Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'akpm' (patches from Andrew)

Merge misc fixes from Andrew Morton:
"14 patches.

Subsystems affected by this patch series: mm (hugetlb, kasan, gup,
selftests, z3fold, kfence, memblock, and highmem), squashfs, ia64,
gcov, and mailmap"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
mailmap: update Andrey Konovalov's email address
mm/highmem: fix CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP
mm: memblock: fix section mismatch warning again
kfence: make compatible with kmemleak
gcov: fix clang-11+ support
ia64: fix format strings for err_inject
ia64: mca: allocate early mca with GFP_ATOMIC
squashfs: fix xattr id and id lookup sanity checks
squashfs: fix inode lookup sanity checks
z3fold: prevent reclaim/free race for headless pages
selftests/vm: fix out-of-tree build
mm/mmu_notifiers: ensure range_end() is paired with range_start()
kasan: fix per-page tags for non-page_alloc pages
hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings

+230 -42
+1
.mailmap
··· 36 36 Andrew Murray <amurray@thegoodpenguin.co.uk> <amurray@embedded-bits.co.uk> 37 37 Andrew Murray <amurray@thegoodpenguin.co.uk> <andrew.murray@arm.com> 38 38 Andrew Vasquez <andrew.vasquez@qlogic.com> 39 + Andrey Konovalov <andreyknvl@gmail.com> <andreyknvl@google.com> 39 40 Andrey Ryabinin <ryabinin.a.a@gmail.com> <a.ryabinin@samsung.com> 40 41 Andrey Ryabinin <ryabinin.a.a@gmail.com> <aryabinin@virtuozzo.com> 41 42 Andy Adamson <andros@citi.umich.edu>
+11 -11
arch/ia64/kernel/err_inject.c
··· 59 59 char *buf) \ 60 60 { \ 61 61 u32 cpu=dev->id; \ 62 - return sprintf(buf, "%lx\n", name[cpu]); \ 62 + return sprintf(buf, "%llx\n", name[cpu]); \ 63 63 } 64 64 65 65 #define store(name) \ ··· 86 86 87 87 #ifdef ERR_INJ_DEBUG 88 88 printk(KERN_DEBUG "pal_mc_err_inject for cpu%d:\n", cpu); 89 - printk(KERN_DEBUG "err_type_info=%lx,\n", err_type_info[cpu]); 90 - printk(KERN_DEBUG "err_struct_info=%lx,\n", err_struct_info[cpu]); 91 - printk(KERN_DEBUG "err_data_buffer=%lx, %lx, %lx.\n", 89 + printk(KERN_DEBUG "err_type_info=%llx,\n", err_type_info[cpu]); 90 + printk(KERN_DEBUG "err_struct_info=%llx,\n", err_struct_info[cpu]); 91 + printk(KERN_DEBUG "err_data_buffer=%llx, %llx, %llx.\n", 92 92 err_data_buffer[cpu].data1, 93 93 err_data_buffer[cpu].data2, 94 94 err_data_buffer[cpu].data3); ··· 117 117 118 118 #ifdef ERR_INJ_DEBUG 119 119 printk(KERN_DEBUG "Returns: status=%d,\n", (int)status[cpu]); 120 - printk(KERN_DEBUG "capabilities=%lx,\n", capabilities[cpu]); 121 - printk(KERN_DEBUG "resources=%lx\n", resources[cpu]); 120 + printk(KERN_DEBUG "capabilities=%llx,\n", capabilities[cpu]); 121 + printk(KERN_DEBUG "resources=%llx\n", resources[cpu]); 122 122 #endif 123 123 return size; 124 124 } ··· 131 131 char *buf) 132 132 { 133 133 unsigned int cpu=dev->id; 134 - return sprintf(buf, "%lx\n", phys_addr[cpu]); 134 + return sprintf(buf, "%llx\n", phys_addr[cpu]); 135 135 } 136 136 137 137 static ssize_t ··· 145 145 ret = get_user_pages_fast(virt_addr, 1, FOLL_WRITE, NULL); 146 146 if (ret<=0) { 147 147 #ifdef ERR_INJ_DEBUG 148 - printk("Virtual address %lx is not existing.\n",virt_addr); 148 + printk("Virtual address %llx is not existing.