* incoming
@ 2020-12-11 21:35 Andrew Morton
2020-12-11 21:36 ` [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked" Andrew Morton
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:35 UTC (permalink / raw)
To: Linus Torvalds; +Cc: mm-commits, linux-mm
8 patches, based on 33dc9614dc208291d0c4bcdeb5d30d481dcd2c4c.
Subsystems affected by this patch series:
mm/pagecache
proc
selftests
kbuild
mm/kasan
mm/hugetlb
Subsystem: mm/pagecache
Andrew Morton <akpm@linux-foundation.org>:
revert "mm/filemap: add static for function __add_to_page_cache_locked"
Subsystem: proc
Miles Chen <miles.chen@mediatek.com>:
proc: use untagged_addr() for pagemap_read addresses
Subsystem: selftests
Arnd Bergmann <arnd@arndb.de>:
selftest/fpu: avoid clang warning
Subsystem: kbuild
Arnd Bergmann <arnd@arndb.de>:
kbuild: avoid static_assert for genksyms
initramfs: fix clang build failure
elfcore: fix building with clang
Subsystem: mm/kasan
Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>:
kasan: fix object remaining in offline per-cpu quarantine
Subsystem: mm/hugetlb
Gerald Schaefer <gerald.schaefer@linux.ibm.com>:
mm/hugetlb: clear compound_nr before freeing gigantic pages
fs/proc/task_mmu.c | 8 ++++++--
include/linux/build_bug.h | 5 +++++
include/linux/elfcore.h | 22 ++++++++++++++++++++++
init/initramfs.c | 2 +-
kernel/Makefile | 1 -
kernel/elfcore.c | 26 --------------------------
lib/Makefile | 3 ++-
mm/filemap.c | 2 +-
mm/hugetlb.c | 1 +
mm/kasan/quarantine.c | 39 +++++++++++++++++++++++++++++++++++++++
10 files changed, 77 insertions(+), 32 deletions(-)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked"
2020-12-11 21:35 incoming Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 2/8] proc: use untagged_addr() for pagemap_read addresses Andrew Morton
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, alex.shi, ast, daniel, gthelen, jmforbes, josef,
jrdr.linux, linux-mm, mkubecek, mm-commits, tony.luck, torvalds
From: Andrew Morton <akpm@linux-foundation.org>
Subject: revert "mm/filemap: add static for function __add_to_page_cache_locked"
Revert 3351b16af494 ("mm/filemap: add static for function
__add_to_page_cache_locked") due to incompatibility with
ALLOW_ERROR_INJECTION which result in build errors.
Link: https://lkml.kernel.org/r/CAADnVQJ6tmzBXvtroBuEH6QA0H+q7yaSKxrVvVxhqr3KBZdEXg@mail.gmail.com
Tested-by: Justin Forbes <jmforbes@linuxtx.org>
Tested-by: Greg Thelen <gthelen@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Michal Kubecek <mkubecek@suse.cz>
Cc: Alex Shi <alex.shi@linux.alibaba.com>
Cc: Souptick Joarder <jrdr.linux@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Tony Luck <tony.luck@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
mm/filemap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/filemap.c~revert-mm-filemap-add-static-for-function-__add_to_page_cache_locked
+++ a/mm/filemap.c
@@ -827,7 +827,7 @@ int replace_page_cache_page(struct page
}
EXPORT_SYMBOL_GPL(replace_page_cache_page);
-static noinline int __add_to_page_cache_locked(struct page *page,
+noinline int __add_to_page_cache_locked(struct page *page,
struct address_space *mapping,
pgoff_t offset, gfp_t gfp,
void **shadowp)
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 2/8] proc: use untagged_addr() for pagemap_read addresses
2020-12-11 21:35 incoming Andrew Morton
2020-12-11 21:36 ` [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked" Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 3/8] selftest/fpu: avoid clang warning Andrew Morton
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: adobriyan, akpm, andreyknvl, aryabinin, catalin.marinas, dvyukov,
ebiederm, elver, glider, linux-mm, miles.chen, mm-commits,
song.bao.hua, stable, torvalds, vincenzo.frascino, will
From: Miles Chen <miles.chen@mediatek.com>
Subject: proc: use untagged_addr() for pagemap_read addresses
When we try to visit the pagemap of a tagged userspace pointer, we find
that the start_vaddr is not correct because of the tag.
