previously.  Disable it.

Link: http://lkml.kernel.org/r/20200413141608.109211-1-peterx@redhat.com
Fixes: 5a281062af1d ("userfaultfd: wp: add WP pagetable tracking to x86")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reported-by: kernel test robot <lkp@intel.com>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Hillf Danton <hdanton@sina.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/x86/Kconfig |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/Kconfig~mm-userfaultfd-disable-userfaultfd-wp-on-x86_32
+++ a/arch/x86/Kconfig
@@ -149,7 +149,7 @@ config X86
 	select HAVE_ARCH_TRACEHOOK
 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE
 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
-	select HAVE_ARCH_USERFAULTFD_WP		if USERFAULTFD
+	select HAVE_ARCH_USERFAULTFD_WP         if X86_64 && USERFAULTFD
 	select HAVE_ARCH_VMAP_STACK		if X86_64
 	select HAVE_ARCH_WITHIN_STACK_FRAMES
 	select HAVE_ASM_MODVERSIONS
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 04/15] MAINTAINERS: add an entry for kfifo
  2020-04-21  1:13 incoming Andrew Morton
                   ` (2 preceding siblings ...)
  2020-04-21  1:13 ` [patch 03/15] mm/userfaultfd: disable userfaultfd-wp on x86_32 Andrew Morton
@ 2020-04-21  1:13 ` Andrew Morton
  2020-04-21  1:13 ` [patch 05/15] mm/hugetlb: fix a addressing exception caused by huge_pte_offset Andrew Morton
                   ` (63 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:13 UTC (permalink / raw)
  To: akpm, andriy.shevchenko, bgolaszewski, gregkh, joe,
	linus.walleij, linux-mm, mm-commits, torvalds

From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Subject: MAINTAINERS: add an entry for kfifo

Kfifo has been written by Stefani Seibold and she's implicitly expected to
Ack any changes to it.  She's not however officially listed as kfifo
maintainer which leads to delays in patch review.  This patch proposes to
add an explitic entry for kfifo to MAINTAINERS file.

[akpm@linux-foundation.org: alphasort F: entries, per Joe]
[akpm@linux-foundation.org: remove colon, per Bartosz]
Link: http://lkml.kernel.org/r/20200124174533.21815-1-brgl@bgdev.pl
Link: http://lkml.kernel.org/r/20200413104250.26683-1-brgl@bgdev.pl
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Acked by Stefani Seibold <stefani@seibold.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 MAINTAINERS |    7 +++++++
 1 file changed, 7 insertions(+)

--- a/MAINTAINERS~maintainers-add-an-entry-for-kfifo
+++ a/MAINTAINERS
@@ -9416,6 +9416,13 @@ F:	include/linux/keyctl.h
 F:	include/uapi/linux/keyctl.h
 F:	security/keys/
 
+KFIFO
+M:	Stefani Seibold <stefani@seibold.net>
+S:	Maintained
+F:	include/linux/kfifo.h
+F:	lib/kfifo.c
+F:	samples/kfifo/
+
 KGDB / KDB /debug_core
 M:	Jason Wessel <jason.wessel@windriver.com>
 M:	Daniel Thompson <daniel.thompson@linaro.org>
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 05/15] mm/hugetlb: fix a addressing exception caused by huge_pte_offset
  2020-04-21  1:13 incoming Andrew Morton
                   ` (3 preceding siblings ...)
  2020-04-21  1:13 ` [patch 04/15] MAINTAINERS: add an entry for kfifo Andrew Morton
@ 2020-04-21  1:13 ` Andrew Morton
  2020-04-21  1:13 ` [patch 06/15] mm, gup: return EINTR when gup is interrupted by fatal signals Andrew Morton
                   ` (62 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:13 UTC (permalink / raw)
  To: akpm, jgg, linux-mm, longpeng2, mike.kravetz, mm-commits,
	sean.j.christopherson, stable, torvalds, willy

From: Longpeng <longpeng2@huawei.com>
Subject: mm/hugetlb: fix a addressing exception caused by huge_pte_offset

Our machine encountered a panic(addressing exception) after run for a long
time and the calltrace is:

RIP: 0010:[<ffffffff9dff0587>]  [<ffffffff9dff0587>] hugetlb_fault+0x307/0xbe0
RSP: 0018:ffff9567fc27f808  EFLAGS: 00010286
RAX: e800c03ff1258d48 RBX: ffffd3bb003b69c0 RCX: e800c03ff1258d48
RDX: 17ff3fc00eda72b7 RSI: 00003ffffffff000 RDI: e800c03ff1258d48
RBP: ffff9567fc27f8c8 R08: e800c03ff1258d48 R09: 0000000000000080
R10: ffffaba0704c22a8 R11: 0000000000000001 R12: ffff95c87b4b60d8
R13: 00005fff00000000 R14: 0000000000000000 R15: ffff9567face8074
FS:  00007fe2d9ffb700(0000) GS:ffff956900e40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffd3bb003b69c0 CR3: 000000be67374000 CR4: 00000000003627e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 [<ffffffff9df9b71b>] ? unlock_page+0x2b/0x30
 [<ffffffff9dff04a2>] ? hugetlb_fault+0x222/0xbe0
 [<ffffffff9dff1405>] follow_hugetlb_page+0x175/0x540
 [<ffffffff9e15b825>] ? cpumask_next_and+0x35/0x50
 [<ffffffff9dfc7230>] __get_user_pages+0x2a0/0x7e0
 [<ffffffff9dfc648d>] __get_user_pages_unlocked+0x15d/0x210
 [<ffffffffc068cfc5>] __gfn_to_pfn_memslot+0x3c5/0x460 [kvm]
 [<ffffffffc06b28be>] try_async_pf+0x6e/0x2a0 [kvm]
 [<ffffffffc06b4b41>] tdp_page_fault+0x151/0x2d0 [kvm]
 ...
 [<ffffffffc06a6f90>] kvm_arch_vcpu_ioctl_run+0x330/0x490 [kvm]
 [<ffffffffc068d919>] kvm_vcpu_ioctl+0x309/0x6d0 [kvm]
 [<ffffffff9deaa8c2>] ? dequeue_signal+0x32/0x180
 [<ffffffff9deae34d>] ? do_sigtimedwait+0xcd/0x230
 [<ffffffff9e03aed0>] do_vfs_ioctl+0x3f0/0x540
 [<ffffffff9e03b0c1>] SyS_ioctl+0xa1/0xc0
 [<ffffffff9e53879b>] system_call_fastpath+0x22/0x27

For 1G hugepages, huge_pte_offset() wants to return NULL or pudp, but it
may return a wrong 'pmdp' if there is a race.  Please look at the
following code snippet:

    ...
    pud = pud_offset(p4d, addr);
    if (sz != PUD_SIZE && pud_none(*pud))
        return NULL;
    /* hugepage or swap? */
    if (pud_huge(*pud) || !pud_present(*pud))
        return (pte_t *)pud;

    pmd = pmd_offset(pud, addr);
    if (sz != PMD_SIZE && pmd_none(*pmd))
        return NULL;
    /* hugepage or swap? */
    if (pmd_huge(*pmd) || !pmd_present(*pmd))
        return (pte_t *)pmd;
    ...

The following sequence would trigger this bug:
1. CPU0: sz = PUD_SIZE and *pud = 0 , continue
1. CPU0: "pud_huge(*pud)" is false
2. CPU1: calling hugetlb_no_page and set *pud to xxxx8e7(PRESENT)
3. CPU0: "!pud_present(*pud)" is false, continue
4. CPU0: pmd = pmd_offset(pud, addr) and maybe return a wrong pmdp
However, we want CPU0 to return NULL or pudp in this case.

We must make sure there is exactly one dereference of pud and pmd.

Link: http://lkml.kernel.org/r/20200413010342.771-1-longpeng2@huawei.com
Signed-off-by: Longpeng <longpeng2@huawei.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: Jason Gunthorpe <jgg@mellanox.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/hugetlb.c |   14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

--- a/mm/hugetlb.c~mm-hugetlb-fix-a-addressing-exception-caused-by-huge_pte_offset
+++ a/mm/hugetlb.c
@@ -5365,8 +5365,8 @@ pte_t *huge_pte_offset(struct mm_struct
 {
 	pgd_t *pgd;
 	p4d_t *p4d;
-	pud_t *pud;
-	pmd_t *pmd;
+	pud_t *pud, pud_entry;
+	pmd_t *pmd, pmd_entry;
 
 	pgd = pgd_offset(mm, addr);
 	if (!pgd_present(*pgd))
@@ -5376,17 +5376,19 @@ pte_t *huge_pte_offset(struct mm_struct
 		return NULL;
 
 	pud = pud_offset(p4d, addr);
-	if (sz != PUD_SIZE && pud_none(*pud))
+	pud_entry = READ_ONCE(*pud);
+	if (sz != PUD_SIZE && pud_none(pud_entry))
 		return NULL;
 	/* hugepage or swap? */
-	if (pud_huge(*pud) || !pud_present(*pud))
+	if (pud_huge(pud_entry) || !pud_present(pud_entry))
 		return (pte_t *)pud;
 
 	pmd = pmd_offset(pud, addr);
-	if (sz != PMD_SIZE && pmd_none(*pmd))
+	pmd_entry = READ_ONCE(*pmd);
+	if (sz != PMD_SIZE && pmd_none(pmd_entry))
 		return NULL;
 	/* hugepage or swap? */
-	if (pmd_huge(*pmd) || !pmd_present(*pmd))
+	if (pmd_huge(pmd_entry) || !pmd_present(pmd_entry))
 		return (pte_t *)pmd;
 
 	return NULL;
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 06/15] mm, gup: return EINTR when gup is interrupted by fatal signals
  2020-04-21  1:13 incoming Andrew Morton
                   ` (4 preceding siblings ...)
  2020-04-21  1:13 ` [patch 05/15] mm/hugetlb: fix a addressing exception caused by huge_pte_offset Andrew Morton
@ 2020-04-21  1:13 ` Andrew Morton
  2020-04-21  1:13 ` [patch 07/15] checkpatch: fix a typo in the regex for $allocFunctions Andrew Morton
                   ` (61 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:13 UTC (permalink / raw)
  To: akpm, hdanton, linux-mm, mhocko, mm-commits, peterx, torvalds

From: Michal Hocko <mhocko@suse.com>
Subject: mm, gup: return EINTR when gup is interrupted by fatal signals

EINTR is the usual error code which other killable interfaces return. 
This is the case for the other fatal_signal_pending break out from the
same function.  Make the code consistent.

ERESTARTSYS is also quite confusing because the signal is fatal and so no
restart will happen before returning to the userspace.

Link: http://lkml.kernel.org/r/20200409071133.31734-1-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Xu <peterx@redhat.com>
Cc: Hillf Danton <hdanton@sina.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/gup.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/mm/gup.c~mm-gup-return-eintr-when-gup-is-interrupted-by-fatal-signals
+++ a/mm/gup.c
@@ -1088,7 +1088,7 @@ retry:
 		 * potentially allocating memory.
 		 */
 		if (fatal_signal_pending(current)) {
-			ret = -ERESTARTSYS;
+			ret = -EINTR;
 			goto out;
 		}
 		cond_resched();
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 07/15] checkpatch: fix a typo in the regex for $allocFunctions
  2020-04-21  1:13 incoming Andrew Morton
                   ` (5 preceding siblings ...)
  2020-04-21  1:13 ` [patch 06/15] mm, gup: return EINTR when gup is interrupted by fatal signals Andrew Morton
@ 2020-04-21  1:13 ` Andrew Morton
  2020-04-21  1:14 ` [patch 08/15] tools/build: tweak unused value workaround Andrew Morton
                   ` (60 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:13 UTC (permalink / raw)
  To: akpm, christophe.jaillet, joe, linux-mm, mm-commits, torvalds

From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Subject: checkpatch: fix a typo in the regex for $allocFunctions

Here, we look for function such as 'netdev_alloc_skb_ip_align', so a '_'
is missing in the regex.

To make sure:
   grep -r --include=*.c skbip_a * | wc   ==>   0 results
   grep -r --include=*.c skb_ip_a * | wc  ==> 112 results

Link: http://lkml.kernel.org/r/20200407190029.892-1-christophe.jaillet@wanadoo.fr
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 scripts/checkpatch.pl |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/scripts/checkpatch.pl~checkpatch-fix-a-typo-in-the-regex-for-allocfunctions
+++ a/scripts/checkpatch.pl
@@ -479,7 +479,7 @@ our $allocFunctions = qr{(?x:
 		(?:kv|k|v)[czm]alloc(?:_node|_array)? |
 		kstrdup(?:_const)? |
 		kmemdup(?:_nul)?) |
-	(?:\w+)?alloc_skb(?:ip_align)? |
+	(?:\w+)?alloc_skb(?:_ip_align)? |
 				# dev_alloc_skb/netdev_alloc_skb, et al
 	dma_alloc_coherent
 )};
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 08/15] tools/build: tweak unused value workaround
  2020-04-21  1:13 incoming Andrew Morton
                   ` (6 preceding siblings ...)
  2020-04-21  1:13 ` [patch 07/15] checkpatch: fix a typo in the regex for $allocFunctions Andrew Morton
@ 2020-04-21  1:14 ` Andrew Morton
  2020-04-21  1:14 ` [patch 09/15] mm/ksm: fix NULL pointer dereference when KSM zero page is enabled Andrew Morton
                   ` (59 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:14 UTC (permalink / raw)
  To: akpm, gbiv, linux-mm, mm-commits, ndesaulniers, torvalds

From: George Burgess IV <gbiv@google.com>
Subject: tools/build: tweak unused value workaround

Clang has -Wself-assign enabled by default under -Wall, which always gets
-Werror'ed on this file, causing sync-compare-and-swap to be disabled by
default.  The generally-accepted way to spell "this value is intentionally
unused," is casting it to `void`.  This is accepted by both GCC and Clang
with -Wall enabled: https://godbolt.org/z/qqZ9r3

Link: http://lkml.kernel.org/r/20200414195638.156123-1-gbiv@google.com
Signed-off-by: George Burgess IV <gbiv@google.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 tools/build/feature/test-sync-compare-and-swap.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/build/feature/test-sync-compare-and-swap.c~tools-build-tweak-unused-value-workaround
+++ a/tools/build/feature/test-sync-compare-and-swap.c
@@ -7,7 +7,7 @@ int main(int argc, char *argv[])
 {
 	uint64_t old, new = argc;
 
-	argv = argv;
+	(void)argv;
 	do {
 		old = __sync_val_compare_and_swap(&x, 0, 0);
 	} while (!__sync_bool_compare_and_swap(&x, old, new));
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 09/15] mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
  2020-04-21  1:13 incoming Andrew Morton
                   ` (7 preceding siblings ...)
  2020-04-21  1:14 ` [patch 08/15] tools/build: tweak unused value workaround Andrew Morton
@ 2020-04-21  1:14 ` Andrew Morton
  2020-04-21  1:14 ` [patch 10/15] mm/shmem: fix build without THP Andrew Morton
                   ` (58 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:14 UTC (permalink / raw)
  To: akpm, david, duanxiongchun, hughd, imbrenda, ktkhai, linux-mm,
	Markus.Elfring, mm-commits, songmuchun, stable, torvalds,
	yang.shi

From: Muchun Song <songmuchun@bytedance.com>
Subject: mm/ksm: fix NULL pointer dereference when KSM zero page is enabled

find_mergeable_vma() can return NULL.  In this case, it leads to a crash
when we access vm_mm(its offset is 0x40) later in write_protect_page.  And
this case did happen on our server.  The following call trace is captured
in kernel 4.19 with the following patch applied and KSM zero page enabled
on our server.

  commit e86c59b1b12d ("mm/ksm: improve deduplication of zero pages with colouring")

So add a vma check to fix it.

--------------------------------------------------------------------------
  BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
  Oops: 0000 [#1] SMP NOPTI
  CPU: 9 PID: 510 Comm: ksmd Kdump: loaded Tainted: G OE 4.19.36.bsk.9-amd64 #4.19.36.bsk.9
  RIP: 0010:try_to_merge_one_page+0xc7/0x760
  Code: 24 58 65 48 33 34 25 28 00 00 00 89 e8 0f 85 a3 06 00 00 48 83 c4
        60 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 8b 46 08 a8 01 75 b8 <49>
        8b 44 24 40 4c 8d 7c 24 20 b9 07 00 00 00 4c 89 e6 4c 89 ff 48
  RSP: 0018:ffffadbdd9fffdb0 EFLAGS: 00010246
  RAX: ffffda83ffd4be08 RBX: ffffda83ffd4be40 RCX: 0000002c6e800000
  RDX: 0000000000000000 RSI: ffffda83ffd4be40 RDI: 0000000000000000
  RBP: ffffa11939f02ec0 R08: 0000000094e1a447 R09: 00000000abe76577
  R10: 0000000000000962 R11: 0000000000004e6a R12: 0000000000000000
  R13: ffffda83b1e06380 R14: ffffa18f31f072c0 R15: ffffda83ffd4be40
  FS: 0000000000000000(0000) GS:ffffa0da43b80000(0000) knlGS:0000000000000000
  CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000040 CR3: 0000002c77c0a003 CR4: 00000000007626e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  PKRU: 55555554
  Call Trace:
    ? follow_page_pte+0x36d/0x5e0
    ksm_scan_thread+0x115e/0x1960
    ? remove_wait_queue+0x60/0x60
    kthread+0xf5/0x130
    ? try_to_merge_with_ksm_page+0x90/0x90
    ? kthread_create_worker_on_cpu+0x70/0x70
    ret_from_fork+0x1f/0x30
--------------------------------------------------------------------------

[songmuchun@bytedance.com: if the vma is out of date, just exit]
  Link: http://lkml.kernel.org/r/20200416025034.29780-1-songmuchun@bytedance.com
[akpm@linux-foundation.org: add the conventional braces, replace /** with /*]
Link: http://lkml.kernel.org/r/20200416025034.29780-1-songmuchun@bytedance.com
Link: http://lkml.kernel.org/r/20200414132905.83819-1-songmuchun@bytedance.com
Fixes: e86c59b1b12d ("mm/ksm: improve deduplication of zero pages with colouring")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Co-developed-by: Xiongchun Duan <duanxiongchun@bytedance.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Yang Shi <yang.shi@linux.alibaba.com>
Cc: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Cc: Markus Elfring <Markus.Elfring@web.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/ksm.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- a/mm/ksm.c~mm-ksm-fix-null-pointer-dereference-when-ksm-zero-page-is-enabled
+++ a/mm/ksm.c
@@ -2112,8 +2112,16 @@ static void cmp_and_merge_page(struct pa
 
 		down_read(&mm->mmap_sem);
 		vma = find_mergeable_vma(mm, rmap_item->address);
-		err = try_to_merge_one_page(vma, page,
-					    ZERO_PAGE(rmap_item->address));
+		if (vma) {
+			err = try_to_merge_one_page(vma, page,
+					ZERO_PAGE(rmap_item->address));
+		} else {
+			/*
+			 * If the vma is out of date, we do not need to
+			 * continue.
+			 */
+			err = 0;
+		}
 		up_read(&mm->mmap_sem);
 		/*
 		 * In case of failure, the page was not really empty, so we
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 10/15] mm/shmem: fix build without THP
  2020-04-21  1:13 incoming Andrew Morton
                   ` (8 preceding siblings ...)
  2020-04-21  1:14 ` [patch 09/15] mm/ksm: fix NULL pointer dereference when KSM zero page is enabled Andrew Morton
@ 2020-04-21  1:14 ` Andrew Morton
  2020-04-21  1:14 ` [patch 11/15] vmalloc: fix remap_vmalloc_range() bounds checks Andrew Morton
                   ` (57 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:14 UTC (permalink / raw)
  To: akpm, hughd, linux-mm, mm-commits, rdunlap, torvalds

From: Hugh Dickins <hughd@google.com>
Subject: mm/shmem: fix build without THP

Some optimizers don't notice that shmem_punch_compound() is always true
(PageTransCompound() being false) without CONFIG_TRANSPARENT_HUGEPAGE==y:
use IS_ENABLED to help them to avoid the BUILD_BUG inside HPAGE_PMD_NR.

Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2004142339170.10035@eggly.anvils
Fixes: 71725ed10c40 ("mm: huge tmpfs: try to split_huge_page() when punching hole")
Signed-off-by: Hugh Dickins <hughd@google.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/shmem.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/mm/shmem.c~mm-shmem-fix-build-without-thp
+++ a/mm/shmem.c
@@ -952,7 +952,7 @@ static void shmem_undo_range(struct inod
 				VM_BUG_ON_PAGE(PageWriteback(page), page);
 				if (shmem_punch_compound(page, start, end))
 					truncate_inode_page(mapping, page);
-				else {
+				else if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE)) {
 					/* Wipe the page and don't get stuck */
 					clear_highpage(page);
 					flush_dcache_page(page);
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 11/15] vmalloc: fix remap_vmalloc_range() bounds checks
  2020-04-21  1:13 incoming Andrew Morton
                   ` (9 preceding siblings ...)
  2020-04-21  1:14 ` [patch 10/15] mm/shmem: fix build without THP Andrew Morton
@ 2020-04-21  1:14 ` Andrew Morton
  2020-04-21  1:14 ` [patch 12/15] shmem: fix possible deadlocks on shmlock_user_lock Andrew Morton
                   ` (56 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:14 UTC (permalink / raw)
  To: akpm, andriin, ast, daniel, jannh, john.fastabend, kafai,
	kpsingh, linux-mm, mm-commits, songliubraving, torvalds, yhs

From: Jann Horn <jannh@google.com>
Subject: vmalloc: fix remap_vmalloc_range() bounds checks

remap_vmalloc_range() has had various issues with the bounds checks it
promises to perform ("This function checks that addr is a valid vmalloc'ed
area, and that it is big enough to cover the vma") over time, e.g.:

 - not detecting pgoff<<PAGE_SHIFT overflow
 - not detecting (pgoff<<PAGE_SHIFT)+usize overflow
 - not checking whether addr and addr+(pgoff<<PAGE_SHIFT) are the same
   vmalloc allocation
 - comparing a potentially wildly out-of-bounds pointer with the end of the
   vmalloc region

In particular, since commit fc9702273e2e ("bpf: Add mmap() support for
BPF_MAP_TYPE_ARRAY"), unprivileged users can cause kernel null pointer
dereferences by calling mmap() on a BPF map with a size that is bigger
than the distance from the start of the BPF map to the end of the address
space.  This could theoretically be used as a kernel ASLR bypass, by using
whether mmap() with a given offset oopses or returns an error code to
perform a binary search over the possible address range.

To allow remap_vmalloc_range_partial() to verify that addr and
addr+(pgoff<<PAGE_SHIFT) are in the same vmalloc region, pass the offset
to remap_vmalloc_range_partial() instead of adding it to the pointer in
remap_vmalloc_range().

In remap_vmalloc_range_partial(), fix the check against get_vm_area_size()
by using size comparisons instead of pointer comparisons, and add checks
for pgoff.

Link: http://lkml.kernel.org/r/20200415222312.236431-1-jannh@google.com
Cc: stable@vger.kernel.org
Fixes: 833423143c3a ("[PATCH] mm: introduce remap_vmalloc_range()")
Signed-off-by: Jann Horn <jannh@google.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Martin KaFai Lau <kafai@fb.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Yonghong Song <yhs@fb.com>
Cc: Andrii Nakryiko <andriin@fb.com>
Cc: John Fastabend <john.fastabend@gmail.com>
Cc: KP Singh <kpsingh@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/proc/vmcore.c         |    5 +++--
 include/linux/vmalloc.h  |    2 +-
 mm/vmalloc.c             |   16 +++++++++++++---
 samples/vfio-mdev/mdpy.c |    2 +-
 4 files changed, 18 insertions(+), 7 deletions(-)

--- a/fs/proc/vmcore.c~vmalloc-fix-remap_vmalloc_range-bounds-checks
+++ a/fs/proc/vmcore.c
@@ -266,7 +266,8 @@ static int vmcoredd_mmap_dumps(struct vm
 		if (start < offset + dump->size) {
 			tsz = min(offset + (u64)dump->size - start, (u64)size);
 			buf = dump->buf + start - offset;
-			if (remap_vmalloc_range_partial(vma, dst, buf, tsz)) {
+			if (remap_vmalloc_range_partial(vma, dst, buf, 0,
+							tsz)) {
 				ret = -EFAULT;
 				goto out_unlock;
 			}
@@ -624,7 +625,7 @@ static int mmap_vmcore(struct file *file
 		tsz = min(elfcorebuf_sz + elfnotes_sz - (size_t)start, size);
 		kaddr = elfnotes_buf + start - elfcorebuf_sz - vmcoredd_orig_sz;
 		if (remap_vmalloc_range_partial(vma, vma->vm_start + len,
-						kaddr, tsz))
+						kaddr, 0, tsz))
 			goto fail;
 
 		size -= tsz;
--- a/include/linux/vmalloc.h~vmalloc-fix-remap_vmalloc_range-bounds-checks
+++ a/include/linux/vmalloc.h
@@ -137,7 +137,7 @@ extern void vunmap(const void *addr);
 
 extern int remap_vmalloc_range_partial(struct vm_area_struct *vma,
 				       unsigned long uaddr, void *kaddr,
-				       unsigned long size);
+				       unsigned long pgoff, unsigned long size);
 
 extern int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
 							unsigned long pgoff);
--- a/mm/vmalloc.c~vmalloc-fix-remap_vmalloc_range-bounds-checks
+++ a/mm/vmalloc.c
@@ -34,6 +34,7 @@
 #include <linux/llist.h>
 #include <linux/bitops.h>
 #include <linux/rbtree_augmented.h>
+#include <linux/overflow.h>
 
 #include <linux/uaccess.h>
 #include <asm/tlbflush.h>
@@ -3054,6 +3055,7 @@ finished:
  * @vma:		vma to cover
  * @uaddr:		target user address to start at
  * @kaddr:		virtual address of vmalloc kernel memory
+ * @pgoff:		offset from @kaddr to start at
  * @size:		size of map area
  *
  * Returns:	0 for success, -Exxx on failure
@@ -3066,9 +3068,15 @@ finished:
  * Similar to remap_pfn_range() (see mm/memory.c)
  */
 int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr,
-				void *kaddr, unsigned long size)
+				void *kaddr, unsigned long pgoff,
+				unsigned long size)
 {
 	struct vm_struct *area;
+	unsigned long off;
+	unsigned long end_index;
+
+	if (check_shl_overflow(pgoff, PAGE_SHIFT, &off))
+		return -EINVAL;
 
 	size = PAGE_ALIGN(size);
 
@@ -3082,8 +3090,10 @@ int remap_vmalloc_range_partial(struct v
 	if (!(area->flags & (VM_USERMAP | VM_DMA_COHERENT)))
 		return -EINVAL;
 
-	if (kaddr + size > area->addr + get_vm_area_size(area))
+	if (check_add_overflow(size, off, &end_index) ||
+	    end_index > get_vm_area_size(area))
 		return -EINVAL;
+	kaddr += off;
 
 	do {
 		struct page *page = vmalloc_to_page(kaddr);
@@ -3122,7 +3132,7 @@ int remap_vmalloc_range(struct vm_area_s
 						unsigned long pgoff)
 {
 	return remap_vmalloc_range_partial(vma, vma->vm_start,
-					   addr + (pgoff << PAGE_SHIFT),
+					   addr, pgoff,
 					   vma->vm_end - vma->vm_start);
 }
 EXPORT_SYMBOL(remap_vmalloc_range);
--- a/samples/vfio-mdev/mdpy.c~vmalloc-fix-remap_vmalloc_range-bounds-checks
+++ a/samples/vfio-mdev/mdpy.c
@@ -418,7 +418,7 @@ static int mdpy_mmap(struct mdev_device
 		return -EINVAL;
 
 	return remap_vmalloc_range_partial(vma, vma->vm_start,
-					   mdev_state->memblk,
+					   mdev_state->memblk, 0,
 					   vma->vm_end - vma->vm_start);
 }
 
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 12/15] shmem: fix possible deadlocks on shmlock_user_lock
  2020-04-21  1:13 incoming Andrew Morton
                   ` (10 preceding siblings ...)
  2020-04-21  1:14 ` [patch 11/15] vmalloc: fix remap_vmalloc_range() bounds checks Andrew Morton
@ 2020-04-21  1:14 ` Andrew Morton
  2020-04-21  1:14 ` [patch 13/15] mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path Andrew Morton
                   ` (55 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:14 UTC (permalink / raw)
  To: akpm, hughd, linux-mm, mm-commits, torvalds, yang.shi

From: Hugh Dickins <hughd@google.com>
Subject: shmem: fix possible deadlocks on shmlock_user_lock

Recent commit 71725ed10c40 ("mm: huge tmpfs: try to split_huge_page() when
punching hole") has allowed syzkaller to probe deeper, uncovering a
long-standing lockdep issue between the irq-unsafe shmlock_user_lock, the
irq-safe xa_lock on mapping->i_pages, and shmem inode's info->lock which
nests inside xa_lock (or tree_lock) since 4.8's shmem_uncharge().

user_shm_lock(), servicing SysV shmctl(SHM_LOCK), wants shmlock_user_lock
while its caller shmem_lock() holds info->lock with interrupts disabled;
but hugetlbfs_file_setup() calls user_shm_lock() with interrupts enabled,
and might be interrupted by a writeback endio wanting xa_lock on i_pages. 
This may not risk an actual deadlock, since shmem inodes do not take part
in writeback accounting, but there are several easy ways to avoid it.

Requiring interrupts disabled for shmlock_user_lock would be easy, but
it's a high-level global lock for which that seems inappropriate. 
Instead, recall that the use of info->lock to guard info->flags in
shmem_lock() dates from pre-3.1 days, when races with SHMEM_PAGEIN and
SHMEM_TRUNCATE could occur: nowadays it serves no purpose, the only flag
added or removed is VM_LOCKED itself, and calls to shmem_lock() an inode
are already serialized by the caller.  Take info->lock out of the chain
and the possibility of deadlock or lockdep warning goes away.

Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2004161707410.16322@eggly.anvils
Reported-by: syzbot+c8a8197c8852f566b9d9@syzkaller.appspotmail.com
Link: https://lore.kernel.org/lkml/000000000000e5838c05a3152f53@google.com/
Reported-by: syzbot+40b71e145e73f78f81ad@syzkaller.appspotmail.com
Link: https://lore.kernel.org/lkml/0000000000003712b305a331d3b1@google.com/
Fixes: 4595ef88d136 ("shmem: make shmem_inode_info::lock irq-safe")
Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Yang Shi <yang.shi@linux.alibaba.com>
Acked-by: Yang Shi <yang.shi@linux.alibaba.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/shmem.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/mm/shmem.c~shmem-fix-possible-deadlocks-on-shmlock_user_lock
+++ a/mm/shmem.c
@@ -2179,7 +2179,11 @@ int shmem_lock(struct file *file, int lo
 	struct shmem_inode_info *info = SHMEM_I(inode);
 	int retval = -ENOMEM;
 
-	spin_lock_irq(&info->lock);
+	/*
+	 * What serializes the accesses to info->flags?
+	 * ipc_lock_object() when called from shmctl_do_lock(),
+	 * no serialization needed when called from shm_destroy().
+	 */
 	if (lock && !(info->flags & VM_LOCKED)) {
 		if (!user_shm_lock(inode->i_size, user))
 			goto out_nomem;
@@ -2194,7 +2198,6 @@ int shmem_lock(struct file *file, int lo
 	retval = 0;
 
 out_nomem:
-	spin_unlock_irq(&info->lock);
 	return retval;
 }
 
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 13/15] mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path
  2020-04-21  1:13 incoming Andrew Morton
                   ` (11 preceding siblings ...)
  2020-04-21  1:14 ` [patch 12/15] shmem: fix possible deadlocks on shmlock_user_lock Andrew Morton
@ 2020-04-21  1:14 ` Andrew Morton
  2020-04-21  1:14 ` [patch 14/15] coredump: fix null pointer dereference on coredump Andrew Morton
                   ` (54 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:14 UTC (permalink / raw)
  To: aarcange, akpm, hughd, linux-mm, mm-commits, torvalds, yang.shi

From: Yang Shi <yang.shi@linux.alibaba.com>
Subject: mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path

Syzbot reported the below lockdep splat:

WARNING: possible irq lock inversion dependency detected
5.6.0-rc7-syzkaller #0 Not tainted
--------------------------------------------------------
syz-executor.0/10317 just changed the state of lock:
ffff888021d16568 (&(&info->lock)->rlock){+.+.}, at: spin_lock
include/linux/spinlock.h:338 [inline]
ffff888021d16568 (&(&info->lock)->rlock){+.+.}, at:
shmem_mfill_atomic_pte+0x1012/0x21c0 mm/shmem.c:2407
but this lock was taken by another, SOFTIRQ-safe lock in the past:
 (&(&xa->xa_lock)->rlock#5){..-.}

and interrupts could create inverse lock ordering between them.

other info that might help us debug this:
 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(&info->lock)->rlock);
                               local_irq_disable();
                               lock(&(&xa->xa_lock)->rlock#5);
                               lock(&(&info->lock)->rlock);
  <Interrupt>
    lock(&(&xa->xa_lock)->rlock#5);

 *** DEADLOCK ***

The full report is quite lengthy, please see:
https://lore.kernel.org/linux-mm/alpine.LSU.2.11.2004152007370.13597@eggly.anvils/T/#m813b412c5f78e25ca8c6c7734886ed4de43f241d

It is because CPU 0 held info->lock with IRQ enabled in userfaultfd_copy
path, then CPU 1 is splitting a THP which held xa_lock and info->lock in
IRQ disabled context at the same time.  If softirq comes in to acquire
xa_lock, the deadlock would be triggered.

The fix is to acquire/release info->lock with *_irq version instead of
plain spin_{lock,unlock} to make it softirq safe.

Link: http://lkml.kernel.org/r/1587061357-122619-1-git-send-email-yang.shi@linux.alibaba.com
Fixes: 4c27fe4c4c84 ("userfaultfd: shmem: add shmem_mcopy_atomic_pte for userfaultfd support")
Signed-off-by: Yang Shi <yang.shi@linux.alibaba.com>
Reported-by: syzbot+e27980339d305f2dbfd9@syzkaller.appspotmail.com
Tested-by: syzbot+e27980339d305f2dbfd9@syzkaller.appspotmail.com
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/shmem.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/mm/shmem.c~mm-shmem-disable-interrupt-when-acquiring-info-lock-in-userfaultfd_copy-path
+++ a/mm/shmem.c
@@ -2402,11 +2402,11 @@ static int shmem_mfill_atomic_pte(struct
 
 	lru_cache_add_anon(page);
 
-	spin_lock(&info->lock);
+	spin_lock_irq(&info->lock);
 	info->alloced++;
 	inode->i_blocks += BLOCKS_PER_PAGE;
 	shmem_recalc_inode(inode);
-	spin_unlock(&info->lock);
+	spin_unlock_irq(&info->lock);
 
 	inc_mm_counter(dst_mm, mm_counter_file(page));
 	page_add_file_rmap(page, false);
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 14/15] coredump: fix null pointer dereference on coredump
  2020-04-21  1:13 incoming Andrew Morton
                   ` (12 preceding siblings ...)
  2020-04-21  1:14 ` [patch 13/15] mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path Andrew Morton
@ 2020-04-21  1:14 ` Andrew Morton
  2020-04-21  1:14 ` [patch 15/15] tools/vm: fix cross-compile build Andrew Morton
                   ` (53 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:14 UTC (permalink / raw)
  To: akpm, linux-mm, matthew.ruffell, mm-commits, nhorman, pabs3,
	stable, sudipm.mukherjee, torvalds, viro

From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Subject: coredump: fix null pointer dereference on coredump

If the core_pattern is set to "|" and any process segfaults then we get
a null pointer derefernce while trying to coredump. The call stack shows:
[  108.212680] RIP: 0010:do_coredump+0x628/0x11c0

When the core_pattern has only "|" there is no use of trying the coredump
and we can check that while formating the corename and exit with an error.

After this change I get:
[   48.453756] format_corename failed
[   48.453758] Aborting core

Link: http://lkml.kernel.org/r/20200416194612.21418-1-sudipm.mukherjee@gmail.com
Fixes: 315c69261dd3 ("coredump: split pipe command whitespace before expanding template")
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Reported-by: Matthew Ruffell <matthew.ruffell@canonical.com>
Cc: Paul Wise <pabs3@bonedaddy.net>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/coredump.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/coredump.c~coredump-fix-null-pointer-dereference-on-coredump
+++ a/fs/coredump.c
@@ -211,6 +211,8 @@ static int format_corename(struct core_n
 			return -ENOMEM;
 		(*argv)[(*argc)++] = 0;
 		++pat_ptr;
+		if (!(*pat_ptr))
+			return -ENOMEM;
 	}
 
 	/* Repeat as long as we have more pattern to process and more output
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [patch 15/15] tools/vm: fix cross-compile build
  2020-04-21  1:13 incoming Andrew Morton
                   ` (13 preceding siblings ...)
  2020-04-21  1:14 ` [patch 14/15] coredump: fix null pointer dereference on coredump Andrew Morton
@ 2020-04-21  1:14 ` Andrew Morton
  2020-04-21  2:00 ` + mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch added to -mm tree Andrew Morton
                   ` (52 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  1:14 UTC (permalink / raw)
  To: akpm, l.stach, linux-mm, martin, mm-commits, stable, torvalds

From: Lucas Stach <l.stach@pengutronix.de>
Subject: tools/vm: fix cross-compile build

7ed1c1901fe5 (tools: fix cross-compile var clobbering) moved the setup of
the CC variable to tools/scripts/Makefile.include to make the behavior
consistent across all the tools Makefiles.  As the vm tools missed the
include we end up with the wrong CC in a cross-compiling evironment.

Link: http://lkml.kernel.org/r/20200416104748.25243-1-l.stach@pengutronix.de
Fixes: 7ed1c1901fe5 (tools: fix cross-compile var clobbering)
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Cc: Martin Kelly <martin@martingkelly.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 tools/vm/Makefile |    2 ++
 1 file changed, 2 insertions(+)

--- a/tools/vm/Makefile~tools-vm-fix-cross-compile-build
+++ a/tools/vm/Makefile
@@ -1,6 +1,8 @@
 # SPDX-License-Identifier: GPL-2.0
 # Makefile for vm tools
 #
+include ../scripts/Makefile.include
+
 TARGETS=page-types slabinfo page_owner_sort
 
 LIB_DIR = ../lib/api
_

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (14 preceding siblings ...)
  2020-04-21  1:14 ` [patch 15/15] tools/vm: fix cross-compile build Andrew Morton
@ 2020-04-21  2:00 ` Andrew Morton
  2020-04-21  2:48 ` + x86-mm-define-mm_p4d_folded.patch " Andrew Morton
                   ` (51 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  2:00 UTC (permalink / raw)
  To: dan.j.williams, dave.hansen, david, mhocko, mm-commits, vishal.l.verma


The patch titled
     Subject: mm/memory_hotplug: refrain from adding memory into an impossible node
has been added to the -mm tree.  Its filename is
     mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Vishal Verma <vishal.l.verma@intel.com>
Subject: mm/memory_hotplug: refrain from adding memory into an impossible node

A misbehaving qemu created a situation where the ACPI SRAT table
advertised one fewer proximity domains than intended.  The NFIT table did
describe all the expected proximity domains.  This caused the device dax
driver to assign an impossible target_node to the device, and when
hotplugged as system memory, this would fail with the following signature:

  [  +0.001627] BUG: kernel NULL pointer dereference, address: 0000000000000088
  [  +0.001331] #PF: supervisor read access in kernel mode
  [  +0.000975] #PF: error_code(0x0000) - not-present page
  [  +0.000976] PGD 80000001767d4067 P4D 80000001767d4067 PUD 10e0c4067 PMD 0
  [  +0.001338] Oops: 0000 [#1] SMP PTI
  [  +0.000676] CPU: 4 PID: 22737 Comm: kswapd3 Tainted: G           O      5.6.0-rc5 #9
  [  +0.001457] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
      BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
  [  +0.001990] RIP: 0010:prepare_kswapd_sleep+0x7c/0xc0
  [  +0.000780] Code: 89 df e8 87 fd ff ff 89 c2 31 c0 84 d2 74 e6 0f 1f 44
                      00 00 48 8b 05 fb af 7a 01 48 63 93 88 1d 01 00 48 8b
		      84 d0 20 0f 00 00 <48> 3b 98 88 00 00 00 75 28 f0 80 a0
		      80 00 00 00 fe f0 80 a3 38 20
  [  +0.002877] RSP: 0018:ffffc900017a3e78 EFLAGS: 00010202
  [  +0.000805] RAX: 0000000000000000 RBX: ffff8881209e0000 RCX: 0000000000000000
  [  +0.001115] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff8881209e0e80
  [  +0.001098] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000008000
  [  +0.001092] R10: 0000000000000000 R11: 0000000000000003 R12: 0000000000000003
  [  +0.001092] R13: 0000000000000003 R14: 0000000000000000 R15: ffffc900017a3ec8
  [  +0.001091] FS:  0000000000000000(0000) GS:ffff888318c00000(0000) knlGS:0000000000000000
  [  +0.001275] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [  +0.000882] CR2: 0000000000000088 CR3: 0000000120b50002 CR4: 00000000001606e0
  [  +0.001095] Call Trace:
  [  +0.000388]  kswapd+0x103/0x520
  [  +0.000494]  ? finish_wait+0x80/0x80
  [  +0.000547]  ? balance_pgdat+0x5a0/0x5a0
  [  +0.000607]  kthread+0x120/0x140
  [  +0.000508]  ? kthread_create_on_node+0x60/0x60
  [  +0.000706]  ret_from_fork+0x3a/0x50

Add a check in the add_memory path to fail if the node to which we are
adding memory is in the node_possible_map

Link: http://lkml.kernel.org/r/20200416225438.15208-1-vishal.l.verma@intel.com
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/memory_hotplug.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/mm/memory_hotplug.c~mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node
+++ a/mm/memory_hotplug.c
@@ -1017,6 +1017,11 @@ int __ref add_memory_resource(int nid, s
 	if (ret)
 		return ret;
 
+	if (!node_possible(nid)) {
+		WARN(1, "node %d was absent from the node_possible_map\n", nid);
+		return -EINVAL;
+	}
+
 	mem_hotplug_begin();
 
 	/*
_

Patches currently in -mm which might be from vishal.l.verma@intel.com are

mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + x86-mm-define-mm_p4d_folded.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (15 preceding siblings ...)
  2020-04-21  2:00 ` + mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch added to -mm tree Andrew Morton
@ 2020-04-21  2:48 ` Andrew Morton
  2020-04-21  2:52 ` + mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch " Andrew Morton
                   ` (50 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  2:48 UTC (permalink / raw)
  To: anshuman.khandual, kirill, mingo, mm-commits, tglx


The patch titled
     Subject: x86/mm: define mm_p4d_folded()
has been added to the -mm tree.  Its filename is
     x86-mm-define-mm_p4d_folded.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/x86-mm-define-mm_p4d_folded.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/x86-mm-define-mm_p4d_folded.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Anshuman Khandual <anshuman.khandual@arm.com>
Subject: x86/mm: define mm_p4d_folded()

This just defines mm_p4d_folded() to check whether P4D page table level is
folded at runtime.