\n", virt_addr); 149 149 #endif 150 150 return -EINVAL; 151 151 } ··· 163 163 { 164 164 unsigned int cpu=dev->id; 165 165 166 - return sprintf(buf, "%lx, %lx, %lx\n", 166 + return sprintf(buf, "%llx, %llx, %llx\n", 167 167 err_data_buffer[cpu].data1, 168 168 err_data_buffer[cpu].data2, 169 169 err_data_buffer[cpu].data3); ··· 178 178 int ret; 179 179 180 180 #ifdef ERR_INJ_DEBUG 181 - printk("write err_data_buffer=[%lx,%lx,%lx] on cpu%d\n", 181 + printk("write err_data_buffer=[%llx,%llx,%llx] on cpu%d\n", 182 182 err_data_buffer[cpu].data1, 183 183 err_data_buffer[cpu].data2, 184 184 err_data_buffer[cpu].data3, 185 185 cpu); 186 186 #endif 187 - ret=sscanf(buf, "%lx, %lx, %lx", 187 + ret = sscanf(buf, "%llx, %llx, %llx", 188 188 &err_data_buffer[cpu].data1, 189 189 &err_data_buffer[cpu].data2, 190 190 &err_data_buffer[cpu].data3);
+1 -1
arch/ia64/kernel/mca.c
··· 1824 1824 data = mca_bootmem(); 1825 1825 first_time = 0; 1826 1826 } else 1827 - data = (void *)__get_free_pages(GFP_KERNEL, 1827 + data = (void *)__get_free_pages(GFP_ATOMIC, 1828 1828 get_order(sz)); 1829 1829 if (!data) 1830 1830 panic("Could not allocate MCA memory for cpu %d\n",
+6 -2
fs/squashfs/export.c
··· 152 152 start = le64_to_cpu(table[n]); 153 153 end = le64_to_cpu(table[n + 1]); 154 154 155 - if (start >= end || (end - start) > SQUASHFS_METADATA_SIZE) { 155 + if (start >= end 156 + || (end - start) > 157 + (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { 156 158 kfree(table); 157 159 return ERR_PTR(-EINVAL); 158 160 } 159 161 } 160 162 161 163 start = le64_to_cpu(table[indexes - 1]); 162 - if (start >= lookup_table_start || (lookup_table_start - start) > SQUASHFS_METADATA_SIZE) { 164 + if (start >= lookup_table_start || 165 + (lookup_table_start - start) > 166 + (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { 163 167 kfree(table); 164 168 return ERR_PTR(-EINVAL); 165 169 }
+4 -2
fs/squashfs/id.c
··· 97 97 start = le64_to_cpu(table[n]); 98 98 end = le64_to_cpu(table[n + 1]); 99 99 100 - if (start >= end || (end - start) > SQUASHFS_METADATA_SIZE) { 100 + if (start >= end || (end - start) > 101 + (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { 101 102 kfree(table); 102 103 return ERR_PTR(-EINVAL); 103 104 } 104 105 } 105 106 106 107 start = le64_to_cpu(table[indexes - 1]); 107 - if (start >= id_table_start || (id_table_start - start) > SQUASHFS_METADATA_SIZE) { 108 + if (start >= id_table_start || (id_table_start - start) > 109 + (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { 108 110 kfree(table); 109 111 return ERR_PTR(-EINVAL); 110 112 }
+1
fs/squashfs/squashfs_fs.h
··· 17 17 18 18 /* size of metadata (inode and directory) blocks */ 19 19 #define SQUASHFS_METADATA_SIZE 8192 20 + #define SQUASHFS_BLOCK_OFFSET 2 20 21 21 22 /* default size of block device I/O */ 22 23 #ifdef CONFIG_SQUASHFS_4K_DEVBLK_SIZE
+4 -2
fs/squashfs/xattr_id.c