To fix it, we should untag the userspace pointers in pagemap_read().
I tested with 5.10-rc4 and the issue remains.
Explanation from Catalin in [1]:
:Arguably, that's a user-space bug since tagged file offsets were never
:supported. In this case it's not even a tag at bit 56 as per the arm64
:tagged address ABI but rather down to bit 47. You could say that the
:problem is caused by the C library (malloc()) or whoever created the
:tagged vaddr and passed it to this function. It's not a kernel
:regression as we've never supported it.
:
:Now, pagemap is a special case where the offset is usually not generated
:as a classic file offset but rather derived by shifting a user virtual
:address. I guess we can make a concession for pagemap (only) and allow
:such offset with the tag at bit (56 - PAGE_SHIFT + 3).
My test code is based on [2]:
A userspace pointer which has been tagged by 0xb4: 0xb400007662f541c8
=== userspace program ===
uint64 OsLayer::VirtualToPhysical(void *vaddr) {
uint64 frame, paddr, pfnmask, pagemask;
int pagesize = sysconf(_SC_PAGESIZE);
off64_t off = ((uintptr_t)vaddr) / pagesize * 8; // off = 0xb400007662f541c8 / pagesize * 8 = 0x5a00003b317aa0
int fd = open(kPagemapPath, O_RDONLY);
...
if (lseek64(fd, off, SEEK_SET) != off || read(fd, &frame, 8) != 8) {
int err = errno;
string errtxt = ErrorString(err);
if (fd >= 0)
close(fd);
return 0;
}
...
}
=== kernel fs/proc/task_mmu.c ===
static ssize_t pagemap_read(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
...
src = *ppos;
svpfn = src / PM_ENTRY_BYTES; // svpfn == 0xb400007662f54
start_vaddr = svpfn << PAGE_SHIFT; // start_vaddr == 0xb400007662f54000
end_vaddr = mm->task_size;
/* watch out for wraparound */
// svpfn == 0xb400007662f54
// (mm->task_size >> PAGE) == 0x8000000
if (svpfn > mm->task_size >> PAGE_SHIFT) // the condition is true because of the tag 0xb4
start_vaddr = end_vaddr;
ret = 0;
while (count && (start_vaddr < end_vaddr)) { // we cannot visit correct entry because start_vaddr is set to end_vaddr
int len;
unsigned long end;
...
}
...
}
[1] https://lore.kernel.org/patchwork/patch/1343258/
[2] https://github.com/stressapptest/stressapptest/blob/master/src/os.cc#L158
Link: https://lkml.kernel.org/r/20201204024347.8295-1-miles.chen@mediatek.com
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Marco Elver <elver@google.com>
Cc: Will Deacon <will@kernel.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Song Bao Hua (Barry Song) <song.bao.hua@hisilicon.com>
Cc: <stable@vger.kernel.org> [5.4-]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
fs/proc/task_mmu.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/proc/task_mmu.c~proc-use-untagged_addr-for-pagemap_read-addresses
+++ a/fs/proc/task_mmu.c
@@ -1599,11 +1599,15 @@ static ssize_t pagemap_read(struct file
src = *ppos;
svpfn = src / PM_ENTRY_BYTES;
- start_vaddr = svpfn << PAGE_SHIFT;
end_vaddr = mm->task_size;
/* watch out for wraparound */
- if (svpfn > mm->task_size >> PAGE_SHIFT)
+ start_vaddr = end_vaddr;
+ if (svpfn <= (ULONG_MAX >> PAGE_SHIFT))
+ start_vaddr = untagged_addr(svpfn << PAGE_SHIFT);
+
+ /* Ensure the address is inside the task */
+ if (start_vaddr > mm->task_size)
start_vaddr = end_vaddr;
/*
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 3/8] selftest/fpu: avoid clang warning
2020-12-11 21:35 incoming Andrew Morton
2020-12-11 21:36 ` [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked" Andrew Morton
2020-12-11 21:36 ` [patch 2/8] proc: use untagged_addr() for pagemap_read addresses Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 4/8] kbuild: avoid static_assert for genksyms Andrew Morton
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, andriy.shevchenko, arnd, bp, jpa, linux-mm, mm-commits,
natechancellor, ndesaulniers, torvalds
From: Arnd Bergmann <arnd@arndb.de>
Subject: selftest/fpu: avoid clang warning
With extra warnings enabled, clang complains about the redundant
-mhard-float argument:
clang: error: argument unused during compilation: '-mhard-float' [-Werror,-Wunused-command-line-argument]
Move this into the gcc-only part of the Makefile.
