tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'akpm' (patches from Andrew)

Merge misc fixes from Andrew Morton:
"7 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
mm: fix false-positive WARN_ON() in truncate/invalidate for hugetlb
kasan: support use-after-scope detection
kasan: update kasan_global for gcc 7
lib/debugobjects: export for use in modules
zram: fix unbalanced idr management at hot removal
thp: fix corner case of munlock() of PTE-mapped THPs
mm, thp: propagation of conditional compilation in khugepaged.c

Linus Torvalds 43c4f67c f513581c

+94 -14
+2 -1
drivers/block/zram/zram_drv.c
··· 1403 1403 zram = idr_find(&zram_index_idr, dev_id); 1404 1404 if (zram) { 1405 1405 ret = zram_remove(zram); 1406 - idr_remove(&zram_index_idr, dev_id); 1406 + if (!ret) 1407 + idr_remove(&zram_index_idr, dev_id); 1407 1408 } else { 1408 1409 ret = -ENODEV; 1409 1410 }
+3 -1
include/linux/compiler-gcc.h
··· 263 263 #endif 264 264 #endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP && !__CHECKER__ */ 265 265 266 - #if GCC_VERSION >= 50000 266 + #if GCC_VERSION >= 70000 267 + #define KASAN_ABI_VERSION 5 268 + #elif GCC_VERSION >= 50000 267 269 #define KASAN_ABI_VERSION 4 268 270 #elif GCC_VERSION >= 40902 269 271 #define KASAN_ABI_VERSION 3
+15 -6
include/linux/pagemap.h
··· 374 374 } 375 375 376 376 /* 377 - * Get the offset in PAGE_SIZE. 378 - * (TODO: hugepage should have ->index in PAGE_SIZE) 377 + * Get index of the page with in radix-tree 378 + * (TODO: remove once hugetlb pages will have ->index in PAGE_SIZE) 379 379 */ 380 - static inline pgoff_t page_to_pgoff(struct page *page) 380 + static inline pgoff_t page_to_index(struct page *page) 381 381 { 382 382 pgoff_t pgoff; 383 - 384 - if (unlikely(PageHeadHuge(page))) 385 - return page->index << compound_order(page); 386 383 387 384 if (likely(!PageTransTail(page))) 388 385 return page->index; ··· 391 394 pgoff = compound_head(page)->index; 392 395 pgoff += page - compound_head(page); 393 396 return pgoff; 397 + } 398 + 399 + /* 400 + * Get the offset in PAGE_SIZE. 401 + * (TODO: hugepage should have ->index in PAGE_SIZE) 402 + */ 403 + static inline pgoff_t page_to_pgoff(struct page *page) 404 + { 405 + if (unlikely(PageHeadHuge(page))) 406 + return page->index << compound_order(page); 407 + 408 + return page_to_index(page); 394 409 } 395 410 396 411 /*
+8
lib/debugobjects.c
··· 362 362 363 363 __debug_object_init(addr, descr, 0); 364 364 } 365 + EXPORT_SYMBOL_GPL(debug_object_init); 365 366 366 367 /** 367 368 * debug_object_init_on_stack - debug checks when an object on stack is ··· 377 376 378 377 __debug_object_init(addr, descr, 1); 379 378 } 379 + EXPORT_SYMBOL_GPL(debug_object_init_on_stack); 380 380 381 381 /** 382 382 * debug_object_activate - debug checks when an object is activated ··· 451 449 } 452 450 return 0; 453 451 } 452 + EXPORT_SYMBOL_GPL(debug_object_activate); 454 453 455 454 /** 456 455 * debug_object_deactivate - debug checks when an object is deactivated ··· 499 496 500 497 raw_spin_unlock_irqrestore(&db->lock, flags); 501 498 } 499 + EXPORT_SYMBOL_GPL(debug_object_deactivate); 502 500 503 501 /** 504 502 * debug_object_destroy - debug checks when an object is destroyed ··· 546 542 out_unlock: 547 543 raw_spin_unlock_irqrestore(&db->lock, flags); 548 544 } 545 + EXPORT_SYMBOL_GPL(debug_object_destroy); 549 546 550 547 /** 551 548 * debug_object_free - debug checks when an object is freed ··· 587 582 out_unlock: 588 583 raw_spin_unlock_irqrestore(&db->lock, flags); 589 584 } 585 + EXPORT_SYMBOL_GPL(debug_object_free); 590 586 591 587 /** 592 588 * debug_object_assert_init - debug checks when object should be init-ed ··· 632 626 633 627 raw_spin_unlock_irqrestore(&db->lock, flags); 634 628 } 629 + EXPORT_SYMBOL_GPL(debug_object_assert_init); 635 630 636 631 /** 637 632 * debug_object_active_state - debug checks object usage state machine ··· 680 673 681 674 raw_spin_unlock_irqrestore(&db->lock, flags); 682 675 } 676 + EXPORT_SYMBOL_GPL(debug_object_active_state); 683 677 684 678 #ifdef CONFIG_DEBUG_OBJECTS_FREE 685 679 static void __debug_check_no_obj_freed(const void *address, unsigned long size)
+29
lib/test_kasan.c