··· 109 109 start = le64_to_cpu(table[n]); 110 110 end = le64_to_cpu(table[n + 1]); 111 111 112 - if (start >= end || (end - start) > SQUASHFS_METADATA_SIZE) { 112 + if (start >= end || (end - start) > 113 + (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { 113 114 kfree(table); 114 115 return ERR_PTR(-EINVAL); 115 116 } 116 117 } 117 118 118 119 start = le64_to_cpu(table[indexes - 1]); 119 - if (start >= table_start || (table_start - start) > SQUASHFS_METADATA_SIZE) { 120 + if (start >= table_start || (table_start - start) > 121 + (SQUASHFS_METADATA_SIZE + SQUASHFS_BLOCK_OFFSET)) { 120 122 kfree(table); 121 123 return ERR_PTR(-EINVAL); 122 124 }
+13 -2
include/linux/hugetlb_cgroup.h
··· 113 113 return !cgroup_subsys_enabled(hugetlb_cgrp_subsys); 114 114 } 115 115 116 + static inline void hugetlb_cgroup_put_rsvd_cgroup(struct hugetlb_cgroup *h_cg) 117 + { 118 + css_put(&h_cg->css); 119 + } 120 + 116 121 extern int hugetlb_cgroup_charge_cgroup(int idx, unsigned long nr_pages, 117 122 struct hugetlb_cgroup **ptr); 118 123 extern int hugetlb_cgroup_charge_cgroup_rsvd(int idx, unsigned long nr_pages, ··· 143 138 144 139 extern void hugetlb_cgroup_uncharge_file_region(struct resv_map *resv, 145 140 struct file_region *rg, 146 - unsigned long nr_pages); 141 + unsigned long nr_pages, 142 + bool region_del); 147 143 148 144 extern void hugetlb_cgroup_file_init(void) __init; 149 145 extern void hugetlb_cgroup_migrate(struct page *oldhpage, ··· 153 147 #else 154 148 static inline void hugetlb_cgroup_uncharge_file_region(struct resv_map *resv, 155 149 struct file_region *rg, 156 - unsigned long nr_pages) 150 + unsigned long nr_pages, 151 + bool region_del) 157 152 { 158 153 } 159 154 ··· 190 183 static inline bool hugetlb_cgroup_disabled(void) 191 184 { 192 185 return true; 186 + } 187 + 188 + static inline void hugetlb_cgroup_put_rsvd_cgroup(struct hugetlb_cgroup *h_cg) 189 + { 193 190 } 194 191 195 192 static inline int hugetlb_cgroup_charge_cgroup(int idx, unsigned long nr_pages,
+2 -2
include/linux/memblock.h
··· 460 460 /* 461 461 * Set the allocation direction to bottom-up or top-down. 462 462 */ 463 - static inline __init void memblock_set_bottom_up(bool enable) 463 + static inline __init_memblock void memblock_set_bottom_up(bool enable) 464 464 { 465 465 memblock.bottom_up = enable; 466 466 } ··· 470 470 * if this is true, that said, memblock will allocate memory 471 471 * in bottom-up direction. 472 472 */ 473 - static inline __init bool memblock_bottom_up(void) 473 + static inline __init_memblock bool memblock_bottom_up(void) 474 474 { 475 475 return memblock.bottom_up; 476 476 }
+15 -3
include/linux/mm.h
··· 1461 1461 1462 1462 #if defined(CONFIG_KASAN_SW_TAGS) || defined(CONFIG_KASAN_HW_TAGS) 1463 1463 1464 + /* 1465 + * KASAN per-page tags are stored xor'ed with 0xff. This allows to avoid 1466 + * setting tags for all pages to native kernel tag value 0xff, as the default 1467 + * value 0x00 maps to 0xff. 1468 + */ 1469 + 1464 1470 static inline u8 page_kasan_tag(const struct page *page) 1465 1471 { 1466 - if (kasan_enabled()) 1467 - return (page->flags >> KASAN_TAG_PGSHIFT) & KASAN_TAG_MASK; 1468 - return 0xff; 1472 + u8 tag = 0xff; 1473 + 1474 + if (kasan_enabled()) { 1475 + tag = (page->flags >> KASAN_TAG_PGSHIFT) & KASAN_TAG_MASK; 1476 + tag ^= 0xff; 1477 + } 1478 + 1479 + return tag; 1469 1480 } 1470 1481 1471 1482 static inline void page_kasan_tag_set(struct page *page, u8 tag) 1472 1483 { 1473 1484 if (kasan_enabled()) { 1485 + tag ^= 0xff; 1474 1486 page->flags &= ~(KASAN_TAG_MASK << KASAN_TAG_PGSHIFT); 1475 1487 page->flags |= (tag & KASAN_TAG_MASK) << KASAN_TAG_PGSHIFT; 1476 1488 }