Link: https://lkml.kernel.org/r/20201203223652.1320700-1-arnd@kernel.org
Fixes: 4185b3b92792 ("selftests/fpu: Add an FPU selftest")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Petteri Aimonen <jpa@git.mail.kapsi.fi>
Cc: Borislav Petkov <bp@suse.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/lib/Makefile~selftest-fpu-avoid-clang-warning
+++ a/lib/Makefile
@@ -107,7 +107,7 @@ obj-$(CONFIG_TEST_FREE_PAGES) += test_fr
# off the generation of FPU/SSE* instructions for kernel proper but FPU_FLAGS
# get appended last to CFLAGS and thus override those previous compiler options.
#
-FPU_CFLAGS := -mhard-float -msse -msse2
+FPU_CFLAGS := -msse -msse2
ifdef CONFIG_CC_IS_GCC
# Stack alignment mismatch, proceed with caution.
# GCC < 7.1 cannot compile code using `double` and -mpreferred-stack-boundary=3
@@ -120,6 +120,7 @@ ifdef CONFIG_CC_IS_GCC
# -mpreferred-stack-boundary=3 is not between 4 and 12
#
# can be triggered. Otherwise gcc doesn't complain.
+FPU_CFLAGS += -mhard-float
FPU_CFLAGS += $(call cc-option,-msse -mpreferred-stack-boundary=3,-mpreferred-stack-boundary=4)
endif
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 4/8] kbuild: avoid static_assert for genksyms
2020-12-11 21:35 incoming Andrew Morton
` (2 preceding siblings ...)
2020-12-11 21:36 ` [patch 3/8] selftest/fpu: avoid clang warning Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 5/8] initramfs: fix clang build failure Andrew Morton
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, ardb, arnd, elver, keescook, linux-mm, masahiroy,
michal.lkml, mm-commits, rikard.falkeborn, stable, torvalds
From: Arnd Bergmann <arnd@arndb.de>
Subject: kbuild: avoid static_assert for genksyms
genksyms does not know or care about the _Static_assert() built-in,
and sometimes falls back to ignoring the later symbols, which causes
undefined behavior such as
WARNING: modpost: EXPORT symbol "ethtool_set_ethtool_phy_ops" [vmlinux] version generation failed, symbol will not be versioned.
ld: net/ethtool/common.o: relocation R_AARCH64_ABS32 against `__crc_ethtool_set_ethtool_phy_ops' can not be used when making a shared object
net/ethtool/common.o:(_ftrace_annotated_branch+0x0): dangerous relocation: unsupported relocation
Redefine static_assert for genksyms to avoid that.
Link: https://lkml.kernel.org/r/20201203230955.1482058-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Cc: Marco Elver <elver@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
include/linux/build_bug.h | 5 +++++
1 file changed, 5 insertions(+)
--- a/include/linux/build_bug.h~kbuild-avoid-static_assert-for-genksyms
+++ a/include/linux/build_bug.h
@@ -77,4 +77,9 @@
#define static_assert(expr, ...) __static_assert(expr, ##__VA_ARGS__, #expr)
#define __static_assert(expr, msg, ...) _Static_assert(expr, msg)
+#ifdef __GENKSYMS__
+/* genksyms gets confused by _Static_assert */
+#define _Static_assert(expr, ...)
+#endif
+
#endif /* _LINUX_BUILD_BUG_H */
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 5/8] initramfs: fix clang build failure
2020-12-11 21:35 incoming Andrew Morton
` (3 preceding siblings ...)
2020-12-11 21:36 ` [patch 4/8] kbuild: avoid static_assert for genksyms Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 6/8] elfcore: fix building with clang Andrew Morton
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, arnd, brho, linux-mm, mm-commits, natechancellor,
ndesaulniers, torvalds
From: Arnd Bergmann <arnd@arndb.de>
Subject: initramfs: fix clang build failure
There is only one function in init/initramfs.c that is in the .text
section, and it is marked __weak. When building with clang-12 and the
integrated assembler, this leads to a bug with recordmcount:
./scripts/recordmcount "init/initramfs.o"
Cannot find symbol for section 2: .text.
init/initramfs.o: failed
I'm not quite sure what exactly goes wrong, but I notice that this
function is only ever called from an __init function, and normally
inlined. Marking it __init as well is clearly correct and it leads to
recordmcount no longer complaining.
