Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'mm-hotfixes-stable-2024-12-07-22-39' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"24 hotfixes. 17 are cc:stable. 15 are MM and 9 are non-MM.
The usual bunch of singletons - please see the relevant changelogs for
details"
* tag 'mm-hotfixes-stable-2024-12-07-22-39' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (24 commits)
iio: magnetometer: yas530: use signed integer type for clamp limits
sched/numa: fix memory leak due to the overwritten vma->numab_state
mm/damon: fix order of arguments in damos_before_apply tracepoint
lib: stackinit: hide never-taken branch from compiler
mm/filemap: don't call folio_test_locked() without a reference in next_uptodate_folio()
scatterlist: fix incorrect func name in kernel-doc
mm: correct typo in MMAP_STATE() macro
mm: respect mmap hint address when aligning for THP
mm: memcg: declare do_memsw_account inline
mm/codetag: swap tags when migrate pages
ocfs2: update seq_file index in ocfs2_dlm_seq_next
stackdepot: fix stack_depot_save_flags() in NMI context
mm: open-code page_folio() in dump_page()
mm: open-code PageTail in folio_flags() and const_folio_flags()
mm: fix vrealloc()'s KASAN poisoning logic
Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"
selftests/damon: add _damon_sysfs.py to TEST_FILES
selftest: hugetlb_dio: fix test naming
ocfs2: free inode when ocfs2_get_init_inode() fails
nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
...
+128
-88
+7
-6
drivers/iio/magnetometer/yamaha-yas530.c
+7
-6
drivers/iio/magnetometer/yamaha-yas530.c
···
372
372
u8 data[8];
373
373
u16 xy1y2[3];
374
374
s32 h[3], s[3];
375
+
int half_range = BIT(13);
375
376
int i, ret;
376
377
377
378
mutex_lock(&yas5xx->lock);
···
407
406
/* The second version of YAS537 needs to include calibration coefficients */
408
407
if (yas5xx->version == YAS537_VERSION_1) {
409
408
for (i = 0; i < 3; i++)
410
-
s[i] = xy1y2[i] - BIT(13);
411
-
h[0] = (c->k * (128 * s[0] + c->a2 * s[1] + c->a3 * s[2])) / BIT(13);
412
-
h[1] = (c->k * (c->a4 * s[0] + c->a5 * s[1] + c->a6 * s[2])) / BIT(13);
413
-
h[2] = (c->k * (c->a7 * s[0] + c->a8 * s[1] + c->a9 * s[2])) / BIT(13);
409
+
s[i] = xy1y2[i] - half_range;
410
+
h[0] = (c->k * (128 * s[0] + c->a2 * s[1] + c->a3 * s[2])) / half_range;
411
+
h[1] = (c->k * (c->a4 * s[0] + c->a5 * s[1] + c->a6 * s[2])) / half_range;
412
+
h[2] = (c->k * (c->a7 * s[0] + c->a8 * s[1] + c->a9 * s[2])) / half_range;
414
413
for (i = 0; i < 3; i++) {
415
-
clamp_val(h[i], -BIT(13), BIT(13) - 1);
416
-
xy1y2[i] = h[i] + BIT(13);
414
+
h[i] = clamp(h[i], -half_range, half_range - 1);
415
+
xy1y2[i] = h[i] + half_range;
417
416
}
418
417
}
419
418
+1
-1
fs/nilfs2/dir.c
+1
-1
fs/nilfs2/dir.c
+1
fs/ocfs2/dlmglue.c
+1
fs/ocfs2/dlmglue.c
+3
-1
fs/ocfs2/namei.c
+3
-1
fs/ocfs2/namei.c
···
200
200
mode = mode_strip_sgid(&nop_mnt_idmap, dir, mode);
201
201
inode_init_owner(&nop_mnt_idmap, inode, dir, mode);
202
202
status = dquot_initialize(inode);
203
-
if (status)
203
+
if (status) {
204
+
iput(inode);
204
205
return ERR_PTR(status);
206
+
}
205
207
206
208
return inode;
207
209
}
+28
-28
fs/proc/vmcore.c
+28
-28
fs/proc/vmcore.c
···
414
414
return __read_vmcore(iter, &iocb->ki_pos);
415
415
}
416
416
417
+
/**
418
+
* vmcore_alloc_buf - allocate buffer in vmalloc memory
419
+
* @size: size of buffer
420
+
*
421
+
* If CONFIG_MMU is defined, use vmalloc_user() to allow users to mmap
422
+
* the buffer to user-space by means of remap_vmalloc_range().
423
+
*
424
+
* If CONFIG_MMU is not defined, use vzalloc() since mmap_vmcore() is
425
+
* disabled and there's no need to allow users to mmap the buffer.