Link: http://lkml.kernel.org/r/1587436495-22033-2-git-send-email-anshuman.khandual@arm.com
Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/x86/include/asm/pgtable_64.h |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/arch/x86/include/asm/pgtable_64.h~x86-mm-define-mm_p4d_folded
+++ a/arch/x86/include/asm/pgtable_64.h
@@ -53,6 +53,12 @@ static inline void sync_initial_page_tab
 
 struct mm_struct;
 
+#define mm_p4d_folded mm_p4d_folded
+static inline bool mm_p4d_folded(struct mm_struct *mm)
+{
+	return !pgtable_l5_enabled();
+}
+
 void set_pte_vaddr_p4d(p4d_t *p4d_page, unsigned long vaddr, pte_t new_pte);
 void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte);
 
_

Patches currently in -mm which might be from anshuman.khandual@arm.com are

powerpc-mm-drop-platform-defined-pmd_mknotpresent.patch
mm-thp-rename-pmd_mknotpresent-as-pmd_mknotvalid.patch
x86-mm-define-mm_p4d_folded.patch
mm-debug-add-tests-validating-architecture-page-table-helpers.patch
mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (16 preceding siblings ...)
  2020-04-21  2:48 ` + x86-mm-define-mm_p4d_folded.patch " Andrew Morton
@ 2020-04-21  2:52 ` Andrew Morton
  2020-04-21  2:59 ` + mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch " Andrew Morton
                   ` (49 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  2:52 UTC (permalink / raw)
  To: anshuman.khandual, benh, borntraeger, bp, cai, catalin.marinas,
	christophe.leroy, gerald.schaefer, gor, heiko.carstens, hpa,
	kirill, mingo, mingo, mm-commits, mpe, palmer, paul.walmsley,
	paulus, rppt, tglx, vgupta, will


The patch titled
     Subject: mm-debug-add-tests-validating-architecture-page-table-helpers-v17
has been added to the -mm tree.  Its filename is
     mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Anshuman Khandual <anshuman.khandual@arm.com>
Subject: mm-debug-add-tests-validating-architecture-page-table-helpers-v17

- debug_vm_pgtable() is now called from late_initcall() per Linus

- Explicitly enable DEBUG_VM_PGTABLE when ARCH_HAS_DEBUG_VM_PGTABLE and
  DEBUG_VM

- Added #ifdef documentation per Gerald

- Dropped page table helper semantics documentation (will be added via
  later patches)

- Split the X86 changes defining mm_p4d_folded() into a new prerequisite
  patch

Link: http://lkml.kernel.org/r/1587436495-22033-3-git-send-email-anshuman.khandual@arm.com
Suggested-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>	# s390
Tested-by: Christophe Leroy <christophe.leroy@c-s.fr>	# ppc32
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/mmdebug.h |    5 -----
 init/main.c             |    2 --
 lib/Kconfig.debug       |    3 +--
 mm/debug_vm_pgtable.c   |   34 ++++++++++++----------------------
 4 files changed, 13 insertions(+), 31 deletions(-)

--- a/include/linux/mmdebug.h~mm-debug-add-tests-validating-architecture-page-table-helpers-v17
+++ a/include/linux/mmdebug.h
@@ -64,9 +64,4 @@ void dump_mm(const struct mm_struct *mm)
 #define VM_BUG_ON_PGFLAGS(cond, page) BUILD_BUG_ON_INVALID(cond)
 #endif
 
-#ifdef CONFIG_DEBUG_VM_PGTABLE
-void debug_vm_pgtable(void);
-#else
-static inline void debug_vm_pgtable(void) { }
-#endif
 #endif
--- a/init/main.c~mm-debug-add-tests-validating-architecture-page-table-helpers-v17
+++ a/init/main.c
@@ -54,7 +54,6 @@
 #include <linux/delayacct.h>
 #include <linux/unistd.h>
 #include <linux/utsname.h>
-#include <linux/mmdebug.h>
 #include <linux/rmap.h>
 #include <linux/mempolicy.h>
 #include <linux/key.h>
@@ -1358,7 +1357,6 @@ static int __ref kernel_init(void *unuse
 	kernel_init_freeable();
 	/* need to finish all async __init code before freeing the memory */
 	async_synchronize_full();
-	debug_vm_pgtable();
 	ftrace_free_init_mem();
 	free_initmem();
 	mark_readonly();
--- a/lib/Kconfig.debug~mm-debug-add-tests-validating-architecture-page-table-helpers-v17
+++ a/lib/Kconfig.debug
@@ -699,8 +699,7 @@ config DEBUG_VM_PGTABLE
 	depends on MMU
 	depends on !IA64 && !ARM
 	depends on ARCH_HAS_DEBUG_VM_PGTABLE || EXPERT
-	default n if !ARCH_HAS_DEBUG_VM_PGTABLE
-	default y if DEBUG_VM
+	default y if ARCH_HAS_DEBUG_VM_PGTABLE && DEBUG_VM
 	help
 	  This option provides a debug method which can be used to test
 	  architecture page table helper functions on various platforms in
--- a/mm/debug_vm_pgtable.c~mm-debug-add-tests-validating-architecture-page-table-helpers-v17
+++ a/mm/debug_vm_pgtable.c
@@ -30,18 +30,6 @@
 #include <asm/pgalloc.h>
 #include <asm/pgtable.h>
 
-/*
- * Basic operations
- *
- * mkold(entry)			= An old and not a young entry
- * mkyoung(entry)		= A young and not an old entry
- * mkdirty(entry)		= A dirty and not a clean entry
- * mkclean(entry)		= A clean and not a dirty entry
- * mkwrite(entry)		= A write and not a write protected entry
- * wrprotect(entry)		= A write protected and not a write entry
- * pxx_bad(entry)		= A mapped and non-table entry
- * pxx_same(entry1, entry2)	= Both entries hold the exact same value
- */
 #define VMFLAGS	(VM_READ|VM_WRITE|VM_EXEC)
 
 /*
@@ -107,13 +95,13 @@ static void __init pud_basic_tests(unsig
 	 */
 	WARN_ON(!pud_bad(pud_mkhuge(pud)));
 }
-#else
+#else  /* !CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD */
 static void __init pud_basic_tests(unsigned long pfn, pgprot_t prot) { }
-#endif
-#else
+#endif /* CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD */
+#else  /* !CONFIG_TRANSPARENT_HUGEPAGE */
 static void __init pmd_basic_tests(unsigned long pfn, pgprot_t prot) { }
 static void __init pud_basic_tests(unsigned long pfn, pgprot_t prot) { }
-#endif
+#endif /* CONFIG_TRANSPARENT_HUGEPAGE */
 
 static void __init p4d_basic_tests(unsigned long pfn, pgprot_t prot)
 {
@@ -163,13 +151,13 @@ static void __init pud_populate_tests(st
 	pud = READ_ONCE(*pudp);
 	WARN_ON(pud_bad(pud));
 }
-#else
+#else  /* !__PAGETABLE_PUD_FOLDED */
 static void __init pud_clear_tests(struct mm_struct *mm, pud_t *pudp) { }
 static void __init pud_populate_tests(struct mm_struct *mm, pud_t *pudp,
 				      pmd_t *pmdp)
 {
 }
-#endif
+#endif /* PAGETABLE_PUD_FOLDED */
 
 #ifndef __PAGETABLE_P4D_FOLDED
 static void __init p4d_clear_tests(struct mm_struct *mm, p4d_t *p4dp)
@@ -237,7 +225,7 @@ static void __init pgd_populate_tests(st
 	pgd = READ_ONCE(*pgdp);
 	WARN_ON(pgd_bad(pgd));
 }
-#else
+#else  /* !__PAGETABLE_P4D_FOLDED */
 static void __init p4d_clear_tests(struct mm_struct *mm, p4d_t *p4dp) { }
 static void __init pgd_clear_tests(struct mm_struct *mm, pgd_t *pgdp) { }
 static void __init p4d_populate_tests(struct mm_struct *mm, p4d_t *p4dp,
@@ -248,7 +236,7 @@ static void __init pgd_populate_tests(st
 				      p4d_t *p4dp)
 {
 }
-#endif
+#endif /* PAGETABLE_P4D_FOLDED */
 
 static void __init pte_clear_tests(struct mm_struct *mm, pte_t *ptep,
 				   unsigned long vaddr)
@@ -301,7 +289,7 @@ static unsigned long __init get_random_v
 	return random_vaddr;
 }
 
-void __init debug_vm_pgtable(void)
+static int __init debug_vm_pgtable(void)
 {
 	struct mm_struct *mm;
 	pgd_t *pgdp;
@@ -322,7 +310,7 @@ void __init debug_vm_pgtable(void)
 	mm = mm_alloc();
 	if (!mm) {
 		pr_err("mm_struct allocation failed\n");
-		return;
+		return 1;
 	}
 
 	/*
@@ -389,4 +377,6 @@ void __init debug_vm_pgtable(void)
 	mm_dec_nr_pmds(mm);
 	mm_dec_nr_ptes(mm);
 	mmdrop(mm);
+	return 0;
 }
+late_initcall(debug_vm_pgtable);
_

Patches currently in -mm which might be from anshuman.khandual@arm.com are

powerpc-mm-drop-platform-defined-pmd_mknotpresent.patch
mm-thp-rename-pmd_mknotpresent-as-pmd_mknotvalid.patch
x86-mm-define-mm_p4d_folded.patch
mm-debug-add-tests-validating-architecture-page-table-helpers.patch
mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (17 preceding siblings ...)
  2020-04-21  2:52 ` + mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch " Andrew Morton
@ 2020-04-21  2:59 ` Andrew Morton
  2020-04-21  2:59 ` + mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch " Andrew Morton
                   ` (48 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  2:59 UTC (permalink / raw)
  To: agordeev, mm-commits


The patch titled
     Subject: mm/mmap.c: add more sanity checks to get_unmapped_area()
has been added to the -mm tree.  Its filename is
     mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Alexander Gordeev <agordeev@linux.ibm.com>
Subject: mm/mmap.c: add more sanity checks to get_unmapped_area()

Generic get_unmapped_area() function does sanity checks of address and
length of the area to be mapped.  Yet, it lacks checking against
mmap_min_addr and mmap_end limits.

At the same time the default implementation of functions
arch_get_unmapped_area[_topdown]() and some architecture callbacks do
mmap_min_addr and mmap_end checks on their own.

Put additional checks into the generic code and do not let architecture
callbacks to get away with a possible area outside of the allowed limits.

That could also relieve arch_get_unmapped_area[_topdown]() callbacks of
own address and length sanity checks.

Link: http://lkml.kernel.org/r/d14f2cff3c891ef2c4b0337d737c6f04beacb124.1584958099.git.agordeev@linux.ibm.com
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/mmap.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/mm/mmap.c~mm-mmapc-add-more-sanity-checks-to-get_unmapped_area
+++ a/mm/mmap.c
@@ -2208,12 +2208,13 @@ get_unmapped_area(struct file *file, uns
 	unsigned long (*get_area)(struct file *, unsigned long,
 				  unsigned long, unsigned long, unsigned long);
 
+	const unsigned long mmap_end = arch_get_mmap_end(addr);
 	unsigned long error = arch_mmap_check(addr, len, flags);
 	if (error)
 		return error;
 
 	/* Careful about overflows.. */
-	if (len > TASK_SIZE)
+	if (len > mmap_end - mmap_min_addr)
 		return -ENOMEM;
 
 	get_area = current->mm->get_unmapped_area;
@@ -2234,7 +2235,7 @@ get_unmapped_area(struct file *file, uns
 	if (IS_ERR_VALUE(addr))
 		return addr;
 
-	if (addr > TASK_SIZE - len)
+	if ((addr < mmap_min_addr) || (addr > mmap_end - len))
 		return -ENOMEM;
 	if (offset_in_page(addr))
 		return -EINVAL;
_

Patches currently in -mm which might be from agordeev@linux.ibm.com are

mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch
mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (18 preceding siblings ...)
  2020-04-21  2:59 ` + mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch " Andrew Morton
@ 2020-04-21  2:59 ` Andrew Morton
  2020-04-21  3:07 ` + initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch " Andrew Morton
                   ` (47 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  2:59 UTC (permalink / raw)
  To: agordeev, mm-commits


The patch titled
     Subject: mm/mmap.c: do not allow mappings outside of allowed limits
has been added to the -mm tree.  Its filename is
     mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Alexander Gordeev <agordeev@linux.ibm.com>
Subject: mm/mmap.c: do not allow mappings outside of allowed limits

It is possible to request a fixed mapping address below mmap_min_addr and
succeed.  This update adds early checks of mmap_min_addr and mmap_end
boundaries and fixes the above issue.

Link: http://lkml.kernel.org/r/d6da1319114a331095052638f0ffa3ccb0be58f1.1584958099.git.agordeev@linux.ibm.com
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/mmap.c |   23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

--- a/mm/mmap.c~mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits
+++ a/mm/mmap.c
@@ -62,6 +62,14 @@
 #define arch_mmap_check(addr, len, flags)	(0)
 #endif
 
+#ifndef arch_get_mmap_end
+#define arch_get_mmap_end(addr)	(TASK_SIZE)
+#endif
+
+#ifndef arch_get_mmap_base
+#define arch_get_mmap_base(addr, base) (base)
+#endif
+
 #ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS
 const int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN;
 const int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX;
@@ -1369,6 +1377,7 @@ unsigned long do_mmap(struct file *file,
 			unsigned long pgoff, unsigned long *populate,
 			struct list_head *uf)
 {
+	const unsigned long mmap_end = arch_get_mmap_end(addr);
 	struct mm_struct *mm = current->mm;
 	int pkey = 0;
 
@@ -1391,8 +1400,12 @@ unsigned long do_mmap(struct file *file,
 	if (flags & MAP_FIXED_NOREPLACE)
 		flags |= MAP_FIXED;
 
-	if (!(flags & MAP_FIXED))
+	if (flags & MAP_FIXED) {
+		if ((addr < mmap_min_addr) || (addr > mmap_end))
+			return -ENOMEM;
+	} else {
 		addr = round_hint_to_min(addr);
+	}
 
 	/* Careful about overflows.. */
 	len = PAGE_ALIGN(len);
@@ -2089,14 +2102,6 @@ unsigned long vm_unmapped_area(struct vm
 	return addr;
 }
 
-#ifndef arch_get_mmap_end
-#define arch_get_mmap_end(addr)	(TASK_SIZE)
-#endif
-
-#ifndef arch_get_mmap_base
-#define arch_get_mmap_base(addr, base) (base)
-#endif

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (19 preceding siblings ...)
  2020-04-21  2:59 ` + mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch " Andrew Morton
@ 2020-04-21  3:07 ` Andrew Morton
  2020-04-21  3:58 ` + initrdmem=-option-to-specify-initrd-physical-address.patch " Andrew Morton
                   ` (46 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  3:07 UTC (permalink / raw)
  To: akpm, bp, hpa, mingo, mjg59, mm-commits, rdunlap, rminnich, tglx


The patch titled
     Subject: initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes
has been added to the -mm tree.  Its filename is
     initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/initrdmem%3D-option-to-specify-initrd-physical-address-checkpatch-fixes.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/initrdmem%3D-option-to-specify-initrd-physical-address-checkpatch-fixes.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Andrew Morton <akpm@linux-foundation.org>
Subject: initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes

Cc: Borislav Petkov <bp@alien8.de>

WARNING: 'adddress' may be misspelled - perhaps 'address'?
#64: FILE: Documentation/admin-guide/kernel-parameters.txt:1717:
+    initrdmem=    [KNL] Specify a physical adddress and size from which

WARNING: please, no spaces at the start of a line
#82: FILE: arch/x86/kernel/setup.c:240:
+    if (ramdisk_image == 0) {$

WARNING: braces {} are not necessary for single statement blocks
#82: FILE: arch/x86/kernel/setup.c:240:
+    if (ramdisk_image == 0) {
+        ramdisk_image = phys_initrd_start;
+    }

ERROR: code indent should use tabs where possible
#83: FILE: arch/x86/kernel/setup.c:241:
+        ramdisk_image = phys_initrd_start;$

WARNING: please, no spaces at the start of a line
#83: FILE: arch/x86/kernel/setup.c:241:
+        ramdisk_image = phys_initrd_start;$

WARNING: please, no spaces at the start of a line
#84: FILE: arch/x86/kernel/setup.c:242:
+    }$

WARNING: please, no spaces at the start of a line
#92: FILE: arch/x86/kernel/setup.c:251:
+    if (ramdisk_size == 0) {$

WARNING: braces {} are not necessary for single statement blocks
#92: FILE: arch/x86/kernel/setup.c:251:
+    if (ramdisk_size == 0) {
+        ramdisk_size = phys_initrd_size;
+    }

ERROR: code indent should use tabs where possible
#93: FILE: arch/x86/kernel/setup.c:252:
+        ramdisk_size = phys_initrd_size;$

WARNING: please, no spaces at the start of a line
#93: FILE: arch/x86/kernel/setup.c:252:
+        ramdisk_size = phys_initrd_size;$

WARNING: please, no spaces at the start of a line
#94: FILE: arch/x86/kernel/setup.c:253:
+    }$

WARNING: please, no spaces at the start of a line
#124: FILE: init/do_mounts_initrd.c:55:
+    return early_initrdmem(p);$

WARNING: Missing Signed-off-by: line by nominal patch author 'ron minnich <rminnich@gmail.com>'

total: 2 errors, 11 warnings, 56 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

NOTE: Whitespace errors detected.
      You may wish to use scripts/cleanpatch or scripts/cleanfile

./patches/initrdmem=-option-to-specify-initrd-physical-address.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Borislav Petkov <bp@alien8.de>
Cc: H. Peter Anvin (Intel) <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Matthew Garrett <mjg59@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Ronald G. Minnich <rminnich@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 Documentation/admin-guide/kernel-parameters.txt |   12 ++++++------
 arch/x86/kernel/setup.c                         |   12 ++++++------
 init/do_mounts_initrd.c                         |    2 +-
 3 files changed, 13 insertions(+), 13 deletions(-)

--- a/arch/x86/kernel/setup.c~initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes
+++ a/arch/x86/kernel/setup.c
@@ -237,9 +237,9 @@ static u64 __init get_ramdisk_image(void
 
 	ramdisk_image |= (u64)boot_params.ext_ramdisk_image << 32;
 
-    if (ramdisk_image == 0) {
-        ramdisk_image = phys_initrd_start;
-    }
+	if (ramdisk_image == 0)
+		ramdisk_image = phys_initrd_start;
+
 	return ramdisk_image;
 }
 static u64 __init get_ramdisk_size(void)
@@ -248,9 +248,9 @@ static u64 __init get_ramdisk_size(void)
 
 	ramdisk_size |= (u64)boot_params.ext_ramdisk_size << 32;
 
-    if (ramdisk_size == 0) {
-        ramdisk_size = phys_initrd_size;
-    }
+	if (ramdisk_size == 0)
+		ramdisk_size = phys_initrd_size;
+
 	return ramdisk_size;
 }
 
--- a/Documentation/admin-guide/kernel-parameters.txt~initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes
+++ a/Documentation/admin-guide/kernel-parameters.txt
@@ -1762,12 +1762,12 @@
 
 	initrd=		[BOOT] Specify the location of the initial ramdisk
 
-    initrdmem=    [KNL] Specify a physical adddress and size from which
-            to load the initrd. If an initrd is compiled in or
-            specified in the bootparams, it takes priority
-            over this setting.
-            Format: ss[KMG],nn[KMG]
-            Default is 0, 0
+	initrdmem=	[KNL] Specify a physical address and size from which to
+			load the initrd. If an initrd is compiled in or
+			specified in the bootparams, it takes priority over this
+			setting.
+			Format: ss[KMG],nn[KMG]
+			Default is 0, 0
 
 	init_on_alloc=	[MM] Fill newly allocated pages and heap objects with
 			zeroes.
--- a/init/do_mounts_initrd.c~initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes
+++ a/init/do_mounts_initrd.c
@@ -52,7 +52,7 @@ early_param("initrdmem", early_initrdmem
  */
 static int __init early_initrd(char *p)
 {
-    return early_initrdmem(p);
+	return early_initrdmem(p);
 }
 early_param("initrd", early_initrd);
 
_

Patches currently in -mm which might be from akpm@linux-foundation.org are

mm-memcg-fix-error-return-value-of-mem_cgroup_css_alloc-fix.patch
squashfs-migrate-from-ll_rw_block-usage-to-bio-fix.patch
drivers-tty-serial-sh-scic-suppress-uninitialized-var-warning.patch
mm.patch
mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch
memcg-optimize-memorynuma_stat-like-memorystat-fix.patch
mm-remove-__vmalloc_node_flags_caller-fix.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix.patch
mm-remove-vmalloc_user_node_flags-fix.patch
mm-replace-zero-length-array-with-flexible-array-member-fix.patch
mm-hugetlb-fix-a-typo-in-comment-manitained-maintained-v2-checkpatch-fixes.patch
initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch
linux-next-fix.patch
kernel-forkc-export-kernel_thread-to-modules.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + initrdmem=-option-to-specify-initrd-physical-address.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (20 preceding siblings ...)
  2020-04-21  3:07 ` + initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch " Andrew Morton
@ 2020-04-21  3:58 ` Andrew Morton
  2020-04-21  5:43 ` mmotm 2020-04-20-22-43 uploaded Andrew Morton
                   ` (45 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  3:58 UTC (permalink / raw)
  To: bp, hpa, mingo, mjg59, mm-commits, rdunlap, rminnich, tglx


The patch titled
     Subject: initrdmem= option to specify initrd physical address
has been added to the -mm tree.  Its filename is
     initrdmem=-option-to-specify-initrd-physical-address.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/initrdmem%3D-option-to-specify-initrd-physical-address.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/initrdmem%3D-option-to-specify-initrd-physical-address.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: ron minnich <rminnich@gmail.com>
Subject: initrdmem= option to specify initrd physical address

This patch adds the initrdmem option:

initrdmem=ss[KMG],nn[KMG]

which is used to specify the physical address of the initrd, almost always
an address in FLASH.  It also adds code for x86 to use the existing
phys_init_start and phys_init_size variables in the kernel.  This is
useful in cases where we wish to place a kernel and initrd in FLASH, but
there is no firmware file system structure in the FLASH.

One such situation occurs when we have reclaimed unused FLASH space on
UEFI systems by, e.g., taking it from the Management Engine.  For example,
on many systems, the ME is given half the FLASH part; not only is 2.75M of
an 8M part unused; but 10.75M of a 16M part is unused.  We can use this
space to contain an initrd, but need to tell Linux where it is.

This space is "raw": due to, e.g., UEFI limitations: it can not be added
to UEFI firmware volumes without rebuilding UEFI from source or writing a
UEFI device driver.  We can reference it only as a physical address and
size.

At the same time, should we netboot a kernel or load it from GRUB or
syslinux, we want to have the option of not using the physical address
specification.  Then, should we wish, it is easy to boot the kernel and
provide an initrd; or boot the the kernel and let it use the initrd in
FLASH.  In practice this has proven to be very helpful as we integrate
Linux into FLASH on x86.

Hence, the most flexible and convenient path is to enable the initrdmem
command line flag in a way that it is the last choice tried.

For example, on the DigitalLoggers Atomic Pi, we burn an image into FLASH
with a built-in command line which includes:

initrdmem=0xff968000,0x200000
which specifies a location and size.

Link: http://lkml.kernel.org/r/CAP6exYLK11rhreX=6QPyDQmW7wPHsKNEFtXE47pjx41xS6O7-A@mail.gmail.com
Signed-off-by: Ronald G. Minnich <rminnich@gmail.com>
Reviewed-by: H. Peter Anvin (Intel) <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 Documentation/admin-guide/kernel-parameters.txt |    7 +++++++
 arch/x86/kernel/setup.c                         |    6 ++++++
 init/do_mounts_initrd.c                         |   13 ++++++++++++-
 3 files changed, 25 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/setup.c~initrdmem=-option-to-specify-initrd-physical-address
+++ a/arch/x86/kernel/setup.c
@@ -237,6 +237,9 @@ static u64 __init get_ramdisk_image(void
 
 	ramdisk_image |= (u64)boot_params.ext_ramdisk_image << 32;
 
+    if (ramdisk_image == 0) {
+        ramdisk_image = phys_initrd_start;
+    }
 	return ramdisk_image;
 }
 static u64 __init get_ramdisk_size(void)
@@ -245,6 +248,9 @@ static u64 __init get_ramdisk_size(void)
 
 	ramdisk_size |= (u64)boot_params.ext_ramdisk_size << 32;
 
+    if (ramdisk_size == 0) {
+        ramdisk_size = phys_initrd_size;
+    }
 	return ramdisk_size;
 }
 
--- a/Documentation/admin-guide/kernel-parameters.txt~initrdmem=-option-to-specify-initrd-physical-address
+++ a/Documentation/admin-guide/kernel-parameters.txt
@@ -1762,6 +1762,13 @@
 
 	initrd=		[BOOT] Specify the location of the initial ramdisk
 
+    initrdmem=    [KNL] Specify a physical adddress and size from which
+            to load the initrd. If an initrd is compiled in or
+            specified in the bootparams, it takes priority
+            over this setting.
+            Format: ss[KMG],nn[KMG]
+            Default is 0, 0
+
 	init_on_alloc=	[MM] Fill newly allocated pages and heap objects with
 			zeroes.
 			Format: 0 | 1
--- a/init/do_mounts_initrd.c~initrdmem=-option-to-specify-initrd-physical-address
+++ a/init/do_mounts_initrd.c
@@ -28,7 +28,7 @@ static int __init no_initrd(char *str)
 
 __setup("noinitrd", no_initrd);
 
-static int __init early_initrd(char *p)
+static int __init early_initrdmem(char *p)
 {
 	phys_addr_t start;
 	unsigned long size;
@@ -43,6 +43,17 @@ static int __init early_initrd(char *p)
 	}
 	return 0;
 }
+early_param("initrdmem", early_initrdmem);
+
+/*
+ * This is here as the initrd keyword has been in use since 11/2018
+ * on ARM, PowerPC, and MIPS.
+ * It should not be; it is reserved for bootloaders.
+ */
+static int __init early_initrd(char *p)
+{
+    return early_initrdmem(p);
+}
 early_param("initrd", early_initrd);
 
 static int init_linuxrc(struct subprocess_info *info, struct cred *new)
_

Patches currently in -mm which might be from rminnich@gmail.com are

initrdmem=-option-to-specify-initrd-physical-address.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* mmotm 2020-04-20-22-43 uploaded
  2020-04-21  1:13 incoming Andrew Morton
                   ` (21 preceding siblings ...)
  2020-04-21  3:58 ` + initrdmem=-option-to-specify-initrd-physical-address.patch " Andrew Morton
@ 2020-04-21  5:43 ` Andrew Morton
  2020-04-22  1:36 ` + mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch added to -mm tree Andrew Morton
                   ` (44 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-21  5:43 UTC (permalink / raw)
  To: broonie, linux-fsdevel, linux-kernel, linux-mm, linux-next,
	mhocko, mm-commits, sfr

The mm-of-the-moment snapshot 2020-04-20-22-43 has been uploaded to

   http://www.ozlabs.org/~akpm/mmotm/

mmotm-readme.txt says

README for mm-of-the-moment:

http://www.ozlabs.org/~akpm/mmotm/

This is a snapshot of my -mm patch queue.  Uploaded at random hopefully
more than once a week.

You will need quilt to apply these patches to the latest Linus release (5.x
or 5.x-rcY).  The series file is in broken-out.tar.gz and is duplicated in
http://ozlabs.org/~akpm/mmotm/series

The file broken-out.tar.gz contains two datestamp files: .DATE and
.DATE-yyyy-mm-dd-hh-mm-ss.  Both contain the string yyyy-mm-dd-hh-mm-ss,
followed by the base kernel version against which this patch series is to
be applied.

This tree is partially included in linux-next.  To see which patches are
included in linux-next, consult the `series' file.  Only the patches
within the #NEXT_PATCHES_START/#NEXT_PATCHES_END markers are included in
linux-next.


A full copy of the full kernel tree with the linux-next and mmotm patches
already applied is available through git within an hour of the mmotm
release.  Individual mmotm releases are tagged.  The master branch always
points to the latest release, so it's constantly rebasing.

	https://github.com/hnaz/linux-mm

The directory http://www.ozlabs.org/~akpm/mmots/ (mm-of-the-second)
contains daily snapshots of the -mm tree.  It is updated more frequently
than mmotm, and is untested.

A git copy of this tree is also available at

	https://github.com/hnaz/linux-mm



This mmotm tree contains the following patches against 5.7-rc2:
(patches marked "*" will be included in linux-next)

* sh-fix-build-error-in-mm-initc.patch
* slub-avoid-redzone-when-choosing-freepointer-location.patch
* mm-userfaultfd-disable-userfaultfd-wp-on-x86_32.patch
* maintainers-add-an-entry-for-kfifo.patch
* mm-hugetlb-fix-a-addressing-exception-caused-by-huge_pte_offset.patch
* mm-gup-return-eintr-when-gup-is-interrupted-by-fatal-signals.patch
* checkpatch-fix-a-typo-in-the-regex-for-allocfunctions.patch
* tools-build-tweak-unused-value-workaround.patch
* mm-ksm-fix-null-pointer-dereference-when-ksm-zero-page-is-enabled.patch
* mm-shmem-fix-build-without-thp.patch
* vmalloc-fix-remap_vmalloc_range-bounds-checks.patch
* shmem-fix-possible-deadlocks-on-shmlock_user_lock.patch
* mm-shmem-disable-interrupt-when-acquiring-info-lock-in-userfaultfd_copy-path.patch
* coredump-fix-null-pointer-dereference-on-coredump.patch
* tools-vm-fix-cross-compile-build.patch
* proc-kpageflags-prevent-an-integer-overflow-in-stable_page_flags.patch
* proc-kpageflags-do-not-use-uninitialized-struct-pages.patch
* ipc-mqueuec-change-__do_notify-to-bypass-check_kill_permission-v2.patch
* mm-memcg-fix-error-return-value-of-mem_cgroup_css_alloc.patch
* mm-memcg-fix-error-return-value-of-mem_cgroup_css_alloc-fix.patch
* kcov-cleanup-debug-messages.patch
* kcov-fix-potential-use-after-free-in-kcov_remote_start.patch
* kcov-move-t-kcov-assignments-into-kcov_start-stop.patch
* kcov-move-t-kcov_sequence-assignment.patch
* kcov-use-t-kcov_mode-as-enabled-indicator.patch
* kcov-collect-coverage-from-interrupts.patch
* usb-core-kcov-collect-coverage-from-usb-complete-callback.patch
* mm-page_alloc-fix-watchdog-soft-lockups-during-set_zone_contiguous.patch
* kernel-kcovc-fix-typos-in-kcov_remote_start-documentation.patch
* scripts-decodecode-fix-trapping-instruction-formatting.patch
* fs-binfmt_elfc-allocate-initialized-memory-in-fill_thread_core_info.patch
* squashfs-squashfs_fsh-replace-zero-length-array-with-flexible-array-member.patch
* squashfs-migrate-from-ll_rw_block-usage-to-bio.patch
* squashfs-migrate-from-ll_rw_block-usage-to-bio-fix.patch
* ocfs2-add-missing-annotation-for-dlm_empty_lockres.patch
* drivers-tty-serial-sh-scic-suppress-uninitialized-var-warning.patch
* ramfs-support-o_tmpfile.patch
* kernel-watchdog-flush-all-printk-nmi-buffers-when-hardlockup-detected.patch
  mm.patch
* usercopy-mark-dma-kmalloc-caches-as-usercopy-caches.patch
* mm-slub-fix-corrupted-freechain-in-deactivate_slab.patch
* mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch
* mm-dump_page-do-not-crash-with-invalid-mapping-pointer.patch
* mm-move-readahead-prototypes-from-mmh.patch
* mm-return-void-from-various-readahead-functions.patch
* mm-ignore-return-value-of-readpages.patch
* mm-move-readahead-nr_pages-check-into-read_pages.patch
* mm-add-new-readahead_control-api.patch
* mm-use-readahead_control-to-pass-arguments.patch
* mm-rename-various-offset-parameters-to-index.patch
* mm-rename-readahead-loop-variable-to-i.patch
* mm-remove-page_offset-from-readahead-loop.patch
* mm-put-readahead-pages-in-cache-earlier.patch
* mm-add-readahead-address-space-operation.patch
* mm-move-end_index-check-out-of-readahead-loop.patch
* mm-add-page_cache_readahead_unbounded.patch
* mm-document-why-we-dont-set-pagereadahead.patch
* mm-use-memalloc_nofs_save-in-readahead-path.patch
* fs-convert-mpage_readpages-to-mpage_readahead.patch
* btrfs-convert-from-readpages-to-readahead.patch
* erofs-convert-uncompressed-files-from-readpages-to-readahead.patch
* erofs-convert-compressed-files-from-readpages-to-readahead.patch
* ext4-convert-from-readpages-to-readahead.patch
* ext4-pass-the-inode-to-ext4_mpage_readpages.patch
* f2fs-convert-from-readpages-to-readahead.patch
* f2fs-pass-the-inode-to-f2fs_mpage_readpages.patch
* fuse-convert-from-readpages-to-readahead.patch
* fuse-convert-from-readpages-to-readahead-fix.patch
* iomap-convert-from-readpages-to-readahead.patch
* mm-swapfile-use-list_prevnext_entry-instead-of-open-coding.patch
* mm-swap_state-fix-a-data-race-in-swapin_nr_pages.patch
* mm-swap-properly-update-readahead-statistics-in-unuse_pte_range.patch
* mm-swapfilec-offset-is-only-used-when-there-is-more-slots.patch
* mm-swapfilec-explicitly-show-ssd-non-ssd-is-handled-mutually-exclusive.patch
* mm-swapfilec-remove-the-unnecessary-goto-for-ssd-case.patch
* mm-swapfilec-simplify-the-calculation-of-n_goal.patch
* mm-swapfilec-remove-the-extra-check-in-scan_swap_map_slots.patch
* memcg-optimize-memorynuma_stat-like-memorystat.patch
* memcg-optimize-memorynuma_stat-like-memorystat-fix.patch
* h8300-remove-usage-of-__arch_use_5level_hack.patch
* arm-add-support-for-folded-p4d-page-tables.patch
* arm64-add-support-for-folded-p4d-page-tables.patch
* hexagon-remove-__arch_use_5level_hack.patch
* ia64-add-support-for-folded-p4d-page-tables.patch
* nios2-add-support-for-folded-p4d-page-tables.patch
* openrisc-add-support-for-folded-p4d-page-tables.patch
* powerpc-add-support-for-folded-p4d-page-tables.patch
* sh-fault-modernize-printing-of-kernel-messages.patch
* sh-drop-__pxd_offset-macros-that-duplicate-pxd_index-ones.patch
* sh-add-support-for-folded-p4d-page-tables.patch
* unicore32-remove-__arch_use_5level_hack.patch
* asm-generic-remove-pgtable-nop4d-hackh.patch
* mm-remove-__arch_has_5level_hack-and-include-asm-generic-5level-fixuph.patch
* mm-gupc-further-document-vma_permits_fault.patch
* proc-pid-smaps-add-pmd-migration-entry-parsing.patch
* mm-mmap-fix-the-adjusted-length-error.patch
* mm-memory-remove-unnecessary-pte_devmap-case-in-copy_one_pte.patch
* x86-hyperv-use-vmalloc_exec-for-the-hypercall-page.patch
* x86-fix-vmap-arguments-in-map_irq_stack.patch
* staging-android-ion-use-vmap-instead-of-vm_map_ram.patch
* staging-media-ipu3-use-vmap-instead-of-reimplementing-it.patch
* dma-mapping-use-vmap-insted-of-reimplementing-it.patch
* powerpc-add-an-ioremap_phb-helper.patch
* powerpc-remove-__ioremap_at-and-__iounmap_at.patch
* mm-remove-__get_vm_area.patch
* mm-unexport-unmap_kernel_range_noflush.patch
* mm-rename-config_pgtable_mapping-to-config_zsmalloc_pgtable_mapping.patch
* mm-only-allow-page-table-mappings-for-built-in-zsmalloc.patch
* mm-pass-addr-as-unsigned-long-to-vb_free.patch
* mm-remove-vmap_page_range_noflush-and-vunmap_page_range.patch
* mm-rename-vmap_page_range-to-map_kernel_range.patch
* mm-dont-return-the-number-of-pages-from-map_kernel_range_noflush.patch
* mm-remove-map_vm_range.patch
* mm-remove-unmap_vmap_area.patch
* mm-remove-the-prot-argument-from-vm_map_ram.patch
* mm-enforce-that-vmap-cant-map-pages-executable.patch
* gpu-drm-remove-the-powerpc-hack-in-drm_legacy_sg_alloc.patch
* mm-remove-the-pgprot-argument-to-__vmalloc.patch
* mm-remove-the-prot-argument-to-__vmalloc_node.patch
* mm-remove-both-instances-of-__vmalloc_node_flags.patch
* mm-remove-__vmalloc_node_flags_caller.patch
* mm-remove-__vmalloc_node_flags_caller-fix.patch
* mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node.patch
* mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix.patch
* mm-remove-vmalloc_user_node_flags.patch
* mm-remove-vmalloc_user_node_flags-fix.patch
* arm64-use-__vmalloc_node-in-arch_alloc_vmap_stack.patch
* powerpc-use-__vmalloc_node-in-alloc_vm_stack.patch
* s390-use-__vmalloc_node-in-stack_alloc.patch
* mm-init-report-kasan-tag-information-stored-in-page-flags.patch
* mm-clarify-__gfp_memalloc-usage.patch
* mm-memblock-replace-dereferences-of-memblock_regionnid-with-api-calls.patch
* mm-make-early_pfn_to_nid-and-related-defintions-close-to-each-other.patch
* mm-remove-config_have_memblock_node_map-option.patch
* mm-free_area_init-use-maximal-zone-pfns-rather-than-zone-sizes.patch
* mm-use-free_area_init-instead-of-free_area_init_nodes.patch
* alpha-simplify-detection-of-memory-zone-boundaries.patch
* arm-simplify-detection-of-memory-zone-boundaries.patch
* arm64-simplify-detection-of-memory-zone-boundaries-for-uma-configs.patch
* csky-simplify-detection-of-memory-zone-boundaries.patch
* m68k-mm-simplify-detection-of-memory-zone-boundaries.patch
* parisc-simplify-detection-of-memory-zone-boundaries.patch
* sparc32-simplify-detection-of-memory-zone-boundaries.patch
* unicore32-simplify-detection-of-memory-zone-boundaries.patch
* xtensa-simplify-detection-of-memory-zone-boundaries.patch
* mm-memmap_init-iterate-over-memblock-regions-rather-that-check-each-pfn.patch
* mm-memmap_init-iterate-over-memblock-regions-rather-that-check-each-pfn-fix.patch
* mm-remove-early_pfn_in_nid-and-config_nodes_span_other_nodes.patch
* mm-free_area_init-allow-defining-max_zone_pfn-in-descending-order.patch
* mm-rename-free_area_init_node-to-free_area_init_memoryless_node.patch
* mm-clean-up-free_area_init_node-and-its-helpers.patch
* mm-simplify-find_min_pfn_with_active_regions.patch
* docs-vm-update-memory-models-documentation.patch
* mm-page_allocc-bad_-is-not-necessary-when-pagehwpoison.patch
* mm-page_allocc-bad_flags-is-not-necessary-for-bad_page.patch
* mm-page_allocc-rename-free_pages_check_bad-to-check_free_page_bad.patch
* mm-page_allocc-rename-free_pages_check-to-check_free_page.patch
* mm-page_allocc-extract-check__page_bad-common-part-to-page_bad_reason.patch
* mmpage_alloccma-conditionally-prefer-cma-pageblocks-for-movable-allocations.patch
* mmpage_alloccma-conditionally-prefer-cma-pageblocks-for-movable-allocations-fix.patch
* mm-call-touch_nmi_watchdog-on-max-order-boundaries-in-deferred-init.patch
* mm-initialize-deferred-pages-with-interrupts-enabled.patch
* mm-call-cond_resched-from-deferred_init_memmap.patch
* mm-remove-unused-free_bootmem_with_active_regions.patch
* mm-page_allocc-only-tune-sysctl_lowmem_reserve_ratio-value-once-when-changing-it.patch
* mm-page_allocc-clear-out-zone-lowmem_reserve-if-the-zone-is-empty.patch
* mm-vmstatc-do-not-show-lowmem-reserve-protection-information-of-empty-zone.patch
* mm-page_alloc-use-ac-high_zoneidx-for-classzone_idx.patch
* mm-page_alloc-integrate-classzone_idx-and-high_zoneidx.patch
* mm-page_allocc-use-node_mask_none-in-build_zonelists.patch
* mm-rename-gfpflags_to_migratetype-to-gfp_migratetype-for-same-convention.patch
* mm-vmscanc-use-update_lru_size-in-update_lru_sizes.patch
* hugetlb_cgroup-remove-unused-variable-i.patch
* khugepaged-add-self-test.patch
* khugepaged-add-self-test-fix.patch
* khugepaged-do-not-stop-collapse-if-less-than-half-ptes-are-referenced.patch
* khugepaged-drain-all-lru-caches-before-scanning-pages.patch
* khugepaged-drain-lru-add-pagevec-after-swapin.patch
* khugepaged-allow-to-collapse-a-page-shared-across-fork.patch
* khugepaged-allow-to-collapse-pte-mapped-compound-pages.patch
* thp-change-cow-semantics-for-anon-thp.patch
* khugepaged-introduce-max_ptes_shared-tunable.patch
* khugepaged-introduce-max_ptes_shared-tunable-fix.patch
* hugetlbfs-add-arch_hugetlb_valid_size.patch
* hugetlbfs-move-hugepagesz=-parsing-to-arch-independent-code.patch
* hugetlbfs-remove-hugetlb_add_hstate-warning-for-existing-hstate.patch
* hugetlbfs-remove-hugetlb_add_hstate-warning-for-existing-hstate-fix.patch
* hugetlbfs-clean-up-command-line-processing.patch
* mm-thp-dont-need-drain-lru-cache-when-splitting-and-mlocking-thp.patch
* powerpc-mm-drop-platform-defined-pmd_mknotpresent.patch
* mm-thp-rename-pmd_mknotpresent-as-pmd_mknotvalid.patch
* drivers-base-memoryc-cache-memory-blocks-in-xarray-to-accelerate-lookup.patch
* drivers-base-memoryc-cache-memory-blocks-in-xarray-to-accelerate-lookup-fix.patch
* mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch
* powerpc-pseries-hotplug-memory-stop-checking-is_mem_section_removable.patch
* mm-memory_hotplug-remove-is_mem_section_removable.patch
* mm-replace-zero-length-array-with-flexible-array-member.patch
* mm-replace-zero-length-array-with-flexible-array-member-fix.patch
* mm-memory_hotplug-fix-a-typo-in-comment-recoreded-recorded.patch
* mm-ksm-fix-a-typo-in-comment-alreaady-already.patch
* mm-ksm-fix-a-typo-in-comment-alreaady-already-v2.patch
* mm-mmap-fix-a-typo-in-comment-compatbility-compatibility.patch
* mm-hugetlb-fix-a-typo-in-comment-manitained-maintained.patch
* mm-hugetlb-fix-a-typo-in-comment-manitained-maintained-v2.patch
* mm-hugetlb-fix-a-typo-in-comment-manitained-maintained-v2-checkpatch-fixes.patch
* mm-vmsan-fix-some-typos-in-comment.patch
* mm-compaction-fix-a-typo-in-comment-pessemistic-pessimistic.patch
* mm-memblock-fix-a-typo-in-comment-implict-implicit.patch
* mm-list_lru-fix-a-typo-in-comment-numbesr-numbers.patch
* mm-filemap-fix-a-typo-in-comment-unneccssary-unnecessary.patch
* mm-frontswap-fix-some-typos-in-frontswapc.patch
* mm-memcg-fix-some-typos-in-memcontrolc.patch
* mm-fix-a-typo-in-comment-strucure-structure.patch
* mm-slub-fix-a-typo-in-comment-disambiguiation-disambiguation.patch
* mm-sparse-fix-a-typo-in-comment-convienence-convenience.patch
* mm-page-writeback-fix-a-typo-in-comment-effictive-effective.patch
* mm-memory-fix-a-typo-in-comment-attampt-attempt.patch
* mm-use-false-for-bool-variable.patch
* info-task-hung-in-generic_file_write_iter.patch
* info-task-hung-in-generic_file_write-fix.patch
* kernel-hung_taskc-monitor-killed-tasks.patch
* proc-rename-catch-function-argument.patch
* proc-rename-struct-proc_fs_info-to-proc_fs_opts.patch
* proc-allow-to-mount-many-instances-of-proc-in-one-pid-namespace.patch
* proc-instantiate-only-pids-that-we-can-ptrace-on-hidepid=4-mount-option.patch
* proc-add-option-to-mount-only-a-pids-subset.patch
* docs-proc-add-documentation-for-hidepid=4-and-subset=pid-options-and-new-mount-behavior.patch
* proc-use-human-readable-values-for-hidepid.patch
* proc-use-named-enums-for-better-readability.patch
* x86-mm-define-mm_p4d_folded.patch
* mm-debug-add-tests-validating-architecture-page-table-helpers.patch
* mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch
* userc-make-uidhash_table-static.patch
* parisc-add-sysctl-file-interface-panic_on_stackoverflow.patch
* kernel-hung_taskc-introduce-sysctl-to-print-all-traces-when-a-hung-task-is-detected.patch
* dynamic_debug-add-an-option-to-enable-dynamic-debug-for-modules-only.patch
* dynamic_debug-add-an-option-to-enable-dynamic-debug-for-modules-only-v2.patch
* lib-math-avoid-trailing-n-hidden-in-pr_fmt.patch
* lib-add-might_fault-to-strncpy_from_user.patch
* lib-optimize-cpumask_local_spread.patch
* lib-test_lockupc-make-test_inode-static.patch
* checkpatch-additional-maintainer-section-entry-ordering-checks.patch
* checkpatch-look-for-c99-comments-in-ctx_locate_comment.patch
* fs-binfmt_elf-remove-redundant-elf_map-ifndef.patch
* elfnote-mark-all-note-sections-shf_alloc.patch
* initrdmem=-option-to-specify-initrd-physical-address.patch
* initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch
* fat-dont-allow-to-mount-if-the-fat-length-==-0.patch
* fat-improve-the-readahead-for-fat-entries.patch
* fs-seq_filec-seq_read-update-pr_info_ratelimited.patch
* umh-fix-refcount-underflow-in-fork_usermode_blob.patch
* kexec-prevent-removal-of-memory-in-use-by-a-loaded-kexec-image.patch
* mm-memory_hotplug-allow-arch-override-of-non-boot-memory-resource-names.patch
* arm64-memory-give-hotplug-memory-a-different-resource-name.patch
* panic-add-sysctl-to-dump-all-cpus-backtraces-on-oops-event.patch
* kernel-relayc-fix-read_pos-error-when-multiple-readers.patch
* aio-simplify-read_events.patch
* selftests-x86-pkeys-move-selftests-to-arch-neutral-directory.patch
* selftests-vm-pkeys-rename-all-references-to-pkru-to-a-generic-name.patch
* selftests-vm-pkeys-move-generic-definitions-to-header-file.patch
* selftests-vm-pkeys-move-some-definitions-to-arch-specific-header.patch
* selftests-vm-pkeys-make-gcc-check-arguments-of-sigsafe_printf.patch
* selftests-vm-pkeys-use-sane-types-for-pkey-register.patch
* selftests-vm-pkeys-add-helpers-for-pkey-bits.patch
* selftests-vm-pkeys-fix-pkey_disable_clear.patch
* selftests-vm-pkeys-fix-assertion-in-pkey_disable_set-clear.patch
* selftests-vm-pkeys-fix-alloc_random_pkey-to-make-it-really-random.patch
* selftests-vm-pkeys-use-the-correct-huge-page-size.patch
* selftests-vm-pkeys-introduce-generic-pkey-abstractions.patch
* selftests-vm-pkeys-introduce-powerpc-support.patch
* selftests-vm-pkeys-fix-number-of-reserved-powerpc-pkeys.patch
* selftests-vm-pkeys-fix-assertion-in-test_pkey_alloc_exhaust.patch
* selftests-vm-pkeys-improve-checks-to-determine-pkey-support.patch
* selftests-vm-pkeys-associate-key-on-a-mapped-page-and-detect-access-violation.patch
* selftests-vm-pkeys-associate-key-on-a-mapped-page-and-detect-write-violation.patch
* selftests-vm-pkeys-detect-write-violation-on-a-mapped-access-denied-key-page.patch
* selftests-vm-pkeys-introduce-a-sub-page-allocator.patch
* selftests-vm-pkeys-test-correct-behaviour-of-pkey-0.patch
* selftests-vm-pkeys-override-access-right-definitions-on-powerpc.patch
* selftests-vm-pkeys-use-the-correct-page-size-on-powerpc.patch
* selftests-vm-pkeys-fix-multilib-builds-for-x86.patch
* tools-testing-selftests-vm-remove-duplicate-headers.patch
* ipc-msg-add-missing-annotation-for-freeque.patch
* ipc-use-a-work-queue-to-free_ipc.patch
* ipc-convert-ipcs_idr-to-xarray.patch
  linux-next.patch
  linux-next-fix.patch
* amdgpu-a-null-mm-does-not-mean-a-thread-is-a-kthread.patch
* i915-gvt-remove-unused-xen-bits.patch
* kernel-move-use_mm-unuse_mm-to-kthreadc.patch
* kernel-move-use_mm-unuse_mm-to-kthreadc-v2.patch
* kernel-better-document-the-use_mm-unuse_mm-api-contract.patch
* kernel-better-document-the-use_mm-unuse_mm-api-contract-v2.patch
* kernel-set-user_ds-in-kthread_use_mm.patch
* mm-kmemleak-silence-kcsan-splats-in-checksum.patch
* kallsyms-printk-add-loglvl-to-print_ip_sym.patch
* alpha-add-show_stack_loglvl.patch
* arc-add-show_stack_loglvl.patch
* arm-asm-add-loglvl-to-c_backtrace.patch
* arm-add-loglvl-to-unwind_backtrace.patch
* arm-add-loglvl-to-dump_backtrace.patch
* arm-wire-up-dump_backtrace_entrystm.patch
* arm-add-show_stack_loglvl.patch
* arm64-add-loglvl-to-dump_backtrace.patch
* arm64-add-show_stack_loglvl.patch
* c6x-add-show_stack_loglvl.patch
* csky-add-show_stack_loglvl.patch
* h8300-add-show_stack_loglvl.patch
* hexagon-add-show_stack_loglvl.patch
* ia64-pass-log-level-as-arg-into-ia64_do_show_stack.patch
* ia64-add-show_stack_loglvl.patch
* m68k-add-show_stack_loglvl.patch
* microblaze-add-loglvl-to-microblaze_unwind_inner.patch
* microblaze-add-loglvl-to-microblaze_unwind.patch
* microblaze-add-show_stack_loglvl.patch
* mips-add-show_stack_loglvl.patch
* nds32-add-show_stack_loglvl.patch
* nios2-add-show_stack_loglvl.patch
* openrisc-add-show_stack_loglvl.patch
* parisc-add-show_stack_loglvl.patch
* powerpc-add-show_stack_loglvl.patch
* riscv-add-show_stack_loglvl.patch
* s390-add-show_stack_loglvl.patch
* sh-add-loglvl-to-dump_mem.patch
* sh-remove-needless-printk.patch
* sh-add-loglvl-to-printk_address.patch
* sh-add-loglvl-to-show_trace.patch
* sh-add-show_stack_loglvl.patch
* sparc-add-show_stack_loglvl.patch
* um-sysrq-remove-needless-variable-sp.patch
* um-add-show_stack_loglvl.patch
* unicore32-remove-unused-pmode-argument-in-c_backtrace.patch
* unicore32-add-loglvl-to-c_backtrace.patch
* unicore32-add-show_stack_loglvl.patch
* x86-add-missing-const-qualifiers-for-log_lvl.patch
* x86-add-show_stack_loglvl.patch
* xtensa-add-loglvl-to-show_trace.patch
* xtensa-add-show_stack_loglvl.patch
* sysrq-use-show_stack_loglvl.patch
* x86-amd_gart-print-stacktrace-for-a-leak-with-kern_err.patch
* power-use-show_stack_loglvl.patch
* kdb-dont-play-with-console_loglevel.patch
* sched-print-stack-trace-with-kern_info.patch
* kernel-use-show_stack_loglvl.patch
* kernel-rename-show_stack_loglvl-=-show_stack.patch
* mm-frontswap-mark-various-intentional-data-races.patch
* mm-page_io-mark-various-intentional-data-races.patch
* mm-page_io-mark-various-intentional-data-races-v2.patch
* mm-swap_state-mark-various-intentional-data-races.patch
* mm-filemap-fix-a-data-race-in-filemap_fault.patch
* mm-swapfile-fix-and-annotate-various-data-races.patch
* mm-swapfile-fix-and-annotate-various-data-races-v2.patch
* mm-page_counter-fix-various-data-races-at-memsw.patch
* mm-memcontrol-fix-a-data-race-in-scan-count.patch
* mm-list_lru-fix-a-data-race-in-list_lru_count_one.patch
* mm-mempool-fix-a-data-race-in-mempool_free.patch
* mm-util-annotate-an-data-race-at-vm_committed_as.patch
* mm-rmap-annotate-a-data-race-at-tlb_flush_batched.patch
* mm-annotate-a-data-race-in-page_zonenum.patch
* mm-swap-annotate-data-races-for-lru_rotate_pvecs.patch
* net-zerocopy-use-vm_insert_pages-for-tcp-rcv-zerocopy.patch
* mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch
* mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch
* mm-pass-task-and-mm-to-do_madvise.patch
* mm-introduce-external-memory-hinting-api.patch
* mm-introduce-external-memory-hinting-api-fix.patch
* mm-check-fatal-signal-pending-of-target-process.patch
* pid-move-pidfd_get_pid-function-to-pidc.patch
* mm-support-both-pid-and-pidfd-for-process_madvise.patch
* mm-madvise-employ-mmget_still_valid-for-write-lock.patch
* mm-madvise-allow-ksm-hints-for-remote-api.patch
* fix-read-buffer-overflow-in-delta-ipc.patch
  make-sure-nobodys-leaking-resources.patch
  releasing-resources-with-children.patch
  mutex-subsystem-synchro-test-module.patch
  kernel-forkc-export-kernel_thread-to-modules.patch
  workaround-for-a-pci-restoring-bug.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (22 preceding siblings ...)
  2020-04-21  5:43 ` mmotm 2020-04-20-22-43 uploaded Andrew Morton
@ 2020-04-22  1:36 ` Andrew Morton
  2020-04-22  1:36 ` + mm-swapfilec-tmp-is-always-smaller-than-max.patch " Andrew Morton
                   ` (43 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-22  1:36 UTC (permalink / raw)
  To: hughd, mm-commits, richard.weiyang, tim.c.chen, ying.huang