Link: https://lkml.kernel.org/r/20201204165742.3815221-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Barret Rhoden <brho@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
init/initramfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/init/initramfs.c~initramfs-fix-clang-build-failure
+++ a/init/initramfs.c
@@ -535,7 +535,7 @@ extern unsigned long __initramfs_size;
#include <linux/initrd.h>
#include <linux/kexec.h>
-void __weak free_initrd_mem(unsigned long start, unsigned long end)
+void __weak __init free_initrd_mem(unsigned long start, unsigned long end)
{
#ifdef CONFIG_ARCH_KEEP_MEMBLOCK
unsigned long aligned_start = ALIGN_DOWN(start, PAGE_SIZE);
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 6/8] elfcore: fix building with clang
2020-12-11 21:35 incoming Andrew Morton
` (4 preceding siblings ...)
2020-12-11 21:36 ` [patch 5/8] initramfs: fix clang build failure Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 7/8] kasan: fix object remaining in offline per-cpu quarantine Andrew Morton
2020-12-11 21:36 ` [patch 8/8] mm/hugetlb: clear compound_nr before freeing gigantic pages Andrew Morton
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, arnd, brho, linux-mm, mm-commits, natechancellor,
ndesaulniers, torvalds
From: Arnd Bergmann <arnd@arndb.de>
Subject: elfcore: fix building with clang
kernel/elfcore.c only contains weak symbols, which triggers a bug with
clang in combination with recordmcount:
Cannot find symbol for section 2: .text.
kernel/elfcore.o: failed
Move the empty stubs into linux/elfcore.h as inline functions. As only
two architectures use these, just use the architecture specific Kconfig
symbols to key off the declaration.
Link: https://lkml.kernel.org/r/20201204165742.3815221-2-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Barret Rhoden <brho@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
include/linux/elfcore.h | 22 ++++++++++++++++++++++
kernel/Makefile | 1 -
kernel/elfcore.c | 26 --------------------------
3 files changed, 22 insertions(+), 27 deletions(-)
--- a/include/linux/elfcore.h~elfcore-fix-building-with-clang
+++ a/include/linux/elfcore.h
@@ -104,6 +104,7 @@ static inline int elf_core_copy_task_fpr
#endif
}
+#if defined(CONFIG_UM) || defined(CONFIG_IA64)
/*
* These functions parameterize elf_core_dump in fs/binfmt_elf.c to write out
* extra segments containing the gate DSO contents. Dumping its
@@ -118,5 +119,26 @@ elf_core_write_extra_phdrs(struct coredu
extern int
elf_core_write_extra_data(struct coredump_params *cprm);
extern size_t elf_core_extra_data_size(void);
+#else
+static inline Elf_Half elf_core_extra_phdrs(void)
+{
+ return 0;
+}
+
+static inline int elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset)
+{
+ return 1;
+}
+
+static inline int elf_core_write_extra_data(struct coredump_params *cprm)
+{
+ return 1;
+}
+
+static inline size_t elf_core_extra_data_size(void)
+{
+ return 0;
+}
+#endif
#endif /* _LINUX_ELFCORE_H */
--- a/kernel/elfcore.c
+++ /dev/null
@@ -1,26 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-#include <linux/elf.h>
-#include <linux/fs.h>
-#include <linux/mm.h>
-#include <linux/binfmts.h>
-#include <linux/elfcore.h>
-
-Elf_Half __weak elf_core_extra_phdrs(void)
-{
- return 0;
-}
-
-int __weak elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset)
-{
- return 1;
-}
-
-int __weak elf_core_write_extra_data(struct coredump_params *cprm)
-{
- return 1;
-}
-
-size_t __weak elf_core_extra_data_size(void)
-{
- return 0;
-}
--- a/kernel/Makefile~elfcore-fix-building-with-clang
+++ a/kernel/Makefile
@@ -97,7 +97,6 @@ obj-$(CONFIG_TASK_DELAY_ACCT) += delayac
obj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o
obj-$(CONFIG_TRACEPOINTS) += tracepoint.o
obj-$(CONFIG_LATENCYTOP) += latencytop.o
-obj-$(CONFIG_ELFCORE) += elfcore.o
obj-$(CONFIG_FUNCTION_TRACER) += trace/
obj-$(CONFIG_TRACING) += trace/
obj-$(CONFIG_TRACE_CLOCK) += trace/
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 7/8] kasan: fix object remaining in offline per-cpu quarantine
2020-12-11 21:35 incoming Andrew Morton
` (5 preceding siblings ...)