426
+
*/
427
+
static inline char *vmcore_alloc_buf(size_t size)
428
+
{
429
+
#ifdef CONFIG_MMU
430
+
return vmalloc_user(size);
431
+
#else
432
+
return vzalloc(size);
433
+
#endif
434
+
}
435
+
436
+
/*
437
+
* Disable mmap_vmcore() if CONFIG_MMU is not defined. MMU is
438
+
* essential for mmap_vmcore() in order to map physically
439
+
* non-contiguous objects (ELF header, ELF note segment and memory
440
+
* regions in the 1st kernel pointed to by PT_LOAD entries) into
441
+
* virtually contiguous user-space in ELF layout.
442
+
*/
443
+
#ifdef CONFIG_MMU
444
+
417
445
/*
418
446
* The vmcore fault handler uses the page cache and fills data using the
419
447
* standard __read_vmcore() function.
···
484
456
return VM_FAULT_SIGBUS;
485
457
#endif
486
458
}
487
-
488
-
/**
489
-
* vmcore_alloc_buf - allocate buffer in vmalloc memory
490
-
* @size: size of buffer
491
-
*
492
-
* If CONFIG_MMU is defined, use vmalloc_user() to allow users to mmap
493
-
* the buffer to user-space by means of remap_vmalloc_range().
494
-
*
495
-
* If CONFIG_MMU is not defined, use vzalloc() since mmap_vmcore() is
496
-
* disabled and there's no need to allow users to mmap the buffer.
497
-
*/
498
-
static inline char *vmcore_alloc_buf(size_t size)
499
-
{
500
-
#ifdef CONFIG_MMU
501
-
return vmalloc_user(size);
502
-
#else
503
-
return vzalloc(size);
504
-
#endif
505
-
}
506
-
507
-
/*
508
-
* Disable mmap_vmcore() if CONFIG_MMU is not defined. MMU is
509
-
* essential for mmap_vmcore() in order to map physically
510
-
* non-contiguous objects (ELF header, ELF note segment and memory
511
-
* regions in the 1st kernel pointed to by PT_LOAD entries) into
512
-
* virtually contiguous user-space in ELF layout.
513
-
*/
514
-
#ifdef CONFIG_MMU
515
459
516
460
static const struct vm_operations_struct vmcore_mmap_ops = {
517
461
.fault = mmap_vmcore_fault,
+2
-2
include/linux/page-flags.h
+2
-2
include/linux/page-flags.h
···
306
306
{
307
307
const struct page *page = &folio->page;
308
308
309
-
VM_BUG_ON_PGFLAGS(PageTail(page), page);
309
+
VM_BUG_ON_PGFLAGS(page->compound_head & 1, page);
310
310
VM_BUG_ON_PGFLAGS(n > 0 && !test_bit(PG_head, &page->flags), page);
311
311
return &page[n].flags;
312
312
}
···
315
315
{
316
316
struct page *page = &folio->page;
317
317
318
-
VM_BUG_ON_PGFLAGS(PageTail(page), page);
318
+
VM_BUG_ON_PGFLAGS(page->compound_head & 1, page);
319
319
VM_BUG_ON_PGFLAGS(n > 0 && !test_bit(PG_head, &page->flags), page);
320
320
return &page[n].flags;
321
321
}
+2
-2
include/linux/pgalloc_tag.h
+2
-2
include/linux/pgalloc_tag.h
···
231
231
}
232
232
233
233
void pgalloc_tag_split(struct folio *folio, int old_order, int new_order);
234
-
void pgalloc_tag_copy(struct folio *new, struct folio *old);
234
+
void pgalloc_tag_swap(struct folio *new, struct folio *old);
235
235
236
236
void __init alloc_tag_sec_init(void);
237
237
···
245
245
static inline void pgalloc_tag_sub_pages(struct alloc_tag *tag, unsigned int nr) {}
246
246
static inline void alloc_tag_sec_init(void) {}
247
247
static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) {}
248
-
static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) {}
248
+
static inline void pgalloc_tag_swap(struct folio *new, struct folio *old) {}
249
249
250
250
#endif /* CONFIG_MEM_ALLOC_PROFILING */
251
251
+1
-1
include/linux/scatterlist.h
+1
-1
include/linux/scatterlist.h
+3
-3
include/linux/stackdepot.h
+3
-3
include/linux/stackdepot.h
···
147
147
* If the provided stack trace comes from the interrupt context, only the part
148
148
* up to the interrupt entry is saved.
149
149
*
150
-
* Context: Any context, but setting STACK_DEPOT_FLAG_CAN_ALLOC is required if
150
+
* Context: Any context, but unsetting STACK_DEPOT_FLAG_CAN_ALLOC is required if
151
151
* alloc_pages() cannot be used from the current context. Currently
152
152
* this is the case for contexts where neither %GFP_ATOMIC nor
153
153
* %GFP_NOWAIT can be used (NMI, raw_spin_lock).