The patch titled
     Subject: mm/swapfile.c: found_free could be represented by (tmp < max)
has been added to the -mm tree.  Its filename is
     mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Wei Yang <richard.weiyang@gmail.com>
Subject: mm/swapfile.c: found_free could be represented by (tmp < max)

This is not necessary to use the variable found_free to record the status.
Just check tmp and max is enough.

Link: http://lkml.kernel.org/r/20200421213824.8099-1-richard.weiyang@gmail.com
Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/swapfile.c |   11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

--- a/mm/swapfile.c~mm-swapfilec-found_free-could-be-represented-by-tmp-max
+++ a/mm/swapfile.c
@@ -601,7 +601,6 @@ static bool scan_swap_map_try_ssd_cluste
 {
 	struct percpu_cluster *cluster;
 	struct swap_cluster_info *ci;
-	bool found_free;
 	unsigned long tmp, max;
 
 new_cluster:
@@ -623,8 +622,6 @@ new_cluster:
 			return false;
 	}
 
-	found_free = false;
-
 	/*
 	 * Other CPUs can use our cluster if they can't find a free cluster,
 	 * check if there is still free entry in the cluster
@@ -638,21 +635,19 @@ new_cluster:
 	}
 	ci = lock_cluster(si, tmp);
 	while (tmp < max) {
-		if (!si->swap_map[tmp]) {
-			found_free = true;
+		if (!si->swap_map[tmp])
 			break;
-		}
 		tmp++;
 	}
 	unlock_cluster(ci);
-	if (!found_free) {
+	if (tmp >= max) {
 		cluster_set_null(&cluster->index);
 		goto new_cluster;
 	}
 	cluster->next = tmp + 1;
 	*offset = tmp;
 	*scan_base = tmp;
-	return found_free;
+	return tmp < max;
 }
 
 static void __del_from_avail_list(struct swap_info_struct *p)
_

Patches currently in -mm which might be from richard.weiyang@gmail.com are

mm-swapfilec-offset-is-only-used-when-there-is-more-slots.patch
mm-swapfilec-explicitly-show-ssd-non-ssd-is-handled-mutually-exclusive.patch
mm-swapfilec-remove-the-unnecessary-goto-for-ssd-case.patch
mm-swapfilec-simplify-the-calculation-of-n_goal.patch
mm-swapfilec-remove-the-extra-check-in-scan_swap_map_slots.patch
mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch
mm-swapfilec-tmp-is-always-smaller-than-max.patch
mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch
mm-page_allocc-bad_-is-not-necessary-when-pagehwpoison.patch
mm-page_allocc-bad_flags-is-not-necessary-for-bad_page.patch
mm-page_allocc-rename-free_pages_check_bad-to-check_free_page_bad.patch
mm-page_allocc-rename-free_pages_check-to-check_free_page.patch
mm-page_allocc-extract-check__page_bad-common-part-to-page_bad_reason.patch
mm-page_allocc-use-node_mask_none-in-build_zonelists.patch
mm-rename-gfpflags_to_migratetype-to-gfp_migratetype-for-same-convention.patch
mm-vmscanc-use-update_lru_size-in-update_lru_sizes.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-swapfilec-tmp-is-always-smaller-than-max.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (23 preceding siblings ...)
  2020-04-22  1:36 ` + mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch added to -mm tree Andrew Morton
@ 2020-04-22  1:36 ` Andrew Morton
  2020-04-22  1:36 ` + mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch " Andrew Morton
                   ` (42 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-22  1:36 UTC (permalink / raw)
  To: hughd, mm-commits, richard.weiyang, tim.c.chen, ying.huang


The patch titled
     Subject: mm/swapfile.c: tmp is always smaller than max
has been added to the -mm tree.  Its filename is
     mm-swapfilec-tmp-is-always-smaller-than-max.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-swapfilec-tmp-is-always-smaller-than-max.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-swapfilec-tmp-is-always-smaller-than-max.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Wei Yang <richard.weiyang@gmail.com>
Subject: mm/swapfile.c: tmp is always smaller than max

If tmp is bigger or equal to max, we would jump to new_cluster.

Return true directly.

Link: http://lkml.kernel.org/r/20200421213824.8099-2-richard.weiyang@gmail.com
Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/swapfile.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/mm/swapfile.c~mm-swapfilec-tmp-is-always-smaller-than-max
+++ a/mm/swapfile.c
@@ -647,7 +647,7 @@ new_cluster:
 	cluster->next = tmp + 1;
 	*offset = tmp;
 	*scan_base = tmp;
-	return tmp < max;
+	return true;
 }
 
 static void __del_from_avail_list(struct swap_info_struct *p)
_

Patches currently in -mm which might be from richard.weiyang@gmail.com are

mm-swapfilec-offset-is-only-used-when-there-is-more-slots.patch
mm-swapfilec-explicitly-show-ssd-non-ssd-is-handled-mutually-exclusive.patch
mm-swapfilec-remove-the-unnecessary-goto-for-ssd-case.patch
mm-swapfilec-simplify-the-calculation-of-n_goal.patch
mm-swapfilec-remove-the-extra-check-in-scan_swap_map_slots.patch
mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch
mm-swapfilec-tmp-is-always-smaller-than-max.patch
mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch
mm-page_allocc-bad_-is-not-necessary-when-pagehwpoison.patch
mm-page_allocc-bad_flags-is-not-necessary-for-bad_page.patch
mm-page_allocc-rename-free_pages_check_bad-to-check_free_page_bad.patch
mm-page_allocc-rename-free_pages_check-to-check_free_page.patch
mm-page_allocc-extract-check__page_bad-common-part-to-page_bad_reason.patch
mm-page_allocc-use-node_mask_none-in-build_zonelists.patch
mm-rename-gfpflags_to_migratetype-to-gfp_migratetype-for-same-convention.patch
mm-vmscanc-use-update_lru_size-in-update_lru_sizes.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (24 preceding siblings ...)
  2020-04-22  1:36 ` + mm-swapfilec-tmp-is-always-smaller-than-max.patch " Andrew Morton
@ 2020-04-22  1:36 ` Andrew Morton
  2020-04-23 22:36 ` + kasan-initialise-array-in-kasan_memcmp-test.patch " Andrew Morton
                   ` (41 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-22  1:36 UTC (permalink / raw)
  To: hughd, mm-commits, richard.weiyang, tim.c.chen, ying.huang


The patch titled
     Subject: mm/swapfile.c: omit a duplicate code by compare tmp and max first
has been added to the -mm tree.  Its filename is
     mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Wei Yang <richard.weiyang@gmail.com>
Subject: mm/swapfile.c: omit a duplicate code by compare tmp and max first

There are two duplicate code to handle the case when there is no available
swap entry.  To avoid this, we can compare tmp and max first and let the
second guard do its job.

No functional change is expected.

Link: http://lkml.kernel.org/r/20200421213824.8099-3-richard.weiyang@gmail.com
Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Reviewed-by: "Huang, Ying" <ying.huang@intel.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/swapfile.c |   18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

--- a/mm/swapfile.c~mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first
+++ a/mm/swapfile.c
@@ -629,17 +629,15 @@ new_cluster:
 	tmp = cluster->next;
 	max = min_t(unsigned long, si->max,
 		    (cluster_next(&cluster->index) + 1) * SWAPFILE_CLUSTER);
-	if (tmp >= max) {
-		cluster_set_null(&cluster->index);
-		goto new_cluster;
-	}
-	ci = lock_cluster(si, tmp);
-	while (tmp < max) {
-		if (!si->swap_map[tmp])
-			break;
-		tmp++;
+	if (tmp < max) {
+		ci = lock_cluster(si, tmp);
+		while (tmp < max) {
+			if (!si->swap_map[tmp])
+				break;
+			tmp++;
+		}
+		unlock_cluster(ci);
 	}
-	unlock_cluster(ci);
 	if (tmp >= max) {
 		cluster_set_null(&cluster->index);
 		goto new_cluster;
_

Patches currently in -mm which might be from richard.weiyang@gmail.com are

mm-swapfilec-offset-is-only-used-when-there-is-more-slots.patch
mm-swapfilec-explicitly-show-ssd-non-ssd-is-handled-mutually-exclusive.patch
mm-swapfilec-remove-the-unnecessary-goto-for-ssd-case.patch
mm-swapfilec-simplify-the-calculation-of-n_goal.patch
mm-swapfilec-remove-the-extra-check-in-scan_swap_map_slots.patch
mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch
mm-swapfilec-tmp-is-always-smaller-than-max.patch
mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch
mm-page_allocc-bad_-is-not-necessary-when-pagehwpoison.patch
mm-page_allocc-bad_flags-is-not-necessary-for-bad_page.patch
mm-page_allocc-rename-free_pages_check_bad-to-check_free_page_bad.patch
mm-page_allocc-rename-free_pages_check-to-check_free_page.patch
mm-page_allocc-extract-check__page_bad-common-part-to-page_bad_reason.patch
mm-page_allocc-use-node_mask_none-in-build_zonelists.patch
mm-rename-gfpflags_to_migratetype-to-gfp_migratetype-for-same-convention.patch
mm-vmscanc-use-update_lru_size-in-update_lru_sizes.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + kasan-initialise-array-in-kasan_memcmp-test.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (25 preceding siblings ...)
  2020-04-22  1:36 ` + mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch " Andrew Morton
@ 2020-04-23 22:36 ` Andrew Morton
  2020-04-23 22:38 ` + kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory.patch " Andrew Morton
                   ` (40 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 22:36 UTC (permalink / raw)
  To: aryabinin, danielmicay, dja, dvyukov, glider, mm-commits


The patch titled
     Subject: kasan: initialise array in kasan_memcmp test
has been added to the -mm tree.  Its filename is
     kasan-initialise-array-in-kasan_memcmp-test.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/kasan-initialise-array-in-kasan_memcmp-test.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/kasan-initialise-array-in-kasan_memcmp-test.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Daniel Axtens <dja@axtens.net>
Subject: kasan: initialise array in kasan_memcmp test

memcmp may bail out before accessing all the memory if the buffers contain
differing bytes.  kasan_memcmp calls memcmp with a stack array.  Stack
variables are not necessarily initialised (in the absence of a compiler
plugin, at least).  Sometimes this causes the memcpy to bail early thus
fail to trigger kasan.

Make sure the array initialised to zero in the code.

No other test is dependent on the contents of an array on the stack.

Link: http://lkml.kernel.org/r/20200423154503.5103-4-dja@axtens.net
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/test_kasan.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/lib/test_kasan.c~kasan-initialise-array-in-kasan_memcmp-test
+++ a/lib/test_kasan.c
@@ -638,7 +638,7 @@ static noinline void __init kasan_memcmp
 {
 	char *ptr;
 	size_t size = 24;
-	int arr[9];
+	int arr[9] = {};
 
 	pr_info("out-of-bounds in memcmp\n");
 	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
_

Patches currently in -mm which might be from dja@axtens.net are

kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch
stringh-fix-incompatibility-between-fortify_source-and-kasan.patch
kasan-initialise-array-in-kasan_memcmp-test.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (26 preceding siblings ...)
  2020-04-23 22:36 ` + kasan-initialise-array-in-kasan_memcmp-test.patch " Andrew Morton
@ 2020-04-23 22:38 ` Andrew Morton
  2020-04-23 22:41 ` + mm-pass-task-and-mm-to-do_madvise-fix.patch " Andrew Morton
                   ` (39 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 22:38 UTC (permalink / raw)
  To: bp, brijesh.singh, hpa, hubcap, ira.weiny, Janakarajan.Natarajan,
	jmattson, joro, mingo, mm-commits, pbonzini,
	sean.j.christopherson, tglx, vkuznets, wanpengli


The patch titled
     Subject: arch/x86/kvm/svm/sev.c: change flag passed to GUP fast in sev_pin_memory()
has been added to the -mm tree.  Its filename is
     kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
Subject: arch/x86/kvm/svm/sev.c: change flag passed to GUP fast in sev_pin_memory()

When trying to lock read-only pages, sev_pin_memory() fails because
FOLL_WRITE is used as the flag for get_user_pages_fast().

Commit 73b0140bf0fe ("mm/gup: change GUP fast to use flags rather than a
write 'bool'") updated the get_user_pages_fast() call sites to use flags,
but incorrectly updated the call in sev_pin_memory().  As the original
coding of this call was correct, revert the change made by that commit.

Link: http://lkml.kernel.org/r/20200423152419.87202-1-Janakarajan.Natarajan@amd.com
Fixes: 73b0140bf0fe ("mm/gup: change GUP fast to use flags rather than a write 'bool'")
Signed-off-by: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Wanpeng Li <wanpengli@tencent.com>
Cc: Jim Mattson <jmattson@google.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Mike Marshall <hubcap@omnibond.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/x86/kvm/svm/sev.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kvm/svm/sev.c~kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory
+++ a/arch/x86/kvm/svm/sev.c
@@ -345,7 +345,7 @@ static struct page **sev_pin_memory(stru
 		return NULL;
 
 	/* Pin the user virtual address. */
-	npinned = get_user_pages_fast(uaddr, npages, FOLL_WRITE, pages);
+	npinned = get_user_pages_fast(uaddr, npages, write ? FOLL_WRITE : 0, pages);
 	if (npinned != npages) {
 		pr_err("SEV: Failure locking %lu pages.\n", npages);
 		goto err;
_

Patches currently in -mm which might be from Janakarajan.Natarajan@amd.com are

kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-pass-task-and-mm-to-do_madvise-fix.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (27 preceding siblings ...)
  2020-04-23 22:38 ` + kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory.patch " Andrew Morton
@ 2020-04-23 22:41 ` Andrew Morton
  2020-04-23 22:44 ` + mm-support-vector-address-ranges-for-process_madvise.patch " Andrew Morton
                   ` (38 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 22:41 UTC (permalink / raw)
  To: axboe, jannh, minchan, mm-commits


The patch titled
     Subject: fs: use current->mm for io_uring
has been added to the -mm tree.  Its filename is
     mm-pass-task-and-mm-to-do_madvise-fix.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-pass-task-and-mm-to-do_madvise-fix.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-pass-task-and-mm-to-do_madvise-fix.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Minchan Kim <minchan@kernel.org>
Subject: fs: use current->mm for io_uring

per-request by Jens,
https://lore.kernel.org/io-uring/46e5b8bf-0f14-caff-f706-91794191e730@kernel.dk/

Andrew, please fold this into "mm/madvise: pass task and mm to do_madvise"

Link: http://lkml.kernel.org/r/20200423145215.72666-1-minchan@kernel.org
Signed-off-by: Minchan Kim <minchan@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/io_uring.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/io_uring.c~mm-pass-task-and-mm-to-do_madvise-fix
+++ a/fs/io_uring.c
@@ -3267,7 +3267,7 @@ static int io_madvise(struct io_kiocb *r
 	if (force_nonblock)
 		return -EAGAIN;
 
-	ret = do_madvise(NULL, req->work.mm, ma->addr, ma->len, ma->advice);
+	ret = do_madvise(NULL, current->mm, ma->addr, ma->len, ma->advice);
 	if (ret < 0)
 		req_set_fail_links(req);
 	io_cqring_add_event(req, ret);
_

Patches currently in -mm which might be from minchan@kernel.org are

mm-pass-task-and-mm-to-do_madvise.patch
mm-pass-task-and-mm-to-do_madvise-fix.patch
mm-introduce-external-memory-hinting-api.patch
mm-introduce-external-memory-hinting-api-fix.patch
mm-check-fatal-signal-pending-of-target-process.patch
pid-move-pidfd_get_pid-function-to-pidc.patch
mm-support-both-pid-and-pidfd-for-process_madvise.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-support-vector-address-ranges-for-process_madvise.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (28 preceding siblings ...)
  2020-04-23 22:41 ` + mm-pass-task-and-mm-to-do_madvise-fix.patch " Andrew Morton
@ 2020-04-23 22:44 ` Andrew Morton
  2020-04-23 22:44 ` + mm-support-vector-address-ranges-for-process_madvise-fix.patch " Andrew Morton
                   ` (37 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 22:44 UTC (permalink / raw)
  To: arjunroy, bgeffon, dancol, hannes, joaodias, joel, mhocko,
	minchan, mm-commits, oleksandr, rientjes, shakeelb, sj38.park,
	sonnyrao, sspatil, surenb, timmurray, vbabka


The patch titled
     Subject: mm: support vector address ranges for process_madvise
has been added to the -mm tree.  Its filename is
     mm-support-vector-address-ranges-for-process_madvise.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-support-vector-address-ranges-for-process_madvise.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-support-vector-address-ranges-for-process_madvise.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Minchan Kim <minchan@kernel.org>
Subject: mm: support vector address ranges for process_madvise

This patch extends a) process_madvise(2) support vector address ranges in
a system call and then b) support the vector address ranges to local
process as well as external process.

Android app has thousands of vmas due to zygote so it's totally waste of
CPU and power if we should call the syscall one by one for each vma. 
(With testing 2000-vma syscall vs 1-vector syscall, it showed 15%
performance improvement.  I think it would be bigger in real practice
because the testing ran very cache friendly environment).

Another potential use case for the vector range is to amortize the cost of
TLB shootdowns for multiple ranges when using MADV_DONTNEED; this could
benefit users like TCP receive zerocopy and malloc implementations.  In
future, we could find more usecases for other advises so let's make it
happens as API since we introduce a new syscall at this moment.  With
that, existing madvise(2) user could replace it with process_madvise(2)
with their own pid if they want to have batch address ranges support
feature.

So finally, the API is as follows,

  ssize_t process_madvise(idtype_t idtype, id_t id,
		const struct iovec *iovec, unsigned long vlen,
                int advice, unsigned long flags);

DESCRIPTION
  The process_madvise() system call is used to give advice or directions
  to the kernel about the address ranges from external process as well as
  local process. It provides the advice to address ranges of process
  described by iovec and vlen. The goal of such advice is to improve system
  or application performance.

  The idtype and id arguments select the target process to be advised as
  follows:

    idtype == P_PID
      select the process whose process ID matches id

    idtype == P_PIDFD
      select the process referred to by the PID file descriptor
      specified in id. (See pidofd_open(2) for further information)

  The pointer iovec points to an array of iovec structures, defined in
  <sys/uio.h> as:

    struct iovec {
    	void *iov_base;		/* starting address */
	size_t iov_len;		/* number of bytes to be advised */
    };

  The iovec describes address ranges beginning at address(iov_base)
  and with size length of bytes(iov_len).

  The vlen represents the number of elements in iovec.

  The advice is indicated in the advice argument, which is one of the
  following at this moment if the target process specified by idtype and
  id is external.

    MADV_COLD
    MADV_PAGEOUT
    MADV_MERGEABLE
    MADV_UNMERGEABLE

  Permission to provide a hint to external process is governed by a
  ptrace access mode PTRACE_MODE_ATTACH_FSCREDS check; see ptrace(2).

  The process_madvise supports every advice madvise(2) has if target
  process is in same thread group with calling process so user could
  use process_madvise(2) to extend existing madvise(2) to support
  vector address ranges.

RETURN VALUE
  On success, process_madvise() returns the number of bytes advised.
  This return value may be less than the total number of requested
  bytes, if an error occurred. The caller should check return value
  to determine whether a partial advice occurred.

Link: http://lkml.kernel.org/r/20200423145215.72666-2-minchan@kernel.org
Signed-off-by: Minchan Kim <minchan@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Arjun Roy <arjunroy@google.com>
Cc: Tim Murray <timmurray@google.com>
Cc: Daniel Colascione <dancol@google.com>
Cc: Sonny Rao <sonnyrao@google.com>
Cc: Brian Geffon <bgeffon@google.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: John Dias <joaodias@google.com>
Cc: Joel Fernandes <joel@joelfernandes.org>
Cc: SeongJae Park <sj38.park@gmail.com>
Cc: Oleksandr Natalenko <oleksandr@redhat.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Sandeep Patil <sspatil@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/madvise.c |   47 ++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 40 insertions(+), 7 deletions(-)

--- a/mm/madvise.c~mm-support-vector-address-ranges-for-process_madvise
+++ a/mm/madvise.c
@@ -1195,20 +1195,39 @@ SYSCALL_DEFINE3(madvise, unsigned long,
 	return do_madvise(current, current->mm, start, len_in, behavior);
 }
 
-SYSCALL_DEFINE6(process_madvise, int, which, pid_t, upid, unsigned long, start,
-		size_t, len_in, int, behavior, unsigned long, flags)
+static int do_process_madvise(struct task_struct *target_task,
+		struct mm_struct *mm, struct iov_iter *iter, int behavior)
 {
-	int ret;
+	struct iovec iovec;
+	int ret = 0;
+
+	while (iov_iter_count(iter)) {
+		iovec = iov_iter_iovec(iter);
+		ret = do_madvise(target_task, mm, (unsigned long)iovec.iov_base,
+					iovec.iov_len, behavior);
+		if (ret < 0)
+			break;
+		iov_iter_advance(iter, iovec.iov_len);
+	}
+
+	return ret;
+}
+
+SYSCALL_DEFINE6(process_madvise, int, which, pid_t, upid,
+		const struct iovec __user *, vec, unsigned long, vlen,
+		int, behavior, unsigned long, flags)
+{
+	ssize_t ret;
 	struct pid *pid;
 	struct task_struct *task;
 	struct mm_struct *mm;
+	struct iovec iovstack[UIO_FASTIOV];
+	struct iovec *iov = iovstack;
+	struct iov_iter iter;
 
 	if (flags != 0)
 		return -EINVAL;
 
-	if (!process_madvise_behavior_valid(behavior))
-		return -EINVAL;
-
 	switch (which) {
 	case P_PID:
 		if (upid <= 0)
@@ -1236,13 +1255,27 @@ SYSCALL_DEFINE6(process_madvise, int, wh
 		goto put_pid;
 	}
 
+	if (task->mm != current->mm &&
+			!process_madvise_behavior_valid(behavior)) {
+		ret = -EINVAL;
+		goto release_task;
+	}
+
 	mm = mm_access(task, PTRACE_MODE_ATTACH_FSCREDS);
 	if (IS_ERR_OR_NULL(mm)) {
 		ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
 		goto release_task;
 	}
 
-	ret = do_madvise(task, mm, start, len_in, behavior);
+	ret = import_iovec(READ, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
+	if (ret >= 0) {
+		size_t total_len = iov_iter_count(&iter);
+
+		ret = do_process_madvise(task, mm, &iter, behavior);
+		if (ret >= 0)
+			ret = total_len - iov_iter_count(&iter);
+		kfree(iov);
+	}
 	mmput(mm);
 release_task:
 	put_task_struct(task);
_

Patches currently in -mm which might be from minchan@kernel.org are

mm-pass-task-and-mm-to-do_madvise.patch
mm-pass-task-and-mm-to-do_madvise-fix.patch
mm-introduce-external-memory-hinting-api.patch
mm-introduce-external-memory-hinting-api-fix.patch
mm-check-fatal-signal-pending-of-target-process.patch
pid-move-pidfd_get_pid-function-to-pidc.patch
mm-support-both-pid-and-pidfd-for-process_madvise.patch
mm-support-vector-address-ranges-for-process_madvise.patch
mm-support-vector-address-ranges-for-process_madvise-fix.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-support-vector-address-ranges-for-process_madvise-fix.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (29 preceding siblings ...)
  2020-04-23 22:44 ` + mm-support-vector-address-ranges-for-process_madvise.patch " Andrew Morton
@ 2020-04-23 22:44 ` Andrew Morton
  2020-04-23 22:48 ` + kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch " Andrew Morton
                   ` (36 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 22:44 UTC (permalink / raw)
  To: arjunroy, bgeffon, dancol, hannes, joaodias, joel, mhocko,
	minchan, mm-commits, oleksandr, rientjes, shakeelb, sj38.park,
	sonnyrao, sspatil, surenb, timmurray, vbabka


The patch titled
     Subject: mm: support compat_sys_process_madvise
has been added to the -mm tree.  Its filename is
     mm-support-vector-address-ranges-for-process_madvise-fix.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-support-vector-address-ranges-for-process_madvise-fix.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-support-vector-address-ranges-for-process_madvise-fix.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Minchan Kim <minchan@kernel.org>
Subject: mm: support compat_sys_process_madvise

This patch supports compat syscall for process_madvise

Link: http://lkml.kernel.org/r/20200423195835.GA46847@google.com
Signed-off-by: Minchan Kim <minchan@kernel.org>
Cc: Arjun Roy <arjunroy@google.com>
Cc: Brian Geffon <bgeffon@google.com>
Cc: Daniel Colascione <dancol@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Joel Fernandes <joel@joelfernandes.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: John Dias <joaodias@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Oleksandr Natalenko <oleksandr@redhat.com>
Cc: Sandeep Patil <sspatil@google.com>
Cc: SeongJae Park <sj38.park@gmail.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Sonny Rao <sonnyrao@google.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Tim Murray <timmurray@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/arm64/include/asm/unistd32.h         |    2 
 arch/mips/kernel/syscalls/syscall_n32.tbl |    2 
 arch/parisc/kernel/syscalls/syscall.tbl   |    2 
 arch/powerpc/kernel/syscalls/syscall.tbl  |    2 
 arch/s390/kernel/syscalls/syscall.tbl     |    2 
 arch/sparc/kernel/syscalls/syscall.tbl    |    2 
 arch/x86/entry/syscalls/syscall_32.tbl    |    2 
 arch/x86/entry/syscalls/syscall_64.tbl    |    3 -
 include/linux/compat.h                    |    3 +
 include/uapi/asm-generic/unistd.h         |    3 -
 kernel/sys_ni.c                           |    1 
 mm/madvise.c                              |   60 +++++++++++++++-----
 12 files changed, 60 insertions(+), 24 deletions(-)

--- a/arch/arm64/include/asm/unistd32.h~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/arch/arm64/include/asm/unistd32.h
@@ -884,7 +884,7 @@ __SYSCALL(__NR_openat2, sys_openat2)
 #define __NR_pidfd_getfd 438
 __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd)
 #define __NR_process_madvise 439
-__SYSCALL(__NR_process_madvise, sys_process_madvise)
+__SYSCALL(__NR_process_madvise, compat_sys_process_madvise)
 
 /*
  * Please add new compat syscalls above this comment and update
--- a/arch/mips/kernel/syscalls/syscall_n32.tbl~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/arch/mips/kernel/syscalls/syscall_n32.tbl
@@ -376,4 +376,4 @@
 435	n32	clone3				__sys_clone3
 437	n32	openat2				sys_openat2
 438	n32	pidfd_getfd			sys_pidfd_getfd
-439	n32	process_madvise			sys_process_madvise
+439	n32	process_madvise			compat_sys_process_madvise
--- a/arch/parisc/kernel/syscalls/syscall.tbl~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/arch/parisc/kernel/syscalls/syscall.tbl
@@ -435,4 +435,4 @@
 435	common	clone3				sys_clone3_wrapper
 437	common	openat2				sys_openat2
 438	common	pidfd_getfd			sys_pidfd_getfd
-439	common	process_madvise			sys_process_madvise
+439	common	process_madvise			sys_process_madvise		compat_sys_process_madvise
--- a/arch/powerpc/kernel/syscalls/syscall.tbl~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/arch/powerpc/kernel/syscalls/syscall.tbl
@@ -527,4 +527,4 @@
 435	spu	clone3				sys_ni_syscall
 437	common	openat2				sys_openat2
 438	common	pidfd_getfd			sys_pidfd_getfd
-439	common	process_madvise			sys_process_madvise
+439	common	process_madvise			sys_process_madvise		compat_sys_process_madvise
--- a/arch/s390/kernel/syscalls/syscall.tbl~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/arch/s390/kernel/syscalls/syscall.tbl
@@ -440,4 +440,4 @@
 435  common	clone3			sys_clone3			sys_clone3
 437  common	openat2			sys_openat2			sys_openat2
 438  common	pidfd_getfd		sys_pidfd_getfd			sys_pidfd_getfd
-439  common	process_madvise		sys_process_madvise		sys_process_madvise
+439  common	process_madvise		sys_process_madvise		compat_sys_process_madvise
--- a/arch/sparc/kernel/syscalls/syscall.tbl~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/arch/sparc/kernel/syscalls/syscall.tbl
@@ -483,4 +483,4 @@
 # 435 reserved for clone3
 437	common	openat2			sys_openat2
 438	common	pidfd_getfd			sys_pidfd_getfd
-439	common	process_madvise			sys_process_madvise
+439	common	process_madvise			sys_process_madvise		compat_sys_process_madvise
--- a/arch/x86/entry/syscalls/syscall_32.tbl~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/arch/x86/entry/syscalls/syscall_32.tbl
@@ -442,4 +442,4 @@
 435	i386	clone3			sys_clone3
 437	i386	openat2			sys_openat2
 438	i386	pidfd_getfd		sys_pidfd_getfd
-439	i386	process_madvise		sys_process_madvise
+439	i386	process_madvise		sys_process_madvise		compat_sys_process_madvise
--- a/arch/x86/entry/syscalls/syscall_64.tbl~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/arch/x86/entry/syscalls/syscall_64.tbl
@@ -359,7 +359,7 @@
 435	common	clone3			sys_clone3
 437	common	openat2			sys_openat2
 438	common	pidfd_getfd		sys_pidfd_getfd
-439	common	process_madvise		sys_process_madvise
+439	64	process_madvise		sys_process_madvise
 
 #
 # x32-specific system call numbers start at 512 to avoid cache impact
@@ -403,3 +403,4 @@
 545	x32	execveat		compat_sys_execveat
 546	x32	preadv2			compat_sys_preadv64v2
 547	x32	pwritev2		compat_sys_pwritev64v2
+548	x32	process_madvise		compat_sys_process_madvise
--- a/include/linux/compat.h~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/include/linux/compat.h
@@ -820,6 +820,9 @@ asmlinkage long compat_sys_pwritev64v2(u
 		unsigned long vlen, loff_t pos, rwf_t flags);
 #endif
 
+asmlinkage ssize_t compat_sys_process_madvise(int which,
+		compat_pid_t upid, const struct compat_iovec __user *vec,
+		unsigned long vlen, int behavior, unsigned long flags);
 
 /*
  * Deprecated system calls which are still defined in
--- a/include/uapi/asm-generic/unistd.h~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/include/uapi/asm-generic/unistd.h
@@ -856,7 +856,8 @@ __SYSCALL(__NR_openat2, sys_openat2)
 #define __NR_pidfd_getfd 438
 __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd)
 #define __NR_process_madvise 439
-__SYSCALL(__NR_process_madvise, sys_process_madvise)
+__SC_COMP(__NR_process_madvise, sys_process_madvise, \
+		compat_sys_process_madvise)
 
 #undef __NR_syscalls
 #define __NR_syscalls 440
--- a/kernel/sys_ni.c~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/kernel/sys_ni.c
@@ -281,6 +281,7 @@ COND_SYSCALL(munlockall);
 COND_SYSCALL(mincore);
 COND_SYSCALL(madvise);
 COND_SYSCALL(process_madvise);
+COND_SYSCALL_COMPAT(process_madvise);
 COND_SYSCALL(remap_file_pages);
 COND_SYSCALL(mbind);
 COND_SYSCALL_COMPAT(mbind);
--- a/mm/madvise.c~mm-support-vector-address-ranges-for-process_madvise-fix
+++ a/mm/madvise.c
@@ -1195,7 +1195,7 @@ SYSCALL_DEFINE3(madvise, unsigned long,
 	return do_madvise(current, current->mm, start, len_in, behavior);
 }
 
-static int do_process_madvise(struct task_struct *target_task,
+static int process_madvise_vec(struct task_struct *target_task,
 		struct mm_struct *mm, struct iov_iter *iter, int behavior)
 {
 	struct iovec iovec;
@@ -1213,17 +1213,14 @@ static int do_process_madvise(struct tas
 	return ret;
 }
 
-SYSCALL_DEFINE6(process_madvise, int, which, pid_t, upid,
-		const struct iovec __user *, vec, unsigned long, vlen,
-		int, behavior, unsigned long, flags)
+ssize_t do_process_madvise(int which, pid_t upid, struct iov_iter *iter,
+				int behavior, unsigned long flags)
 {
 	ssize_t ret;
 	struct pid *pid;
 	struct task_struct *task;
 	struct mm_struct *mm;
-	struct iovec iovstack[UIO_FASTIOV];
-	struct iovec *iov = iovstack;
-	struct iov_iter iter;
+	size_t total_len = iov_iter_count(iter);
 
 	if (flags != 0)
 		return -EINVAL;
@@ -1267,15 +1264,10 @@ SYSCALL_DEFINE6(process_madvise, int, wh
 		goto release_task;
 	}
 
-	ret = import_iovec(READ, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
-	if (ret >= 0) {
-		size_t total_len = iov_iter_count(&iter);
+	ret = process_madvise_vec(task, mm, iter, behavior);
+	if (ret >= 0)
+		ret = total_len - iov_iter_count(iter);
 
-		ret = do_process_madvise(task, mm, &iter, behavior);
-		if (ret >= 0)
-			ret = total_len - iov_iter_count(&iter);
-		kfree(iov);
-	}
 	mmput(mm);
 release_task:
 	put_task_struct(task);
@@ -1283,3 +1275,41 @@ put_pid:
 	put_pid(pid);
 	return ret;
 }
+
+SYSCALL_DEFINE6(process_madvise, int, which, pid_t, upid,
+		const struct iovec __user *, vec, unsigned long, vlen,
+		int, behavior, unsigned long, flags)
+{
+	ssize_t ret;
+	struct iovec iovstack[UIO_FASTIOV];
+	struct iovec *iov = iovstack;
+	struct iov_iter iter;
+
+	ret = import_iovec(READ, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
+	if (ret >= 0) {
+		ret = do_process_madvise(which, upid, &iter, behavior, flags);
+		kfree(iov);
+	}
+	return ret;
+}
+
+#ifdef CONFIG_COMPAT
+COMPAT_SYSCALL_DEFINE6(process_madvise, int, which, compat_pid_t, upid,
+		const struct compat_iovec __user *, vec, unsigned long, vlen,
+		int, behavior, unsigned long, flags)
+
+{
+	ssize_t ret;
+	struct iovec iovstack[UIO_FASTIOV];
+	struct iovec *iov = iovstack;
+	struct iov_iter iter;
+
+	ret = compat_import_iovec(READ, vec, vlen, ARRAY_SIZE(iovstack),
+				&iov, &iter);
+	if (ret >= 0) {
+		ret = do_process_madvise(which, upid, &iter, behavior, flags);
+		kfree(iov);
+	}
+	return ret;
+}
+#endif
_

Patches currently in -mm which might be from minchan@kernel.org are

mm-pass-task-and-mm-to-do_madvise.patch
mm-pass-task-and-mm-to-do_madvise-fix.patch
mm-introduce-external-memory-hinting-api.patch
mm-introduce-external-memory-hinting-api-fix.patch
mm-check-fatal-signal-pending-of-target-process.patch
pid-move-pidfd_get_pid-function-to-pidc.patch
mm-support-both-pid-and-pidfd-for-process_madvise.patch
mm-support-vector-address-ranges-for-process_madvise.patch
mm-support-vector-address-ranges-for-process_madvise-fix.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (30 preceding siblings ...)
  2020-04-23 22:44 ` + mm-support-vector-address-ranges-for-process_madvise-fix.patch " Andrew Morton
@ 2020-04-23 22:48 ` Andrew Morton
  2020-04-23 22:48 ` + stringh-fix-incompatibility-between-fortify_source-and-kasan.patch " Andrew Morton
                   ` (35 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 22:48 UTC (permalink / raw)
  To: aryabinin, danielmicay, dja, dvyukov, glider, mm-commits


The patch titled
     Subject: kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE
has been added to the -mm tree.  Its filename is
     kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Daniel Axtens <dja@axtens.net>
Subject: kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE

Patch series "Fix some incompatibilites between KASAN and FORTIFY_SOURCE", v3.