2020-12-11 21:36 ` [patch 6/8] elfcore: fix building with clang Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
2020-12-11 21:36 ` [patch 8/8] mm/hugetlb: clear compound_nr before freeing gigantic pages Andrew Morton
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, aryabinin, dvyukov, glider, guangye.yang, Kuan-Ying.Lee,
linux-mm, matthias.bgg, miles.chen, mm-commits, nicholas.tang,
qcai, qiang.zhang, sfr, torvalds
From: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Subject: kasan: fix object remaining in offline per-cpu quarantine
We hit this issue in our internal test. When enabling generic kasan, a
kfree()'d object is put into per-cpu quarantine first. If the cpu goes
offline, object still remains in the per-cpu quarantine. If we call
kmem_cache_destroy() now, slub will report "Objects remaining" error.
[ 74.982625] =============================================================================
[ 74.983380] BUG test_module_slab (Not tainted): Objects remaining in test_module_slab on __kmem_cache_shutdown()
[ 74.984145] -----------------------------------------------------------------------------
[ 74.984145]
[ 74.984883] Disabling lock debugging due to kernel taint
[ 74.985561] INFO: Slab 0x(____ptrval____) objects=34 used=1 fp=0x(____ptrval____) flags=0x2ffff00000010200
[ 74.986638] CPU: 3 PID: 176 Comm: cat Tainted: G B 5.10.0-rc1-00007-g4525c8781ec0-dirty #10
[ 74.987262] Hardware name: linux,dummy-virt (DT)
[ 74.987606] Call trace:
[ 74.987924] dump_backtrace+0x0/0x2b0
[ 74.988296] show_stack+0x18/0x68
[ 74.988698] dump_stack+0xfc/0x168
[ 74.989030] slab_err+0xac/0xd4
[ 74.989346] __kmem_cache_shutdown+0x1e4/0x3c8
[ 74.989779] kmem_cache_destroy+0x68/0x130
[ 74.990176] test_version_show+0x84/0xf0
[ 74.990679] module_attr_show+0x40/0x60
[ 74.991218] sysfs_kf_seq_show+0x128/0x1c0
[ 74.991656] kernfs_seq_show+0xa0/0xb8
[ 74.992059] seq_read+0x1f0/0x7e8
[ 74.992415] kernfs_fop_read+0x70/0x338
[ 74.993051] vfs_read+0xe4/0x250
[ 74.993498] ksys_read+0xc8/0x180
[ 74.993825] __arm64_sys_read+0x44/0x58
[ 74.994203] el0_svc_common.constprop.0+0xac/0x228
[ 74.994708] do_el0_svc+0x38/0xa0
[ 74.995088] el0_sync_handler+0x170/0x178
[ 74.995497] el0_sync+0x174/0x180
[ 74.996050] INFO: Object 0x(____ptrval____) @offset=15848
[ 74.996752] INFO: Allocated in test_version_show+0x98/0xf0 age=8188 cpu=6 pid=172
[ 75.000802] stack_trace_save+0x9c/0xd0
[ 75.002420] set_track+0x64/0xf0
[ 75.002770] alloc_debug_processing+0x104/0x1a0
[ 75.003171] ___slab_alloc+0x628/0x648
[ 75.004213] __slab_alloc.isra.0+0x2c/0x58
[ 75.004757] kmem_cache_alloc+0x560/0x588
[ 75.005376] test_version_show+0x98/0xf0
[ 75.005756] module_attr_show+0x40/0x60
[ 75.007035] sysfs_kf_seq_show+0x128/0x1c0
[ 75.007433] kernfs_seq_show+0xa0/0xb8
[ 75.007800] seq_read+0x1f0/0x7e8
[ 75.008128] kernfs_fop_read+0x70/0x338
[ 75.008507] vfs_read+0xe4/0x250
[ 75.008990] ksys_read+0xc8/0x180
[ 75.009462] __arm64_sys_read+0x44/0x58
[ 75.010085] el0_svc_common.constprop.0+0xac/0x228
[ 75.011006] kmem_cache_destroy test_module_slab: Slab cache still has objects
Register a cpu hotplug function to remove all objects in the offline
per-cpu quarantine when cpu is going offline. Set a per-cpu variable to
indicate this cpu is offline.