+5 -5
include/linux/mmu_notifier.h
··· 169 169 * the last refcount is dropped. 170 170 * 171 171 * If blockable argument is set to false then the callback cannot 172 - * sleep and has to return with -EAGAIN. 0 should be returned 173 - * otherwise. Please note that if invalidate_range_start approves 174 - * a non-blocking behavior then the same applies to 175 - * invalidate_range_end. 176 - * 172 + * sleep and has to return with -EAGAIN if sleeping would be required. 173 + * 0 should be returned otherwise. Please note that notifiers that can 174 + * fail invalidate_range_start are not allowed to implement 175 + * invalidate_range_end, as there is no mechanism for informing the 176 + * notifier that its start failed. 177 177 */ 178 178 int (*invalidate_range_start)(struct mmu_notifier *subscription, 179 179 const struct mmu_notifier_range *range);
+69
kernel/gcov/clang.c
··· 75 75 76 76 u32 num_counters; 77 77 u64 *counters; 78 + #if CONFIG_CLANG_VERSION < 110000 78 79 const char *function_name; 80 + #endif 79 81 }; 80 82 81 83 static struct gcov_info *current_info; ··· 107 105 } 108 106 EXPORT_SYMBOL(llvm_gcov_init); 109 107 108 + #if CONFIG_CLANG_VERSION < 110000 110 109 void llvm_gcda_start_file(const char *orig_filename, const char version[4], 111 110 u32 checksum) 112 111 { ··· 116 113 current_info->checksum = checksum; 117 114 } 118 115 EXPORT_SYMBOL(llvm_gcda_start_file); 116 + #else 117 + void llvm_gcda_start_file(const char *orig_filename, u32 version, u32 checksum) 118 + { 119 + current_info->filename = orig_filename; 120 + current_info->version = version; 121 + current_info->checksum = checksum; 122 + } 123 + EXPORT_SYMBOL(llvm_gcda_start_file); 124 + #endif 119 125 126 + #if CONFIG_CLANG_VERSION < 110000 120 127 void llvm_gcda_emit_function(u32 ident, const char *function_name, 121 128 u32 func_checksum, u8 use_extra_checksum, u32 cfg_checksum) 122 129 { ··· 146 133 list_add_tail(&info->head, &current_info->functions); 147 134 } 148 135 EXPORT_SYMBOL(llvm_gcda_emit_function); 136 + #else 137 + void llvm_gcda_emit_function(u32 ident, u32 func_checksum, 138 + u8 use_extra_checksum, u32 cfg_checksum) 139 + { 140 + struct gcov_fn_info *info = kzalloc(sizeof(*info), GFP_KERNEL); 141 + 142 + if (!info) 143 + return; 144 + 145 + INIT_LIST_HEAD(&info->head); 146 + info->ident = ident; 147 + info->checksum = func_checksum; 148 + info->use_extra_checksum = use_extra_checksum; 149 + info->cfg_checksum = cfg_checksum; 150 + list_add_tail(&info->head, &current_info->functions); 151 + } 152 + EXPORT_SYMBOL(llvm_gcda_emit_function); 153 + #endif 149 154 150 155 void llvm_gcda_emit_arcs(u32 num_counters, u64 *counters) 151 156 { ··· 326 295 } 327 296 } 328 297 298 + #if CONFIG_CLANG_VERSION < 110000 329 299 static struct gcov_fn_info *gcov_fn_info_dup(struct gcov_fn_info *fn) 330 300 { 331 301 size_t cv_size; /* counter values size */ ··· 354 322 kfree(fn_dup); 355 323 return NULL; 356 324 } 325 + #else 326 + static struct gcov_fn_info *gcov_fn_info_dup(struct gcov_fn_info *fn) 327 + { 328 + size_t cv_size; /* counter values size */ 329 + struct gcov_fn_info *fn_dup = kmemdup(fn, sizeof(*fn), 330 + GFP_KERNEL); 331 + if (!fn_dup) 332 + return NULL; 333 + INIT_LIST_HEAD(&fn_dup->head); 334 + 335 + cv_size = fn->num_counters * sizeof(fn->counters[0]); 336 + fn_dup->counters = vmalloc(cv_size); 337 + if (!fn_dup->counters) { 338 + kfree(fn_dup); 339 + return NULL; 340 + } 341 + 342 + memcpy(fn_dup->counters, fn->counters, cv_size); 343 + 344 + return fn_dup; 345 + } 346 + #endif 357 347 358 348 /** 359 349 * gcov_info_dup - duplicate profiling data set ··· 416 362 * gcov_info_free - release memory for profiling data set duplicate 417 363 * @info: profiling data set duplicate to free 418 364 */ 365 + #if CONFIG_CLANG_VERSION < 110000 419 366 void gcov_info_free(struct gcov_info *info) 420 367 { 421 368 struct gcov_fn_info *fn, *tmp; ··· 430 375 kfree(info->filename); 431 376 kfree(info); 432 377 } 378 + #else 379 + void gcov_info_free(struct gcov_info *info) 380 + { 381 + struct gcov_fn_info *fn, *tmp; 382 + 383 + list_for_each_entry_safe(fn, tmp, &info->functions, head) { 384 + vfree(fn->counters); 385 + list_del(&fn->head); 386 + kfree(fn); 387 + } 388 + kfree(info->filename); 389 + kfree(info); 390 + } 391 + #endif 433 392 434 393 #define ITER_STRIDE PAGE_SIZE 435 394
+2 -2
mm/highmem.c
··· 618 618 int idx; 619 619 620 620 /* With debug all even slots are unmapped and act as guard */ 621 - if (IS_ENABLED(CONFIG_DEBUG_HIGHMEM) && !(i & 0x01)) { 621 + if (IS_ENABLED(CONFIG_DEBUG_KMAP_LOCAL) && !(i & 0x01)) { 622 622 WARN_ON_ONCE(!pte_none(pteval)); 623 623 continue; 624 624 } ··· 654 654 int idx; 655 655 656 656 /* With debug all even slots are unmapped and act as guard */ 657 - if (IS_ENABLED(CONFIG_DEBUG_HIGHMEM) && !(i & 0x01)) { 657 + if (IS_ENABLED(CONFIG_DEBUG_KMAP_LOCAL) && !(i & 0x01)) { 658 658 WARN_ON_ONCE(!pte_none(pteval)); 659 659 continue; 660 660 }
+37 -4
mm/hugetlb.c
··· 280 280 nrg->reservation_counter = 281 281 &h_cg->rsvd_hugepage[hstate_index(h)]; 282 282 nrg->css = &h_cg->css; 283 + /* 284 + * The caller will hold exactly one h_cg->css reference for the 285 + * whole contiguous reservation region. But this area might be 286 + * scattered when there are already some file_regions reside in 287 + * it. As a result, many file_regions may share only one css 288 + * reference. In order to ensure that one file_region must hold 289 + * exactly one h_cg->css reference, we should do css_get for 290 + * each file_region and leave the reference held by caller 291 + * untouched. 292 + */ 293 + css_get(&h_cg->css); 283 294 if (!resv->pages_per_hpage) 284 295 resv->pages_per_hpage = pages_per_huge_page(h); 285 296 /* pages_per_hpage should be the same for all entries in ··· 301 290 nrg->reservation_counter = NULL; 302 291 nrg->css = NULL; 303 292 } 293 + #endif 294 + } 295 + 296 + static void put_uncharge_info(struct file_region *rg) 297 + { 298 + #ifdef CONFIG_CGROUP_HUGETLB 299 + if (rg->css) 300 + css_put(rg->css); 304 301 #endif 305 302 } 306 303 ··· 335 316 prg->to = rg->to; 336 317 337 318 list_del(&rg->link); 319 + put_uncharge_info(rg); 338 320 kfree(rg); 339 321 340 322 rg = prg; ··· 347 327 