3 KASAN self-tests fail on a kernel with both KASAN and FORTIFY_SOURCE:
memchr, memcmp and strlen.  I have observed this on x86 and powerpc.

When FORTIFY_SOURCE is on, a number of functions are replaced with
fortified versions, which attempt to check the sizes of the operands. 
However, these functions often directly invoke __builtin_foo() once they
have performed the fortify check.

This breaks things in 2 ways:

 - the three function calls are technically dead code, and can be
   eliminated. When __builtin_ versions are used, the compiler can detect
   this.

 - Using __builtins may bypass KASAN checks if the compiler decides to
   inline it's own implementation as sequence of instructions, rather than
   emit a function call that goes out to a KASAN-instrumented
   implementation.

The patches address each reason in turn. Finally, test_memcmp used a
stack array without explicit initialisation, which can sometimes break
too, so fix that up.


This patch (of 3):

3 KASAN self-tests fail on a kernel with both KASAN and FORTIFY_SOURCE:
memchr, memcmp and strlen.

When FORTIFY_SOURCE is on, a number of functions are replaced with
fortified versions, which attempt to check the sizes of the operands. 
However, these functions often directly invoke __builtin_foo() once they
have performed the fortify check.  The compiler can detect that the
results of these functions are not used, and knows that they have no other
side effects, and so can eliminate them as dead code.

Why are only memchr, memcmp and strlen affected?
================================================

Of string and string-like functions, kasan_test tests:

 * strchr  ->  not affected, no fortified version
 * strrchr ->  likewise
 * strcmp  ->  likewise
 * strncmp ->  likewise

 * strnlen ->  not affected, the fortify source implementation calls the
               underlying strnlen implementation which is instrumented, not
               a builtin

 * strlen  ->  affected, the fortify souce implementation calls a __builtin
               version which the compiler can determine is dead.

 * memchr  ->  likewise
 * memcmp  ->  likewise

 * memset ->   not affected, the compiler knows that memset writes to its
	       first argument and therefore is not dead.

Why does this not affect the functions normally?
================================================

In string.h, these functions are not marked as __pure, so the compiler
cannot know that they do not have side effects.  If relevant functions are
marked as __pure in string.h, we see the following warnings and the
functions are elided:

lib/test_kasan.c: In function `kasan_memchr':
lib/test_kasan.c:606:2: warning: statement with no effect [-Wunused-value]
  memchr(ptr, '1', size + 1);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~
lib/test_kasan.c: In function `kasan_memcmp':
lib/test_kasan.c:622:2: warning: statement with no effect [-Wunused-value]
  memcmp(ptr, arr, size+1);
  ^~~~~~~~~~~~~~~~~~~~~~~~
lib/test_kasan.c: In function `kasan_strings':
lib/test_kasan.c:645:2: warning: statement with no effect [-Wunused-value]
  strchr(ptr, '1');
  ^~~~~~~~~~~~~~~~
...

This annotation would make sense to add and could be added at any point, so
the behaviour of test_kasan.c should change.

The fix
=======

Make all the functions that are pure write their results to a global,
which makes them live. The strlen and memchr tests now pass.

The memcmp test still fails to trigger, which is addressed in the next
patch.

Link: http://lkml.kernel.org/r/20200423154503.5103-1-dja@axtens.net
Link: http://lkml.kernel.org/r/20200423154503.5103-2-dja@axtens.net
Fixes: 0c96350a2d2f ("lib/test_kasan.c: add tests for several string/memory API functions")
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Daniel Micay <danielmicay@gmail.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/test_kasan.c |   30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

--- a/lib/test_kasan.c~kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source
+++ a/lib/test_kasan.c
@@ -24,6 +24,14 @@
 #include <asm/page.h>
 
 /*
+ * We assign some test results to these globals to make sure the tests
+ * are not eliminated as dead code.
+ */
+
+int kasan_int_result;
+void *kasan_ptr_result;
+
+/*
  * Note: test functions are marked noinline so that their names appear in
  * reports.
  */
@@ -622,7 +630,7 @@ static noinline void __init kasan_memchr
 	if (!ptr)
 		return;
 
-	memchr(ptr, '1', size + 1);
+	kasan_ptr_result = memchr(ptr, '1', size + 1);
 	kfree(ptr);
 }
 
@@ -637,8 +645,7 @@ static noinline void __init kasan_memcmp
 	if (!ptr)
 		return;
 
-	memset(arr, 0, sizeof(arr));
-	memcmp(ptr, arr, size+1);
+	kasan_int_result = memcmp(ptr, arr, size + 1);
 	kfree(ptr);
 }
 
@@ -661,22 +668,22 @@ static noinline void __init kasan_string
 	 * will likely point to zeroed byte.
 	 */
 	ptr += 16;
-	strchr(ptr, '1');
+	kasan_ptr_result = strchr(ptr, '1');
 
 	pr_info("use-after-free in strrchr\n");
-	strrchr(ptr, '1');
+	kasan_ptr_result = strrchr(ptr, '1');
 
 	pr_info("use-after-free in strcmp\n");
-	strcmp(ptr, "2");
+	kasan_int_result = strcmp(ptr, "2");
 
 	pr_info("use-after-free in strncmp\n");
-	strncmp(ptr, "2", 1);
+	kasan_int_result = strncmp(ptr, "2", 1);
 
 	pr_info("use-after-free in strlen\n");
-	strlen(ptr);
+	kasan_int_result = strlen(ptr);
 
 	pr_info("use-after-free in strnlen\n");
-	strnlen(ptr, 1);
+	kasan_int_result = strnlen(ptr, 1);
 }
 
 static noinline void __init kasan_bitops(void)
@@ -743,11 +750,12 @@ static noinline void __init kasan_bitops
 	__test_and_change_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
 	pr_info("out-of-bounds in test_bit\n");
-	(void)test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
+	kasan_int_result = test_bit(BITS_PER_LONG + BITS_PER_BYTE, bits);
 
 #if defined(clear_bit_unlock_is_negative_byte)
 	pr_info("out-of-bounds in clear_bit_unlock_is_negative_byte\n");
-	clear_bit_unlock_is_negative_byte(BITS_PER_LONG + BITS_PER_BYTE, bits);
+	kasan_int_result = clear_bit_unlock_is_negative_byte(BITS_PER_LONG +
+		BITS_PER_BYTE, bits);
 #endif
 	kfree(bits);
 }
_

Patches currently in -mm which might be from dja@axtens.net are

kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch
stringh-fix-incompatibility-between-fortify_source-and-kasan.patch
kasan-initialise-array-in-kasan_memcmp-test.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + stringh-fix-incompatibility-between-fortify_source-and-kasan.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (31 preceding siblings ...)
  2020-04-23 22:48 ` + kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch " Andrew Morton
@ 2020-04-23 22:48 ` Andrew Morton
  2020-04-23 23:03 ` + powerpc-add-support-for-folded-p4d-page-tables-fix.patch " Andrew Morton
                   ` (34 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 22:48 UTC (permalink / raw)
  To: aryabinin, danielmicay, dja, dvyukov, glider, mm-commits


The patch titled
     Subject: string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
has been added to the -mm tree.  Its filename is
     stringh-fix-incompatibility-between-fortify_source-and-kasan.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/stringh-fix-incompatibility-between-fortify_source-and-kasan.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/stringh-fix-incompatibility-between-fortify_source-and-kasan.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Daniel Axtens <dja@axtens.net>
Subject: string.h: fix incompatibility between FORTIFY_SOURCE and KASAN

The memcmp KASAN self-test fails on a kernel with both KASAN and
FORTIFY_SOURCE.

When FORTIFY_SOURCE is on, a number of functions are replaced with
fortified versions, which attempt to check the sizes of the operands. 
However, these functions often directly invoke __builtin_foo() once they
have performed the fortify check.  Using __builtins may bypass KASAN
checks if the compiler decides to inline it's own implementation as
sequence of instructions, rather than emit a function call that goes out
to a KASAN-instrumented implementation.

Why is only memcmp affected?
============================

Of the string and string-like functions that kasan_test tests, only memcmp
is replaced by an inline sequence of instructions in my testing on x86
with gcc version 9.2.1 20191008 (Ubuntu 9.2.1-9ubuntu2).

I believe this is due to compiler heuristics.  For example, if I annotate
kmalloc calls with the alloc_size annotation (and disable some fortify
compile-time checking!), the compiler will replace every memset except the
one in kmalloc_uaf_memset with inline instructions.  (I have some WIP
patches to add this annotation.)

Does this affect other functions in string.h?
=============================================

Yes. Anything that uses __builtin_* rather than __real_* could be
affected. This looks like:

 - strncpy
 - strcat
 - strlen
 - strlcpy maybe, under some circumstances?
 - strncat under some circumstances
 - memset
 - memcpy
 - memmove
 - memcmp (as noted)
 - memchr
 - strcpy

Whether a function call is emitted always depends on the compiler.  Most
bugs should get caught by FORTIFY_SOURCE, but the missed memcmp test shows
that this is not always the case.

Isn't FORTIFY_SOURCE disabled with KASAN?
========================================-

The string headers on all arches supporting KASAN disable fortify with
kasan, but only when address sanitisation is _also_ disabled.  For example
from x86:

 #if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
 /*
  * For files that are not instrumented (e.g. mm/slub.c) we
  * should use not instrumented version of mem* functions.
  */
 #define memcpy(dst, src, len) __memcpy(dst, src, len)
 #define memmove(dst, src, len) __memmove(dst, src, len)
 #define memset(s, c, n) __memset(s, c, n)

 #ifndef __NO_FORTIFY
 #define __NO_FORTIFY /* FORTIFY_SOURCE uses __builtin_memcpy, etc. */
 #endif

 #endif

This comes from commit 6974f0c4555e ("include/linux/string.h: add the
option of fortified string.h functions"), and doesn't work when KASAN is
enabled and the file is supposed to be sanitised - as with test_kasan.c

I'm pretty sure this is not wrong, but not as expansive it should be:

 * we shouldn't use __builtin_memcpy etc in files where we don't have
   instrumentation - it could devolve into a function call to memcpy,
   which will be instrumented. Rather, we should use __memcpy which
   by convention is not instrumented.

 * we also shouldn't be using __builtin_memcpy when we have a KASAN
   instrumented file, because it could be replaced with inline asm
   that will not be instrumented.

What is correct behaviour?
==========================

Firstly, there is some overlap between fortification and KASAN: both
provide some level of _runtime_ checking. Only fortify provides
compile-time checking.

KASAN and fortify can pick up different things at runtime:

 - Some fortify functions, notably the string functions, could easily be
   modified to consider sub-object sizes (e.g. members within a struct),
   and I have some WIP patches to do this. KASAN cannot detect these
   because it cannot insert poision between members of a struct.

 - KASAN can detect many over-reads/over-writes when the sizes of both
   operands are unknown, which fortify cannot.

So there are a couple of options:

 1) Flip the test: disable fortify in santised files and enable it in
    unsanitised files. This at least stops us missing KASAN checking, but
    we lose the fortify checking.

 2) Make the fortify code always call out to real versions. Do this only
    for KASAN, for fear of losing the inlining opportunities we get from
    __builtin_*.

(We can't use kasan_check_{read,write}: because the fortify functions are
_extern inline_, you can't include _static_ inline functions without a
compiler warning. kasan_check_{read,write} are static inline so we can't
use them even when they would otherwise be suitable.)

Take approach 2 and call out to real versions when KASAN is enabled.

Use __underlying_foo to distinguish from __real_foo: __real_foo always
refers to the kernel's implementation of foo, __underlying_foo could be
either the kernel implementation or the __builtin_foo implementation.

This is sometimes enough to make the memcmp test succeed with
FORTIFY_SOURCE enabled. It is at least enough to get the function call
into the module. One more fix is needed to make it reliable: see the next
patch.

Link: http://lkml.kernel.org/r/20200423154503.5103-3-dja@axtens.net
Fixes: 6974f0c4555e ("include/linux/string.h: add the option of fortified string.h functions")
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Daniel Micay <danielmicay@gmail.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/string.h |   60 +++++++++++++++++++++++++++++++--------
 1 file changed, 48 insertions(+), 12 deletions(-)

--- a/include/linux/string.h~stringh-fix-incompatibility-between-fortify_source-and-kasan
+++ a/include/linux/string.h
@@ -272,6 +272,31 @@ void __read_overflow3(void) __compiletim
 void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter");
 
 #if !defined(__NO_FORTIFY) && defined(__OPTIMIZE__) && defined(CONFIG_FORTIFY_SOURCE)
+
+#ifdef CONFIG_KASAN
+extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr);
+extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp);
+extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy);
+extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
+extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
+extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
+extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
+extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
+extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
+extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
+#else
+#define __underlying_memchr	__builtin_memchr
+#define __underlying_memcmp	__builtin_memcmp
+#define __underlying_memcpy	__builtin_memcpy
+#define __underlying_memmove	__builtin_memmove
+#define __underlying_memset	__builtin_memset
+#define __underlying_strcat	__builtin_strcat
+#define __underlying_strcpy	__builtin_strcpy
+#define __underlying_strlen	__builtin_strlen
+#define __underlying_strncat	__builtin_strncat
+#define __underlying_strncpy	__builtin_strncpy
+#endif
+
 __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
 {
 	size_t p_size = __builtin_object_size(p, 0);
@@ -279,14 +304,14 @@ __FORTIFY_INLINE char *strncpy(char *p,
 		__write_overflow();
 	if (p_size < size)
 		fortify_panic(__func__);
-	return __builtin_strncpy(p, q, size);
+	return __underlying_strncpy(p, q, size);
 }
 
 __FORTIFY_INLINE char *strcat(char *p, const char *q)
 {
 	size_t p_size = __builtin_object_size(p, 0);
 	if (p_size == (size_t)-1)
-		return __builtin_strcat(p, q);
+		return __underlying_strcat(p, q);
 	if (strlcat(p, q, p_size) >= p_size)
 		fortify_panic(__func__);
 	return p;
@@ -300,7 +325,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(
 	/* Work around gcc excess stack consumption issue */
 	if (p_size == (size_t)-1 ||
 	    (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0'))
-		return __builtin_strlen(p);
+		return __underlying_strlen(p);
 	ret = strnlen(p, p_size);
 	if (p_size <= ret)
 		fortify_panic(__func__);
@@ -333,7 +358,7 @@ __FORTIFY_INLINE size_t strlcpy(char *p,
 			__write_overflow();
 		if (len >= p_size)
 			fortify_panic(__func__);
-		__builtin_memcpy(p, q, len);
+		__underlying_memcpy(p, q, len);
 		p[len] = '\0';
 	}
 	return ret;
@@ -346,12 +371,12 @@ __FORTIFY_INLINE char *strncat(char *p,
 	size_t p_size = __builtin_object_size(p, 0);
 	size_t q_size = __builtin_object_size(q, 0);
 	if (p_size == (size_t)-1 && q_size == (size_t)-1)
-		return __builtin_strncat(p, q, count);
+		return __underlying_strncat(p, q, count);
 	p_len = strlen(p);
 	copy_len = strnlen(q, count);
 	if (p_size < p_len + copy_len + 1)
 		fortify_panic(__func__);
-	__builtin_memcpy(p + p_len, q, copy_len);
+	__underlying_memcpy(p + p_len, q, copy_len);
 	p[p_len + copy_len] = '\0';
 	return p;
 }
@@ -363,7 +388,7 @@ __FORTIFY_INLINE void *memset(void *p, i
 		__write_overflow();
 	if (p_size < size)
 		fortify_panic(__func__);
-	return __builtin_memset(p, c, size);
+	return __underlying_memset(p, c, size);
 }
 
 __FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
@@ -378,7 +403,7 @@ __FORTIFY_INLINE void *memcpy(void *p, c
 	}
 	if (p_size < size || q_size < size)
 		fortify_panic(__func__);
-	return __builtin_memcpy(p, q, size);
+	return __underlying_memcpy(p, q, size);
 }
 
 __FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size)
@@ -393,7 +418,7 @@ __FORTIFY_INLINE void *memmove(void *p,
 	}
 	if (p_size < size || q_size < size)
 		fortify_panic(__func__);
-	return __builtin_memmove(p, q, size);
+	return __underlying_memmove(p, q, size);
 }
 
 extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan);
@@ -419,7 +444,7 @@ __FORTIFY_INLINE int memcmp(const void *
 	}
 	if (p_size < size || q_size < size)
 		fortify_panic(__func__);
-	return __builtin_memcmp(p, q, size);
+	return __underlying_memcmp(p, q, size);
 }
 
 __FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size)
@@ -429,7 +454,7 @@ __FORTIFY_INLINE void *memchr(const void
 		__read_overflow();
 	if (p_size < size)
 		fortify_panic(__func__);
-	return __builtin_memchr(p, c, size);
+	return __underlying_memchr(p, c, size);
 }
 
 void *__real_memchr_inv(const void *s, int c, size_t n) __RENAME(memchr_inv);
@@ -460,11 +485,22 @@ __FORTIFY_INLINE char *strcpy(char *p, c
 	size_t p_size = __builtin_object_size(p, 0);
 	size_t q_size = __builtin_object_size(q, 0);
 	if (p_size == (size_t)-1 && q_size == (size_t)-1)
-		return __builtin_strcpy(p, q);
+		return __underlying_strcpy(p, q);
 	memcpy(p, q, strlen(q) + 1);
 	return p;
 }
 
+/* Don't use these outside the FORITFY_SOURCE implementation */
+#undef __underlying_memchr
+#undef __underlying_memcmp
+#undef __underlying_memcpy
+#undef __underlying_memmove
+#undef __underlying_memset
+#undef __underlying_strcat
+#undef __underlying_strcpy
+#undef __underlying_strlen
+#undef __underlying_strncat
+#undef __underlying_strncpy
 #endif
 
 /**
_

Patches currently in -mm which might be from dja@axtens.net are

kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch
stringh-fix-incompatibility-between-fortify_source-and-kasan.patch
kasan-initialise-array-in-kasan_memcmp-test.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + powerpc-add-support-for-folded-p4d-page-tables-fix.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (32 preceding siblings ...)
  2020-04-23 22:48 ` + stringh-fix-incompatibility-between-fortify_source-and-kasan.patch " Andrew Morton
@ 2020-04-23 23:03 ` Andrew Morton
  2020-04-23 23:09 ` [folded-merged] memcg-optimize-memorynuma_stat-like-memorystat-fix.patch removed from " Andrew Morton
                   ` (33 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 23:03 UTC (permalink / raw)
  To: lkp, mm-commits, rppt, sfr


The patch titled
     Subject: powerpc-add-support-for-folded-p4d-page-tables-fix
has been added to the -mm tree.  Its filename is
     powerpc-add-support-for-folded-p4d-page-tables-fix.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/powerpc-add-support-for-folded-p4d-page-tables-fix.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/powerpc-add-support-for-folded-p4d-page-tables-fix.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Mike Rapoport <rppt@linux.ibm.com>
Subject: powerpc-add-support-for-folded-p4d-page-tables-fix

build fix

Link: http://lkml.kernel.org/r/20200423141845.GI13521@linux.ibm.com
Reported-by: kbuild test robot <lkp@intel.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/powerpc/mm/kasan/kasan_init_32.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/mm/kasan/kasan_init_32.c~powerpc-add-support-for-folded-p4d-page-tables-fix
+++ a/arch/powerpc/mm/kasan/kasan_init_32.c
@@ -121,7 +121,7 @@ static void __init kasan_unmap_early_sha
 	phys_addr_t pa = __pa(kasan_early_shadow_page);
 
 	for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {
-		pmd_t *pmd = pmd_offset(pud_offset(pgd_offset_k(k_cur), k_cur), k_cur);
+		pmd_t *pmd = pmd_ptr_k(k_cur);
 		pte_t *ptep = pte_offset_kernel(pmd, k_cur);
 
 		if ((pte_val(*ptep) & PTE_RPN_MASK) != pa)
_

Patches currently in -mm which might be from rppt@linux.ibm.com are

h8300-remove-usage-of-__arch_use_5level_hack.patch
arm-add-support-for-folded-p4d-page-tables.patch
arm64-add-support-for-folded-p4d-page-tables.patch
hexagon-remove-__arch_use_5level_hack.patch
ia64-add-support-for-folded-p4d-page-tables.patch
nios2-add-support-for-folded-p4d-page-tables.patch
openrisc-add-support-for-folded-p4d-page-tables.patch
powerpc-add-support-for-folded-p4d-page-tables.patch
powerpc-add-support-for-folded-p4d-page-tables-fix.patch
sh-drop-__pxd_offset-macros-that-duplicate-pxd_index-ones.patch
sh-add-support-for-folded-p4d-page-tables.patch
unicore32-remove-__arch_use_5level_hack.patch
asm-generic-remove-pgtable-nop4d-hackh.patch
mm-remove-__arch_has_5level_hack-and-include-asm-generic-5level-fixuph.patch
mm-memblock-replace-dereferences-of-memblock_regionnid-with-api-calls.patch
mm-make-early_pfn_to_nid-and-related-defintions-close-to-each-other.patch
mm-remove-config_have_memblock_node_map-option.patch
mm-free_area_init-use-maximal-zone-pfns-rather-than-zone-sizes.patch
mm-use-free_area_init-instead-of-free_area_init_nodes.patch
alpha-simplify-detection-of-memory-zone-boundaries.patch
arm-simplify-detection-of-memory-zone-boundaries.patch
arm64-simplify-detection-of-memory-zone-boundaries-for-uma-configs.patch
csky-simplify-detection-of-memory-zone-boundaries.patch
m68k-mm-simplify-detection-of-memory-zone-boundaries.patch
parisc-simplify-detection-of-memory-zone-boundaries.patch
sparc32-simplify-detection-of-memory-zone-boundaries.patch
unicore32-simplify-detection-of-memory-zone-boundaries.patch
xtensa-simplify-detection-of-memory-zone-boundaries.patch
mm-remove-early_pfn_in_nid-and-config_nodes_span_other_nodes.patch
mm-free_area_init-allow-defining-max_zone_pfn-in-descending-order.patch
mm-rename-free_area_init_node-to-free_area_init_memoryless_node.patch
mm-clean-up-free_area_init_node-and-its-helpers.patch
mm-simplify-find_min_pfn_with_active_regions.patch
docs-vm-update-memory-models-documentation.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [folded-merged] memcg-optimize-memorynuma_stat-like-memorystat-fix.patch removed from -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (33 preceding siblings ...)
  2020-04-23 23:03 ` + powerpc-add-support-for-folded-p4d-page-tables-fix.patch " Andrew Morton
@ 2020-04-23 23:09 ` Andrew Morton
  2020-04-23 23:32 ` + slub-remove-userspace-notifier-for-cache-add-remove.patch added to " Andrew Morton
                   ` (32 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 23:09 UTC (permalink / raw)
  To: akpm, guro, hannes, mhocko, mm-commits, shakeelb


The patch titled
     Subject: memcg-optimize-memorynuma_stat-like-memorystat-fix
has been removed from the -mm tree.  Its filename was
     memcg-optimize-memorynuma_stat-like-memorystat-fix.patch

This patch was dropped because it was folded into memcg-optimize-memorynuma_stat-like-memorystat.patch

------------------------------------------------------
From: Andrew Morton <akpm@linux-foundation.org>
Subject: memcg-optimize-memorynuma_stat-like-memorystat-fix

avoid forcing out-of-line code generation

Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Roman Gushchin <guro@fb.com>
Cc: Shakeel Butt <shakeelb@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/memcontrol.c |   17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

--- a/mm/memcontrol.c~memcg-optimize-memorynuma_stat-like-memorystat-fix
+++ a/mm/memcontrol.c
@@ -3693,17 +3693,16 @@ static unsigned long mem_cgroup_node_nr_
 	struct lruvec *lruvec = mem_cgroup_lruvec(memcg, NODE_DATA(nid));
 	unsigned long nr = 0;
 	enum lru_list lru;
-	unsigned long (*page_state)(struct lruvec *lruvec,
-				    enum node_stat_item idx);
 
 	VM_BUG_ON((unsigned)nid >= nr_node_ids);
 
-	page_state = tree ? lruvec_page_state : lruvec_page_state_local;
-
 	for_each_lru(lru) {
 		if (!(BIT(lru) & lru_mask))
 			continue;
-		nr += page_state(lruvec, NR_LRU_BASE + lru);
+		if (tree)
+			nr += lruvec_page_state(lruvec, NR_LRU_BASE + lru);
+		else
+			nr += lruvec_page_state_local(lruvec, NR_LRU_BASE + lru);
 	}
 	return nr;
 }
@@ -3714,14 +3713,14 @@ static unsigned long mem_cgroup_nr_lru_p
 {
 	unsigned long nr = 0;
 	enum lru_list lru;
-	unsigned long (*page_state)(struct mem_cgroup *memcg, int idx);
-
-	page_state = tree ? memcg_page_state : memcg_page_state_local;
 
 	for_each_lru(lru) {
 		if (!(BIT(lru) & lru_mask))
 			continue;
-		nr += page_state(memcg, NR_LRU_BASE + lru);
+		if (tree)
+			nr += memcg_page_state(memcg, NR_LRU_BASE + lru);
+		else
+			nr += memcg_page_state_local(memcg, NR_LRU_BASE + lru);
 	}
 	return nr;
 }
_

Patches currently in -mm which might be from akpm@linux-foundation.org are

mm-memcg-fix-error-return-value-of-mem_cgroup_css_alloc-fix.patch
squashfs-migrate-from-ll_rw_block-usage-to-bio-fix.patch
drivers-tty-serial-sh-scic-suppress-uninitialized-var-warning.patch
mm.patch
mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch
memcg-optimize-memorynuma_stat-like-memorystat.patch
mm-remove-__vmalloc_node_flags_caller-fix.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix.patch
mm-remove-vmalloc_user_node_flags-fix.patch
mm-replace-zero-length-array-with-flexible-array-member-fix.patch
mm-hugetlb-fix-a-typo-in-comment-manitained-maintained-v2-checkpatch-fixes.patch
initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch
linux-next-rejects.patch
linux-next-fix.patch
kernel-forkc-export-kernel_thread-to-modules.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + slub-remove-userspace-notifier-for-cache-add-remove.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (34 preceding siblings ...)
  2020-04-23 23:09 ` [folded-merged] memcg-optimize-memorynuma_stat-like-memorystat-fix.patch removed from " Andrew Morton
@ 2020-04-23 23:32 ` Andrew Morton
  2020-04-23 23:35 ` + ocfs2-mount-shared-volume-without-ha-stack.patch " Andrew Morton
                   ` (31 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 23:32 UTC (permalink / raw)
  To: cl, iamjoonsoo.kim, mkoutny, mm-commits, penberg, rientjes, vbabka


The patch titled
     Subject: slub: Remove userspace notifier for cache add/remove
has been added to the -mm tree.  Its filename is
     slub-remove-userspace-notifier-for-cache-add-remove.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/slub-remove-userspace-notifier-for-cache-add-remove.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/slub-remove-userspace-notifier-for-cache-add-remove.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Christoph Lameter <cl@linux.com>
Subject: slub: Remove userspace notifier for cache add/remove

I came across some unnecessary uevents once again which reminded me this. 
The patch seems to be lost in the leaves of the original discussion [1],
so resending.

[1] https://lore.kernel.org/r/alpine.DEB.2.21.2001281813130.745@www.lameter.com

Kmem caches are internal kernel structures so it is strange that userspace
notifiers would be needed.  And I am not aware of any use of these
notifiers.  These notifiers may just exist because in the initial slub
release the sysfs code was copied from another subsystem.

Link: http://lkml.kernel.org/r/20200423115721.19821-1-mkoutny@suse.com
Signed-off-by: Christoph Lameter <cl@linux.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Michal Koutný <mkoutny@suse.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/slub.c |   17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

--- a/mm/slub.c~slub-remove-userspace-notifier-for-cache-add-remove
+++ a/mm/slub.c
@@ -5700,19 +5700,6 @@ static struct kobj_type slab_ktype = {
 	.release = kmem_cache_release,
 };
 
-static int uevent_filter(struct kset *kset, struct kobject *kobj)
-{
-	struct kobj_type *ktype = get_ktype(kobj);
-
-	if (ktype == &slab_ktype)
-		return 1;
-	return 0;
-}
-
-static const struct kset_uevent_ops slab_uevent_ops = {
-	.filter = uevent_filter,
-};
-
 static struct kset *slab_kset;
 
 static inline struct kset *cache_kset(struct kmem_cache *s)
@@ -5780,7 +5767,6 @@ static void sysfs_slab_remove_workfn(str
 #ifdef CONFIG_MEMCG
 	kset_unregister(s->memcg_kset);
 #endif
-	kobject_uevent(&s->kobj, KOBJ_REMOVE);
 out:
 	kobject_put(&s->kobj);
 }
@@ -5838,7 +5824,6 @@ static int sysfs_slab_add(struct kmem_ca
 	}
 #endif
 
-	kobject_uevent(&s->kobj, KOBJ_ADD);
 	if (!unmergeable) {
 		/* Setup first alias */
 		sysfs_slab_alias(s, s->name);
@@ -5919,7 +5904,7 @@ static int __init slab_sysfs_init(void)
 
 	mutex_lock(&slab_mutex);
 
-	slab_kset = kset_create_and_add("slab", &slab_uevent_ops, kernel_kobj);
+	slab_kset = kset_create_and_add("slab", NULL, kernel_kobj);
 	if (!slab_kset) {
 		mutex_unlock(&slab_mutex);
 		pr_err("Cannot register slab subsystem.\n");
_

Patches currently in -mm which might be from cl@linux.com are

slub-remove-userspace-notifier-for-cache-add-remove.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + ocfs2-mount-shared-volume-without-ha-stack.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (35 preceding siblings ...)
  2020-04-23 23:32 ` + slub-remove-userspace-notifier-for-cache-add-remove.patch added to " Andrew Morton
@ 2020-04-23 23:35 ` Andrew Morton
  2020-04-24  0:29 ` + mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch " Andrew Morton
                   ` (30 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-23 23:35 UTC (permalink / raw)
  To: gechangwei, ghe, jiangqi903, jlbec, junxiao.bi, mark, mm-commits,
	piaojun


The patch titled
     Subject: ocfs2: mount shared volume without ha stack
has been added to the -mm tree.  Its filename is
     ocfs2-mount-shared-volume-without-ha-stack.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/ocfs2-mount-shared-volume-without-ha-stack.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/ocfs2-mount-shared-volume-without-ha-stack.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Gang He <ghe@suse.com>
Subject: ocfs2: mount shared volume without ha stack

Usually we create and use a ocfs2 shared volume on the top of ha stack. 
For pcmk based ha stack, which includes DLM, corosync and pacemaker
services.

The customers complained they could not mount existent ocfs2 volume in the
single node without ha stack, e.g.  single node backup/restore scenario.

Like this case, the customers just want to access the data from the
existent ocfs2 volume quickly, but do not want to restart or setup ha
stack.

Then, I'd like to add a mount option "nocluster", if the users use this
option to mount a ocfs2 shared volume, the whole mount will not depend on
the ha related services.  the command will mount the existent ocfs2 volume
directly (like local mount), for avoiding setup the ha stack.

Link: http://lkml.kernel.org/r/20200423053300.22661-1-ghe@suse.com
Signed-off-by: Gang He <ghe@suse.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/ocfs2/ocfs2.h    |    4 ++-
 fs/ocfs2/slot_map.c |   46 ++++++++++++++++++++++++------------------
 fs/ocfs2/super.c    |   21 +++++++++++++++++++
 3 files changed, 51 insertions(+), 20 deletions(-)

--- a/fs/ocfs2/ocfs2.h~ocfs2-mount-shared-volume-without-ha-stack
+++ a/fs/ocfs2/ocfs2.h
@@ -279,6 +279,7 @@ enum ocfs2_mount_options
 	OCFS2_MOUNT_JOURNAL_ASYNC_COMMIT = 1 << 15,  /* Journal Async Commit */
 	OCFS2_MOUNT_ERRORS_CONT = 1 << 16, /* Return EIO to the calling process on error */
 	OCFS2_MOUNT_ERRORS_ROFS = 1 << 17, /* Change filesystem to read-only on error */
+	OCFS2_MOUNT_NOCLUSTER = 1 << 18, /* No cluster aware filesystem mount */
 };
 
 #define OCFS2_OSB_SOFT_RO	0x0001
@@ -673,7 +674,8 @@ static inline int ocfs2_cluster_o2cb_glo
 
 static inline int ocfs2_mount_local(struct ocfs2_super *osb)
 {
-	return (osb->s_feature_incompat & OCFS2_FEATURE_INCOMPAT_LOCAL_MOUNT);
+	return ((osb->s_feature_incompat & OCFS2_FEATURE_INCOMPAT_LOCAL_MOUNT)
+		|| (osb->s_mount_opt & OCFS2_MOUNT_NOCLUSTER));
 }
 
 static inline int ocfs2_uses_extended_slot_map(struct ocfs2_super *osb)
--- a/fs/ocfs2/slot_map.c~ocfs2-mount-shared-volume-without-ha-stack
+++ a/fs/ocfs2/slot_map.c
@@ -254,14 +254,16 @@ static int __ocfs2_find_empty_slot(struc
 	int i, ret = -ENOSPC;
 
 	if ((preferred >= 0) && (preferred < si->si_num_slots)) {
-		if (!si->si_slots[preferred].sl_valid) {
+		if (!si->si_slots[preferred].sl_valid ||
+		    !si->si_slots[preferred].sl_node_num) {
 			ret = preferred;
 			goto out;
 		}
 	}
 
 	for(i = 0; i < si->si_num_slots; i++) {
-		if (!si->si_slots[i].sl_valid) {
+		if (!si->si_slots[i].sl_valid ||
+		    !si->si_slots[i].sl_node_num) {
 			ret = i;
 			break;
 		}
@@ -456,24 +458,30 @@ int ocfs2_find_slot(struct ocfs2_super *
 	spin_lock(&osb->osb_lock);
 	ocfs2_update_slot_info(si);
 
-	/* search for ourselves first and take the slot if it already
-	 * exists. Perhaps we need to mark this in a variable for our
-	 * own journal recovery? Possibly not, though we certainly
-	 * need to warn to the user */
-	slot = __ocfs2_node_num_to_slot(si, osb->node_num);
-	if (slot < 0) {
-		/* if no slot yet, then just take 1st available
-		 * one. */
-		slot = __ocfs2_find_empty_slot(si, osb->preferred_slot);
+	if (ocfs2_mount_local(osb))
+		/* use slot 0 directly in local mode */
+		slot = 0;
+	else {
+		/* search for ourselves first and take the slot if it already
+		 * exists. Perhaps we need to mark this in a variable for our
+		 * own journal recovery? Possibly not, though we certainly
+		 * need to warn to the user */
+		slot = __ocfs2_node_num_to_slot(si, osb->node_num);
 		if (slot < 0) {
-			spin_unlock(&osb->osb_lock);
-			mlog(ML_ERROR, "no free slots available!\n");
-			status = -EINVAL;
-			goto bail;
-		}
-	} else
-		printk(KERN_INFO "ocfs2: Slot %d on device (%s) was already "
-		       "allocated to this node!\n", slot, osb->dev_str);
+			/* if no slot yet, then just take 1st available
+			 * one. */
+			slot = __ocfs2_find_empty_slot(si, osb->preferred_slot);
+			if (slot < 0) {
+				spin_unlock(&osb->osb_lock);
+				mlog(ML_ERROR, "no free slots available!\n");
+				status = -EINVAL;
+				goto bail;
+			}
+		} else
+			printk(KERN_INFO "ocfs2: Slot %d on device (%s) was "
+			       "already allocated to this node!\n",
+			       slot, osb->dev_str);
+	}
 
 	ocfs2_set_slot(si, slot, osb->node_num);
 	osb->slot_num = slot;
--- a/fs/ocfs2/super.c~ocfs2-mount-shared-volume-without-ha-stack
+++ a/fs/ocfs2/super.c
@@ -175,6 +175,7 @@ enum {
 	Opt_dir_resv_level,
 	Opt_journal_async_commit,
 	Opt_err_cont,
+	Opt_nocluster,
 	Opt_err,
 };
 
@@ -208,6 +209,7 @@ static const match_table_t tokens = {
 	{Opt_dir_resv_level, "dir_resv_level=%u"},
 	{Opt_journal_async_commit, "journal_async_commit"},
 	{Opt_err_cont, "errors=continue"},
+	{Opt_nocluster, "nocluster"},
 	{Opt_err, NULL}
 };
 
@@ -619,6 +621,13 @@ static int ocfs2_remount(struct super_bl
 		goto out;
 	}
 
+	tmp = OCFS2_MOUNT_NOCLUSTER;
+	if ((osb->s_mount_opt & tmp) != (parsed_options.mount_opt & tmp)) {
+		ret = -EINVAL;
+		mlog(ML_ERROR, "Cannot change nocluster option on remount\n");
+		goto out;
+	}
+
 	tmp = OCFS2_MOUNT_HB_LOCAL | OCFS2_MOUNT_HB_GLOBAL |
 		OCFS2_MOUNT_HB_NONE;
 	if ((osb->s_mount_opt & tmp) != (parsed_options.mount_opt & tmp)) {
@@ -859,6 +868,7 @@ static int ocfs2_verify_userspace_stack(
 	}
 
 	if (ocfs2_userspace_stack(osb) &&
+	    !(osb->s_mount_opt & OCFS2_MOUNT_NOCLUSTER) &&
 	    strncmp(osb->osb_cluster_stack, mopt->cluster_stack,
 		    OCFS2_STACK_LABEL_LEN)) {
 		mlog(ML_ERROR,
@@ -1139,6 +1149,11 @@ static int ocfs2_fill_super(struct super
 	       osb->s_mount_opt & OCFS2_MOUNT_DATA_WRITEBACK ? "writeback" :
 	       "ordered");
 
+	if ((osb->s_mount_opt & OCFS2_MOUNT_NOCLUSTER) &&
+	   !(osb->s_feature_incompat & OCFS2_FEATURE_INCOMPAT_LOCAL_MOUNT))
+		printk(KERN_NOTICE "ocfs2: The shared device (%s) is mounted "
+		       "without cluster aware mode.\n", osb->dev_str);
+
 	atomic_set(&osb->vol_state, VOLUME_MOUNTED);
 	wake_up(&osb->osb_mount_event);
 
@@ -1445,6 +1460,9 @@ static int ocfs2_parse_options(struct su
 		case Opt_journal_async_commit:
 			mopt->mount_opt |= OCFS2_MOUNT_JOURNAL_ASYNC_COMMIT;
 			break;
+		case Opt_nocluster:
+			mopt->mount_opt |= OCFS2_MOUNT_NOCLUSTER;
+			break;
 		default:
 			mlog(ML_ERROR,
 			     "Unrecognized mount option \"%s\" "
@@ -1556,6 +1574,9 @@ static int ocfs2_show_options(struct seq
 	if (opts & OCFS2_MOUNT_JOURNAL_ASYNC_COMMIT)
 		seq_printf(s, ",journal_async_commit");
 
+	if (opts & OCFS2_MOUNT_NOCLUSTER)
+		seq_printf(s, ",nocluster");
+
 	return 0;
 }
 
_

Patches currently in -mm which might be from ghe@suse.com are

ocfs2-mount-shared-volume-without-ha-stack.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (36 preceding siblings ...)
  2020-04-23 23:35 ` + ocfs2-mount-shared-volume-without-ha-stack.patch " Andrew Morton
@ 2020-04-24  0:29 ` Andrew Morton
  2020-04-24  1:17 ` + mm-return-true-in-cpupid_pid_unset.patch " Andrew Morton
                   ` (29 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  0:29 UTC (permalink / raw)
  To: anshuman.khandual, bhe, david, mhocko, mhocko, mm-commits,
	osalvador, pankaj.gupta.linux, rppt


The patch titled
     Subject: mm/memory_hotplug: handle memblocks only with CONFIG_ARCH_KEEP_MEMBLOCK
has been added to the -mm tree.  Its filename is
     mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: David Hildenbrand <david@redhat.com>
Subject: mm/memory_hotplug: handle memblocks only with CONFIG_ARCH_KEEP_MEMBLOCK

The comment in add_memory_resource() is stale: hotadd_new_pgdat() will no
longer call get_pfn_range_for_nid(), as a hotadded pgdat will simply span
no pages at all, until memory is moved to the zone/node via
move_pfn_range_to_zone() - e.g., when onlining memory blocks.

The only archs that care about memblocks for hotplugged memory (either for
iterating over all system RAM or testing for memory validity) are arm64,
s390x, and powerpc - due to CONFIG_ARCH_KEEP_MEMBLOCK.  Without
CONFIG_ARCH_KEEP_MEMBLOCK, we can simply stop messing with memblocks.