[qiang.zhang@windriver.com: fix slab double free when cpu-hotplug]
Link: https://lkml.kernel.org/r/20201204102206.20237-1-qiang.zhang@windriver.com
Link: https://lkml.kernel.org/r/1606895585-17382-2-git-send-email-Kuan-Ying.Lee@mediatek.com
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Guangye Yang <guangye.yang@mediatek.com>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Nicholas Tang <nicholas.tang@mediatek.com>
Cc: Miles Chen <miles.chen@mediatek.com>
Cc: Qian Cai <qcai@redhat.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
mm/kasan/quarantine.c | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
--- a/mm/kasan/quarantine.c~kasan-fix-object-remain-in-offline-per-cpu-quarantine
+++ a/mm/kasan/quarantine.c
@@ -29,6 +29,7 @@
#include <linux/srcu.h>
#include <linux/string.h>
#include <linux/types.h>
+#include <linux/cpuhotplug.h>
#include "../slab.h"
#include "kasan.h"
@@ -43,6 +44,7 @@ struct qlist_head {
struct qlist_node *head;
struct qlist_node *tail;
size_t bytes;
+ bool offline;
};
#define QLIST_INIT { NULL, NULL, 0 }
@@ -188,6 +190,10 @@ void quarantine_put(struct kasan_free_me
local_irq_save(flags);
q = this_cpu_ptr(&cpu_quarantine);
+ if (q->offline) {
+ local_irq_restore(flags);
+ return;
+ }
qlist_put(q, &info->quarantine_link, cache->size);
if (unlikely(q->bytes > QUARANTINE_PERCPU_SIZE)) {
qlist_move_all(q, &temp);
@@ -328,3 +334,36 @@ void quarantine_remove_cache(struct kmem
synchronize_srcu(&remove_cache_srcu);
}
+
+static int kasan_cpu_online(unsigned int cpu)
+{
+ this_cpu_ptr(&cpu_quarantine)->offline = false;
+ return 0;
+}
+
+static int kasan_cpu_offline(unsigned int cpu)
+{
+ struct qlist_head *q;
+
+ q = this_cpu_ptr(&cpu_quarantine);
+ /* Ensure the ordering between the writing to q->offline and
+ * qlist_free_all. Otherwise, cpu_quarantine may be corrupted
+ * by interrupt.
+ */
+ WRITE_ONCE(q->offline, true);
+ barrier();
+ qlist_free_all(q, NULL);
+ return 0;
+}
+
+static int __init kasan_cpu_quarantine_init(void)
+{
+ int ret = 0;
+
+ ret = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "mm/kasan:online",
+ kasan_cpu_online, kasan_cpu_offline);
+ if (ret < 0)
+ pr_err("kasan cpu quarantine register failed [%d]\n", ret);
+ return ret;
+}
+late_initcall(kasan_cpu_quarantine_init);
_
^ permalink raw reply [flat|nested] 9+ messages in thread
* [patch 8/8] mm/hugetlb: clear compound_nr before freeing gigantic pages
2020-12-11 21:35 incoming Andrew Morton
` (6 preceding siblings ...)