··· 20 20 #include <linux/uaccess.h> 21 21 #include <linux/module.h> 22 22 23 + /* 24 + * Note: test functions are marked noinline so that their names appear in 25 + * reports. 26 + */ 27 + 23 28 static noinline void __init kmalloc_oob_right(void) 24 29 { 25 30 char *ptr; ··· 416 411 kfree(kmem); 417 412 } 418 413 414 + static noinline void __init use_after_scope_test(void) 415 + { 416 + volatile char *volatile p; 417 + 418 + pr_info("use-after-scope on int\n"); 419 + { 420 + int local = 0; 421 + 422 + p = (char *)&local; 423 + } 424 + p[0] = 1; 425 + p[3] = 1; 426 + 427 + pr_info("use-after-scope on array\n"); 428 + { 429 + char local[1024] = {0}; 430 + 431 + p = local; 432 + } 433 + p[0] = 1; 434 + p[1023] = 1; 435 + } 436 + 419 437 static int __init kmalloc_tests_init(void) 420 438 { 421 439 kmalloc_oob_right(); ··· 464 436 kasan_global_oob(); 465 437 ksize_unpoisons_memory(); 466 438 copy_user_test(); 439 + use_after_scope_test(); 467 440 return -EAGAIN; 468 441 } 469 442
+19
mm/kasan/kasan.c
··· 764 764 void __asan_handle_no_return(void) {} 765 765 EXPORT_SYMBOL(__asan_handle_no_return); 766 766 767 + /* Emitted by compiler to poison large objects when they go out of scope. */ 768 + void __asan_poison_stack_memory(const void *addr, size_t size) 769 + { 770 + /* 771 + * Addr is KASAN_SHADOW_SCALE_SIZE-aligned and the object is surrounded 772 + * by redzones, so we simply round up size to simplify logic. 773 + */ 774 + kasan_poison_shadow(addr, round_up(size, KASAN_SHADOW_SCALE_SIZE), 775 + KASAN_USE_AFTER_SCOPE); 776 + } 777 + EXPORT_SYMBOL(__asan_poison_stack_memory); 778 + 779 + /* Emitted by compiler to unpoison large objects when they go into scope. */ 780 + void __asan_unpoison_stack_memory(const void *addr, size_t size) 781 + { 782 + kasan_unpoison_shadow(addr, size); 783 + } 784 + EXPORT_SYMBOL(__asan_unpoison_stack_memory); 785 + 767 786 #ifdef CONFIG_MEMORY_HOTPLUG 768 787 static int kasan_mem_notifier(struct notifier_block *nb, 769 788 unsigned long action, void *data)
+4
mm/kasan/kasan.h
··· 21 21 #define KASAN_STACK_MID 0xF2 22 22 #define KASAN_STACK_RIGHT 0xF3 23 23 #define KASAN_STACK_PARTIAL 0xF4 24 + #define KASAN_USE_AFTER_SCOPE 0xF8 24 25 25 26 /* Don't break randconfig/all*config builds */ 26 27 #ifndef KASAN_ABI_VERSION ··· 53 52 unsigned long has_dynamic_init; /* This needed for C++ */ 54 53 #if KASAN_ABI_VERSION >= 4 55 54 struct kasan_source_location *location; 55 + #endif 56 + #if KASAN_ABI_VERSION >= 5 57 + char *odr_indicator; 56 58 #endif 57 59 }; 58 60
+3
mm/kasan/report.c
··· 90 90 case KASAN_KMALLOC_FREE: 91 91 bug_type = "use-after-free"; 92 92 break; 93 + case KASAN_USE_AFTER_SCOPE: 94 + bug_type = "use-after-scope"; 95 + break; 93 96 } 94 97 95 98 pr_err("BUG: KASAN: %s in %pS at addr %p\n",
+2
mm/khugepaged.c
··· 103 103 .mm_head = LIST_HEAD_INIT(khugepaged_scan.mm_head), 104 104 }; 105 105 106 + #ifdef CONFIG_SYSFS 106 107 static ssize_t scan_sleep_millisecs_show(struct kobject *kobj, 107 108 struct kobj_attribute *attr, 108 109 char *buf) ··· 296 295 .attrs = khugepaged_attr, 297 296 .name = "khugepaged", 298 297 }; 298 + #endif /* CONFIG_SYSFS */ 299 299 300 300 #define VM_NO_KHUGEPAGED (VM_SPECIAL | VM_HUGETLB) 301 301
+5 -2
mm/mlock.c
··· 190 190 */ 191 191 spin_lock_irq(zone_lru_lock(zone)); 192 192 193 - nr_pages = hpage_nr_pages(page); 194 - if (!TestClearPageMlocked(page)) 193 + if (!TestClearPageMlocked(page)) { 194 + /* Potentially, PTE-mapped THP: do not skip the rest PTEs */ 195 + nr_pages = 1; 195 196 goto unlock_out; 197 + } 196 198 199 + nr_pages = hpage_nr_pages(page); 197 200 __mod_zone_page_state(zone, NR_MLOCK, -nr_pages); 198 201 199 202 if (__munlock_isolate_lru_page(page, true)) {
+4 -4
mm/truncate.c
··· 283 283 284 284 if (!trylock_page(page)) 285 285 continue; 286 - WARN_ON(page_to_pgoff(page) != index); 286 + WARN_ON(page_to_index(page) != index); 287 287 if (PageWriteback(page)) { 288 288 unlock_page(page); 289 289 continue; ··· 371 371 } 372 372 373 373 lock_page(page); 374 - WARN_ON(page_to_pgoff(page) != index); 374 + WARN_ON(page_to_index(page) != index); 375 375 wait_on_page_writeback(page); 376 376 truncate_inode_page(mapping, page); 377 377 unlock_page(page); ··· 492 492 if (!trylock_page(page)) 493 493 continue; 494 494 495 - WARN_ON(page_to_pgoff(page) != index); 495 + WARN_ON(page_to_index(page) != index); 496 496 497 497 /* Middle of THP: skip */ 498 498 if (PageTransTail(page)) { ··· 612 612 } 613 613 614 614 lock_page(page); 615 - WARN_ON(page_to_pgoff(page) != index); 615 + WARN_ON(page_to_index(page) != index); 616 616 if (page->mapping != mapping) { 617 617 unlock_page(page); 618 618 continue;