nrg->from = rg->from; 348 328 349 329 list_del(&rg->link); 330 + put_uncharge_info(rg); 350 331 kfree(rg); 351 332 } 352 333 } ··· 683 662 684 663 del += t - f; 685 664 hugetlb_cgroup_uncharge_file_region( 686 - resv, rg, t - f); 665 + resv, rg, t - f, false); 687 666 688 667 /* New entry for end of split region */ 689 668 nrg->from = t; ··· 704 683 if (f <= rg->from && t >= rg->to) { /* Remove entire region */ 705 684 del += rg->to - rg->from; 706 685 hugetlb_cgroup_uncharge_file_region(resv, rg, 707 - rg->to - rg->from); 686 + rg->to - rg->from, true); 708 687 list_del(&rg->link); 709 688 kfree(rg); 710 689 continue; ··· 712 691 713 692 if (f <= rg->from) { /* Trim beginning of region */ 714 693 hugetlb_cgroup_uncharge_file_region(resv, rg, 715 - t - rg->from); 694 + t - rg->from, false); 716 695 717 696 del += t - rg->from; 718 697 rg->from = t; 719 698 } else { /* Trim end of region */ 720 699 hugetlb_cgroup_uncharge_file_region(resv, rg, 721 - rg->to - f); 700 + rg->to - f, false); 722 701 723 702 del += rg->to - f; 724 703 rg->to = f; ··· 5208 5187 */ 5209 5188 long rsv_adjust; 5210 5189 5190 + /* 5191 + * hugetlb_cgroup_uncharge_cgroup_rsvd() will put the 5192 + * reference to h_cg->css. See comment below for detail. 5193 + */ 5211 5194 hugetlb_cgroup_uncharge_cgroup_rsvd( 5212 5195 hstate_index(h), 5213 5196 (chg - add) * pages_per_huge_page(h), h_cg); ··· 5219 5194 rsv_adjust = hugepage_subpool_put_pages(spool, 5220 5195 chg - add); 5221 5196 hugetlb_acct_memory(h, -rsv_adjust); 5197 + } else if (h_cg) { 5198 + /* 5199 + * The file_regions will hold their own reference to 5200 + * h_cg->css. So we should release the reference held 5201 + * via hugetlb_cgroup_charge_cgroup_rsvd() when we are 5202 + * done. 5203 + */ 5204 + hugetlb_cgroup_put_rsvd_cgroup(h_cg); 5222 5205 } 5223 5206 } 5224 5207 return true;
+8 -2
mm/hugetlb_cgroup.c
··· 391 391 392 392 void hugetlb_cgroup_uncharge_file_region(struct resv_map *resv, 393 393 struct file_region *rg, 394 - unsigned long nr_pages) 394 + unsigned long nr_pages, 395 + bool region_del) 395 396 { 396 397 if (hugetlb_cgroup_disabled() || !resv || !rg || !nr_pages) 397 398 return; ··· 401 400 !resv->reservation_counter) { 402 401 page_counter_uncharge(rg->reservation_counter, 403 402 nr_pages * resv->pages_per_hpage); 404 - css_put(rg->css); 403 + /* 404 + * Only do css_put(rg->css) when we delete the entire region 405 + * because one file_region must hold exactly one css reference. 406 + */ 407 + if (region_del) 408 + css_put(rg->css); 405 409 } 406 410 } 407 411
+9
mm/kfence/core.c
··· 12 12 #include <linux/debugfs.h> 13 13 #include <linux/kcsan-checks.h> 14 14 #include <linux/kfence.h> 15 + #include <linux/kmemleak.h> 15 16 #include <linux/list.h> 16 17 #include <linux/lockdep.h> 17 18 #include <linux/memblock.h> ··· 480 479 481 480 addr += 2 * PAGE_SIZE; 482 481 } 482 + 483 + /* 484 + * The pool is live and will never be deallocated from this point on. 485 + * Remove the pool object from the kmemleak object tree, as it would 486 + * otherwise overlap with allocations returned by kfence_alloc(), which 487 + * are registered with kmemleak through the slab post-alloc hook. 488 + */ 489 + kmemleak_free(__kfence_pool); 483 490 484 491 return true; 485 492