2020-12-11 21:36 ` [patch 7/8] kasan: fix object remaining in offline per-cpu quarantine Andrew Morton
@ 2020-12-11 21:36 ` Andrew Morton
7 siblings, 0 replies; 9+ messages in thread
From: Andrew Morton @ 2020-12-11 21:36 UTC (permalink / raw)
To: akpm, borntraeger, gerald.schaefer, linux-mm, mike.kravetz,
mm-commits, stable, torvalds, willy
From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Subject: mm/hugetlb: clear compound_nr before freeing gigantic pages
Commit 1378a5ee451a ("mm: store compound_nr as well as compound_order")
added compound_nr counter to first tail struct page, overlaying with
page->mapping. The overlay itself is fine, but while freeing gigantic
hugepages via free_contig_range(), a "bad page" check will trigger for
non-NULL page->mapping on the first tail page:
[ 276.681603] BUG: Bad page state in process bash pfn:380001
[ 276.681614] page:00000000c35f0856 refcount:0 mapcount:0 mapping:00000000126b68aa index:0x0 pfn:0x380001
[ 276.681620] aops:0x0
[ 276.681622] flags: 0x3ffff00000000000()
[ 276.681626] raw: 3ffff00000000000 0000000000000100 0000000000000122 0000000100000000
[ 276.681628] raw: 0000000000000000 0000000000000000 ffffffff00000000 0000000000000000
[ 276.681630] page dumped because: non-NULL mapping
[ 276.681632] Modules linked in:
[ 276.681637] CPU: 6 PID: 616 Comm: bash Not tainted 5.10.0-rc7-next-20201208 #1
[ 276.681639] Hardware name: IBM 3906 M03 703 (LPAR)
[ 276.681641] Call Trace:
[ 276.681648] [<0000000458c252b6>] show_stack+0x6e/0xe8
[ 276.681652] [<000000045971cf60>] dump_stack+0x90/0xc8
[ 276.681656] [<0000000458e8b186>] bad_page+0xd6/0x130
[ 276.681658] [<0000000458e8cdea>] free_pcppages_bulk+0x26a/0x800
[ 276.681661] [<0000000458e8e67e>] free_unref_page+0x6e/0x90
[ 276.681663] [<0000000458e8ea6c>] free_contig_range+0x94/0xe8
[ 276.681666] [<0000000458ea5e54>] update_and_free_page+0x1c4/0x2c8
[ 276.681669] [<0000000458ea784e>] free_pool_huge_page+0x11e/0x138
[ 276.681671] [<0000000458ea8530>] set_max_huge_pages+0x228/0x300
[ 276.681673] [<0000000458ea86c0>] nr_hugepages_store_common+0xb8/0x130
[ 276.681678] [<0000000458fd5b6a>] kernfs_fop_write+0xd2/0x218
[ 276.681681] [<0000000458ef9da0>] vfs_write+0xb0/0x2b8
[ 276.681684] [<0000000458efa15c>] ksys_write+0xac/0xe0
[ 276.681687] [<000000045972c5ca>] system_call+0xe6/0x288
[ 276.681730] Disabling lock debugging due to kernel taint
This is because only the compound_order is cleared in
destroy_compound_gigantic_page(), and compound_nr is set to 1U << order ==
1 for order 0 in set_compound_order(page, 0).
Fix this by explicitly clearing compound_nr for first tail page after
calling set_compound_order(page, 0).
Link: https://lkml.kernel.org/r/20201208182813.66391-2-gerald.schaefer@linux.ibm.com
Fixes: 1378a5ee451a ("mm: store compound_nr as well as compound_order")
Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc; Heiko Carstens <hca@linux.ibm.com>
Cc: <stable@vger.kernel.org> [5.9+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
mm/hugetlb.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/hugetlb.c~mm-hugetlb-clear-compound_nr-before-freeing-gigantic-pages
+++ a/mm/hugetlb.c
@@ -1216,6 +1216,7 @@ static void destroy_compound_gigantic_pa
}
set_compound_order(page, 0);
+ page[1].compound_nr = 0;
__ClearPageHead(page);
}
_
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-12-11 22:39 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-11 21:35 incoming Andrew Morton
2020-12-11 21:36 ` [patch 1/8] revert "mm/filemap: add static for function __add_to_page_cache_locked" Andrew Morton
2020-12-11 21:36 ` [patch 2/8] proc: use untagged_addr() for pagemap_read addresses Andrew Morton
2020-12-11 21:36 ` [patch 3/8] selftest/fpu: avoid clang warning Andrew Morton
2020-12-11 21:36 ` [patch 4/8] kbuild: avoid static_assert for genksyms Andrew Morton
2020-12-11 21:36 ` [patch 5/8] initramfs: fix clang build failure Andrew Morton
2020-12-11 21:36 ` [patch 6/8] elfcore: fix building with clang Andrew Morton
2020-12-11 21:36 ` [patch 7/8] kasan: fix object remaining in offline per-cpu quarantine Andrew Morton
2020-12-11 21:36 ` [patch 8/8] mm/hugetlb: clear compound_nr before freeing gigantic pages Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).