Link: http://lkml.kernel.org/r/20200422155353.25381-3-david@redhat.com
Signed-off-by: David Hildenbrand <david@redhat.com>
Acked-by: Mike Rapoport <rppt@linux.ibm.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/Kconfig          |    3 +++
 mm/memory_hotplug.c |   20 ++++++++++----------
 2 files changed, 13 insertions(+), 10 deletions(-)

--- a/mm/Kconfig~mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock
+++ a/mm/Kconfig
@@ -133,6 +133,9 @@ config HAVE_FAST_GUP
 	depends on MMU
 	bool
 
+# Don't discard allocated memory used to track "memory" and "reserved" memblocks
+# after early boot, so it can still be used to test for validity of memory.
+# Also, memblocks are updated with memory hot(un)plug.
 config ARCH_KEEP_MEMBLOCK
 	bool
 
--- a/mm/memory_hotplug.c~mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock
+++ a/mm/memory_hotplug.c
@@ -1021,13 +1021,8 @@ int __ref add_memory_resource(int nid, s
 
 	mem_hotplug_begin();
 
-	/*
-	 * Add new range to memblock so that when hotadd_new_pgdat() is called
-	 * to allocate new pgdat, get_pfn_range_for_nid() will be able to find
-	 * this new range and calculate total pages correctly.  The range will
-	 * be removed at hot-remove time.
-	 */
-	memblock_add_node(start, size, nid);
+	if (IS_ENABLED(CONFIG_ARCH_KEEP_MEMBLOCK))
+		memblock_add_node(start, size, nid);
 
 	ret = __try_online_node(nid, false);
 	if (ret < 0)
@@ -1076,7 +1071,8 @@ error:
 	/* rollback pgdat allocation and others */
 	if (new_node)
 		rollback_node_hotadd(nid);
-	memblock_remove(start, size);
+	if (IS_ENABLED(CONFIG_ARCH_KEEP_MEMBLOCK))
+		memblock_remove(start, size);
 	mem_hotplug_done();
 	return ret;
 }
@@ -1673,8 +1669,12 @@ static int __ref try_remove_memory(int n
 	mem_hotplug_begin();
 
 	arch_remove_memory(nid, start, size, NULL);
-	memblock_free(start, size);
-	memblock_remove(start, size);
+
+	if (IS_ENABLED(CONFIG_ARCH_KEEP_MEMBLOCK)) {
+		memblock_free(start, size);
+		memblock_remove(start, size);
+	}
+
 	__release_memory_resource(start, size);
 
 	try_offline_node(nid);
_

Patches currently in -mm which might be from david@redhat.com are

mm-page_alloc-fix-watchdog-soft-lockups-during-set_zone_contiguous.patch
drivers-base-memoryc-cache-memory-blocks-in-xarray-to-accelerate-lookup-fix.patch
powerpc-pseries-hotplug-memory-stop-checking-is_mem_section_removable.patch
mm-memory_hotplug-remove-is_mem_section_removable.patch
mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch
mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-return-true-in-cpupid_pid_unset.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (37 preceding siblings ...)
  2020-04-24  0:29 ` + mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch " Andrew Morton
@ 2020-04-24  1:17 ` Andrew Morton
  2020-04-24  1:20 ` + kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix.patch " Andrew Morton
                   ` (28 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  1:17 UTC (permalink / raw)
  To: akpm, mm-commits, yanaijie


The patch titled
     Subject: include/linux/mm.h: return true in cpupid_pid_unset()
has been added to the -mm tree.  Its filename is
     mm-return-true-in-cpupid_pid_unset.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-return-true-in-cpupid_pid_unset.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-return-true-in-cpupid_pid_unset.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Jason Yan <yanaijie@huawei.com>
Subject: include/linux/mm.h: return true in cpupid_pid_unset()

Fix the following coccicheck warning:

include/linux/mm.h:1371:8-9: WARNING: return of 0/1 in function
'cpupid_pid_unset' with return type bool

Link: http://lkml.kernel.org/r/20200422071816.48879-1-yanaijie@huawei.com
Signed-off-by: Jason Yan <yanaijie@huawei.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/mm.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/include/linux/mm.h~mm-return-true-in-cpupid_pid_unset
+++ a/include/linux/mm.h
@@ -1367,7 +1367,7 @@ static inline int cpu_pid_to_cpupid(int
 
 static inline bool cpupid_pid_unset(int cpupid)
 {
-	return 1;
+	return true;
 }
 
 static inline void page_cpupid_reset_last(struct page *page)
_

Patches currently in -mm which might be from yanaijie@huawei.com are

mm-return-true-in-cpupid_pid_unset.patch
userc-make-uidhash_table-static.patch
lib-test_lockupc-make-test_inode-static.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (38 preceding siblings ...)
  2020-04-24  1:17 ` + mm-return-true-in-cpupid_pid_unset.patch " Andrew Morton
@ 2020-04-24  1:20 ` Andrew Morton
  2020-04-24  1:40 ` + mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2.patch " Andrew Morton
                   ` (27 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  1:20 UTC (permalink / raw)
  To: haren, hch, mm-commits, sfr


The patch titled
     Subject: powerpc/vas: fix up for {un}use_mm() rename
has been added to the -mm tree.  Its filename is
     kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Stephen Rothwell <sfr@canb.auug.org.au>
Subject: powerpc/vas: fix up for {un}use_mm() rename

Link: http://lkml.kernel.org/r/20200422163935.5aa93ba5@canb.auug.org.au
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Haren Myneni <haren@linux.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/powerpc/platforms/powernv/vas-fault.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/powerpc/platforms/powernv/vas-fault.c~kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix
+++ a/arch/powerpc/platforms/powernv/vas-fault.c
@@ -127,7 +127,7 @@ static void update_csb(struct vas_window
 		return;
 	}
 
-	use_mm(window->mm);
+	kthread_use_mm(window->mm);
 	rc = copy_to_user(csb_addr, &csb, sizeof(csb));
 	/*
 	 * User space polls on csb.flags (first byte). So add barrier
@@ -139,7 +139,7 @@ static void update_csb(struct vas_window
 		smp_mb();
 		rc = copy_to_user(csb_addr, &csb, sizeof(u8));
 	}
-	unuse_mm(window->mm);
+	kthread_unuse_mm(window->mm);
 	put_task_struct(tsk);
 
 	/* Success */
_

Patches currently in -mm which might be from sfr@canb.auug.org.au are

kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (39 preceding siblings ...)
  2020-04-24  1:20 ` + kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix.patch " Andrew Morton
@ 2020-04-24  1:40 ` Andrew Morton
  2020-04-24  1:47 ` + ipc-convert-ipcs_idr-to-xarray-update.patch " Andrew Morton
                   ` (26 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  1:40 UTC (permalink / raw)
  To: anshuman.khandual, catalin.marinas, mm-commits, will


The patch titled
     Subject: mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2
has been added to the -mm tree.  Its filename is
     mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Anshuman Khandual <anshuman.khandual@arm.com>
Subject: mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2

chang pmd_mknotvalid() to pmd_mkinvalid() per Will

Link: http://lkml.kernel.org/r/1587520326-10099-3-git-send-email-anshuman.khandual@arm.com
Signed-off-by: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/arc/include/asm/hugepage.h       |    2 +-
 arch/arm/include/asm/pgtable-3level.h |    2 +-
 arch/arm64/include/asm/pgtable.h      |    2 +-
 arch/mips/include/asm/pgtable.h       |    2 +-
 arch/x86/include/asm/pgtable.h        |    2 +-
 arch/x86/mm/kmmio.c                   |    2 +-
 mm/pgtable-generic.c                  |    2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

--- a/arch/arc/include/asm/hugepage.h~mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2
+++ a/arch/arc/include/asm/hugepage.h
@@ -26,7 +26,7 @@ static inline pmd_t pte_pmd(pte_t pte)
 #define pmd_mkold(pmd)		pte_pmd(pte_mkold(pmd_pte(pmd)))
 #define pmd_mkyoung(pmd)	pte_pmd(pte_mkyoung(pmd_pte(pmd)))
 #define pmd_mkhuge(pmd)		pte_pmd(pte_mkhuge(pmd_pte(pmd)))
-#define pmd_mknotvalid(pmd)	pte_pmd(pte_mknotpresent(pmd_pte(pmd)))
+#define pmd_mkinvalid(pmd)	pte_pmd(pte_mknotpresent(pmd_pte(pmd)))
 #define pmd_mkclean(pmd)	pte_pmd(pte_mkclean(pmd_pte(pmd)))
 
 #define pmd_write(pmd)		pte_write(pmd_pte(pmd))
--- a/arch/arm64/include/asm/pgtable.h~mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2
+++ a/arch/arm64/include/asm/pgtable.h
@@ -371,7 +371,7 @@ static inline int pmd_protnone(pmd_t pmd
 #define pmd_mkclean(pmd)	pte_pmd(pte_mkclean(pmd_pte(pmd)))
 #define pmd_mkdirty(pmd)	pte_pmd(pte_mkdirty(pmd_pte(pmd)))
 #define pmd_mkyoung(pmd)	pte_pmd(pte_mkyoung(pmd_pte(pmd)))
-#define pmd_mknotvalid(pmd)	(__pmd(pmd_val(pmd) & ~PMD_SECT_VALID))
+#define pmd_mkinvalid(pmd)	(__pmd(pmd_val(pmd) & ~PMD_SECT_VALID))
 
 #define pmd_thp_or_huge(pmd)	(pmd_huge(pmd) || pmd_trans_huge(pmd))
 
--- a/arch/arm/include/asm/pgtable-3level.h~mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2
+++ a/arch/arm/include/asm/pgtable-3level.h
@@ -221,7 +221,7 @@ PMD_BIT_FUNC(mkyoung,   |= PMD_SECT_AF);
 #define pmdp_establish generic_pmdp_establish
 
 /* represent a notpresent pmd by faulting entry, this is used by pmdp_invalidate */
-static inline pmd_t pmd_mknotvalid(pmd_t pmd)
+static inline pmd_t pmd_mkinvalid(pmd_t pmd)
 {
 	return __pmd(pmd_val(pmd) & ~L_PMD_SECT_VALID);
 }
--- a/arch/mips/include/asm/pgtable.h~mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2
+++ a/arch/mips/include/asm/pgtable.h
@@ -631,7 +631,7 @@ static inline pmd_t pmd_modify(pmd_t pmd
 	return pmd;
 }
 
-static inline pmd_t pmd_mknotvalid(pmd_t pmd)
+static inline pmd_t pmd_mkinvalid(pmd_t pmd)
 {
 	pmd_val(pmd) &= ~(_PAGE_PRESENT | _PAGE_VALID | _PAGE_DIRTY);
 
--- a/arch/x86/include/asm/pgtable.h~mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2
+++ a/arch/x86/include/asm/pgtable.h
@@ -624,7 +624,7 @@ static inline pud_t pfn_pud(unsigned lon
 	return __pud(pfn | check_pgprot(pgprot));
 }
 
-static inline pmd_t pmd_mknotvalid(pmd_t pmd)
+static inline pmd_t pmd_mkinvalid(pmd_t pmd)
 {
 	return pfn_pmd(pmd_pfn(pmd),
 		      __pgprot(pmd_flags(pmd) & ~(_PAGE_PRESENT|_PAGE_PROTNONE)));
--- a/arch/x86/mm/kmmio.c~mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2
+++ a/arch/x86/mm/kmmio.c
@@ -130,7 +130,7 @@ static void clear_pmd_presence(pmd_t *pm
 	pmdval_t v = pmd_val(*pmd);
 	if (clear) {
 		*old = v;
-		new_pmd = pmd_mknotvalid(*pmd);
+		new_pmd = pmd_mkinvalid(*pmd);
 	} else {
 		/* Presume this has been called with clear==true previously */
 		new_pmd = __pmd(*old);
--- a/mm/pgtable-generic.c~mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2
+++ a/mm/pgtable-generic.c
@@ -194,7 +194,7 @@ pgtable_t pgtable_trans_huge_withdraw(st
 pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
 		     pmd_t *pmdp)
 {
-	pmd_t old = pmdp_establish(vma, address, pmdp, pmd_mknotvalid(*pmdp));
+	pmd_t old = pmdp_establish(vma, address, pmdp, pmd_mkinvalid(*pmdp));
 	flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE);
 	return old;
 }
_

Patches currently in -mm which might be from anshuman.khandual@arm.com are

powerpc-mm-drop-platform-defined-pmd_mknotpresent.patch
mm-thp-rename-pmd_mknotpresent-as-pmd_mknotvalid.patch
mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2.patch
x86-mm-define-mm_p4d_folded.patch
mm-debug-add-tests-validating-architecture-page-table-helpers.patch
mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + ipc-convert-ipcs_idr-to-xarray-update.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (40 preceding siblings ...)
  2020-04-24  1:40 ` + mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2.patch " Andrew Morton
@ 2020-04-24  1:47 ` Andrew Morton
       [not found]   ` <20200605195848.GB5393@lca.pw>
  2020-12-30 15:44   ` Manfred Spraul
  2020-04-24  2:06 ` + powerpc-spufs-simplify-spufs-core-dumping.patch " Andrew Morton
                   ` (25 subsequent siblings)
  67 siblings, 2 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  1:47 UTC (permalink / raw)
  To: dave, manfred, mm-commits, willy


The patch titled
     Subject: ipc-convert-ipcs_idr-to-xarray-update
has been added to the -mm tree.  Its filename is
     ipc-convert-ipcs_idr-to-xarray-update.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/ipc-convert-ipcs_idr-to-xarray-update.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/ipc-convert-ipcs_idr-to-xarray-update.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Subject: ipc-convert-ipcs_idr-to-xarray-update

implemant change suggested by Manfred

Link: http://lkml.kernel.org/r/20200421183342.GQ5820@bombadil.infradead.org
Signed-off-by: Matthew Wilcox <willy@infradead.org>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/xarray.h |    1 
 ipc/util.c             |   52 +++++++++++++++------------------------
 lib/xarray.c           |    2 -
 3 files changed, 21 insertions(+), 34 deletions(-)

--- a/include/linux/xarray.h~ipc-convert-ipcs_idr-to-xarray-update
+++ a/include/linux/xarray.h
@@ -1501,7 +1501,6 @@ void *xas_find_marked(struct xa_state *,
 void xas_init_marks(const struct xa_state *);
 
 bool xas_nomem(struct xa_state *, gfp_t);
-bool __xas_nomem(struct xa_state *, gfp_t);
 void xas_pause(struct xa_state *);
 
 void xas_create_range(struct xa_state *);
--- a/ipc/util.c~ipc-convert-ipcs_idr-to-xarray-update
+++ a/ipc/util.c
@@ -210,52 +210,40 @@ static inline int ipc_id_alloc(struct ip
 	int err;
 
 	if (get_restore_id(ids) < 0) {
-		XA_STATE(xas, &ids->ipcs, 0);
-		int min_idx, max_idx;
+		int max_idx;
 
 		max_idx = max(ids->in_use*3/2, ipc_min_cycle);
 		max_idx = min(max_idx, ipc_mni) - 1;
 
-		xas_lock(&xas);
+		xa_lock(&ids->ipcs);
 
-		min_idx = ids->next_idx;
-		new->seq = ids->seq;
+		err = __xa_alloc_cyclic(&ids->ipcs, &idx, NULL,
+				XA_LIMIT(0, max_idx), &ids->next_idx,
+				GFP_KERNEL);
+		if (err == 1) {
+			ids->seq++;
+			if (ids->seq >= ipcid_seq_max())
+				ids->seq = 0;
+		}
+
+		if (err >= 0) {
+			new->seq = ids->seq;
+			new->id = (new->seq << ipcmni_seq_shift()) + idx;
+			/* xa_store contains a write barrier */
+			__xa_store(&ids->ipcs, idx, new, GFP_KERNEL);
+		}
 
-		/* Modified version of __xa_alloc */
-		do {
-			xas.xa_index = min_idx;
-			xas_find_marked(&xas, max_idx, XA_FREE_MARK);
-			if (xas.xa_node == XAS_RESTART && min_idx > 0) {
-				ids->seq++;
-				if (ids->seq >= ipcid_seq_max())
-					ids->seq = 0;
-				new->seq = ids->seq;
-				xas.xa_index = 0;
-				min_idx = 0;
-				xas_find_marked(&xas, max_idx, XA_FREE_MARK);
-			}
-			if (xas.xa_node == XAS_RESTART)
-				xas_set_err(&xas, -ENOSPC);
-			else
-				new->id = (new->seq << ipcmni_seq_shift()) +
-					xas.xa_index;
-			xas_store(&xas, new);
-			xas_clear_mark(&xas, XA_FREE_MARK);
-		} while (__xas_nomem(&xas, GFP_KERNEL));
-
-		xas_unlock(&xas);
-		err = xas_error(&xas);
-		idx = xas.xa_index;
+		xa_unlock(&ids->ipcs);
 	} else {
 		new->id = get_restore_id(ids);
 		new->seq = ipcid_to_seqx(new->id);
 		idx = ipcid_to_idx(new->id);
 		err = xa_insert(&ids->ipcs, idx, new, GFP_KERNEL);
-		if (err == -EBUSY)
-			err = -ENOSPC;
 		set_restore_id(ids, -1);
 	}
 
+	if (err == -EBUSY)
+		return -ENOSPC;
 	if (err < 0)
 		return err;
 	return idx;
--- a/lib/xarray.c~ipc-convert-ipcs_idr-to-xarray-update
+++ a/lib/xarray.c
@@ -319,7 +319,7 @@ EXPORT_SYMBOL_GPL(xas_nomem);
  *
  * Return: true if memory was needed, and was successfully allocated.
  */
-bool __xas_nomem(struct xa_state *xas, gfp_t gfp)
+static bool __xas_nomem(struct xa_state *xas, gfp_t gfp)
 	__must_hold(xas->xa->xa_lock)
 {
 	unsigned int lock_type = xa_lock_type(xas->xa);
_

Patches currently in -mm which might be from willy@infradead.org are

mm-move-readahead-prototypes-from-mmh.patch
mm-return-void-from-various-readahead-functions.patch
mm-ignore-return-value-of-readpages.patch
mm-move-readahead-nr_pages-check-into-read_pages.patch
mm-add-new-readahead_control-api.patch
mm-use-readahead_control-to-pass-arguments.patch
mm-rename-various-offset-parameters-to-index.patch
mm-rename-readahead-loop-variable-to-i.patch
mm-remove-page_offset-from-readahead-loop.patch
mm-put-readahead-pages-in-cache-earlier.patch
mm-add-readahead-address-space-operation.patch
mm-move-end_index-check-out-of-readahead-loop.patch
mm-add-page_cache_readahead_unbounded.patch
mm-document-why-we-dont-set-pagereadahead.patch
mm-use-memalloc_nofs_save-in-readahead-path.patch
fs-convert-mpage_readpages-to-mpage_readahead.patch
btrfs-convert-from-readpages-to-readahead.patch
erofs-convert-uncompressed-files-from-readpages-to-readahead.patch
erofs-convert-compressed-files-from-readpages-to-readahead.patch
ext4-convert-from-readpages-to-readahead.patch
ext4-pass-the-inode-to-ext4_mpage_readpages.patch
f2fs-convert-from-readpages-to-readahead.patch
f2fs-pass-the-inode-to-f2fs_mpage_readpages.patch
fuse-convert-from-readpages-to-readahead.patch
fuse-convert-from-readpages-to-readahead-fix.patch
iomap-convert-from-readpages-to-readahead.patch
ipc-convert-ipcs_idr-to-xarray.patch
ipc-convert-ipcs_idr-to-xarray-update.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + powerpc-spufs-simplify-spufs-core-dumping.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (41 preceding siblings ...)
  2020-04-24  1:47 ` + ipc-convert-ipcs_idr-to-xarray-update.patch " Andrew Morton
@ 2020-04-24  2:06 ` Andrew Morton
  2020-04-24  2:06 ` + signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32.patch " Andrew Morton
                   ` (24 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  2:06 UTC (permalink / raw)
  To: arnd, benh, ebiederm, hch, jk, mm-commits, mpe, paulus, viro


The patch titled
     Subject: powerpc/spufs: simplify spufs core dumping
has been added to the -mm tree.  Its filename is
     powerpc-spufs-simplify-spufs-core-dumping.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/powerpc-spufs-simplify-spufs-core-dumping.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/powerpc-spufs-simplify-spufs-core-dumping.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Christoph Hellwig <hch@lst.de>
Subject: powerpc/spufs: simplify spufs core dumping

Patch series "remove set_fs calls from the exec and coredump code", v3.

This series gets rid of playing with the address limit in the exec and
coredump code.  Most of this was fairly trivial, the biggest changes are
those to the spufs coredump code.


This patch (of 7):

Replace the coredump ->read method with a ->dump method that must call
dump_emit itself.  That way we avoid a buffer allocation an messing with
set_fs() to call into code that is intended to deal with user buffers. 
For the ->get case we can now use a small on-stack buffer and avoid memory
allocations as well.

Link: http://lkml.kernel.org/r/20200421154204.252921-1-hch@lst.de
Link: http://lkml.kernel.org/r/20200421154204.252921-2-hch@lst.de
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Jeremy Kerr <jk@ozlabs.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/powerpc/platforms/cell/spufs/coredump.c |   85 +----
 arch/powerpc/platforms/cell/spufs/file.c     |  273 ++++++++---------
 arch/powerpc/platforms/cell/spufs/spufs.h    |    3 
 3 files changed, 169 insertions(+), 192 deletions(-)

--- a/arch/powerpc/platforms/cell/spufs/coredump.c~powerpc-spufs-simplify-spufs-core-dumping
+++ a/arch/powerpc/platforms/cell/spufs/coredump.c
@@ -21,22 +21,6 @@
 
 #include "spufs.h"
 
-static ssize_t do_coredump_read(int num, struct spu_context *ctx, void *buffer,
-				size_t size, loff_t *off)
-{
-	u64 data;
-	int ret;
-
-	if (spufs_coredump_read[num].read)
-		return spufs_coredump_read[num].read(ctx, buffer, size, off);
-
-	data = spufs_coredump_read[num].get(ctx);
-	ret = snprintf(buffer, size, "0x%.16llx", data);
-	if (ret >= size)
-		return size;
-	return ++ret; /* count trailing NULL */
-}
-
 static int spufs_ctx_note_size(struct spu_context *ctx, int dfd)
 {
 	int i, sz, total = 0;
@@ -118,58 +102,43 @@ int spufs_coredump_extra_notes_size(void
 static int spufs_arch_write_note(struct spu_context *ctx, int i,
 				  struct coredump_params *cprm, int dfd)
 {
-	loff_t pos = 0;
-	int sz, rc, total = 0;
-	const int bufsz = PAGE_SIZE;
-	char *name;
-	char fullname[80], *buf;
+	size_t sz = spufs_coredump_read[i].size;
+	char fullname[80];
 	struct elf_note en;
-	size_t skip;
+	size_t ret;
 
-	buf = (void *)get_zeroed_page(GFP_KERNEL);
-	if (!buf)
-		return -ENOMEM;
-
-	name = spufs_coredump_read[i].name;
-	sz = spufs_coredump_read[i].size;
-
-	sprintf(fullname, "SPU/%d/%s", dfd, name);
+	sprintf(fullname, "SPU/%d/%s", dfd, spufs_coredump_read[i].name);
 	en.n_namesz = strlen(fullname) + 1;
 	en.n_descsz = sz;
 	en.n_type = NT_SPU;
 
 	if (!dump_emit(cprm, &en, sizeof(en)))
-		goto Eio;
-
+		return -EIO;
 	if (!dump_emit(cprm, fullname, en.n_namesz))
-		goto Eio;
-
+		return -EIO;
 	if (!dump_align(cprm, 4))
-		goto Eio;
+		return -EIO;
+
+	if (spufs_coredump_read[i].dump) {
+		ret = spufs_coredump_read[i].dump(ctx, cprm);
+		if (ret < 0)
+			return ret;
+	} else {
+		char buf[32];
+
+		ret = snprintf(buf, sizeof(buf), "0x%.16llx",
+			       spufs_coredump_read[i].get(ctx));
+		if (ret >= sizeof(buf))
+			return sizeof(buf);
+
+		/* count trailing the NULL: */
+		if (!dump_emit(cprm, buf, ret + 1))
+			return -EIO;
+	}
 
-	do {
-		rc = do_coredump_read(i, ctx, buf, bufsz, &pos);
-		if (rc > 0) {
-			if (!dump_emit(cprm, buf, rc))
-				goto Eio;
-			total += rc;
-		}
-	} while (rc == bufsz && total < sz);
-
-	if (rc < 0)
-		goto out;
-
-	skip = roundup(cprm->pos - total + sz, 4) - cprm->pos;
-	if (!dump_skip(cprm, skip))
-		goto Eio;
-
-	rc = 0;
-out:
-	free_page((unsigned long)buf);
-	return rc;
-Eio:
-	free_page((unsigned long)buf);
-	return -EIO;
+	if (!dump_skip(cprm, roundup(cprm->pos - ret + sz, 4) - cprm->pos))
+		return -EIO;
+	return 0;
 }
 
 int spufs_coredump_extra_notes_write(struct coredump_params *cprm)
--- a/arch/powerpc/platforms/cell/spufs/file.c~powerpc-spufs-simplify-spufs-core-dumping
+++ a/arch/powerpc/platforms/cell/spufs/file.c
@@ -9,6 +9,7 @@
 
 #undef DEBUG
 
+#include <linux/coredump.h>
 #include <linux/fs.h>
 #include <linux/ioctl.h>
 #include <linux/export.h>
@@ -129,6 +130,14 @@ out:
 	return ret;
 }
 
+static ssize_t spufs_dump_emit(struct coredump_params *cprm, void *buf,
+		size_t size)
+{
+	if (!dump_emit(cprm, buf, size))
+		return -EIO;
+	return size;
+}
+
 #define DEFINE_SPUFS_SIMPLE_ATTRIBUTE(__fops, __get, __set, __fmt)	\
 static int __fops ## _open(struct inode *inode, struct file *file)	\
 {									\
@@ -172,12 +181,9 @@ spufs_mem_release(struct inode *inode, s
 }
 
 static ssize_t
-__spufs_mem_read(struct spu_context *ctx, char __user *buffer,
-			size_t size, loff_t *pos)
+spufs_mem_dump(struct spu_context *ctx, struct coredump_params *cprm)
 {
-	char *local_store = ctx->ops->get_ls(ctx);
-	return simple_read_from_buffer(buffer, size, pos, local_store,
-					LS_SIZE);
+	return spufs_dump_emit(cprm, ctx->ops->get_ls(ctx), LS_SIZE);
 }
 
 static ssize_t
@@ -190,7 +196,8 @@ spufs_mem_read(struct file *file, char _
 	ret = spu_acquire(ctx);
 	if (ret)
 		return ret;
-	ret = __spufs_mem_read(ctx, buffer, size, pos);
+	ret = simple_read_from_buffer(buffer, size, pos, ctx->ops->get_ls(ctx),
+				      LS_SIZE);
 	spu_release(ctx);
 
 	return ret;
@@ -459,12 +466,10 @@ spufs_regs_open(struct inode *inode, str
 }
 
 static ssize_t
-__spufs_regs_read(struct spu_context *ctx, char __user *buffer,
-			size_t size, loff_t *pos)
+spufs_regs_dump(struct spu_context *ctx, struct coredump_params *cprm)
 {
-	struct spu_lscsa *lscsa = ctx->csa.lscsa;
-	return simple_read_from_buffer(buffer, size, pos,
-				      lscsa->gprs, sizeof lscsa->gprs);
+	return spufs_dump_emit(cprm, ctx->csa.lscsa->gprs,
+			       sizeof(ctx->csa.lscsa->gprs));
 }
 
 static ssize_t
@@ -482,7 +487,8 @@ spufs_regs_read(struct file *file, char
 	ret = spu_acquire_saved(ctx);
 	if (ret)
 		return ret;
-	ret = __spufs_regs_read(ctx, buffer, size, pos);
+	ret = simple_read_from_buffer(buffer, size, pos, ctx->csa.lscsa->gprs,
+				      sizeof(ctx->csa.lscsa->gprs));
 	spu_release_saved(ctx);
 	return ret;
 }
@@ -517,12 +523,10 @@ static const struct file_operations spuf
 };
 
 static ssize_t
-__spufs_fpcr_read(struct spu_context *ctx, char __user * buffer,
-			size_t size, loff_t * pos)
+spufs_fpcr_dump(struct spu_context *ctx, struct coredump_params *cprm)
 {
-	struct spu_lscsa *lscsa = ctx->csa.lscsa;
-	return simple_read_from_buffer(buffer, size, pos,
-				      &lscsa->fpcr, sizeof(lscsa->fpcr));
+	return spufs_dump_emit(cprm, &ctx->csa.lscsa->fpcr,
+			       sizeof(ctx->csa.lscsa->fpcr));
 }
 
 static ssize_t
@@ -535,7 +539,8 @@ spufs_fpcr_read(struct file *file, char
 	ret = spu_acquire_saved(ctx);
 	if (ret)
 		return ret;
-	ret = __spufs_fpcr_read(ctx, buffer, size, pos);
+	ret = simple_read_from_buffer(buffer, size, pos, &ctx->csa.lscsa->fpcr,
+				      sizeof(ctx->csa.lscsa->fpcr));
 	spu_release_saved(ctx);
 	return ret;
 }
@@ -967,28 +972,26 @@ spufs_signal1_release(struct inode *inod
 	return 0;
 }
 
-static ssize_t __spufs_signal1_read(struct spu_context *ctx, char __user *buf,
-			size_t len, loff_t *pos)
+static ssize_t spufs_signal1_dump(struct spu_context *ctx,
+		struct coredump_params *cprm)
 {
-	int ret = 0;
-	u32 data;
+	if (!ctx->csa.spu_chnlcnt_RW[3])
+		return 0;
+	return spufs_dump_emit(cprm, &ctx->csa.spu_chnldata_RW[3],
+			       sizeof(ctx->csa.spu_chnldata_RW[3]));
+}
 
-	if (len < 4)
+static ssize_t __spufs_signal1_read(struct spu_context *ctx, char __user *buf,
+			size_t len)
+{
+	if (len < sizeof(ctx->csa.spu_chnldata_RW[3]))
 		return -EINVAL;
-
-	if (ctx->csa.spu_chnlcnt_RW[3]) {
-		data = ctx->csa.spu_chnldata_RW[3];
-		ret = 4;
-	}
-
-	if (!ret)
-		goto out;
-
-	if (copy_to_user(buf, &data, 4))
+	if (!ctx->csa.spu_chnlcnt_RW[3])
+		return 0;
+	if (copy_to_user(buf, &ctx->csa.spu_chnldata_RW[3],
+			 sizeof(ctx->csa.spu_chnldata_RW[3])))
 		return -EFAULT;
-
-out:
-	return ret;
+	return sizeof(ctx->csa.spu_chnldata_RW[3]);
 }
 
 static ssize_t spufs_signal1_read(struct file *file, char __user *buf,
@@ -1000,7 +1003,7 @@ static ssize_t spufs_signal1_read(struct
 	ret = spu_acquire_saved(ctx);
 	if (ret)
 		return ret;
-	ret = __spufs_signal1_read(ctx, buf, len, pos);
+	ret = __spufs_signal1_read(ctx, buf, len);
 	spu_release_saved(ctx);
 
 	return ret;
@@ -1104,28 +1107,26 @@ spufs_signal2_release(struct inode *inod
 	return 0;
 }
 
-static ssize_t __spufs_signal2_read(struct spu_context *ctx, char __user *buf,
-			size_t len, loff_t *pos)
+static ssize_t spufs_signal2_dump(struct spu_context *ctx,
+		struct coredump_params *cprm)
 {
-	int ret = 0;
-	u32 data;
+	if (!ctx->csa.spu_chnlcnt_RW[4])
+		return 0;
+	return spufs_dump_emit(cprm, &ctx->csa.spu_chnldata_RW[4],
+			       sizeof(ctx->csa.spu_chnldata_RW[4]));
+}
 
-	if (len < 4)
+static ssize_t __spufs_signal2_read(struct spu_context *ctx, char __user *buf,
+			size_t len)
+{
+	if (len < sizeof(ctx->csa.spu_chnldata_RW[4]))
 		return -EINVAL;
-
-	if (ctx->csa.spu_chnlcnt_RW[4]) {
-		data =  ctx->csa.spu_chnldata_RW[4];
-		ret = 4;
-	}
-
-	if (!ret)
-		goto out;
-
-	if (copy_to_user(buf, &data, 4))
+	if (!ctx->csa.spu_chnlcnt_RW[4])
+		return 0;
+	if (copy_to_user(buf, &ctx->csa.spu_chnldata_RW[4],
+			 sizeof(ctx->csa.spu_chnldata_RW[4])))
 		return -EFAULT;
-
-out:
-	return ret;
+	return sizeof(ctx->csa.spu_chnldata_RW[4]);
 }
 
 static ssize_t spufs_signal2_read(struct file *file, char __user *buf,
@@ -1137,7 +1138,7 @@ static ssize_t spufs_signal2_read(struct
 	ret = spu_acquire_saved(ctx);
 	if (ret)
 		return ret;
-	ret = __spufs_signal2_read(ctx, buf, len, pos);
+	ret = __spufs_signal2_read(ctx, buf, len);
 	spu_release_saved(ctx);
 
 	return ret;
@@ -1961,18 +1962,13 @@ static const struct file_operations spuf
 	.release	= single_release,
 };
 
-static ssize_t __spufs_mbox_info_read(struct spu_context *ctx,
-			char __user *buf, size_t len, loff_t *pos)
+static ssize_t spufs_mbox_info_dump(struct spu_context *ctx,
+		struct coredump_params *cprm)
 {
-	u32 data;
-
-	/* EOF if there's no entry in the mbox */
 	if (!(ctx->csa.prob.mb_stat_R & 0x0000ff))
 		return 0;
-
-	data = ctx->csa.prob.pu_mb_R;
-
-	return simple_read_from_buffer(buf, len, pos, &data, sizeof data);
+	return spufs_dump_emit(cprm, &ctx->csa.prob.pu_mb_R,
+			       sizeof(ctx->csa.prob.pu_mb_R));
 }
 
 static ssize_t spufs_mbox_info_read(struct file *file, char __user *buf,
@@ -1988,7 +1984,12 @@ static ssize_t spufs_mbox_info_read(stru
 	if (ret)
 		return ret;
 	spin_lock(&ctx->csa.register_lock);
-	ret = __spufs_mbox_info_read(ctx, buf, len, pos);
+	/* EOF if there's no entry in the mbox */
+	if (ctx->csa.prob.mb_stat_R & 0x0000ff) {
+		ret = simple_read_from_buffer(buf, len, pos,
+				&ctx->csa.prob.pu_mb_R,
+				sizeof(ctx->csa.prob.pu_mb_R));
+	}
 	spin_unlock(&ctx->csa.register_lock);
 	spu_release_saved(ctx);
 
@@ -2001,18 +2002,13 @@ static const struct file_operations spuf
 	.llseek  = generic_file_llseek,
 };
 
-static ssize_t __spufs_ibox_info_read(struct spu_context *ctx,
-				char __user *buf, size_t len, loff_t *pos)
+static ssize_t spufs_ibox_info_dump(struct spu_context *ctx,
+		struct coredump_params *cprm)
 {
-	u32 data;
-
-	/* EOF if there's no entry in the ibox */
 	if (!(ctx->csa.prob.mb_stat_R & 0xff0000))
 		return 0;
-
-	data = ctx->csa.priv2.puint_mb_R;
-
-	return simple_read_from_buffer(buf, len, pos, &data, sizeof data);
+	return spufs_dump_emit(cprm, &ctx->csa.priv2.puint_mb_R,
+			       sizeof(ctx->csa.priv2.puint_mb_R));
 }
 
 static ssize_t spufs_ibox_info_read(struct file *file, char __user *buf,
@@ -2028,7 +2024,12 @@ static ssize_t spufs_ibox_info_read(stru
 	if (ret)
 		return ret;
 	spin_lock(&ctx->csa.register_lock);
-	ret = __spufs_ibox_info_read(ctx, buf, len, pos);
+	/* EOF if there's no entry in the ibox */
+	if (ctx->csa.prob.mb_stat_R & 0xff0000) {
+		ret = simple_read_from_buffer(buf, len, pos,
+				&ctx->csa.priv2.puint_mb_R,
+				sizeof(ctx->csa.priv2.puint_mb_R));
+	}
 	spin_unlock(&ctx->csa.register_lock);
 	spu_release_saved(ctx);
 
@@ -2041,21 +2042,16 @@ static const struct file_operations spuf
 	.llseek  = generic_file_llseek,
 };
 
-static ssize_t __spufs_wbox_info_read(struct spu_context *ctx,
-			char __user *buf, size_t len, loff_t *pos)
+static size_t spufs_wbox_info_cnt(struct spu_context *ctx)
 {
-	int i, cnt;
-	u32 data[4];
-	u32 wbox_stat;
-
-	wbox_stat = ctx->csa.prob.mb_stat_R;
-	cnt = 4 - ((wbox_stat & 0x00ff00) >> 8);
-	for (i = 0; i < cnt; i++) {
-		data[i] = ctx->csa.spu_mailbox_data[i];
-	}
+	return (4 - ((ctx->csa.prob.mb_stat_R & 0x00ff00) >> 8)) * sizeof(u32);
+}
 
-	return simple_read_from_buffer(buf, len, pos, &data,
-				cnt * sizeof(u32));
+static ssize_t spufs_wbox_info_dump(struct spu_context *ctx,
+		struct coredump_params *cprm)
+{
+	return spufs_dump_emit(cprm, &ctx->csa.spu_mailbox_data,
+			spufs_wbox_info_cnt(ctx));
 }
 
 static ssize_t spufs_wbox_info_read(struct file *file, char __user *buf,
@@ -2071,7 +2067,8 @@ static ssize_t spufs_wbox_info_read(stru
 	if (ret)
 		return ret;
 	spin_lock(&ctx->csa.register_lock);
-	ret = __spufs_wbox_info_read(ctx, buf, len, pos);
+	ret = simple_read_from_buffer(buf, len, pos, &ctx->csa.spu_mailbox_data,
+				      spufs_wbox_info_cnt(ctx));
 	spin_unlock(&ctx->csa.register_lock);
 	spu_release_saved(ctx);
 
@@ -2084,36 +2081,42 @@ static const struct file_operations spuf
 	.llseek  = generic_file_llseek,
 };
 
-static ssize_t __spufs_dma_info_read(struct spu_context *ctx,
-			char __user *buf, size_t len, loff_t *pos)
+static void __spufs_dma_info_read(struct spu_context *ctx,
+		struct spu_dma_info *info)
 {
-	struct spu_dma_info info;
-	struct mfc_cq_sr *qp, *spuqp;
 	int i;
 
-	info.dma_info_type = ctx->csa.priv2.spu_tag_status_query_RW;
-	info.dma_info_mask = ctx->csa.lscsa->tag_mask.slot[0];
-	info.dma_info_status = ctx->csa.spu_chnldata_RW[24];
-	info.dma_info_stall_and_notify = ctx->csa.spu_chnldata_RW[25];
-	info.dma_info_atomic_command_status = ctx->csa.spu_chnldata_RW[27];
+	info->dma_info_type = ctx->csa.priv2.spu_tag_status_query_RW;
+	info->dma_info_mask = ctx->csa.lscsa->tag_mask.slot[0];
+	info->dma_info_status = ctx->csa.spu_chnldata_RW[24];
+	info->dma_info_stall_and_notify = ctx->csa.spu_chnldata_RW[25];
+	info->dma_info_atomic_command_status = ctx->csa.spu_chnldata_RW[27];
+
 	for (i = 0; i < 16; i++) {
-		qp = &info.dma_info_command_data[i];
-		spuqp = &ctx->csa.priv2.spuq[i];
+		struct mfc_cq_sr *qp = &info->dma_info_command_data[i];
+		struct mfc_cq_sr *spuqp = &ctx->csa.priv2.spuq[i];
 
 		qp->mfc_cq_data0_RW = spuqp->mfc_cq_data0_RW;
 		qp->mfc_cq_data1_RW = spuqp->mfc_cq_data1_RW;
 		qp->mfc_cq_data2_RW = spuqp->mfc_cq_data2_RW;
 		qp->mfc_cq_data3_RW = spuqp->mfc_cq_data3_RW;
 	}
+}
+
+static ssize_t spufs_dma_info_dump(struct spu_context *ctx,
+		struct coredump_params *cprm)
+{
+	struct spu_dma_info info;
 
-	return simple_read_from_buffer(buf, len, pos, &info,
-				sizeof info);
+	__spufs_dma_info_read(ctx, &info);
+	return spufs_dump_emit(cprm, &info, sizeof(info));
 }
 
 static ssize_t spufs_dma_info_read(struct file *file, char __user *buf,
 			      size_t len, loff_t *pos)
 {
 	struct spu_context *ctx = file->private_data;
+	struct spu_dma_info info;
 	int ret;
 
 	if (!access_ok(buf, len))
@@ -2123,7 +2126,8 @@ static ssize_t spufs_dma_info_read(struc
 	if (ret)
 		return ret;
 	spin_lock(&ctx->csa.register_lock);
-	ret = __spufs_dma_info_read(ctx, buf, len, pos);
+	__spufs_dma_info_read(ctx, &info);
+	ret = simple_read_from_buffer(buf, len, pos, &info, sizeof(info));
 	spin_unlock(&ctx->csa.register_lock);
 	spu_release_saved(ctx);
 
@@ -2136,48 +2140,53 @@ static const struct file_operations spuf
 	.llseek = no_llseek,
 };
 
-static ssize_t __spufs_proxydma_info_read(struct spu_context *ctx,
-			char __user *buf, size_t len, loff_t *pos)
+static void __spufs_proxydma_info_read(struct spu_context *ctx,
+	struct spu_proxydma_info *info)
 {
-	struct spu_proxydma_info info;
-	struct mfc_cq_sr *qp, *puqp;
-	int ret = sizeof info;
 	int i;
 
-	if (len < ret)
-		return -EINVAL;
-
-	if (!access_ok(buf, len))
-		return -EFAULT;
+	info->proxydma_info_type = ctx->csa.prob.dma_querytype_RW;
+	info->proxydma_info_mask = ctx->csa.prob.dma_querymask_RW;
+	info->proxydma_info_status = ctx->csa.prob.dma_tagstatus_R;
 
-	info.proxydma_info_type = ctx->csa.prob.dma_querytype_RW;
-	info.proxydma_info_mask = ctx->csa.prob.dma_querymask_RW;
-	info.proxydma_info_status = ctx->csa.prob.dma_tagstatus_R;
 	for (i = 0; i < 8; i++) {
-		qp = &info.proxydma_info_command_data[i];
-		puqp = &ctx->csa.priv2.puq[i];
+		struct mfc_cq_sr *qp = &info->proxydma_info_command_data[i];
+		struct mfc_cq_sr *puqp = &ctx->csa.priv2.puq[i];
 
 		qp->mfc_cq_data0_RW = puqp->mfc_cq_data0_RW;
 		qp->mfc_cq_data1_RW = puqp->mfc_cq_data1_RW;
 		qp->mfc_cq_data2_RW = puqp->mfc_cq_data2_RW;
 		qp->mfc_cq_data3_RW = puqp->mfc_cq_data3_RW;
 	}
+}
+
+static ssize_t spufs_proxydma_info_dump(struct spu_context *ctx,
+		struct coredump_params *cprm)
+{
+	struct spu_proxydma_info info;
 
-	return simple_read_from_buffer(buf, len, pos, &info,
-				sizeof info);
+	__spufs_proxydma_info_read(ctx, &info);
+	return spufs_dump_emit(cprm, &info, sizeof(info));
 }
 
 static ssize_t spufs_proxydma_info_read(struct file *file, char __user *buf,
 				   size_t len, loff_t *pos)
 {
 	struct spu_context *ctx = file->private_data;
+	struct spu_proxydma_info info;
 	int ret;
 
+	if (len < sizeof(info))
+		return -EINVAL;
+	if (!access_ok(buf, len))
+		return -EFAULT;
+
 	ret = spu_acquire_saved(ctx);
 	if (ret)
 		return ret;
 	spin_lock(&ctx->csa.register_lock);
-	ret = __spufs_proxydma_info_read(ctx, buf, len, pos);
+	__spufs_proxydma_info_read(ctx, &info);
+	ret = simple_read_from_buffer(buf, len, pos, &info, sizeof(info));
 	spin_unlock(&ctx->csa.register_lock);
 	spu_release_saved(ctx);
 
@@ -2625,23 +2634,23 @@ const struct spufs_tree_descr spufs_dir_
 };
 
 const struct spufs_coredump_reader spufs_coredump_read[] = {
-	{ "regs", __spufs_regs_read, NULL, sizeof(struct spu_reg128[128])},
-	{ "fpcr", __spufs_fpcr_read, NULL, sizeof(struct spu_reg128) },
+	{ "regs", spufs_regs_dump, NULL, sizeof(struct spu_reg128[128])},
+	{ "fpcr", spufs_fpcr_dump, NULL, sizeof(struct spu_reg128) },
 	{ "lslr", NULL, spufs_lslr_get, 19 },
 	{ "decr", NULL, spufs_decr_get, 19 },
 	{ "decr_status", NULL, spufs_decr_status_get, 19 },
-	{ "mem", __spufs_mem_read, NULL, LS_SIZE, },
-	{ "signal1", __spufs_signal1_read, NULL, sizeof(u32) },
+	{ "mem", spufs_mem_dump, NULL, LS_SIZE, },
+	{ "signal1", spufs_signal1_dump, NULL, sizeof(u32) },
 	{ "signal1_type", NULL, spufs_signal1_type_get, 19 },
-	{ "signal2", __spufs_signal2_read, NULL, sizeof(u32) },
+	{ "signal2", spufs_signal2_dump, NULL, sizeof(u32) },
 	{ "signal2_type", NULL, spufs_signal2_type_get, 19 },
 	{ "event_mask", NULL, spufs_event_mask_get, 19 },
 	{ "event_status", NULL, spufs_event_status_get, 19 },
-	{ "mbox_info", __spufs_mbox_info_read, NULL, sizeof(u32) },
-	{ "ibox_info", __spufs_ibox_info_read, NULL, sizeof(u32) },
-	{ "wbox_info", __spufs_wbox_info_read, NULL, 4 * sizeof(u32)},
-	{ "dma_info", __spufs_dma_info_read, NULL, sizeof(struct spu_dma_info)},
-	{ "proxydma_info", __spufs_proxydma_info_read,
+	{ "mbox_info", spufs_mbox_info_dump, NULL, sizeof(u32) },
+	{ "ibox_info", spufs_ibox_info_dump, NULL, sizeof(u32) },
+	{ "wbox_info", spufs_wbox_info_dump, NULL, 4 * sizeof(u32)},
+	{ "dma_info", spufs_dma_info_dump, NULL, sizeof(struct spu_dma_info)},
+	{ "proxydma_info", spufs_proxydma_info_dump,
 			   NULL, sizeof(struct spu_proxydma_info)},
 	{ "object-id", NULL, spufs_object_id_get, 19 },
 	{ "npc", NULL, spufs_npc_get, 19 },
--- a/arch/powerpc/platforms/cell/spufs/spufs.h~powerpc-spufs-simplify-spufs-core-dumping
+++ a/arch/powerpc/platforms/cell/spufs/spufs.h
@@ -337,8 +337,7 @@ void spufs_dma_callback(struct spu *spu,
 extern struct spu_coredump_calls spufs_coredump_calls;
 struct spufs_coredump_reader {
 	char *name;
-	ssize_t (*read)(struct spu_context *ctx,
-			char __user *buffer, size_t size, loff_t *pos);
+	ssize_t (*dump)(struct spu_context *ctx, struct coredump_params *cprm);
 	u64 (*get)(struct spu_context *ctx);
 	size_t size;
 };
_

Patches currently in -mm which might be from hch@lst.de are

x86-hyperv-use-vmalloc_exec-for-the-hypercall-page.patch
x86-fix-vmap-arguments-in-map_irq_stack.patch
staging-android-ion-use-vmap-instead-of-vm_map_ram.patch
staging-media-ipu3-use-vmap-instead-of-reimplementing-it.patch
dma-mapping-use-vmap-insted-of-reimplementing-it.patch
powerpc-add-an-ioremap_phb-helper.patch
powerpc-remove-__ioremap_at-and-__iounmap_at.patch
mm-remove-__get_vm_area.patch
mm-unexport-unmap_kernel_range_noflush.patch
mm-rename-config_pgtable_mapping-to-config_zsmalloc_pgtable_mapping.patch
mm-only-allow-page-table-mappings-for-built-in-zsmalloc.patch
mm-pass-addr-as-unsigned-long-to-vb_free.patch
mm-remove-vmap_page_range_noflush-and-vunmap_page_range.patch
mm-rename-vmap_page_range-to-map_kernel_range.patch
mm-dont-return-the-number-of-pages-from-map_kernel_range_noflush.patch
mm-remove-map_vm_range.patch
mm-remove-unmap_vmap_area.patch
mm-remove-the-prot-argument-from-vm_map_ram.patch
mm-enforce-that-vmap-cant-map-pages-executable.patch
gpu-drm-remove-the-powerpc-hack-in-drm_legacy_sg_alloc.patch
mm-remove-the-pgprot-argument-to-__vmalloc.patch
mm-remove-the-prot-argument-to-__vmalloc_node.patch
mm-remove-both-instances-of-__vmalloc_node_flags.patch
mm-remove-__vmalloc_node_flags_caller.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node.patch
mm-remove-vmalloc_user_node_flags.patch
arm64-use-__vmalloc_node-in-arch_alloc_vmap_stack.patch
powerpc-use-__vmalloc_node-in-alloc_vm_stack.patch
s390-use-__vmalloc_node-in-stack_alloc.patch
powerpc-spufs-simplify-spufs-core-dumping.patch
binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch
binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch
exec-simplify-the-copy_strings_kernel-calling-convention.patch
exec-open-code-copy_string_kernel.patch
amdgpu-a-null-mm-does-not-mean-a-thread-is-a-kthread.patch
i915-gvt-remove-unused-xen-bits.patch
kernel-move-use_mm-unuse_mm-to-kthreadc.patch
kernel-move-use_mm-unuse_mm-to-kthreadc-v2.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract-v2.patch
kernel-set-user_ds-in-kthread_use_mm.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (42 preceding siblings ...)
  2020-04-24  2:06 ` + powerpc-spufs-simplify-spufs-core-dumping.patch " Andrew Morton
@ 2020-04-24  2:06 ` Andrew Morton
  2020-04-24  2:06 ` + binfmt_elf-femove-the-set_fs-in-fill_siginfo_note.patch " Andrew Morton
                   ` (23 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  2:06 UTC (permalink / raw)
  To: arnd, benh, ebiederm, hch, jk, mm-commits, mpe, paulus, viro


The patch titled
     Subject: signal: factor copy_siginfo_to_external32 from copy_siginfo_to_user32
has been added to the -mm tree.  Its filename is
     signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
Subject: signal: factor copy_siginfo_to_external32 from copy_siginfo_to_user32

To remove the use of set_fs in the coredump code there needs to be a way
to convert a kernel siginfo to a userspace compat siginfo.