+2 -1
mm/kmemleak.c
··· 97 97 #include <linux/atomic.h> 98 98 99 99 #include <linux/kasan.h> 100 + #include <linux/kfence.h> 100 101 #include <linux/kmemleak.h> 101 102 #include <linux/memory_hotplug.h> 102 103 ··· 590 589 atomic_set(&object->use_count, 1); 591 590 object->flags = OBJECT_ALLOCATED; 592 591 object->pointer = ptr; 593 - object->size = size; 592 + object->size = kfence_ksize((void *)ptr) ?: size; 594 593 object->excess_ref = 0; 595 594 object->min_count = min_count; 596 595 object->count = 0; /* white color initially */
+23
mm/mmu_notifier.c
··· 501 501 ""); 502 502 WARN_ON(mmu_notifier_range_blockable(range) || 503 503 _ret != -EAGAIN); 504 + /* 505 + * We call all the notifiers on any EAGAIN, 506 + * there is no way for a notifier to know if 507 + * its start method failed, thus a start that 508 + * does EAGAIN can't also do end. 509 + */ 510 + WARN_ON(ops->invalidate_range_end); 504 511 ret = _ret; 505 512 } 513 + } 514 + } 515 + 516 + if (ret) { 517 + /* 518 + * Must be non-blocking to get here. If there are multiple 519 + * notifiers and one or more failed start, any that succeeded 520 + * start are expecting their end to be called. Do so now. 521 + */ 522 + hlist_for_each_entry_rcu(subscription, &subscriptions->list, 523 + hlist, srcu_read_lock_held(&srcu)) { 524 + if (!subscription->ops->invalidate_range_end) 525 + continue; 526 + 527 + subscription->ops->invalidate_range_end(subscription, 528 + range); 506 529 } 507 530 } 508 531 srcu_read_unlock(&srcu, id);
+15 -1
mm/z3fold.c
··· 1346 1346 page = list_entry(pos, struct page, lru); 1347 1347 1348 1348 zhdr = page_address(page); 1349 - if (test_bit(PAGE_HEADLESS, &page->private)) 1349 + if (test_bit(PAGE_HEADLESS, &page->private)) { 1350 + /* 1351 + * For non-headless pages, we wait to do this 1352 + * until we have the page lock to avoid racing 1353 + * with __z3fold_alloc(). Headless pages don't 1354 + * have a lock (and __z3fold_alloc() will never 1355 + * see them), but we still need to test and set 1356 + * PAGE_CLAIMED to avoid racing with 1357 + * z3fold_free(), so just do it now before 1358 + * leaving the loop. 1359 + */ 1360 + if (test_and_set_bit(PAGE_CLAIMED, &page->private)) 1361 + continue; 1362 + 1350 1363 break; 1364 + } 1351 1365 1352 1366 if (kref_get_unless_zero(&zhdr->refcount) == 0) { 1353 1367 zhdr = NULL;
+2 -2
tools/testing/selftests/vm/Makefile
··· 101 101 ifeq ($(CAN_BUILD_I386),1) 102 102 $(BINARIES_32): CFLAGS += -m32 103 103 $(BINARIES_32): LDLIBS += -lrt -ldl -lm 104 - $(BINARIES_32): %_32: %.c 104 + $(BINARIES_32): $(OUTPUT)/%_32: %.c 105 105 $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(notdir $^) $(LDLIBS) -o $@ 106 106 $(foreach t,$(TARGETS),$(eval $(call gen-target-rule-32,$(t)))) 107 107 endif ··· 109 109 ifeq ($(CAN_BUILD_X86_64),1) 110 110 $(BINARIES_64): CFLAGS += -m64 111 111 $(BINARIES_64): LDLIBS += -lrt -ldl 112 - $(BINARIES_64): %_64: %.c 112 + $(BINARIES_64): $(OUTPUT)/%_64: %.c 113 113 $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(notdir $^) $(LDLIBS) -o $@ 114 114 $(foreach t,$(TARGETS),$(eval $(call gen-target-rule-64,$(t)))) 115 115 endif