Call that function copy_siginfo_to_compat and factor it out of
copy_siginfo_to_user32.

The existence of x32 complicates this code.  On x32 SIGCHLD uses 64bit
times for utime and stime.  As only SIGCHLD is affected and SIGCHLD never
causes a coredump I have avoided handling that case.

Link: http://lkml.kernel.org/r/20200421154204.252921-3-hch@lst.de
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/compat.h |    2 
 kernel/signal.c        |  109 ++++++++++++++++++++++-----------------
 2 files changed, 64 insertions(+), 47 deletions(-)

--- a/include/linux/compat.h~signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32
+++ a/include/linux/compat.h
@@ -402,6 +402,8 @@ long compat_get_bitmap(unsigned long *ma
 		       unsigned long bitmap_size);
 long compat_put_bitmap(compat_ulong_t __user *umask, unsigned long *mask,
 		       unsigned long bitmap_size);
+void copy_siginfo_to_external32(struct compat_siginfo *to,
+		const struct kernel_siginfo *from);
 int copy_siginfo_from_user32(kernel_siginfo_t *to, const struct compat_siginfo __user *from);
 int copy_siginfo_to_user32(struct compat_siginfo __user *to, const kernel_siginfo_t *from);
 int get_compat_sigevent(struct sigevent *event,
--- a/kernel/signal.c~signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32
+++ a/kernel/signal.c
@@ -3231,94 +3231,109 @@ int copy_siginfo_from_user(kernel_siginf
 }
 
 #ifdef CONFIG_COMPAT
-int copy_siginfo_to_user32(struct compat_siginfo __user *to,
-			   const struct kernel_siginfo *from)
-#if defined(CONFIG_X86_X32_ABI) || defined(CONFIG_IA32_EMULATION)
-{
-	return __copy_siginfo_to_user32(to, from, in_x32_syscall());
-}
-int __copy_siginfo_to_user32(struct compat_siginfo __user *to,
-			     const struct kernel_siginfo *from, bool x32_ABI)
-#endif
+void copy_siginfo_to_external32(struct compat_siginfo *to,
+				const struct kernel_siginfo *from)
 {
-	struct compat_siginfo new;
-	memset(&new, 0, sizeof(new));
+	/*
+	 * This function does not work properly for SIGCHLD on x32,
+	 * but it does not need to as SIGCHLD never causes a coredump.
+	 */
+	memset(to, 0, sizeof(*to));
 
-	new.si_signo = from->si_signo;
-	new.si_errno = from->si_errno;
-	new.si_code  = from->si_code;
+	to->si_signo = from->si_signo;
+	to->si_errno = from->si_errno;
+	to->si_code  = from->si_code;
 	switch(siginfo_layout(from->si_signo, from->si_code)) {
 	case SIL_KILL:
-		new.si_pid = from->si_pid;
-		new.si_uid = from->si_uid;
+		to->si_pid = from->si_pid;
+		to->si_uid = from->si_uid;
 		break;
 	case SIL_TIMER:
-		new.si_tid     = from->si_tid;
-		new.si_overrun = from->si_overrun;
-		new.si_int     = from->si_int;
+		to->si_tid     = from->si_tid;
+		to->si_overrun = from->si_overrun;
+		to->si_int     = from->si_int;
 		break;
 	case SIL_POLL:
-		new.si_band = from->si_band;
-		new.si_fd   = from->si_fd;
+		to->si_band = from->si_band;
+		to->si_fd   = from->si_fd;
 		break;
 	case SIL_FAULT:
-		new.si_addr = ptr_to_compat(from->si_addr);
+		to->si_addr = ptr_to_compat(from->si_addr);
 #ifdef __ARCH_SI_TRAPNO
-		new.si_trapno = from->si_trapno;
+		to->si_trapno = from->si_trapno;
 #endif
 		break;
 	case SIL_FAULT_MCEERR:
-		new.si_addr = ptr_to_compat(from->si_addr);
+		to->si_addr = ptr_to_compat(from->si_addr);
 #ifdef __ARCH_SI_TRAPNO
-		new.si_trapno = from->si_trapno;
+		to->si_trapno = from->si_trapno;
 #endif
-		new.si_addr_lsb = from->si_addr_lsb;
+		to->si_addr_lsb = from->si_addr_lsb;
 		break;
 	case SIL_FAULT_BNDERR:
-		new.si_addr = ptr_to_compat(from->si_addr);
+		to->si_addr = ptr_to_compat(from->si_addr);
 #ifdef __ARCH_SI_TRAPNO
-		new.si_trapno = from->si_trapno;
+		to->si_trapno = from->si_trapno;
 #endif
-		new.si_lower = ptr_to_compat(from->si_lower);
-		new.si_upper = ptr_to_compat(from->si_upper);
+		to->si_lower = ptr_to_compat(from->si_lower);
+		to->si_upper = ptr_to_compat(from->si_upper);
 		break;
 	case SIL_FAULT_PKUERR:
-		new.si_addr = ptr_to_compat(from->si_addr);
+		to->si_addr = ptr_to_compat(from->si_addr);
 #ifdef __ARCH_SI_TRAPNO
-		new.si_trapno = from->si_trapno;
+		to->si_trapno = from->si_trapno;
 #endif
-		new.si_pkey = from->si_pkey;
+		to->si_pkey = from->si_pkey;
 		break;
 	case SIL_CHLD:
-		new.si_pid    = from->si_pid;
-		new.si_uid    = from->si_uid;
-		new.si_status = from->si_status;
+		to->si_pid    = from->si_pid;
+		to->si_uid    = from->si_uid;
+		to->si_status = from->si_status;
+		to->si_utime = from->si_utime;
+		to->si_stime = from->si_stime;
 #ifdef CONFIG_X86_X32_ABI
 		if (x32_ABI) {
-			new._sifields._sigchld_x32._utime = from->si_utime;
-			new._sifields._sigchld_x32._stime = from->si_stime;
+			to->_sifields._sigchld_x32._utime = from->si_utime;
+			to->_sifields._sigchld_x32._stime = from->si_stime;
 		} else
 #endif
 		{
-			new.si_utime = from->si_utime;
-			new.si_stime = from->si_stime;
 		}
 		break;
 	case SIL_RT:
-		new.si_pid = from->si_pid;
-		new.si_uid = from->si_uid;
-		new.si_int = from->si_int;
+		to->si_pid = from->si_pid;
+		to->si_uid = from->si_uid;
+		to->si_int = from->si_int;
 		break;
 	case SIL_SYS:
-		new.si_call_addr = ptr_to_compat(from->si_call_addr);
-		new.si_syscall   = from->si_syscall;
-		new.si_arch      = from->si_arch;
+		to->si_call_addr = ptr_to_compat(from->si_call_addr);
+		to->si_syscall   = from->si_syscall;
+		to->si_arch      = from->si_arch;
 		break;
 	}
+}
 
+int copy_siginfo_to_user32(struct compat_siginfo __user *to,
+			   const struct kernel_siginfo *from)
+#if defined(CONFIG_X86_X32_ABI) || defined(CONFIG_IA32_EMULATION)
+{
+	return __copy_siginfo_to_user32(to, from, in_x32_syscall());
+}
+int __copy_siginfo_to_user32(struct compat_siginfo __user *to,
+			     const struct kernel_siginfo *from, bool x32_ABI)
+#endif
+{
+	struct compat_siginfo new;
+
+	copy_siginfo_to_external32(&new, from);
+#ifdef CONFIG_X86_X32_ABI
+	if (x32_ABI && from->si_signo == SIGCHLD) {
+		new._sifields._sigchld_x32._utime = from->si_utime;
+		new._sifields._sigchld_x32._stime = from->si_stime;
+	}
+#endif
 	if (copy_to_user(to, &new, sizeof(struct compat_siginfo)))
 		return -EFAULT;

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + binfmt_elf-femove-the-set_fs-in-fill_siginfo_note.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (43 preceding siblings ...)
  2020-04-24  2:06 ` + signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32.patch " Andrew Morton
@ 2020-04-24  2:06 ` Andrew Morton
  2020-04-24  2:06 ` + binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch " Andrew Morton
                   ` (22 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  2:06 UTC (permalink / raw)
  To: arnd, benh, ebiederm, hch, jk, mm-commits, mpe, paulus, viro


The patch titled
     Subject: binfmt_elf: femove the set_fs in fill_siginfo_note
has been added to the -mm tree.  Its filename is
     binfmt_elf-femove-the-set_fs-in-fill_siginfo_note.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/binfmt_elf-femove-the-set_fs-in-fill_siginfo_note.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/binfmt_elf-femove-the-set_fs-in-fill_siginfo_note.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: "Eric W. Biederman" <ebiederm@xmission.com>
Subject: binfmt_elf: femove the set_fs in fill_siginfo_note

The code in binfmt_elf.c is different from the rest of the code that
processes siginfo, as it sends siginfo from a kernel buffer to a file
rather than from kernel memory to userspace buffers.  To remove its use of
set_fs the code needs some different siginfo helpers.

Add the helper copy_siginfo_to_external to copy from the kernel's internal
siginfo layout to a buffer in the siginfo layout that userspace expects.

Modify fill_siginfo_note to use copy_siginfo_to_external instead of set_fs
and copy_siginfo_to_user.

Update compat_binfmt_elf.c to use the previously added
copy_siginfo_to_external32 to handle the compat case.

Link: http://lkml.kernel.org/r/20200421154204.252921-4-hch@lst.de
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/binfmt_elf.c        |    5 +----
 fs/compat_binfmt_elf.c |    2 +-
 include/linux/signal.h |    8 ++++++++
 3 files changed, 10 insertions(+), 5 deletions(-)

--- a/fs/binfmt_elf.c~binfmt_elf-femove-the-set_fs-in-fill_siginfo_note
+++ a/fs/binfmt_elf.c
@@ -1552,10 +1552,7 @@ static void fill_auxv_note(struct memelf
 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
 		const kernel_siginfo_t *siginfo)
 {
-	mm_segment_t old_fs = get_fs();
-	set_fs(KERNEL_DS);
-	copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
-	set_fs(old_fs);
+	copy_siginfo_to_external(csigdata, siginfo);
 	fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
 }
 
--- a/fs/compat_binfmt_elf.c~binfmt_elf-femove-the-set_fs-in-fill_siginfo_note
+++ a/fs/compat_binfmt_elf.c
@@ -39,7 +39,7 @@
  */
 #define user_long_t		compat_long_t
 #define user_siginfo_t		compat_siginfo_t
-#define copy_siginfo_to_user	copy_siginfo_to_user32
+#define copy_siginfo_to_external	copy_siginfo_to_external32
 
 /*
  * The machine-dependent core note format types are defined in elfcore-compat.h,
--- a/include/linux/signal.h~binfmt_elf-femove-the-set_fs-in-fill_siginfo_note
+++ a/include/linux/signal.h
@@ -24,6 +24,14 @@ static inline void clear_siginfo(kernel_
 
 #define SI_EXPANSION_SIZE (sizeof(struct siginfo) - sizeof(struct kernel_siginfo))
 
+static inline void copy_siginfo_to_external(siginfo_t *to,
+					    const kernel_siginfo_t *from)
+{
+	memcpy(to, from, sizeof(*from));
+	memset(((char *)to) + sizeof(struct kernel_siginfo), 0,
+		SI_EXPANSION_SIZE);
+}
+
 int copy_siginfo_to_user(siginfo_t __user *to, const kernel_siginfo_t *from);
 int copy_siginfo_from_user(kernel_siginfo_t *to, const siginfo_t __user *from);
 
_

Patches currently in -mm which might be from ebiederm@xmission.com are

signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32.patch
binfmt_elf-femove-the-set_fs-in-fill_siginfo_note.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (44 preceding siblings ...)
  2020-04-24  2:06 ` + binfmt_elf-femove-the-set_fs-in-fill_siginfo_note.patch " Andrew Morton
@ 2020-04-24  2:06 ` Andrew Morton
  2020-04-24  2:06 ` + binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch " Andrew Morton
                   ` (21 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  2:06 UTC (permalink / raw)
  To: arnd, benh, ebiederm, hch, jk, mm-commits, mpe, paulus, viro


The patch titled
     Subject: binfmt_elf: remove the set_fs(KERNEL_DS) in elf_core_dump
has been added to the -mm tree.  Its filename is
     binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Christoph Hellwig <hch@lst.de>
Subject: binfmt_elf: remove the set_fs(KERNEL_DS) in elf_core_dump

There is no logic in elf_core_dump itself, or in the various arch helpers
called from it which use uaccess routines on kernel pointers except for
the file writes thate are nicely encapsulated by using __kernel_write in
dump_emit.

Link: http://lkml.kernel.org/r/20200421154204.252921-5-hch@lst.de
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/binfmt_elf.c |   40 +++++++++++++---------------------------
 1 file changed, 13 insertions(+), 27 deletions(-)

--- a/fs/binfmt_elf.c~binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump
+++ a/fs/binfmt_elf.c
@@ -1351,7 +1351,6 @@ static unsigned long vma_dump_size(struc
 	    vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
 		u32 __user *header = (u32 __user *) vma->vm_start;
 		u32 word;
-		mm_segment_t fs = get_fs();
 		/*
 		 * Doing it this way gets the constant folded by GCC.
 		 */
@@ -1364,14 +1363,8 @@ static unsigned long vma_dump_size(struc
 		magic.elfmag[EI_MAG1] = ELFMAG1;
 		magic.elfmag[EI_MAG2] = ELFMAG2;
 		magic.elfmag[EI_MAG3] = ELFMAG3;
-		/*
-		 * Switch to the user "segment" for get_user(),
-		 * then put back what elf_core_dump() had in place.
-		 */
-		set_fs(USER_DS);
 		if (unlikely(get_user(word, header)))
 			word = 0;
-		set_fs(fs);
 		if (word == magic.cmp)
 			return PAGE_SIZE;
 	}
@@ -2179,7 +2172,6 @@ static void fill_extnum_info(struct elfh
 static int elf_core_dump(struct coredump_params *cprm)
 {
 	int has_dumped = 0;
-	mm_segment_t fs;
 	int segs, i;
 	size_t vma_data_size = 0;
 	struct vm_area_struct *vma, *gate_vma;
@@ -2232,9 +2224,6 @@ static int elf_core_dump(struct coredump
 
 	has_dumped = 1;
 
-	fs = get_fs();
-	set_fs(KERNEL_DS);
-
 	offset += sizeof(elf);				/* Elf header */
 	offset += segs * sizeof(struct elf_phdr);	/* Program headers */
 
@@ -2246,7 +2235,7 @@ static int elf_core_dump(struct coredump
 
 		phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
 		if (!phdr4note)
-			goto end_coredump;
+			goto cleanup;
 
 		fill_elf_note_phdr(phdr4note, sz, offset);
 		offset += sz;
@@ -2261,7 +2250,7 @@ static int elf_core_dump(struct coredump
 	vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
 			      GFP_KERNEL);
 	if (!vma_filesz)
-		goto end_coredump;
+		goto cleanup;
 
 	for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
 			vma = next_vma(vma, gate_vma)) {
@@ -2279,17 +2268,17 @@ static int elf_core_dump(struct coredump
 	if (e_phnum == PN_XNUM) {
 		shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
 		if (!shdr4extnum)
-			goto end_coredump;
+			goto cleanup;
 		fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
 	}
 
 	offset = dataoff;
 
 	if (!dump_emit(cprm, &elf, sizeof(elf)))
-		goto end_coredump;
+		goto cleanup;
 
 	if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
-		goto end_coredump;
+		goto cleanup;
 
 	/* Write program headers for segments dump */
 	for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
@@ -2311,22 +2300,22 @@ static int elf_core_dump(struct coredump
 		phdr.p_align = ELF_EXEC_PAGESIZE;
 
 		if (!dump_emit(cprm, &phdr, sizeof(phdr)))
-			goto end_coredump;
+			goto cleanup;
 	}
 
 	if (!elf_core_write_extra_phdrs(cprm, offset))
-		goto end_coredump;
+		goto cleanup;
 
  	/* write out the notes section */
 	if (!write_note_info(&info, cprm))
-		goto end_coredump;
+		goto cleanup;
 
 	if (elf_coredump_extra_notes_write(cprm))
-		goto end_coredump;
+		goto cleanup;
 
 	/* Align to page */
 	if (!dump_skip(cprm, dataoff - cprm->pos))
-		goto end_coredump;
+		goto cleanup;
 
 	for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
 			vma = next_vma(vma, gate_vma)) {
@@ -2348,22 +2337,19 @@ static int elf_core_dump(struct coredump
 			} else
 				stop = !dump_skip(cprm, PAGE_SIZE);
 			if (stop)
-				goto end_coredump;
+				goto cleanup;
 		}
 	}
 	dump_truncate(cprm);
 
 	if (!elf_core_write_extra_data(cprm))
-		goto end_coredump;
+		goto cleanup;
 
 	if (e_phnum == PN_XNUM) {
 		if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
-			goto end_coredump;
+			goto cleanup;
 	}
 
-end_coredump:
-	set_fs(fs);
-
 cleanup:
 	free_note_info(&info);
 	kfree(shdr4extnum);
_

Patches currently in -mm which might be from hch@lst.de are

x86-hyperv-use-vmalloc_exec-for-the-hypercall-page.patch
x86-fix-vmap-arguments-in-map_irq_stack.patch
staging-android-ion-use-vmap-instead-of-vm_map_ram.patch
staging-media-ipu3-use-vmap-instead-of-reimplementing-it.patch
dma-mapping-use-vmap-insted-of-reimplementing-it.patch
powerpc-add-an-ioremap_phb-helper.patch
powerpc-remove-__ioremap_at-and-__iounmap_at.patch
mm-remove-__get_vm_area.patch
mm-unexport-unmap_kernel_range_noflush.patch
mm-rename-config_pgtable_mapping-to-config_zsmalloc_pgtable_mapping.patch
mm-only-allow-page-table-mappings-for-built-in-zsmalloc.patch
mm-pass-addr-as-unsigned-long-to-vb_free.patch
mm-remove-vmap_page_range_noflush-and-vunmap_page_range.patch
mm-rename-vmap_page_range-to-map_kernel_range.patch
mm-dont-return-the-number-of-pages-from-map_kernel_range_noflush.patch
mm-remove-map_vm_range.patch
mm-remove-unmap_vmap_area.patch
mm-remove-the-prot-argument-from-vm_map_ram.patch
mm-enforce-that-vmap-cant-map-pages-executable.patch
gpu-drm-remove-the-powerpc-hack-in-drm_legacy_sg_alloc.patch
mm-remove-the-pgprot-argument-to-__vmalloc.patch
mm-remove-the-prot-argument-to-__vmalloc_node.patch
mm-remove-both-instances-of-__vmalloc_node_flags.patch
mm-remove-__vmalloc_node_flags_caller.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node.patch
mm-remove-vmalloc_user_node_flags.patch
arm64-use-__vmalloc_node-in-arch_alloc_vmap_stack.patch
powerpc-use-__vmalloc_node-in-alloc_vm_stack.patch
s390-use-__vmalloc_node-in-stack_alloc.patch
powerpc-spufs-simplify-spufs-core-dumping.patch
binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch
binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch
exec-simplify-the-copy_strings_kernel-calling-convention.patch
exec-open-code-copy_string_kernel.patch
amdgpu-a-null-mm-does-not-mean-a-thread-is-a-kthread.patch
i915-gvt-remove-unused-xen-bits.patch
kernel-move-use_mm-unuse_mm-to-kthreadc.patch
kernel-move-use_mm-unuse_mm-to-kthreadc-v2.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract-v2.patch
kernel-set-user_ds-in-kthread_use_mm.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (45 preceding siblings ...)
  2020-04-24  2:06 ` + binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch " Andrew Morton
@ 2020-04-24  2:06 ` Andrew Morton
  2020-04-24  2:06 ` + exec-simplify-the-copy_strings_kernel-calling-convention.patch " Andrew Morton
                   ` (20 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  2:06 UTC (permalink / raw)
  To: arnd, benh, ebiederm, hch, jk, mm-commits, mpe, paulus, viro


The patch titled
     Subject: binfmt_elf_fdpic: remove the set_fs(KERNEL_DS) in elf_fdpic_core_dump
has been added to the -mm tree.  Its filename is
     binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Christoph Hellwig <hch@lst.de>
Subject: binfmt_elf_fdpic: remove the set_fs(KERNEL_DS) in elf_fdpic_core_dump

There is no logic in elf_fdpic_core_dump itself, or in the various arch
helpers called from it which use uaccess routines on kernel pointers
except for the file writes thate are nicely encapsulated by using
__kernel_write in dump_emit.

Link: http://lkml.kernel.org/r/20200421154204.252921-6-hch@lst.de Signed-off-by:
Christoph Hellwig <hch@lst.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/binfmt_elf_fdpic.c |   31 ++++++++++++-------------------
 1 file changed, 12 insertions(+), 19 deletions(-)

--- a/fs/binfmt_elf_fdpic.c~binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump
+++ a/fs/binfmt_elf_fdpic.c
@@ -1549,7 +1549,6 @@ static int elf_fdpic_core_dump(struct co
 {
 #define	NUM_NOTES	6
 	int has_dumped = 0;
-	mm_segment_t fs;
 	int segs;
 	int i;
 	struct vm_area_struct *vma;
@@ -1678,9 +1677,6 @@ static int elf_fdpic_core_dump(struct co
 			  "LINUX", ELF_CORE_XFPREG_TYPE, sizeof(*xfpu), xfpu);
 #endif
 
-	fs = get_fs();
-	set_fs(KERNEL_DS);
-
 	offset += sizeof(*elf);				/* Elf header */
 	offset += segs * sizeof(struct elf_phdr);	/* Program headers */
 
@@ -1695,7 +1691,7 @@ static int elf_fdpic_core_dump(struct co
 
 		phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
 		if (!phdr4note)
-			goto end_coredump;
+			goto cleanup;
 
 		fill_elf_note_phdr(phdr4note, sz, offset);
 		offset += sz;
@@ -1711,17 +1707,17 @@ static int elf_fdpic_core_dump(struct co
 	if (e_phnum == PN_XNUM) {
 		shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
 		if (!shdr4extnum)
-			goto end_coredump;
+			goto cleanup;
 		fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
 	}
 
 	offset = dataoff;
 
 	if (!dump_emit(cprm, elf, sizeof(*elf)))
-		goto end_coredump;
+		goto cleanup;
 
 	if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
-		goto end_coredump;
+		goto cleanup;
 
 	/* write program headers for segments dump */
 	for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
@@ -1745,16 +1741,16 @@ static int elf_fdpic_core_dump(struct co
 		phdr.p_align = ELF_EXEC_PAGESIZE;
 
 		if (!dump_emit(cprm, &phdr, sizeof(phdr)))
-			goto end_coredump;
+			goto cleanup;
 	}
 
 	if (!elf_core_write_extra_phdrs(cprm, offset))
-		goto end_coredump;
+		goto cleanup;
 
  	/* write out the notes section */
 	for (i = 0; i < numnote; i++)
 		if (!writenote(notes + i, cprm))
-			goto end_coredump;
+			goto cleanup;
 
 	/* write out the thread status notes section */
 	list_for_each(t, &thread_list) {
@@ -1763,21 +1759,21 @@ static int elf_fdpic_core_dump(struct co
 
 		for (i = 0; i < tmp->num_notes; i++)
 			if (!writenote(&tmp->notes[i], cprm))
-				goto end_coredump;
+				goto cleanup;
 	}
 
 	if (!dump_skip(cprm, dataoff - cprm->pos))
-		goto end_coredump;
+		goto cleanup;
 
 	if (!elf_fdpic_dump_segments(cprm))
-		goto end_coredump;
+		goto cleanup;
 
 	if (!elf_core_write_extra_data(cprm))
-		goto end_coredump;
+		goto cleanup;
 
 	if (e_phnum == PN_XNUM) {
 		if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
-			goto end_coredump;
+			goto cleanup;
 	}
 
 	if (cprm->file->f_pos != offset) {
@@ -1787,9 +1783,6 @@ static int elf_fdpic_core_dump(struct co
 		       cprm->file->f_pos, offset);
 	}
 
-end_coredump:
-	set_fs(fs);
-
 cleanup:
 	while (!list_empty(&thread_list)) {
 		struct list_head *tmp = thread_list.next;
_

Patches currently in -mm which might be from hch@lst.de are

x86-hyperv-use-vmalloc_exec-for-the-hypercall-page.patch
x86-fix-vmap-arguments-in-map_irq_stack.patch
staging-android-ion-use-vmap-instead-of-vm_map_ram.patch
staging-media-ipu3-use-vmap-instead-of-reimplementing-it.patch
dma-mapping-use-vmap-insted-of-reimplementing-it.patch
powerpc-add-an-ioremap_phb-helper.patch
powerpc-remove-__ioremap_at-and-__iounmap_at.patch
mm-remove-__get_vm_area.patch
mm-unexport-unmap_kernel_range_noflush.patch
mm-rename-config_pgtable_mapping-to-config_zsmalloc_pgtable_mapping.patch
mm-only-allow-page-table-mappings-for-built-in-zsmalloc.patch
mm-pass-addr-as-unsigned-long-to-vb_free.patch
mm-remove-vmap_page_range_noflush-and-vunmap_page_range.patch
mm-rename-vmap_page_range-to-map_kernel_range.patch
mm-dont-return-the-number-of-pages-from-map_kernel_range_noflush.patch
mm-remove-map_vm_range.patch
mm-remove-unmap_vmap_area.patch
mm-remove-the-prot-argument-from-vm_map_ram.patch
mm-enforce-that-vmap-cant-map-pages-executable.patch
gpu-drm-remove-the-powerpc-hack-in-drm_legacy_sg_alloc.patch
mm-remove-the-pgprot-argument-to-__vmalloc.patch
mm-remove-the-prot-argument-to-__vmalloc_node.patch
mm-remove-both-instances-of-__vmalloc_node_flags.patch
mm-remove-__vmalloc_node_flags_caller.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node.patch
mm-remove-vmalloc_user_node_flags.patch
arm64-use-__vmalloc_node-in-arch_alloc_vmap_stack.patch
powerpc-use-__vmalloc_node-in-alloc_vm_stack.patch
s390-use-__vmalloc_node-in-stack_alloc.patch
powerpc-spufs-simplify-spufs-core-dumping.patch
binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch
binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch
exec-simplify-the-copy_strings_kernel-calling-convention.patch
exec-open-code-copy_string_kernel.patch
amdgpu-a-null-mm-does-not-mean-a-thread-is-a-kthread.patch
i915-gvt-remove-unused-xen-bits.patch
kernel-move-use_mm-unuse_mm-to-kthreadc.patch
kernel-move-use_mm-unuse_mm-to-kthreadc-v2.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract-v2.patch
kernel-set-user_ds-in-kthread_use_mm.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + exec-simplify-the-copy_strings_kernel-calling-convention.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (46 preceding siblings ...)
  2020-04-24  2:06 ` + binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch " Andrew Morton
@ 2020-04-24  2:06 ` Andrew Morton
  2020-04-24  2:06 ` + exec-open-code-copy_string_kernel.patch " Andrew Morton
                   ` (19 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  2:06 UTC (permalink / raw)
  To: arnd, benh, ebiederm, hch, jk, mm-commits, mpe, paulus, viro


The patch titled
     Subject: exec: simplify the copy_strings_kernel calling convention
has been added to the -mm tree.  Its filename is
     exec-simplify-the-copy_strings_kernel-calling-convention.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/exec-simplify-the-copy_strings_kernel-calling-convention.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/exec-simplify-the-copy_strings_kernel-calling-convention.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Christoph Hellwig <hch@lst.de>
Subject: exec: simplify the copy_strings_kernel calling convention

copy_strings_kernel is always used with a single argument, adjust the
calling convention to that.

Link: http://lkml.kernel.org/r/20200421154204.252921-7-hch@lst.de
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/binfmt_em86.c        |    6 +++---
 fs/binfmt_misc.c        |    4 ++--
 fs/binfmt_script.c      |    6 +++---
 fs/exec.c               |   13 ++++++-------
 include/linux/binfmts.h |    3 +--
 5 files changed, 15 insertions(+), 17 deletions(-)

--- a/fs/binfmt_em86.c~exec-simplify-the-copy_strings_kernel-calling-convention
+++ a/fs/binfmt_em86.c
@@ -68,15 +68,15 @@ static int load_em86(struct linux_binprm
 	 * user environment and arguments are stored.
 	 */
 	remove_arg_zero(bprm);
-	retval = copy_strings_kernel(1, &bprm->filename, bprm);
+	retval = copy_string_kernel(bprm->filename, bprm);
 	if (retval < 0) return retval; 
 	bprm->argc++;
 	if (i_arg) {
-		retval = copy_strings_kernel(1, &i_arg, bprm);
+		retval = copy_string_kernel(i_arg, bprm);
 		if (retval < 0) return retval; 
 		bprm->argc++;
 	}
-	retval = copy_strings_kernel(1, &i_name, bprm);
+	retval = copy_string_kernel(i_name, bprm);
 	if (retval < 0)	return retval;
 	bprm->argc++;
 
--- a/fs/binfmt_misc.c~exec-simplify-the-copy_strings_kernel-calling-convention
+++ a/fs/binfmt_misc.c
@@ -190,13 +190,13 @@ static int load_misc_binary(struct linux
 		bprm->file = NULL;
 	}
 	/* make argv[1] be the path to the binary */
-	retval = copy_strings_kernel(1, &bprm->interp, bprm);
+	retval = copy_string_kernel(bprm->interp, bprm);
 	if (retval < 0)
 		goto error;
 	bprm->argc++;
 
 	/* add the interp as argv[0] */
-	retval = copy_strings_kernel(1, &fmt->interpreter, bprm);
+	retval = copy_string_kernel(fmt->interpreter, bprm);
 	if (retval < 0)
 		goto error;
 	bprm->argc++;
--- a/fs/binfmt_script.c~exec-simplify-the-copy_strings_kernel-calling-convention
+++ a/fs/binfmt_script.c
@@ -117,17 +117,17 @@ static int load_script(struct linux_binp
 	retval = remove_arg_zero(bprm);
 	if (retval)
 		return retval;
-	retval = copy_strings_kernel(1, &bprm->interp, bprm);
+	retval = copy_string_kernel(bprm->interp, bprm);
 	if (retval < 0)
 		return retval;
 	bprm->argc++;
 	if (i_arg) {
-		retval = copy_strings_kernel(1, &i_arg, bprm);
+		retval = copy_string_kernel(i_arg, bprm);
 		if (retval < 0)
 			return retval;
 		bprm->argc++;
 	}
-	retval = copy_strings_kernel(1, &i_name, bprm);
+	retval = copy_string_kernel(i_name, bprm);
 	if (retval)
 		return retval;
 	bprm->argc++;
--- a/fs/exec.c~exec-simplify-the-copy_strings_kernel-calling-convention
+++ a/fs/exec.c
@@ -588,24 +588,23 @@ out:
 }
 
 /*
- * Like copy_strings, but get argv and its values from kernel memory.
+ * Copy and argument/environment string from the kernel to the processes stack.
  */
-int copy_strings_kernel(int argc, const char *const *__argv,
-			struct linux_binprm *bprm)
+int copy_string_kernel(const char *arg, struct linux_binprm *bprm)
 {
 	int r;
 	mm_segment_t oldfs = get_fs();
 	struct user_arg_ptr argv = {
-		.ptr.native = (const char __user *const  __user *)__argv,
+		.ptr.native = (const char __user *const  __user *)&arg,
 	};
 
 	set_fs(KERNEL_DS);
-	r = copy_strings(argc, argv, bprm);
+	r = copy_strings(1, argv, bprm);
 	set_fs(oldfs);
 
 	return r;
 }
-EXPORT_SYMBOL(copy_strings_kernel);
+EXPORT_SYMBOL(copy_string_kernel);
 
 #ifdef CONFIG_MMU
 
@@ -1863,7 +1862,7 @@ static int __do_execve_file(int fd, stru
 	if (retval < 0)
 		goto out;
 
-	retval = copy_strings_kernel(1, &bprm->filename, bprm);
+	retval = copy_string_kernel(bprm->filename, bprm);
 	if (retval < 0)
 		goto out;
 
--- a/include/linux/binfmts.h~exec-simplify-the-copy_strings_kernel-calling-convention
+++ a/include/linux/binfmts.h
@@ -144,8 +144,7 @@ extern int setup_arg_pages(struct linux_
 extern int transfer_args_to_stack(struct linux_binprm *bprm,
 				  unsigned long *sp_location);
 extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm);
-extern int copy_strings_kernel(int argc, const char *const *argv,
-			       struct linux_binprm *bprm);
+int copy_string_kernel(const char *arg, struct linux_binprm *bprm);
 extern void install_exec_creds(struct linux_binprm *bprm);
 extern void set_binfmt(struct linux_binfmt *new);
 extern ssize_t read_code(struct file *, unsigned long, loff_t, size_t);
_

Patches currently in -mm which might be from hch@lst.de are

x86-hyperv-use-vmalloc_exec-for-the-hypercall-page.patch
x86-fix-vmap-arguments-in-map_irq_stack.patch
staging-android-ion-use-vmap-instead-of-vm_map_ram.patch
staging-media-ipu3-use-vmap-instead-of-reimplementing-it.patch
dma-mapping-use-vmap-insted-of-reimplementing-it.patch
powerpc-add-an-ioremap_phb-helper.patch
powerpc-remove-__ioremap_at-and-__iounmap_at.patch
mm-remove-__get_vm_area.patch
mm-unexport-unmap_kernel_range_noflush.patch
mm-rename-config_pgtable_mapping-to-config_zsmalloc_pgtable_mapping.patch
mm-only-allow-page-table-mappings-for-built-in-zsmalloc.patch
mm-pass-addr-as-unsigned-long-to-vb_free.patch
mm-remove-vmap_page_range_noflush-and-vunmap_page_range.patch
mm-rename-vmap_page_range-to-map_kernel_range.patch
mm-dont-return-the-number-of-pages-from-map_kernel_range_noflush.patch
mm-remove-map_vm_range.patch
mm-remove-unmap_vmap_area.patch
mm-remove-the-prot-argument-from-vm_map_ram.patch
mm-enforce-that-vmap-cant-map-pages-executable.patch
gpu-drm-remove-the-powerpc-hack-in-drm_legacy_sg_alloc.patch
mm-remove-the-pgprot-argument-to-__vmalloc.patch
mm-remove-the-prot-argument-to-__vmalloc_node.patch
mm-remove-both-instances-of-__vmalloc_node_flags.patch
mm-remove-__vmalloc_node_flags_caller.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node.patch
mm-remove-vmalloc_user_node_flags.patch
arm64-use-__vmalloc_node-in-arch_alloc_vmap_stack.patch
powerpc-use-__vmalloc_node-in-alloc_vm_stack.patch
s390-use-__vmalloc_node-in-stack_alloc.patch
powerpc-spufs-simplify-spufs-core-dumping.patch
binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch
binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch
exec-simplify-the-copy_strings_kernel-calling-convention.patch
exec-open-code-copy_string_kernel.patch
amdgpu-a-null-mm-does-not-mean-a-thread-is-a-kthread.patch
i915-gvt-remove-unused-xen-bits.patch
kernel-move-use_mm-unuse_mm-to-kthreadc.patch
kernel-move-use_mm-unuse_mm-to-kthreadc-v2.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract-v2.patch
kernel-set-user_ds-in-kthread_use_mm.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + exec-open-code-copy_string_kernel.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (47 preceding siblings ...)
  2020-04-24  2:06 ` + exec-simplify-the-copy_strings_kernel-calling-convention.patch " Andrew Morton
@ 2020-04-24  2:06 ` Andrew Morton
  2020-04-24  3:24 ` + add-kernel-config-option-for-twisting-kernel-behavior.patch " Andrew Morton
                   ` (18 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  2:06 UTC (permalink / raw)
  To: arnd, benh, ebiederm, hch, jk, mm-commits, mpe, paulus, viro


The patch titled
     Subject: exec: open code copy_string_kernel
has been added to the -mm tree.  Its filename is
     exec-open-code-copy_string_kernel.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/exec-open-code-copy_string_kernel.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/exec-open-code-copy_string_kernel.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Christoph Hellwig <hch@lst.de>
Subject: exec: open code copy_string_kernel

Currently copy_string_kernel is just a wrapper around copy_strings that
simplifies the calling conventions and uses set_fs to allow passing a
kernel pointer.  But due to the fact the we only need to handle a single
kernel argument pointer, the logic can be sigificantly simplified while
getting rid of the set_fs.

Link: http://lkml.kernel.org/r/20200421154204.252921-8-hch@lst.de
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: Jeremy Kerr <jk@ozlabs.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/exec.c |   45 +++++++++++++++++++++++++++++++++++----------
 1 file changed, 35 insertions(+), 10 deletions(-)

--- a/fs/exec.c~exec-open-code-copy_string_kernel
+++ a/fs/exec.c
@@ -592,17 +592,42 @@ out:
  */
 int copy_string_kernel(const char *arg, struct linux_binprm *bprm)
 {
-	int r;
-	mm_segment_t oldfs = get_fs();
-	struct user_arg_ptr argv = {
-		.ptr.native = (const char __user *const  __user *)&arg,
-	};
-
-	set_fs(KERNEL_DS);
-	r = copy_strings(1, argv, bprm);
-	set_fs(oldfs);
+	int len = strnlen(arg, MAX_ARG_STRLEN) + 1 /* terminating NUL */;
+	unsigned long pos = bprm->p;
 
-	return r;
+	if (len == 0)
+		return -EFAULT;
+	if (!valid_arg_len(bprm, len))
+		return -E2BIG;
+
+	/* We're going to work our way backwards. */
+	arg += len;
+	bprm->p -= len;
+	if (IS_ENABLED(CONFIG_MMU) && bprm->p < bprm->argmin)
+		return -E2BIG;
+
+	while (len > 0) {
+		unsigned int bytes_to_copy = min_t(unsigned int, len,
+				min_not_zero(offset_in_page(pos), PAGE_SIZE));
+		struct page *page;
+		char *kaddr;
+
+		pos -= bytes_to_copy;
+		arg -= bytes_to_copy;
+		len -= bytes_to_copy;
+
+		page = get_arg_page(bprm, pos, 1);
+		if (!page)
+			return -E2BIG;
+		kaddr = kmap_atomic(page);
+		flush_arg_page(bprm, pos & PAGE_MASK, page);
+		memcpy(kaddr + offset_in_page(pos), arg, bytes_to_copy);
+		flush_kernel_dcache_page(page);
+		kunmap_atomic(kaddr);
+		put_arg_page(page);
+	}
+
+	return 0;
 }
 EXPORT_SYMBOL(copy_string_kernel);
 
_

Patches currently in -mm which might be from hch@lst.de are

x86-hyperv-use-vmalloc_exec-for-the-hypercall-page.patch
x86-fix-vmap-arguments-in-map_irq_stack.patch
staging-android-ion-use-vmap-instead-of-vm_map_ram.patch
staging-media-ipu3-use-vmap-instead-of-reimplementing-it.patch
dma-mapping-use-vmap-insted-of-reimplementing-it.patch
powerpc-add-an-ioremap_phb-helper.patch
powerpc-remove-__ioremap_at-and-__iounmap_at.patch
mm-remove-__get_vm_area.patch
mm-unexport-unmap_kernel_range_noflush.patch
mm-rename-config_pgtable_mapping-to-config_zsmalloc_pgtable_mapping.patch
mm-only-allow-page-table-mappings-for-built-in-zsmalloc.patch
mm-pass-addr-as-unsigned-long-to-vb_free.patch
mm-remove-vmap_page_range_noflush-and-vunmap_page_range.patch
mm-rename-vmap_page_range-to-map_kernel_range.patch
mm-dont-return-the-number-of-pages-from-map_kernel_range_noflush.patch
mm-remove-map_vm_range.patch
mm-remove-unmap_vmap_area.patch
mm-remove-the-prot-argument-from-vm_map_ram.patch
mm-enforce-that-vmap-cant-map-pages-executable.patch
gpu-drm-remove-the-powerpc-hack-in-drm_legacy_sg_alloc.patch
mm-remove-the-pgprot-argument-to-__vmalloc.patch
mm-remove-the-prot-argument-to-__vmalloc_node.patch
mm-remove-both-instances-of-__vmalloc_node_flags.patch
mm-remove-__vmalloc_node_flags_caller.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node.patch
mm-remove-vmalloc_user_node_flags.patch
arm64-use-__vmalloc_node-in-arch_alloc_vmap_stack.patch
powerpc-use-__vmalloc_node-in-alloc_vm_stack.patch
s390-use-__vmalloc_node-in-stack_alloc.patch
powerpc-spufs-simplify-spufs-core-dumping.patch
binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch
binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch
exec-simplify-the-copy_strings_kernel-calling-convention.patch
exec-open-code-copy_string_kernel.patch
amdgpu-a-null-mm-does-not-mean-a-thread-is-a-kthread.patch
i915-gvt-remove-unused-xen-bits.patch
kernel-move-use_mm-unuse_mm-to-kthreadc.patch
kernel-move-use_mm-unuse_mm-to-kthreadc-v2.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract.patch
kernel-better-document-the-use_mm-unuse_mm-api-contract-v2.patch
kernel-set-user_ds-in-kthread_use_mm.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + add-kernel-config-option-for-twisting-kernel-behavior.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (48 preceding siblings ...)
  2020-04-24  2:06 ` + exec-open-code-copy_string_kernel.patch " Andrew Morton
@ 2020-04-24  3:24 ` Andrew Morton
  2020-04-24  3:24 ` + twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch " Andrew Morton
                   ` (17 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  3:24 UTC (permalink / raw)
  To: ak, arnd, dvyukov, gregkh, jslaby, mjg59, mm-commits,
	penguin-kernel, peterz, pmladek, rostedt, sergey.senozhatsky,
	tytso, viro


The patch titled
     Subject: add kernel config option for twisting kernel behavior.
has been added to the -mm tree.  Its filename is
     add-kernel-config-option-for-twisting-kernel-behavior.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/add-kernel-config-option-for-twisting-kernel-behavior.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/add-kernel-config-option-for-twisting-kernel-behavior.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: add kernel config option for twisting kernel behavior.

Existing kernel config options are defined based on "whether you want to
enable this module/feature or not". And such granularity is sometimes
too rough-grained for fuzzing tools which try to find bugs inside each
module/feature.

While syzkaller (one of fuzzing tools) is finding many bugs, sometimes
syzkaller examines stupid operations. Some examples of such operations
are: changing console loglevel which in turn makes it impossible to get
kernel messages when a crash happens, freezing filesystems which in turn
causes khungtaskd to needlessly complain, programmatically sending
Ctrl-Alt-Del which in turn causes the system to needlessly reboot.
Currently we prevent syzkaller from examining stupid operations by
blacklisting syscall arguments and/or disabling whole functionality
using existing kernel config options. But such approach is difficult to
maintain and needlessly prevents fuzzers from testing kernel code. [1]

We want fuzzers to test as much coverage as possible while we want
fuzzers not to try stupid operations. To achieve this goal, we want
cooperation from kernel side, and build-time branching (i.e. kernel
config options) will be the simplest and the most reliable.

Therefore, this patch introduces a kernel config option which allows
selecting fine-grained kernel config options for twisting kernel's
behavior. Each fine-grained kernel config option will be added by future
patches. For ease of management, grouping kernel config options for
allowing e.g. syzkaller to select all fine-grained kernel config options
which e.g. syzkaller wants would be added by future patches.

[1] https://lkml.kernel.org/r/CACT4Y+a6KExbggs4mg8pvoD554PcDqQNW4sM15X-tc=YONCzYw@mail.gmail.com

Link: http://lkml.kernel.org/r/20200421131951.4948-1-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Matthew Garrett <mjg59@google.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/Kconfig.debug |    2 ++
 lib/Kconfig.twist |   13 +++++++++++++
 2 files changed, 15 insertions(+)

--- a/lib/Kconfig.debug~add-kernel-config-option-for-twisting-kernel-behavior
+++ a/lib/Kconfig.debug
@@ -2277,4 +2277,6 @@ config HYPERV_TESTING
 
 endmenu # "Kernel Testing and Coverage"
 
+source "lib/Kconfig.twist"
+
 endmenu # Kernel hacking
--- /dev/null
+++ a/lib/Kconfig.twist
@@ -0,0 +1,13 @@
+menuconfig TWIST_KERNEL_BEHAVIOR
+	bool "Twist kernel behavior"
+	help
+	  Saying Y here allows modifying kernel behavior via kernel
+	  config options which will become visible by selecting this
+	  config option. Since these kernel config options are intended
+	  for helping e.g. fuzz testing, behavior twisted by this kernel
+	  option might be unstable. Userspace applications should not
+	  count on this option being selected.
+
+if TWIST_KERNEL_BEHAVIOR
+
+endif # TWIST_KERNEL_BEHAVIOR
_

Patches currently in -mm which might be from penguin-kernel@I-love.SAKURA.ne.jp are

info-task-hung-in-generic_file_write_iter.patch
info-task-hung-in-generic_file_write-fix.patch
add-kernel-config-option-for-twisting-kernel-behavior.patch
twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch
twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (49 preceding siblings ...)
  2020-04-24  3:24 ` + add-kernel-config-option-for-twisting-kernel-behavior.patch " Andrew Morton
@ 2020-04-24  3:24 ` Andrew Morton
  2020-04-24  3:24 ` + twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch " Andrew Morton
                   ` (16 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  3:24 UTC (permalink / raw)
  To: ak, arnd, dvyukov, gregkh, jslaby, mjg59, mm-commits,
	penguin-kernel, peterz, pmladek, rostedt, sergey.senozhatsky,
	tytso, viro


The patch titled
     Subject: twist: allow disabling k_spec() function in drivers/tty/vt/keyboard.c
has been added to the -mm tree.  Its filename is
     twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: twist: allow disabling k_spec() function in drivers/tty/vt/keyboard.c

syzbot is reporting unexpected kernel reboots [1].  This seems to be
caused by triggering Ctrl-Alt-Del event via k_spec() function in
drivers/tty/vt/keyboard.c file, for the console output includes normal
restart sequence.

  [   97.727327][    T1] systemd-shutdown[1]: Unmounting file systems.
  [   97.734278][    T1] systemd-shutdown[1]: Remounting '/' read-only with options ''.
  [   97.747758][   T21] usb 2-1: device descriptor read/8, error -71
  [   97.747850][ T3116] usb 1-1: device descriptor read/8, error -71
  [   97.764818][    T1] EXT4-fs (sda1): re-mounted. Opts:
  [   97.777551][    T1] systemd-shutdown[1]: Remounting '/' read-only with options ''.
  [   97.785448][    T1] EXT4-fs (sda1): re-mounted. Opts:
  [   97.790920][    T1] systemd-shutdown[1]: All filesystems unmounted.
  [   97.797352][    T1] systemd-shutdown[1]: Deactivating swaps.
  [   97.803451][    T1] systemd-shutdown[1]: All swaps deactivated.
  [   97.809626][    T1] systemd-shutdown[1]: Detaching loop devices.
  [   97.890294][    T1] systemd-shutdown[1]: All loop devices detached.
  [   98.967832][ T3116] usb 1-1: device descriptor read/8, error -71
  [  100.108406][    T1] sd 0:0:1:0: [sda] Synchronizing SCSI cache
  [  100.116036][    T1] reboot: Restarting system
  [  100.120636][    T1] reboot: machine restart
  SeaBIOS (version 1.8.2-20200402_173431-google)
  Total RAM Size = 0x00000001e0000000 = 7680 MiB
  CPUs found: 2     Max CPUs supported: 2
  Comparing RSDP and RSDP

Therefore, allow disabling only k_spec() function in order to allow
fuzzers to examine the remaining part in that file.

[1] https://syzkaller.appspot.com/bug?id=321861b1588b44d064b779b92293c5d55cfe8430

Link: http://lkml.kernel.org/r/20200421131951.4948-2-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Matthew Garrett <mjg59@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 drivers/tty/vt/keyboard.c |    2 ++
 lib/Kconfig.twist         |    7 +++++++
 2 files changed, 9 insertions(+)

--- a/drivers/tty/vt/keyboard.c~twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc
+++ a/drivers/tty/vt/keyboard.c
@@ -633,6 +633,8 @@ static void k_spec(struct vc_data *vc, u
 	     kbd->kbdmode == VC_OFF) &&
 	     value != KVAL(K_SAK))
 		return;		/* SAK is allowed even in raw mode */
+	if (IS_ENABLED(CONFIG_TWIST_DISABLE_KBD_K_SPEC_HANDLER))
+		return;
 	fn_handler[value](vc);
 }
 
--- a/lib/Kconfig.twist~twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc
+++ a/lib/Kconfig.twist
@@ -10,4 +10,11 @@ menuconfig TWIST_KERNEL_BEHAVIOR
 
 if TWIST_KERNEL_BEHAVIOR
 
+config TWIST_DISABLE_KBD_K_SPEC_HANDLER
+       bool "Disable k_spec() function in drivers/tty/vt/keyboard.c"
+       help
+	 k_spec() function allows triggering e.g. Ctrl-Alt-Del event.
+	 Such event is annoying for fuzz testing which wants to test
+	 kernel code without rebooting the system.
+
 endif # TWIST_KERNEL_BEHAVIOR
_

Patches currently in -mm which might be from penguin-kernel@I-love.SAKURA.ne.jp are

info-task-hung-in-generic_file_write_iter.patch
info-task-hung-in-generic_file_write-fix.patch
add-kernel-config-option-for-twisting-kernel-behavior.patch
twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch
twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (50 preceding siblings ...)
  2020-04-24  3:24 ` + twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch " Andrew Morton
@ 2020-04-24  3:24 ` Andrew Morton
  2020-04-24  3:32 ` + eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback.patch " Andrew Morton
                   ` (15 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  3:24 UTC (permalink / raw)
  To: ak, arnd, dvyukov, gregkh, jslaby, mjg59, mm-commits,
	penguin-kernel, peterz, pmladek, rostedt, sergey.senozhatsky,
	tytso, viro


The patch titled
     Subject: twist: add option for selecting twist options for syzkaller's testing
has been added to the -mm tree.  Its filename is
     twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: twist: add option for selecting twist options for syzkaller's testing

When a kernel developer adds a kernel config option, they will not go and
update configs on all external testing systems.  This problem is also
common for "enable all boot tests that can run on this kernel", or
"configure a 'standard' debug build".  Currently doing these things
require all of expertise, sacred knowledge, checking all configs
one-by-one as well as checking every new kernel patch and that needs to be
done by everybody doing any kernel testing.

In order to reduce the burden of maintaining kernel config options, this
patch introduces a kernel config option which will select twist options
when building kernels for syzkaller's testing.

Link: http://lkml.kernel.org/r/20200421131951.4948-3-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Matthew Garrett <mjg59@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: "Theodore Y . Ts'o" <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/Kconfig.twist |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/lib/Kconfig.twist~twist-add-option-for-selecting-twist-options-for-syzkallers-testing
+++ a/lib/Kconfig.twist
@@ -10,6 +10,12 @@ menuconfig TWIST_KERNEL_BEHAVIOR
 
 if TWIST_KERNEL_BEHAVIOR
 
+config TWIST_FOR_SYZKALLER_TESTING
+       bool "Select all twist options suitable for syzkaller testing"
+       select TWIST_DISABLE_KBD_K_SPEC_HANDLER
+       help
+	 Say N unless you are building kernels for syzkaller's testing.
+
 config TWIST_DISABLE_KBD_K_SPEC_HANDLER
        bool "Disable k_spec() function in drivers/tty/vt/keyboard.c"
        help
_

Patches currently in -mm which might be from penguin-kernel@I-love.SAKURA.ne.jp are

info-task-hung-in-generic_file_write_iter.patch
info-task-hung-in-generic_file_write-fix.patch
add-kernel-config-option-for-twisting-kernel-behavior.patch
twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch
twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (51 preceding siblings ...)
  2020-04-24  3:24 ` + twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch " Andrew Morton
@ 2020-04-24  3:32 ` Andrew Morton
  2020-04-24  3:49 ` [obsolete] linux-next-rejects.patch removed from " Andrew Morton
                   ` (14 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  3:32 UTC (permalink / raw)
  To: jbaron, khazhy, mm-commits, r, rpenyaev, stable, viro


The patch titled
     Subject: eventpoll: fix missing wakeup for ovflist in ep_poll_callback
has been added to the -mm tree.  Its filename is
     eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Khazhismel Kumykov <khazhy@google.com>
Subject: eventpoll: fix missing wakeup for ovflist in ep_poll_callback

In the event that we add to ovflist, before 339ddb53d373 we would be woken
up by ep_scan_ready_list, and did no wakeup in ep_poll_callback.  With
that wakeup removed, if we add to ovflist here, we may never wake up. 
Rather than adding back the ep_scan_ready_list wakeup - which was
resulting un uncessary wakeups, trigger a wake-up in ep_poll_callback.

We noticed that one of our workloads was missing wakeups starting with
339ddb53d373 and upon manual inspection, this wakeup seemed missing to me.
With this patch added, we no longer see missing wakeups.  I haven't yet
tried to make a small reproducer, but the existing kselftests in
filesystem/epoll passed for me with this patch.

Link: http://lkml.kernel.org/r/20200424025057.118641-1-khazhy@google.com
Fixes: 339ddb53d373 ("fs/epoll: remove unnecessary wakeups of nested epoll")
Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Roman Penyaev <rpenyaev@suse.de>
Cc: Heiher <r@hev.cc>
Cc: Jason Baron <jbaron@akamai.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/eventpoll.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/eventpoll.c~eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback
+++ a/fs/eventpoll.c
@@ -1240,7 +1240,7 @@ static int ep_poll_callback(wait_queue_e
 		if (epi->next == EP_UNACTIVE_PTR &&
 		    chain_epi_lockless(epi))
 			ep_pm_stay_awake_rcu(epi);
-		goto out_unlock;
+		goto out_wakeup_unlock;
 	}
 
 	/* If this file is already in the ready list we exit soon */
@@ -1249,6 +1249,7 @@ static int ep_poll_callback(wait_queue_e
 		ep_pm_stay_awake_rcu(epi);
 	}
 
+out_wakeup_unlock:
 	/*
 	 * Wake up ( if active ) both the eventpoll wait list and the ->poll()
 	 * wait list.
_

Patches currently in -mm which might be from khazhy@google.com are

eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [obsolete] linux-next-rejects.patch removed from -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (52 preceding siblings ...)
  2020-04-24  3:32 ` + eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback.patch " Andrew Morton
@ 2020-04-24  3:49 ` Andrew Morton
  2020-04-24  3:51 ` + mips-mm-add-page-soft-dirty-tracking.patch added to " Andrew Morton
                   ` (13 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  3:49 UTC (permalink / raw)
  To: akpm, mm-commits


The patch titled
     Subject: linux-next-rejects
has been removed from the -mm tree.  Its filename was
     linux-next-rejects.patch

This patch was dropped because it is obsolete

------------------------------------------------------
From: Andrew Morton <akpm@linux-foundation.org>
Subject: linux-next-rejects

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/printk.h |  101 +++++++++++++++++++++++++++++++++------
 1 file changed, 88 insertions(+), 13 deletions(-)

--- a/include/linux/printk.h~linux-next-rejects
+++ a/include/linux/printk.h
@@ -279,40 +279,115 @@ static inline void printk_safe_flush_on_
 
 extern int kptr_restrict;
 
+/**
+ * pr_fmt - used by the pr_*() macros to generate the printk format string
+ * @fmt: format string passed from a pr_*() macro
+ *
+ * This macro can be used to generate a unified format string for pr_*()
+ * macros. A common use is to prefix all pr_*() messages in a file with a common
+ * string. For example, defining this at the top of a source file:
+ *
+ *        #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+ *
+ * would prefix all pr_info, pr_emerg... messages in the file with the module
+ * name.
+ */
 #ifndef pr_fmt
 #define pr_fmt(fmt) fmt
 #endif
 
-/*
- * These can be used to print at the various log levels.
- * All of these will print unconditionally, although note that pr_debug()
- * and other debug macros are compiled out unless either DEBUG is defined,
- * CONFIG_DYNAMIC_DEBUG is set, or CONFIG_DYNAMIC_DEBUG_CORE is set when
- * DYNAMIC_DEBUG_MODULE being defined for any modules.
+/**
+ * pr_emerg - Print an emergency-level message
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_EMERG loglevel. It uses pr_fmt() to
+ * generate the format string.
+ */
+ #define pr_emerg(fmt, ...) \
+ 	printk(KERN_EMERG pr_fmt(fmt), ##__VA_ARGS__)
+/**
+ * pr_alert - Print an alert-level message
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_ALERT loglevel. It uses pr_fmt() to
+ * generate the format string.
  */
-#define pr_emerg(fmt, ...) \
-	printk(KERN_EMERG pr_fmt(fmt), ##__VA_ARGS__)
 #define pr_alert(fmt, ...) \
 	printk(KERN_ALERT pr_fmt(fmt), ##__VA_ARGS__)
+/**
+ * pr_crit - Print a critical-level message
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_CRIT loglevel. It uses pr_fmt() to
+ * generate the format string.
+ */
 #define pr_crit(fmt, ...) \
 	printk(KERN_CRIT pr_fmt(fmt), ##__VA_ARGS__)
+/**
+ * pr_err - Print an error-level message
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_ERR loglevel. It uses pr_fmt() to
+ * generate the format string.
+ */
 #define pr_err(fmt, ...) \
 	printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
+/**
+ * pr_warn - Print a warning-level message
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_WARNING loglevel. It uses pr_fmt()
+ * to generate the format string.
+ */
 #define pr_warn(fmt, ...) \
 	printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
+/**
+ * pr_notice - Print a notice-level message
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_NOTICE loglevel. It uses pr_fmt() to
+ * generate the format string.
+ */
 #define pr_notice(fmt, ...) \
 	printk(KERN_NOTICE pr_fmt(fmt), ##__VA_ARGS__)
+/**
+ * pr_info - Print an info-level message
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_INFO loglevel. It uses pr_fmt() to
+ * generate the format string.
+ */
 #define pr_info(fmt, ...) \
 	printk(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
-/*
- * Like KERN_CONT, pr_cont() should only be used when continuing
- * a line with no newline ('\n') enclosed. Otherwise it defaults
- * back to KERN_DEFAULT.
+/**
+ * pr_cont - Continues a previous log message in the same line.
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_CONT loglevel. It should only be
+ * used when continuing a log message with no newline ('\n') enclosed. Otherwise
+ * it defaults back to KERN_DEFAULT loglevel.
  */
 #define pr_cont(fmt, ...) \
 	printk(KERN_CONT fmt, ##__VA_ARGS__)
 
-/* pr_devel() should produce zero code unless DEBUG is defined */
+/**
+ * pr_devel - Print a debug-level message conditionally
+ * @fmt: format string
+ * @...: arguments for the format string
+ *
+ * This macro expands to a printk with KERN_DEBUG loglevel if DEBUG is
+ * defined. Otherwise it does nothing.
+ *
+ * It uses pr_fmt() to generate the format string.
+ */
 #ifdef DEBUG
 #define pr_devel(fmt, ...) \
 	printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
_

Patches currently in -mm which might be from akpm@linux-foundation.org are

mm-memcg-fix-error-return-value-of-mem_cgroup_css_alloc-fix.patch
squashfs-migrate-from-ll_rw_block-usage-to-bio-fix.patch
drivers-tty-serial-sh-scic-suppress-uninitialized-var-warning.patch
mm.patch
mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch
mm-remove-__vmalloc_node_flags_caller-fix.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix.patch
mm-remove-vmalloc_user_node_flags-fix.patch
mm-replace-zero-length-array-with-flexible-array-member-fix.patch
mm-hugetlb-fix-a-typo-in-comment-manitained-maintained-v2-checkpatch-fixes.patch
initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch
linux-next-fix.patch
kernel-forkc-export-kernel_thread-to-modules.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mips-mm-add-page-soft-dirty-tracking.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (53 preceding siblings ...)
  2020-04-24  3:49 ` [obsolete] linux-next-rejects.patch removed from " Andrew Morton
@ 2020-04-24  3:51 ` Andrew Morton
  2020-04-24 23:36 ` + mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch " Andrew Morton
                   ` (12 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24  3:51 UTC (permalink / raw)
  To: anshuman.khandual, dansilsby, dkorotin, geert, gorcunov,
	jiaxun.yang, koct9i, lixuefeng, mm-commits, paul, paulburton,
	ralf, rppt, steven.price, sunguoyun, tsbogend, xemul, yangtiezhu


The patch titled
     Subject: mips/mm: add page soft dirty tracking
has been added to the -mm tree.  Its filename is
     mips-mm-add-page-soft-dirty-tracking.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mips-mm-add-page-soft-dirty-tracking.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mips-mm-add-page-soft-dirty-tracking.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Guoyun Sun <sunguoyun@loongson.cn>
Subject: mips/mm: add page soft dirty tracking

User space checkpoint and restart tool (CRIU) needs the page's change to
be soft tracked.  This allows to do a pre checkpoint and then dump only
touched pages.

Link: http://lkml.kernel.org/r/1587460527-13986-1-git-send-email-sunguoyun@loongson.cn
Signed-off-by: Guoyun Sun <sunguoyun@loongson.cn>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Paul Burton <paulburton@kernel.org>
Cc: Daniel Silsby <dansilsby@gmail.com>
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: Paul Cercueil <paul@crapouillou.net>
Cc: Dmitry Korotin <dkorotin@wavecomp.com>
Cc: Steven Price <steven.price@arm.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Guoyun Sun <sunguoyun@loongson.cn>
Cc: TieZhu Yang <yangtiezhu@loongson.cn>
Cc: Xuefeng Li <lixuefeng@loongson.cn>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/mips/Kconfig                    |    1 
 arch/mips/include/asm/pgtable-bits.h |    8 +++-
 arch/mips/include/asm/pgtable.h      |   48 +++++++++++++++++++++++--
 3 files changed, 53 insertions(+), 4 deletions(-)

--- a/arch/mips/include/asm/pgtable-bits.h~mips-mm-add-page-soft-dirty-tracking
+++ a/arch/mips/include/asm/pgtable-bits.h
@@ -55,6 +55,7 @@ enum pgtable_bits {
 #if defined(CONFIG_ARCH_HAS_PTE_SPECIAL)
 	_PAGE_SPECIAL_SHIFT,
 #endif
+	_PAGE_SOFT_DIRTY_SHIFT,
 };
 
 /*
@@ -84,6 +85,7 @@ enum pgtable_bits {
 #if defined(CONFIG_ARCH_HAS_PTE_SPECIAL)
 	_PAGE_SPECIAL_SHIFT,
 #endif
+	_PAGE_SOFT_DIRTY_SHIFT,
 };
 
 #elif defined(CONFIG_CPU_R3K_TLB)
@@ -99,6 +101,7 @@ enum pgtable_bits {
 #if defined(CONFIG_ARCH_HAS_PTE_SPECIAL)
 	_PAGE_SPECIAL_SHIFT,
 #endif
+	_PAGE_SOFT_DIRTY_SHIFT,
 
 	/* Used by TLB hardware (placed in EntryLo) */
 	_PAGE_GLOBAL_SHIFT = 8,
@@ -125,7 +128,7 @@ enum pgtable_bits {
 #if defined(CONFIG_ARCH_HAS_PTE_SPECIAL)
 	_PAGE_SPECIAL_SHIFT,
 #endif
-
+	_PAGE_SOFT_DIRTY_SHIFT,
 	/* Used by TLB hardware (placed in EntryLo*) */
 #if defined(CONFIG_CPU_HAS_RIXI)
 	_PAGE_NO_EXEC_SHIFT,
@@ -152,6 +155,7 @@ enum pgtable_bits {
 #else
 # define _PAGE_SPECIAL		0
 #endif
+#define _PAGE_SOFT_DIRTY	(1 << _PAGE_SOFT_DIRTY_SHIFT)
 
 /* Used by TLB hardware (placed in EntryLo*) */
 #if defined(CONFIG_XPA)
@@ -269,6 +273,6 @@ static inline uint64_t pte_to_entrylo(un
 #define __WRITEABLE	(_PAGE_SILENT_WRITE | _PAGE_WRITE | _PAGE_MODIFIED)
 
 #define _PAGE_CHG_MASK	(_PAGE_ACCESSED | _PAGE_MODIFIED |	\
-			 _PFN_MASK | _CACHE_MASK)
+			 _PAGE_SOFT_DIRTY | _PFN_MASK | _CACHE_MASK)
 
 #endif /* _ASM_PGTABLE_BITS_H */
--- a/arch/mips/include/asm/pgtable.h~mips-mm-add-page-soft-dirty-tracking
+++ a/arch/mips/include/asm/pgtable.h
@@ -400,7 +400,7 @@ static inline pte_t pte_mkwrite(pte_t pt
 
 static inline pte_t pte_mkdirty(pte_t pte)
 {
-	pte_val(pte) |= _PAGE_MODIFIED;
+	pte_val(pte) |= _PAGE_MODIFIED | _PAGE_SOFT_DIRTY;
 	if (pte_val(pte) & _PAGE_WRITE)
 		pte_val(pte) |= _PAGE_SILENT_WRITE;
 	return pte;
@@ -423,6 +423,30 @@ static inline pte_t pte_mkhuge(pte_t pte
 	return pte;
 }
 #endif /* CONFIG_MIPS_HUGE_TLB_SUPPORT */
+
+#ifdef CONFIG_HAVE_ARCH_SOFT_DIRTY
+static inline bool pte_soft_dirty(pte_t pte)
+{
+	return pte_val(pte) & _PAGE_SOFT_DIRTY;
+}
+#define pte_swp_soft_dirty pte_soft_dirty
+
+static inline pte_t pte_mksoft_dirty(pte_t pte)
+{
+	pte_val(pte) |= _PAGE_SOFT_DIRTY;
+	return pte;
+}
+#define pte_swp_mksoft_dirty pte_mksoft_dirty
+
+static inline pte_t pte_clear_soft_dirty(pte_t pte)
+{
+	pte_val(pte) &= ~(_PAGE_SOFT_DIRTY);
+	return pte;
+}
+#define pte_swp_clear_soft_dirty pte_clear_soft_dirty
+
+#endif /* CONFIG_HAVE_ARCH_SOFT_DIRTY */
+
 #endif
 
 /*
@@ -576,7 +600,7 @@ static inline pmd_t pmd_mkclean(pmd_t pm
 
 static inline pmd_t pmd_mkdirty(pmd_t pmd)
 {
-	pmd_val(pmd) |= _PAGE_MODIFIED;
+	pmd_val(pmd) |= _PAGE_MODIFIED | _PAGE_SOFT_DIRTY;
 	if (pmd_val(pmd) & _PAGE_WRITE)
 		pmd_val(pmd) |= _PAGE_SILENT_WRITE;
 
@@ -605,6 +629,26 @@ static inline pmd_t pmd_mkyoung(pmd_t pm
 	return pmd;
 }
 
+#ifdef CONFIG_HAVE_ARCH_SOFT_DIRTY
+static inline int pmd_soft_dirty(pmd_t pmd)
+{
+	return !!(pmd_val(pmd) & _PAGE_SOFT_DIRTY);
+}
+
+static inline pmd_t pmd_mksoft_dirty(pmd_t pmd)
+{
+	pmd_val(pmd) |= _PAGE_SOFT_DIRTY;
+	return pmd;
+}
+
+static inline pmd_t pmd_clear_soft_dirty(pmd_t pmd)
+{
+	pmd_val(pmd) &= ~(_PAGE_SOFT_DIRTY);
+	return pmd;
+}
+
+#endif /* CONFIG_HAVE_ARCH_SOFT_DIRTY */
+
 /* Extern to avoid header file madness */
 extern pmd_t mk_pmd(struct page *page, pgprot_t prot);
 
--- a/arch/mips/Kconfig~mips-mm-add-page-soft-dirty-tracking
+++ a/arch/mips/Kconfig
@@ -495,6 +495,7 @@ config MACH_LOONGSON64
 	select COMMON_CLK
 	select USE_OF
 	select BUILTIN_DTB
+	select HAVE_ARCH_SOFT_DIRTY
 	help
 	  This enables the support of Loongson-2/3 family of machines.
 
_

Patches currently in -mm which might be from sunguoyun@loongson.cn are

mips-mm-add-page-soft-dirty-tracking.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (54 preceding siblings ...)
  2020-04-24  3:51 ` + mips-mm-add-page-soft-dirty-tracking.patch added to " Andrew Morton
@ 2020-04-24 23:36 ` Andrew Morton
  2020-04-26  0:09 ` + mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch " Andrew Morton
                   ` (11 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-24 23:36 UTC (permalink / raw)
  To: anshuman.khandual, bhe, david, mhocko, mhocko, mm-commits,
	osalvador, pankaj.gupta.linux, rppt


The patch titled
     Subject: mm/memory_hotplug: set node_start_pfn of hotadded pgdat to 0
has been added to the -mm tree.  Its filename is
     mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: David Hildenbrand <david@redhat.com>
Subject: mm/memory_hotplug: set node_start_pfn of hotadded pgdat to 0

Patch series "mm/memory_hotplug: handle memblocks only with
CONFIG_ARCH_KEEP_MEMBLOCK", v1.

A hotadded node/pgdat will span no pages at all, until memory is moved to
the zone/node via move_pfn_range_to_zone() -> resize_pgdat_range - e.g.,
when onlining memory blocks.  We don't have to initialize the
node_start_pfn to the memory we are adding.


This patch (of 2):

Especially, there is an inconsistency:
- Hotplugging memory to a memory-less node with cpus: node_start_pf ==  0
- Offlining and removing last memory from a node: node_start_pfn == 0
- Hotplugging memory to a memory-less node without cpus: node_start_pfn != 0

As soon as memory is onlined, node_start_pfn is overwritten with the
actual start.  E.g., when adding two DIMMs but only onlining one of both,
only that DIMM (with online memory blocks) is spanned by the node.

Currently, the validity of node_start_pfn really is linked to
node_spanned_pages != 0.  With node_spanned_pages == 0 (e.g., before
onlining memory), it has no meaning.

So let's stop setting node_start_pfn, just to be overwritten via
move_pfn_range_to_zone().  This avoids confusion when looking at the code,
wondering which magic will be performed with the node_start_pfn in this
function, when hotadding a pgdat.

Link: http://lkml.kernel.org/r/20200422155353.25381-1-david@redhat.com
Link: http://lkml.kernel.org/r/20200422155353.25381-2-david@redhat.com
Signed-off-by: David Hildenbrand <david@redhat.com>
Acked-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/memory_hotplug.c |   15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

--- a/mm/memory_hotplug.c~mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0
+++ a/mm/memory_hotplug.c
@@ -862,10 +862,9 @@ static void reset_node_present_pages(pg_
 }
 
 /* we are OK calling __meminit stuff here - we have CONFIG_MEMORY_HOTPLUG */
-static pg_data_t __ref *hotadd_new_pgdat(int nid, u64 start)
+static pg_data_t __ref *hotadd_new_pgdat(int nid)
 {
 	struct pglist_data *pgdat;
-	unsigned long start_pfn = PFN_DOWN(start);
 
 	pgdat = NODE_DATA(nid);
 	if (!pgdat) {
@@ -895,9 +894,8 @@ static pg_data_t __ref *hotadd_new_pgdat
 	}
 
 	/* we can use NODE_DATA(nid) from here */
-
 	pgdat->node_id = nid;
-	pgdat->node_start_pfn = start_pfn;
+	pgdat->node_start_pfn = 0;
 
 	/* init node's zones as empty zones, we don't have any present pages.*/
 	free_area_init_core_hotplug(nid);
@@ -932,7 +930,6 @@ static void rollback_node_hotadd(int nid
 /**
  * try_online_node - online a node if offlined
  * @nid: the node ID
- * @start: start addr of the node
  * @set_node_online: Whether we want to online the node
  * called by cpu_up() to online a node without onlined memory.
  *
@@ -941,7 +938,7 @@ static void rollback_node_hotadd(int nid
  * 0 -> the node is already online
  * -ENOMEM -> the node could not be allocated
  */
-static int __try_online_node(int nid, u64 start, bool set_node_online)
+static int __try_online_node(int nid, bool set_node_online)
 {
 	pg_data_t *pgdat;
 	int ret = 1;
@@ -949,7 +946,7 @@ static int __try_online_node(int nid, u6
 	if (node_online(nid))
 		return 0;
 
-	pgdat = hotadd_new_pgdat(nid, start);
+	pgdat = hotadd_new_pgdat(nid);
 	if (!pgdat) {
 		pr_err("Cannot online node %d due to NULL pgdat\n", nid);
 		ret = -ENOMEM;
@@ -973,7 +970,7 @@ int try_online_node(int nid)
 	int ret;
 
 	mem_hotplug_begin();
-	ret =  __try_online_node(nid, 0, true);
+	ret =  __try_online_node(nid, true);
 	mem_hotplug_done();
 	return ret;
 }
@@ -1032,7 +1029,7 @@ int __ref add_memory_resource(int nid, s
 	 */
 	memblock_add_node(start, size, nid);
 
-	ret = __try_online_node(nid, start, false);
+	ret = __try_online_node(nid, false);
 	if (ret < 0)
 		goto error;
 	new_node = ret;
_

Patches currently in -mm which might be from david@redhat.com are

mm-page_alloc-fix-watchdog-soft-lockups-during-set_zone_contiguous.patch
drivers-base-memoryc-cache-memory-blocks-in-xarray-to-accelerate-lookup-fix.patch
powerpc-pseries-hotplug-memory-stop-checking-is_mem_section_removable.patch
mm-memory_hotplug-remove-is_mem_section_removable.patch
mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch
mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (55 preceding siblings ...)
  2020-04-24 23:36 ` + mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch " Andrew Morton
@ 2020-04-26  0:09 ` Andrew Morton
  2020-04-26  0:17 ` + mm-hugetlb-avoid-unnecessary-check-on-pud-and-pmd-entry-in-huge_pte_offset.patch " Andrew Morton
                   ` (10 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  0:09 UTC (permalink / raw)
  To: akpm, hch, mm-commits, peterz


The patch titled
     Subject: mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix
has been added to the -mm tree.  Its filename is
     mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Andrew Morton <akpm@linux-foundation.org>
Subject: mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix

fix riscv nommu build

Cc: Christoph Hellwig <hch@lst.de>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/riscv/include/asm/pgtable.h |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/riscv/include/asm/pgtable.h~mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix
+++ a/arch/riscv/include/asm/pgtable.h
@@ -472,9 +472,9 @@ static inline int ptep_clear_flush_young
 
 #define PAGE_KERNEL		__pgprot(0)
 #define swapper_pg_dir		NULL
+#define TASK_SIZE		0xffffffffUL
 #define VMALLOC_START		0

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-hugetlb-avoid-unnecessary-check-on-pud-and-pmd-entry-in-huge_pte_offset.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (56 preceding siblings ...)
  2020-04-26  0:09 ` + mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch " Andrew Morton
@ 2020-04-26  0:17 ` Andrew Morton
  2020-04-26  0:29 ` + eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback-v2.patch " Andrew Morton
                   ` (9 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  0:17 UTC (permalink / raw)
  To: jgg, lixinhai.lxh, longpeng2, mike.kravetz, mm-commits, punit.agrawal


The patch titled
     Subject: mm/hugetlb: avoid unnecessary check on pud and pmd entry in huge_pte_offset
has been added to the -mm tree.  Its filename is
     mm-hugetlb-avoid-unnecessary-check-on-pud-and-pmd-entry-in-huge_pte_offset.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-hugetlb-avoid-unnecessary-check-on-pud-and-pmd-entry-in-huge_pte_offset.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-hugetlb-avoid-unnecessary-check-on-pud-and-pmd-entry-in-huge_pte_offset.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Li Xinhai <lixinhai.lxh@gmail.com>
Subject: mm/hugetlb: avoid unnecessary check on pud and pmd entry in huge_pte_offset

When huge_pte_offset() is called, the parameter sz can only be PUD_SIZE or
PMD_SIZE.  If sz is PUD_SIZE and code can reach pud, then *pud must be
none, or normal hugetlb entry, or non-present (migration or hwpoisoned)
hugetlb entry, and we can directly return pud.  When sz is PMD_SIZE, pud
must be none or present, and if code can reach pmd, we can directly return
pmd.

So after this patch the code is simplified by first check on the parameter
sz, and avoid unnecessary checks in current code.  Same semantics of
existing code is maintained.

More details about relevant commits:
commit 9b19df292c66 ("mm/hugetlb.c: make huge_pte_offset() consistent
and document behaviour") changed the code path for pud and pmd handling,
see comments about why this patch intends to change it.
...
	pud = pud_offset(p4d, addr);
	if (sz != PUD_SIZE && pud_none(*pud)) // [1]
		return NULL;
	/* hugepage or swap? */
	if (pud_huge(*pud) || !pud_present(*pud)) // [2]
		return (pte_t *)pud;

	pmd = pmd_offset(pud, addr);
	if (sz != PMD_SIZE && pmd_none(*pmd)) // [3]
		return NULL;
	/* hugepage or swap? */
	if (pmd_huge(*pmd) || !pmd_present(*pmd)) // [4]
		return (pte_t *)pmd;

	return NULL; // [5]
...
[1]: this is necessary, return NULL for sz == PMD_SIZE;
[2]: if sz == PUD_SIZE, all valid values of pud entry will cause return;
[3]: dead code, sz != PMD_SIZE never true;
[4]: all valid values of pmd entry will cause return;
[5]: dead code, because of check in [4].

Now, this patch combines [1] and [2] for pud, and combines [3], [4] and
[5] for pmd, so avoid unnecessary checks.

I don't try to catch any invalid values in page table entry, as that will
be checked by caller and avoid extra branch in this function.  Also no
assert on sz must equal PUD_SIZE or PMD_SIZE, since this function only
call for hugetlb mapping.

For commit 3c1d7e6ccb64 ("mm/hugetlb: fix a addressing exception caused by
huge_pte_offset"), since we don't read the entry more than once now,
variable pud_entry and pmd_entry are not needed.

Link: http://lkml.kernel.org/r/1587794313-16849-1-git-send-email-lixinhai.lxh@gmail.com
Signed-off-by: Li Xinhai <lixinhai.lxh@gmail.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Jason Gunthorpe <jgg@mellanox.com>
Cc: Punit Agrawal <punit.agrawal@arm.com>
Cc: Longpeng <longpeng2@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/hugetlb.c |   28 +++++++++++-----------------
 1 file changed, 11 insertions(+), 17 deletions(-)

--- a/mm/hugetlb.c~mm-hugetlb-avoid-unnecessary-check-on-pud-and-pmd-entry-in-huge_pte_offset
+++ a/mm/hugetlb.c
@@ -5481,8 +5481,8 @@ pte_t *huge_pte_alloc(struct mm_struct *
  * huge_pte_offset() - Walk the page table to resolve the hugepage
  * entry at address @addr
  *
- * Return: Pointer to page table or swap entry (PUD or PMD) for
- * address @addr, or NULL if a p*d_none() entry is encountered and the
+ * Return: Pointer to page table entry (PUD or PMD) for
+ * address @addr, or NULL if a !p*d_present() entry is encountered and the
  * size @sz doesn't match the hugepage size at this level of the page
  * table.
  */
@@ -5491,8 +5491,8 @@ pte_t *huge_pte_offset(struct mm_struct
 {
 	pgd_t *pgd;
 	p4d_t *p4d;
-	pud_t *pud, pud_entry;
-	pmd_t *pmd, pmd_entry;
+	pud_t *pud;
+	pmd_t *pmd;
 
 	pgd = pgd_offset(mm, addr);
 	if (!pgd_present(*pgd))
@@ -5502,22 +5502,16 @@ pte_t *huge_pte_offset(struct mm_struct
 		return NULL;
 
 	pud = pud_offset(p4d, addr);
-	pud_entry = READ_ONCE(*pud);
-	if (sz != PUD_SIZE && pud_none(pud_entry))
-		return NULL;
-	/* hugepage or swap? */
-	if (pud_huge(pud_entry) || !pud_present(pud_entry))
+	if (sz == PUD_SIZE)
+		/* must be pud huge, non-present or none */
 		return (pte_t *)pud;

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback-v2.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (57 preceding siblings ...)
  2020-04-26  0:17 ` + mm-hugetlb-avoid-unnecessary-check-on-pud-and-pmd-entry-in-huge_pte_offset.patch " Andrew Morton
@ 2020-04-26  0:29 ` Andrew Morton
  2020-04-26  0:41 ` [withdrawn] kasan-initialise-array-in-kasan_memcmp-test.patch removed from " Andrew Morton
                   ` (8 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  0:29 UTC (permalink / raw)
  To: jbaron, khazhy, mm-commits, r, rpenyaev, viro


The patch titled
     Subject: eventpoll: fix missing wakeup for ovflist in ep_poll_callback
has been added to the -mm tree.  Its filename is
     eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback-v2.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback-v2.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback-v2.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Khazhismel Kumykov <khazhy@google.com>
Subject: eventpoll: fix missing wakeup for ovflist in ep_poll_callback

use if/elif instead of goto + cleanup suggested by Roman

Link: http://lkml.kernel.org/r/20200424190039.192373-1-khazhy@google.com
Fixes: 339ddb53d373 ("fs/epoll: remove unnecessary wakeups of nested epoll")
Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
Reviewed-by: Roman Penyaev <rpenyaev@suse.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Heiher <r@hev.cc>
Cc: Jason Baron <jbaron@akamai.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/eventpoll.c |   19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

--- a/fs/eventpoll.c~eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback-v2
+++ a/fs/eventpoll.c
@@ -1171,6 +1171,10 @@ static inline bool chain_epi_lockless(st
 {
 	struct eventpoll *ep = epi->ep;
 
+	/* Fast preliminary check */
+	if (epi->next != EP_UNACTIVE_PTR)
+		return false;
+
 	/* Check that the same epi has not been just chained from another CPU */
 	if (cmpxchg(&epi->next, EP_UNACTIVE_PTR, NULL) != EP_UNACTIVE_PTR)
 		return false;
@@ -1237,19 +1241,14 @@ static int ep_poll_callback(wait_queue_e
 	 * chained in ep->ovflist and requeued later on.
 	 */
 	if (READ_ONCE(ep->ovflist) != EP_UNACTIVE_PTR) {
-		if (epi->next == EP_UNACTIVE_PTR &&
-		    chain_epi_lockless(epi))
+		if (chain_epi_lockless(epi))
+			ep_pm_stay_awake_rcu(epi);
+	} else if (!ep_is_linked(epi)) {
+		/* In the usual case, add event to ready list. */
+		if (list_add_tail_lockless(&epi->rdllink, &ep->rdllist))
 			ep_pm_stay_awake_rcu(epi);
-		goto out_wakeup_unlock;
-	}

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [withdrawn] kasan-initialise-array-in-kasan_memcmp-test.patch removed from -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (58 preceding siblings ...)
  2020-04-26  0:29 ` + eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback-v2.patch " Andrew Morton
@ 2020-04-26  0:41 ` Andrew Morton
  2020-04-26  0:41 ` + kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch added to " Andrew Morton
                   ` (7 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  0:41 UTC (permalink / raw)
  To: aryabinin, danielmicay, dja, dvyukov, glider, mm-commits


The patch titled
     Subject: kasan: initialise array in kasan_memcmp test
has been removed from the -mm tree.  Its filename was
     kasan-initialise-array-in-kasan_memcmp-test.patch

This patch was dropped because it was withdrawn

------------------------------------------------------
From: Daniel Axtens <dja@axtens.net>
Subject: kasan: initialise array in kasan_memcmp test

memcmp may bail out before accessing all the memory if the buffers contain
differing bytes.  kasan_memcmp calls memcmp with a stack array.  Stack
variables are not necessarily initialised (in the absence of a compiler
plugin, at least).  Sometimes this causes the memcpy to bail early thus
fail to trigger kasan.

Make sure the array initialised to zero in the code.

No other test is dependent on the contents of an array on the stack.

Link: http://lkml.kernel.org/r/20200423154503.5103-4-dja@axtens.net
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/test_kasan.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/lib/test_kasan.c~kasan-initialise-array-in-kasan_memcmp-test
+++ a/lib/test_kasan.c
@@ -638,7 +638,7 @@ static noinline void __init kasan_memcmp
 {
 	char *ptr;
 	size_t size = 24;
-	int arr[9];
+	int arr[9] = {};
 
 	pr_info("out-of-bounds in memcmp\n");
 	ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
_

Patches currently in -mm which might be from dja@axtens.net are

kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch
kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch
stringh-fix-incompatibility-between-fortify_source-and-kasan.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (59 preceding siblings ...)
  2020-04-26  0:41 ` [withdrawn] kasan-initialise-array-in-kasan_memcmp-test.patch removed from " Andrew Morton
@ 2020-04-26  0:41 ` Andrew Morton
  2020-04-26  0:48 ` + checkpatch-test-git_dir-changes.patch " Andrew Morton
                   ` (6 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  0:41 UTC (permalink / raw)
  To: aryabinin, danielmicay, davidgow, dja, dvyukov, glider, mm-commits


The patch titled
     Subject: kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4
has been added to the -mm tree.  Its filename is
     kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Daniel Axtens <dja@axtens.net>
Subject: kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4

drop patch 3

Link: http://lkml.kernel.org/r/20200424145521.8203-2-dja@axtens.net
Fixes: 0c96350a2d2f ("lib/test_kasan.c: add tests for several string/memory API functions")
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: David Gow <davidgow@google.com>
Cc: Daniel Micay <danielmicay@gmail.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/test_kasan.c |    1 +
 1 file changed, 1 insertion(+)

--- a/lib/test_kasan.c~kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4
+++ a/lib/test_kasan.c
@@ -645,6 +645,7 @@ static noinline void __init kasan_memcmp
 	if (!ptr)
 		return;
 
+	memset(arr, 0, sizeof(arr));
 	kasan_int_result = memcmp(ptr, arr, size + 1);
 	kfree(ptr);
 }
_

Patches currently in -mm which might be from dja@axtens.net are

kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch
kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch
stringh-fix-incompatibility-between-fortify_source-and-kasan.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + checkpatch-test-git_dir-changes.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (60 preceding siblings ...)
  2020-04-26  0:41 ` + kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch added to " Andrew Morton
@ 2020-04-26  0:48 ` Andrew Morton
  2020-04-26  1:06 ` + mm-add-debug_wx-support.patch " Andrew Morton
                   ` (5 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  0:48 UTC (permalink / raw)
  To: joe, mm-commits


The patch titled
     Subject: checkpatch: test $GIT_DIR changes
has been added to the -mm tree.  Its filename is
     checkpatch-test-git_dir-changes.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/checkpatch-test-git_dir-changes.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/checkpatch-test-git_dir-changes.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Joe Perches <joe@perches.com>
Subject: checkpatch: test $GIT_DIR changes

Link: http://lkml.kernel.org/r/318ca0e0c755cc31c288d7f8769817da4dc60bda.camel@perches.com

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 scripts/checkpatch.pl |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

--- a/scripts/checkpatch.pl~checkpatch-test-git_dir-changes
+++ a/scripts/checkpatch.pl
@@ -43,6 +43,8 @@ my $list_types = 0;
 my $fix = 0;
 my $fix_inplace = 0;
 my $root;
+my $gitroot = $ENV{'GIT_DIR'};
+$gitroot = ".git" if !defined($gitroot);
 my %debug;
 my %camelcase = ();
 my %use_type = ();
@@ -897,7 +899,7 @@ sub is_maintained_obsolete {
 sub is_SPDX_License_valid {
 	my ($license) = @_;
 
-	return 1 if (!$tree || which("python") eq "" || !(-e "$root/scripts/spdxcheck.py") || !(-e "$root/.git"));
+	return 1 if (!$tree || which("python") eq "" || !(-e "$root/scripts/spdxcheck.py") || !(-e "$gitroot"));
 
 	my $root_path = abs_path($root);
 	my $status = `cd "$root_path"; echo "$license" | python scripts/spdxcheck.py -`;
@@ -915,7 +917,7 @@ sub seed_camelcase_includes {
 
 	$camelcase_seeded = 1;
 
-	if (-e ".git") {
+	if (-e "$gitroot") {
 		my $git_last_include_commit = `${git_command} log --no-merges --pretty=format:"%h%n" -1 -- include`;
 		chomp $git_last_include_commit;
 		$camelcase_cache = ".checkpatch-camelcase.git.$git_last_include_commit";
@@ -943,7 +945,7 @@ sub seed_camelcase_includes {
 		return;
 	}
 
-	if (-e ".git") {
+	if (-e "$gitroot") {
 		$files = `${git_command} ls-files "include/*.h"`;
 		@include_files = split('\n', $files);
 	}
@@ -966,7 +968,7 @@ sub seed_camelcase_includes {
 sub git_commit_info {
 	my ($commit, $id, $desc) = @_;
 
-	return ($id, $desc) if ((which("git") eq "") || !(-e ".git"));
+	return ($id, $desc) if ((which("git") eq "") || !(-e "$gitroot"));
 
 	my $output = `${git_command} log --no-color --format='%H %s' -1 $commit 2>&1`;
 	$output =~ s/^\s*//gm;
@@ -1005,7 +1007,7 @@ my $fixlinenr = -1;
 
 # If input is git commits, extract all commits from the commit expressions.
 # For example, HEAD-3 means we need check 'HEAD, HEAD~1, HEAD~2'.
-die "$P: No git repository found\n" if ($git && !-e ".git");
+die "$P: No git repository found\n" if ($git && !-e "$gitroot");
 
 if ($git) {
 	my @commits = ();
_

Patches currently in -mm which might be from joe@perches.com are

checkpatch-test-git_dir-changes.patch
checkpatch-additional-maintainer-section-entry-ordering-checks.patch
checkpatch-look-for-c99-comments-in-ctx_locate_comment.patch
fs-seq_filec-seq_read-update-pr_info_ratelimited.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + mm-add-debug_wx-support.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (61 preceding siblings ...)
  2020-04-26  0:48 ` + checkpatch-test-git_dir-changes.patch " Andrew Morton
@ 2020-04-26  1:06 ` Andrew Morton
  2020-04-26  1:06 ` + riscv-support-debug_wx.patch " Andrew Morton
                   ` (4 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  1:06 UTC (permalink / raw)
  To: bp, catalin.marinas, hpa, mingo, mm-commits, palmer,
	paul.walmsley, tglx, will, zong.li


The patch titled
     Subject: mm: add DEBUG_WX support
has been added to the -mm tree.  Its filename is
     mm-add-debug_wx-support.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-add-debug_wx-support.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-add-debug_wx-support.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Zong Li <zong.li@sifive.com>
Subject: mm: add DEBUG_WX support

Patch series "Extract DEBUG_WX to shared use".

Some architectures support DEBUG_WX function, it's verbatim from each
others, so extract to mm/Kconfig.debug for shared use.

PPC and ARM ports don't support generic page dumper yet, so we only
refine x86 and arm64 port in this patch series.

For RISC-V port, the DEBUG_WX support depends on other patches which
be merged already:
  - RISC-V page table dumper
  - Support strict kernel memory permissions for security


This patch (of 4):

Some architectures support DEBUG_WX function, it's verbatim from each
others.  Extract to mm/Kconfig.debug for shared use.

Link: http://lkml.kernel.org/r/cover.1587455584.git.zong.li@sifive.com
Link: http://lkml.kernel.org/r/23980cd0f0e5d79e24a92169116407c75bcc650d.1587455584.git.zong.li@sifive.com
Signed-off-by: Zong Li <zong.li@sifive.com>
Suggested-by: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/Kconfig.debug |   33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

--- a/mm/Kconfig.debug~mm-add-debug_wx-support
+++ a/mm/Kconfig.debug
@@ -118,6 +118,39 @@ config DEBUG_RODATA_TEST
     ---help---
       This option enables a testcase for the setting rodata read-only.
 
+config ARCH_HAS_DEBUG_WX
+	bool
+
+config DEBUG_WX
+	bool "Warn on W+X mappings at boot"
+	depends on ARCH_HAS_DEBUG_WX
+	select PTDUMP_CORE
+	help
+	  Generate a warning if any W+X mappings are found at boot.
+
+	  This is useful for discovering cases where the kernel is leaving
+	  W+X mappings after applying NX, as such mappings are a security risk.
+	  This check also includes UXN, which should be set on all kernel
+	  mappings.
+
+	  Look for a message in dmesg output like this:
+
+	    <arch>/mm: Checked W+X mappings: passed, no W+X pages found.
+
+	  or like this, if the check failed:
+
+	    <arch>/mm: Checked W+X mappings: failed, <N> W+X pages found.
+
+	  Note that even if the check fails, your kernel is possibly
+	  still fine, as W+X mappings are not a security hole in
+	  themselves, what they do is that they make the exploitation
+	  of other unfixed kernel bugs easier.
+
+	  There is no runtime or memory usage effect of this option
+	  once the kernel has booted up - it's a one time check.
+
+	  If in doubt, say "Y".
+
 config GENERIC_PTDUMP
 	bool
 
_

Patches currently in -mm which might be from zong.li@sifive.com are

mm-add-debug_wx-support.patch
riscv-support-debug_wx.patch
x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch
arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + riscv-support-debug_wx.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (62 preceding siblings ...)
  2020-04-26  1:06 ` + mm-add-debug_wx-support.patch " Andrew Morton
@ 2020-04-26  1:06 ` Andrew Morton
  2020-04-26  1:06 ` + riscv-support-debug_wx-fix.patch " Andrew Morton
                   ` (3 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  1:06 UTC (permalink / raw)
  To: bp, catalin.marinas, hpa, mingo, mm-commits, palmer,
	paul.walmsley, tglx, will, zong.li


The patch titled
     Subject: riscv: support DEBUG_WX
has been added to the -mm tree.  Its filename is
     riscv-support-debug_wx.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/riscv-support-debug_wx.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/riscv-support-debug_wx.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Zong Li <zong.li@sifive.com>
Subject: riscv: support DEBUG_WX

Support DEBUG_WX to check whether there are mapping with write and execute
permission at the same time.

Link: http://lkml.kernel.org/r/282e266311bced080bc6f7c255b92f87c1eb65d6.1587455584.git.zong.li@sifive.com
Signed-off-by: Zong Li <zong.li@sifive.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/riscv/Kconfig              |    1 +
 arch/riscv/include/asm/ptdump.h |    6 ++++++
 arch/riscv/mm/init.c            |    3 +++
 3 files changed, 10 insertions(+)

--- a/arch/riscv/include/asm/ptdump.h~riscv-support-debug_wx
+++ a/arch/riscv/include/asm/ptdump.h
@@ -8,4 +8,10 @@
 
 void ptdump_check_wx(void);
 
+#ifdef CONFIG_DEBUG_WX
+#define debug_checkwx() ptdump_check_wx()
+#else
+#define debug_checkwx() do { } while (0)
+#endif
+
 #endif /* _ASM_RISCV_PTDUMP_H */
--- a/arch/riscv/Kconfig~riscv-support-debug_wx
+++ a/arch/riscv/Kconfig
@@ -67,6 +67,7 @@ config RISCV
 	select ARCH_HAS_GCOV_PROFILE_ALL
 	select HAVE_COPY_THREAD_TLS
 	select HAVE_ARCH_KASAN if MMU && 64BIT
+	select ARCH_HAS_DEBUG_WX
 
 config ARCH_MMAP_RND_BITS_MIN
 	default 18 if 64BIT
--- a/arch/riscv/mm/init.c~riscv-support-debug_wx
+++ a/arch/riscv/mm/init.c
@@ -19,6 +19,7 @@
 #include <asm/sections.h>
 #include <asm/pgtable.h>
 #include <asm/io.h>
+#include <asm/ptdump.h>
 
 #include "../kernel/head.h"
 
@@ -529,6 +530,8 @@ void mark_rodata_ro(void)
 	set_memory_ro(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
 	set_memory_nx(rodata_start, (data_start - rodata_start) >> PAGE_SHIFT);
 	set_memory_nx(data_start, (max_low - data_start) >> PAGE_SHIFT);
+
+	debug_checkwx();
 }
 #endif
 
_

Patches currently in -mm which might be from zong.li@sifive.com are

mm-add-debug_wx-support.patch
riscv-support-debug_wx.patch
x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch
arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + riscv-support-debug_wx-fix.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (63 preceding siblings ...)
  2020-04-26  1:06 ` + riscv-support-debug_wx.patch " Andrew Morton
@ 2020-04-26  1:06 ` Andrew Morton
  2020-04-26  1:06 ` + x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch " Andrew Morton
                   ` (2 subsequent siblings)
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  1:06 UTC (permalink / raw)
  To: akpm, bp, catalin.marinas, hpa, mingo, mm-commits, palmer,
	paul.walmsley, tglx, will, zong.li


The patch titled
     Subject: riscv-support-debug_wx-fix
has been added to the -mm tree.  Its filename is
     riscv-support-debug_wx-fix.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/riscv-support-debug_wx-fix.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/riscv-support-debug_wx-fix.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Andrew Morton <akpm@linux-foundation.org>
Subject: riscv-support-debug_wx-fix

replace macros with C

Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Cc: Zong Li <zong.li@sifive.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/riscv/include/asm/ptdump.h |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

--- a/arch/riscv/include/asm/ptdump.h~riscv-support-debug_wx-fix
+++ a/arch/riscv/include/asm/ptdump.h
@@ -9,9 +9,14 @@
 void ptdump_check_wx(void);
 
 #ifdef CONFIG_DEBUG_WX
-#define debug_checkwx() ptdump_check_wx()
+static inline void debug_checkwx(void)
+{
+	ptdump_check_wx();
+}
 #else
-#define debug_checkwx() do { } while (0)
+static inline void debug_checkwx(void)
+{
+}
 #endif
 
 #endif /* _ASM_RISCV_PTDUMP_H */
_

Patches currently in -mm which might be from akpm@linux-foundation.org are

mm-memcg-fix-error-return-value-of-mem_cgroup_css_alloc-fix.patch
squashfs-migrate-from-ll_rw_block-usage-to-bio-fix.patch
drivers-tty-serial-sh-scic-suppress-uninitialized-var-warning.patch
mm.patch
mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch
mm-remove-__vmalloc_node_flags_caller-fix.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch
mm-remove-vmalloc_user_node_flags-fix.patch
riscv-support-debug_wx-fix.patch
mm-replace-zero-length-array-with-flexible-array-member-fix.patch
mm-hugetlb-fix-a-typo-in-comment-manitained-maintained-v2-checkpatch-fixes.patch
initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch
linux-next-fix.patch
linux-next-git-rejects.patch
mm-pass-task-and-mm-to-do_madvise-fix-fix.patch
kernel-forkc-export-kernel_thread-to-modules.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (64 preceding siblings ...)
  2020-04-26  1:06 ` + riscv-support-debug_wx-fix.patch " Andrew Morton
@ 2020-04-26  1:06 ` Andrew Morton
  2020-04-26  1:06 ` + arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch " Andrew Morton
  2020-04-26  1:09 ` [folded-merged] initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch removed from " Andrew Morton
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  1:06 UTC (permalink / raw)
  To: bp, catalin.marinas, hpa, mingo, mm-commits, palmer,
	paul.walmsley, tglx, will, zong.li


The patch titled
     Subject: x86: mm: use ARCH_HAS_DEBUG_WX instead of arch defined
has been added to the -mm tree.  Its filename is
     x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Zong Li <zong.li@sifive.com>
Subject: x86: mm: use ARCH_HAS_DEBUG_WX instead of arch defined

Extract DEBUG_WX to mm/Kconfig.debug for shared use.  Change to use
ARCH_HAS_DEBUG_WX instead of DEBUG_WX defined by arch port.

Link: http://lkml.kernel.org/r/430736828d149df3f5b462d291e845ec690e0141.1587455584.git.zong.li@sifive.com
Signed-off-by: Zong Li <zong.li@sifive.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/x86/Kconfig       |    1 +
 arch/x86/Kconfig.debug |   27 ---------------------------
 2 files changed, 1 insertion(+), 27 deletions(-)

--- a/arch/x86/Kconfig~x86-mm-use-arch_has_debug_wx-instead-of-arch-defined
+++ a/arch/x86/Kconfig
@@ -80,6 +80,7 @@ config X86
 	select ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
 	select ARCH_HAS_SYSCALL_WRAPPER
 	select ARCH_HAS_UBSAN_SANITIZE_ALL
+	select ARCH_HAS_DEBUG_WX
 	select ARCH_HAVE_NMI_SAFE_CMPXCHG
 	select ARCH_MIGHT_HAVE_ACPI_PDC		if ACPI
 	select ARCH_MIGHT_HAVE_PC_PARPORT
--- a/arch/x86/Kconfig.debug~x86-mm-use-arch_has_debug_wx-instead-of-arch-defined
+++ a/arch/x86/Kconfig.debug
@@ -72,33 +72,6 @@ config EFI_PGT_DUMP
 	  issues with the mapping of the EFI runtime regions into that
 	  table.
 
-config DEBUG_WX
-	bool "Warn on W+X mappings at boot"
-	select PTDUMP_CORE
-	---help---
-	  Generate a warning if any W+X mappings are found at boot.
-
-	  This is useful for discovering cases where the kernel is leaving
-	  W+X mappings after applying NX, as such mappings are a security risk.
-
-	  Look for a message in dmesg output like this:
-
-	    x86/mm: Checked W+X mappings: passed, no W+X pages found.
-
-	  or like this, if the check failed:
-
-	    x86/mm: Checked W+X mappings: FAILED, <N> W+X pages found.
-
-	  Note that even if the check fails, your kernel is possibly
-	  still fine, as W+X mappings are not a security hole in
-	  themselves, what they do is that they make the exploitation
-	  of other unfixed kernel bugs easier.
-
-	  There is no runtime or memory usage effect of this option
-	  once the kernel has booted up - it's a one time check.
-
-	  If in doubt, say "Y".

^ permalink raw reply	[flat|nested] 71+ messages in thread

* + arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch added to -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (65 preceding siblings ...)
  2020-04-26  1:06 ` + x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch " Andrew Morton
@ 2020-04-26  1:06 ` Andrew Morton
  2020-04-26  1:09 ` [folded-merged] initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch removed from " Andrew Morton
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  1:06 UTC (permalink / raw)
  To: bp, catalin.marinas, hpa, mingo, mm-commits, palmer,
	paul.walmsley, tglx, will, zong.li


The patch titled
     Subject: arm64: mm: use ARCH_HAS_DEBUG_WX instead of arch defined
has been added to the -mm tree.  Its filename is
     arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Zong Li <zong.li@sifive.com>
Subject: arm64: mm: use ARCH_HAS_DEBUG_WX instead of arch defined

Extract DEBUG_WX to mm/Kconfig.debug for shared use.  Change to use
ARCH_HAS_DEBUG_WX instead of DEBUG_WX defined by arch port.

Link: http://lkml.kernel.org/r/e19709e7576f65e303245fe520cad5f7bae72763.1587455584.git.zong.li@sifive.com
Signed-off-by: Zong Li <zong.li@sifive.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 arch/arm64/Kconfig       |    1 +
 arch/arm64/Kconfig.debug |   29 -----------------------------
 2 files changed, 1 insertion(+), 29 deletions(-)

--- a/arch/arm64/Kconfig~arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined
+++ a/arch/arm64/Kconfig
@@ -9,6 +9,7 @@ config ARM64
 	select ACPI_MCFG if (ACPI && PCI)
 	select ACPI_SPCR_TABLE if ACPI
 	select ACPI_PPTT if ACPI
+	select ARCH_HAS_DEBUG_WX
 	select ARCH_HAS_DEBUG_VIRTUAL
 	select ARCH_HAS_DEVMEM_IS_ALLOWED
 	select ARCH_HAS_DMA_PREP_COHERENT
--- a/arch/arm64/Kconfig.debug~arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined
+++ a/arch/arm64/Kconfig.debug
@@ -23,35 +23,6 @@ config ARM64_RANDOMIZE_TEXT_OFFSET
 	  of TEXT_OFFSET and platforms must not require a specific
 	  value.
 
-config DEBUG_WX
-	bool "Warn on W+X mappings at boot"
-	select PTDUMP_CORE
-	---help---
-	  Generate a warning if any W+X mappings are found at boot.
-
-	  This is useful for discovering cases where the kernel is leaving
-	  W+X mappings after applying NX, as such mappings are a security risk.
-	  This check also includes UXN, which should be set on all kernel
-	  mappings.
-
-	  Look for a message in dmesg output like this:
-
-	    arm64/mm: Checked W+X mappings: passed, no W+X pages found.
-
-	  or like this, if the check failed:
-
-	    arm64/mm: Checked W+X mappings: FAILED, <N> W+X pages found.
-
-	  Note that even if the check fails, your kernel is possibly
-	  still fine, as W+X mappings are not a security hole in
-	  themselves, what they do is that they make the exploitation
-	  of other unfixed kernel bugs easier.
-
-	  There is no runtime or memory usage effect of this option
-	  once the kernel has booted up - it's a one time check.
-
-	  If in doubt, say "Y".

^ permalink raw reply	[flat|nested] 71+ messages in thread

* [folded-merged] initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch removed from -mm tree
  2020-04-21  1:13 incoming Andrew Morton
                   ` (66 preceding siblings ...)
  2020-04-26  1:06 ` + arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch " Andrew Morton
@ 2020-04-26  1:09 ` Andrew Morton
  67 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-04-26  1:09 UTC (permalink / raw)
  To: akpm, bp, hpa, mingo, mjg59, mm-commits, rdunlap, rminnich, tglx


The patch titled
     Subject: initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes
has been removed from the -mm tree.  Its filename was
     initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch

This patch was dropped because it was folded into initrdmem=-option-to-specify-initrd-physical-address.patch

------------------------------------------------------
From: Andrew Morton <akpm@linux-foundation.org>
Subject: initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes

Cc: Borislav Petkov <bp@alien8.de>

WARNING: 'adddress' may be misspelled - perhaps 'address'?
#64: FILE: Documentation/admin-guide/kernel-parameters.txt:1717:
+    initrdmem=    [KNL] Specify a physical adddress and size from which

WARNING: please, no spaces at the start of a line
#82: FILE: arch/x86/kernel/setup.c:240:
+    if (ramdisk_image == 0) {$

WARNING: braces {} are not necessary for single statement blocks
#82: FILE: arch/x86/kernel/setup.c:240:
+    if (ramdisk_image == 0) {
+        ramdisk_image = phys_initrd_start;
+    }

ERROR: code indent should use tabs where possible
#83: FILE: arch/x86/kernel/setup.c:241:
+        ramdisk_image = phys_initrd_start;$

WARNING: please, no spaces at the start of a line
#83: FILE: arch/x86/kernel/setup.c:241:
+        ramdisk_image = phys_initrd_start;$

WARNING: please, no spaces at the start of a line
#84: FILE: arch/x86/kernel/setup.c:242:
+    }$

WARNING: please, no spaces at the start of a line
#92: FILE: arch/x86/kernel/setup.c:251:
+    if (ramdisk_size == 0) {$

WARNING: braces {} are not necessary for single statement blocks
#92: FILE: arch/x86/kernel/setup.c:251:
+    if (ramdisk_size == 0) {
+        ramdisk_size = phys_initrd_size;
+    }

ERROR: code indent should use tabs where possible
#93: FILE: arch/x86/kernel/setup.c:252:
+        ramdisk_size = phys_initrd_size;$

WARNING: please, no spaces at the start of a line
#93: FILE: arch/x86/kernel/setup.c:252:
+        ramdisk_size = phys_initrd_size;$

WARNING: please, no spaces at the start of a line
#94: FILE: arch/x86/kernel/setup.c:253:
+    }$

WARNING: please, no spaces at the start of a line
#124: FILE: init/do_mounts_initrd.c:55:
+    return early_initrdmem(p);$

WARNING: Missing Signed-off-by: line by nominal patch author 'ron minnich <rminnich@gmail.com>'

total: 2 errors, 11 warnings, 56 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

NOTE: Whitespace errors detected.
      You may wish to use scripts/cleanpatch or scripts/cleanfile

./patches/initrdmem=-option-to-specify-initrd-physical-address.patch has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Borislav Petkov <bp@alien8.de>
Cc: H. Peter Anvin (Intel) <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Matthew Garrett <mjg59@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Ronald G. Minnich <rminnich@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 Documentation/admin-guide/kernel-parameters.txt |   12 ++++++------
 arch/x86/kernel/setup.c                         |   12 ++++++------
 init/do_mounts_initrd.c                         |    2 +-
 3 files changed, 13 insertions(+), 13 deletions(-)

--- a/arch/x86/kernel/setup.c~initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes
+++ a/arch/x86/kernel/setup.c
@@ -237,9 +237,9 @@ static u64 __init get_ramdisk_image(void
 
 	ramdisk_image |= (u64)boot_params.ext_ramdisk_image << 32;
 
-    if (ramdisk_image == 0) {
-        ramdisk_image = phys_initrd_start;
-    }
+	if (ramdisk_image == 0)
+		ramdisk_image = phys_initrd_start;
+
 	return ramdisk_image;
 }
 static u64 __init get_ramdisk_size(void)
@@ -248,9 +248,9 @@ static u64 __init get_ramdisk_size(void)
 
 	ramdisk_size |= (u64)boot_params.ext_ramdisk_size << 32;
 
-    if (ramdisk_size == 0) {
-        ramdisk_size = phys_initrd_size;
-    }
+	if (ramdisk_size == 0)
+		ramdisk_size = phys_initrd_size;
+
 	return ramdisk_size;
 }
 
--- a/Documentation/admin-guide/kernel-parameters.txt~initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes
+++ a/Documentation/admin-guide/kernel-parameters.txt
@@ -1762,12 +1762,12 @@
 
 	initrd=		[BOOT] Specify the location of the initial ramdisk
 
-    initrdmem=    [KNL] Specify a physical adddress and size from which
-            to load the initrd. If an initrd is compiled in or
-            specified in the bootparams, it takes priority
-            over this setting.
-            Format: ss[KMG],nn[KMG]
-            Default is 0, 0
+	initrdmem=	[KNL] Specify a physical address and size from which to
+			load the initrd. If an initrd is compiled in or
+			specified in the bootparams, it takes priority over this
+			setting.
+			Format: ss[KMG],nn[KMG]
+			Default is 0, 0
 
 	init_on_alloc=	[MM] Fill newly allocated pages and heap objects with
 			zeroes.
--- a/init/do_mounts_initrd.c~initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes
+++ a/init/do_mounts_initrd.c
@@ -52,7 +52,7 @@ early_param("initrdmem", early_initrdmem
  */
 static int __init early_initrd(char *p)
 {
-    return early_initrdmem(p);
+	return early_initrdmem(p);
 }
 early_param("initrd", early_initrd);
 
_

Patches currently in -mm which might be from akpm@linux-foundation.org are

mm-memcg-fix-error-return-value-of-mem_cgroup_css_alloc-fix.patch
squashfs-migrate-from-ll_rw_block-usage-to-bio-fix.patch
drivers-tty-serial-sh-scic-suppress-uninitialized-var-warning.patch
mm.patch
mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch
mm-remove-__vmalloc_node_flags_caller-fix.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix.patch
mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch
mm-remove-vmalloc_user_node_flags-fix.patch
riscv-support-debug_wx-fix.patch
mm-replace-zero-length-array-with-flexible-array-member-fix.patch
mm-hugetlb-fix-a-typo-in-comment-manitained-maintained-v2-checkpatch-fixes.patch
initrdmem=-option-to-specify-initrd-physical-address.patch
linux-next-fix.patch
linux-next-git-rejects.patch
mm-pass-task-and-mm-to-do_madvise-fix-fix.patch
kernel-forkc-export-kernel_thread-to-modules.patch

^ permalink raw reply	[flat|nested] 71+ messages in thread

* Re: + ipc-convert-ipcs_idr-to-xarray-update.patch added to -mm tree
       [not found]     ` <20200605201134.GJ19604@bombadil.infradead.org>
@ 2020-06-05 21:20       ` Andrew Morton
  0 siblings, 0 replies; 71+ messages in thread
From: Andrew Morton @ 2020-06-05 21:20 UTC (permalink / raw)
  To: Matthew Wilcox; +Cc: Qian Cai, linux-kernel, dave, manfred, mm-commits

On Fri, 5 Jun 2020 13:11:34 -0700 Matthew Wilcox <willy@infradead.org> wrote:

> On Fri, Jun 05, 2020 at 03:58:48PM -0400, Qian Cai wrote:
> > This will trigger,
> > 
> > [ 8853.759549] LTP: starting semget05
> > [ 8867.257088] BUG: sleeping function called from invalid context at mm/slab.h:567
> > [ 8867.270259] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 22556, name: semget05
> > [ 8867.270309] 2 locks held by semget05/22556:
> > [ 8867.270345]  #0: 00000000512de7e0 (&ids->rwsem){++++}-{3:3}, at: ipcget+0x4e/0x230
> > [ 8867.270426]  #1: 00000000552b9018 (&new->lock){+.+.}-{2:2}, at: ipc_addid+0xf4/0xf50
> 
> Did the fix for this not make it into -next?

I don't think I've seen this fix before.  And I'm unclear on how it
pertains to the current patch(es) in -mm.  And it has no changelog!

Perhaps it would be best to do a formal send of the latest version?

^ permalink raw reply	[flat|nested] 71+ messages in thread

* Re: + ipc-convert-ipcs_idr-to-xarray-update.patch added to -mm tree
  2020-04-24  1:47 ` + ipc-convert-ipcs_idr-to-xarray-update.patch " Andrew Morton
       [not found]   ` <20200605195848.GB5393@lca.pw>
@ 2020-12-30 15:44   ` Manfred Spraul
  1 sibling, 0 replies; 71+ messages in thread
From: Manfred Spraul @ 2020-12-30 15:44 UTC (permalink / raw)
  To: Andrew Morton, dave, mm-commits, willy; +Cc: 1vier1

Hi Matthew,

Due to lack of time, I didn't follow up immediately, but I haven't 
forgotten the patch series:

On 4/24/20 3:47 AM, Andrew Morton wrote:
> The patch titled
>       Subject: ipc-convert-ipcs_idr-to-xarray-update

[...]

> -		xas_lock(&xas);
> +		xa_lock(&ids->ipcs);
>   
> -		min_idx = ids->next_idx;
> -		new->seq = ids->seq;
> +		err = __xa_alloc_cyclic(&ids->ipcs, &idx, NULL,
> +				XA_LIMIT(0, max_idx), &ids->next_idx,
> +				GFP_KERNEL);
> +		if (err == 1) {
> +			ids->seq++;
> +			if (ids->seq >= ipcid_seq_max())
> +				ids->seq = 0;
> +		}
> +
> +		if (err >= 0) {
> +			new->seq = ids->seq;
> +			new->id = (new->seq << ipcmni_seq_shift()) + idx;
> +			/* xa_store contains a write barrier */
> +			__xa_store(&ids->ipcs, idx, new, GFP_KERNEL);
> +		}

The GFP_KERNEL is really ugly.

When I see "GFP_KERNEL", it means for me that the called function might 
sleep.
When I see "GFP_ATOMIC", it means for me that the called function may 
fail, and that the caller must implement a retry algorithm.

I think the GFP_KERNEL here means nothing, but I'm not sure.

Would it be possible to make __xa_store(,,,0) an officially supported 
feature?
- The function will fail if there was no previous xa_alloc for exactly 
the to be stored entry (or an xa_insert, or an xa_store(,,,GFP_KERNEL), 
etc.)
- The function will not allocate any memory.
- The function will not fail due to out of memory.
- The function will not drop the xa_lock()

Then the usage would be clear:
    xa_alloc(,GFP_KERNEL)
    acquire_all_locks()
    __xa_store(,,,0)
    drop_all_locks()


The kerneldoc is for me not clear enough:

> **
>  * __xa_store() - Store this entry in the XArray.
>  * @xa: XArray.
>  * @index: Index into array.
>  * @entry: New entry.
>  * @gfp: Memory allocation flags.
>  *
>  * You must already be holding the xa_lock when calling this function.
>  * It will drop the lock if needed to allocate memory, and then reacquire
>  * it afterwards.
Is it guaranteed the dropping/acquiring the lock will never happen after 
storing the entry into the array?
If the xarray code first stores the entry, and then allocates memory for 
tree balancing or similar, then it would break the ipc/*.c

--

     Manfred


^ permalink raw reply	[flat|nested] 71+ messages in thread

end of thread, other threads:[~2020-12-30 15:45 UTC | newest]

Thread overview: 71+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-21  1:13 incoming Andrew Morton
2020-04-21  1:13 ` [patch 01/15] sh: fix build error in mm/init.c Andrew Morton
2020-04-21  1:13 ` [patch 02/15] slub: avoid redzone when choosing freepointer location Andrew Morton
2020-04-21  1:13 ` [patch 03/15] mm/userfaultfd: disable userfaultfd-wp on x86_32 Andrew Morton
2020-04-21  1:13 ` [patch 04/15] MAINTAINERS: add an entry for kfifo Andrew Morton
2020-04-21  1:13 ` [patch 05/15] mm/hugetlb: fix a addressing exception caused by huge_pte_offset Andrew Morton
2020-04-21  1:13 ` [patch 06/15] mm, gup: return EINTR when gup is interrupted by fatal signals Andrew Morton
2020-04-21  1:13 ` [patch 07/15] checkpatch: fix a typo in the regex for $allocFunctions Andrew Morton
2020-04-21  1:14 ` [patch 08/15] tools/build: tweak unused value workaround Andrew Morton
2020-04-21  1:14 ` [patch 09/15] mm/ksm: fix NULL pointer dereference when KSM zero page is enabled Andrew Morton
2020-04-21  1:14 ` [patch 10/15] mm/shmem: fix build without THP Andrew Morton
2020-04-21  1:14 ` [patch 11/15] vmalloc: fix remap_vmalloc_range() bounds checks Andrew Morton
2020-04-21  1:14 ` [patch 12/15] shmem: fix possible deadlocks on shmlock_user_lock Andrew Morton
2020-04-21  1:14 ` [patch 13/15] mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path Andrew Morton
2020-04-21  1:14 ` [patch 14/15] coredump: fix null pointer dereference on coredump Andrew Morton
2020-04-21  1:14 ` [patch 15/15] tools/vm: fix cross-compile build Andrew Morton
2020-04-21  2:00 ` + mm-memory_hotplug-refrain-from-adding-memory-into-an-impossible-node.patch added to -mm tree Andrew Morton
2020-04-21  2:48 ` + x86-mm-define-mm_p4d_folded.patch " Andrew Morton
2020-04-21  2:52 ` + mm-debug-add-tests-validating-architecture-page-table-helpers-v17.patch " Andrew Morton
2020-04-21  2:59 ` + mm-mmapc-add-more-sanity-checks-to-get_unmapped_area.patch " Andrew Morton
2020-04-21  2:59 ` + mm-mmapc-do-not-allow-mappings-outside-of-allowed-limits.patch " Andrew Morton
2020-04-21  3:07 ` + initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch " Andrew Morton
2020-04-21  3:58 ` + initrdmem=-option-to-specify-initrd-physical-address.patch " Andrew Morton
2020-04-21  5:43 ` mmotm 2020-04-20-22-43 uploaded Andrew Morton
2020-04-22  1:36 ` + mm-swapfilec-found_free-could-be-represented-by-tmp-max.patch added to -mm tree Andrew Morton
2020-04-22  1:36 ` + mm-swapfilec-tmp-is-always-smaller-than-max.patch " Andrew Morton
2020-04-22  1:36 ` + mm-swapfilec-omit-a-duplicate-code-by-compare-tmp-and-max-first.patch " Andrew Morton
2020-04-23 22:36 ` + kasan-initialise-array-in-kasan_memcmp-test.patch " Andrew Morton
2020-04-23 22:38 ` + kvm-svm-change-flag-passed-to-gup-fast-in-sev_pin_memory.patch " Andrew Morton
2020-04-23 22:41 ` + mm-pass-task-and-mm-to-do_madvise-fix.patch " Andrew Morton
2020-04-23 22:44 ` + mm-support-vector-address-ranges-for-process_madvise.patch " Andrew Morton
2020-04-23 22:44 ` + mm-support-vector-address-ranges-for-process_madvise-fix.patch " Andrew Morton
2020-04-23 22:48 ` + kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source.patch " Andrew Morton
2020-04-23 22:48 ` + stringh-fix-incompatibility-between-fortify_source-and-kasan.patch " Andrew Morton
2020-04-23 23:03 ` + powerpc-add-support-for-folded-p4d-page-tables-fix.patch " Andrew Morton
2020-04-23 23:09 ` [folded-merged] memcg-optimize-memorynuma_stat-like-memorystat-fix.patch removed from " Andrew Morton
2020-04-23 23:32 ` + slub-remove-userspace-notifier-for-cache-add-remove.patch added to " Andrew Morton
2020-04-23 23:35 ` + ocfs2-mount-shared-volume-without-ha-stack.patch " Andrew Morton
2020-04-24  0:29 ` + mm-memory_hotplug-handle-memblocks-only-with-config_arch_keep_memblock.patch " Andrew Morton
2020-04-24  1:17 ` + mm-return-true-in-cpupid_pid_unset.patch " Andrew Morton
2020-04-24  1:20 ` + kernel-better-document-the-use_mm-unuse_mm-api-contract-v2-fix.patch " Andrew Morton
2020-04-24  1:40 ` + mm-thp-rename-pmd_mknotpresent-as-pmd_mkinvalid-v2.patch " Andrew Morton
2020-04-24  1:47 ` + ipc-convert-ipcs_idr-to-xarray-update.patch " Andrew Morton
     [not found]   ` <20200605195848.GB5393@lca.pw>
     [not found]     ` <20200605201134.GJ19604@bombadil.infradead.org>
2020-06-05 21:20       ` Andrew Morton
2020-12-30 15:44   ` Manfred Spraul
2020-04-24  2:06 ` + powerpc-spufs-simplify-spufs-core-dumping.patch " Andrew Morton
2020-04-24  2:06 ` + signal-factor-copy_siginfo_to_external32-from-copy_siginfo_to_user32.patch " Andrew Morton
2020-04-24  2:06 ` + binfmt_elf-femove-the-set_fs-in-fill_siginfo_note.patch " Andrew Morton
2020-04-24  2:06 ` + binfmt_elf-remove-the-set_fskernel_ds-in-elf_core_dump.patch " Andrew Morton
2020-04-24  2:06 ` + binfmt_elf_fdpic-remove-the-set_fskernel_ds-in-elf_fdpic_core_dump.patch " Andrew Morton
2020-04-24  2:06 ` + exec-simplify-the-copy_strings_kernel-calling-convention.patch " Andrew Morton
2020-04-24  2:06 ` + exec-open-code-copy_string_kernel.patch " Andrew Morton
2020-04-24  3:24 ` + add-kernel-config-option-for-twisting-kernel-behavior.patch " Andrew Morton
2020-04-24  3:24 ` + twist-allow-disabling-k_spec-function-in-drivers-tty-vt-keyboardc.patch " Andrew Morton
2020-04-24  3:24 ` + twist-add-option-for-selecting-twist-options-for-syzkallers-testing.patch " Andrew Morton
2020-04-24  3:32 ` + eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback.patch " Andrew Morton
2020-04-24  3:49 ` [obsolete] linux-next-rejects.patch removed from " Andrew Morton
2020-04-24  3:51 ` + mips-mm-add-page-soft-dirty-tracking.patch added to " Andrew Morton
2020-04-24 23:36 ` + mm-memory_hotplug-set-node_start_pfn-of-hotadded-pgdat-to-0.patch " Andrew Morton
2020-04-26  0:09 ` + mm-switch-the-test_vmalloc-module-to-use-__vmalloc_node-fix-fix.patch " Andrew Morton
2020-04-26  0:17 ` + mm-hugetlb-avoid-unnecessary-check-on-pud-and-pmd-entry-in-huge_pte_offset.patch " Andrew Morton
2020-04-26  0:29 ` + eventpoll-fix-missing-wakeup-for-ovflist-in-ep_poll_callback-v2.patch " Andrew Morton
2020-04-26  0:41 ` [withdrawn] kasan-initialise-array-in-kasan_memcmp-test.patch removed from " Andrew Morton
2020-04-26  0:41 ` + kasan-stop-tests-being-eliminated-as-dead-code-with-fortify_source-v4.patch added to " Andrew Morton
2020-04-26  0:48 ` + checkpatch-test-git_dir-changes.patch " Andrew Morton
2020-04-26  1:06 ` + mm-add-debug_wx-support.patch " Andrew Morton
2020-04-26  1:06 ` + riscv-support-debug_wx.patch " Andrew Morton
2020-04-26  1:06 ` + riscv-support-debug_wx-fix.patch " Andrew Morton
2020-04-26  1:06 ` + x86-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch " Andrew Morton
2020-04-26  1:06 ` + arm64-mm-use-arch_has_debug_wx-instead-of-arch-defined.patch " Andrew Morton
2020-04-26  1:09 ` [folded-merged] initrdmem=-option-to-specify-initrd-physical-address-checkpatch-fixes.patch removed from " Andrew Morton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).