···
156
156
*/
157
157
depot_stack_handle_t stack_depot_save_flags(unsigned long *entries,
158
158
unsigned int nr_entries,
159
-
gfp_t gfp_flags,
159
+
gfp_t alloc_flags,
160
160
depot_flags_t depot_flags);
161
161
162
162
/**
···
175
175
* Return: Handle of the stack trace stored in depot, 0 on failure
176
176
*/
177
177
depot_stack_handle_t stack_depot_save(unsigned long *entries,
178
-
unsigned int nr_entries, gfp_t gfp_flags);
178
+
unsigned int nr_entries, gfp_t alloc_flags);
179
179
180
180
/**
181
181
* __stack_depot_get_stack_record - Get a pointer to a stack_record struct
+1
-1
include/trace/events/damon.h
+1
-1
include/trace/events/damon.h
···
15
15
unsigned int target_idx, struct damon_region *r,
16
16
unsigned int nr_regions, bool do_trace),
17
17
18
-
TP_ARGS(context_idx, target_idx, scheme_idx, r, nr_regions, do_trace),
18
+
TP_ARGS(context_idx, scheme_idx, target_idx, r, nr_regions, do_trace),
19
19
20
20
TP_CONDITION(do_trace),
21
21
+9
-3
kernel/sched/fair.c
+9
-3
kernel/sched/fair.c
···
3399
3399
3400
3400
/* Initialise new per-VMA NUMAB state. */
3401
3401
if (!vma->numab_state) {
3402
-
vma->numab_state = kzalloc(sizeof(struct vma_numab_state),
3403
-
GFP_KERNEL);
3404
-
if (!vma->numab_state)
3402
+
struct vma_numab_state *ptr;
3403
+
3404
+
ptr = kzalloc(sizeof(*ptr), GFP_KERNEL);
3405
+
if (!ptr)
3405
3406
continue;
3407
+
3408
+
if (cmpxchg(&vma->numab_state, NULL, ptr)) {
3409
+
kfree(ptr);
3410
+
continue;
3411
+
}
3406
3412
3407
3413
vma->numab_state->start_scan_seq = mm->numa_scan_seq;
3408
3414
+22
-14
lib/alloc_tag.c
+22
-14
lib/alloc_tag.c
···
189
189
}
190
190
}
191
191
192
-
void pgalloc_tag_copy(struct folio *new, struct folio *old)
192
+
void pgalloc_tag_swap(struct folio *new, struct folio *old)
193
193
{
194
-
union pgtag_ref_handle handle;
195
-
union codetag_ref ref;
196
-
struct alloc_tag *tag;
194
+
union pgtag_ref_handle handle_old, handle_new;
195
+
union codetag_ref ref_old, ref_new;
196
+
struct alloc_tag *tag_old, *tag_new;
197
197
198
-
tag = pgalloc_tag_get(&old->page);
199
-
if (!tag)
198
+
tag_old = pgalloc_tag_get(&old->page);
199
+
if (!tag_old)
200
+
return;
201
+
tag_new = pgalloc_tag_get(&new->page);
202
+
if (!tag_new)
200
203
return;
201
204
202
-
if (!get_page_tag_ref(&new->page, &ref, &handle))
205
+
if (!get_page_tag_ref(&old->page, &ref_old, &handle_old))
203
206
return;
207
+
if (!get_page_tag_ref(&new->page, &ref_new, &handle_new)) {
208
+
put_page_tag_ref(handle_old);
209
+
return;
210
+
}
204
211
205
-
/* Clear the old ref to the original allocation tag. */
206
-
clear_page_tag_ref(&old->page);
207
-
/* Decrement the counters of the tag on get_new_folio. */
208
-
alloc_tag_sub(&ref, folio_size(new));
209
-
__alloc_tag_ref_set(&ref, tag);
210
-
update_page_tag_ref(handle, &ref);
211
-
put_page_tag_ref(handle);
212
+
/* swap tags */
213
+
__alloc_tag_ref_set(&ref_old, tag_new);
214
+
update_page_tag_ref(handle_old, &ref_old);
215
+
__alloc_tag_ref_set(&ref_new, tag_old);
216
+
update_page_tag_ref(handle_new, &ref_new);
217
+
218
+
put_page_tag_ref(handle_old);
219
+
put_page_tag_ref(handle_new);
212
220
}
213
221
214
222
static void shutdown_mem_profiling(bool remove_file)
+9
-1
lib/stackdepot.c
+9
-1
lib/stackdepot.c
···
630
630
prealloc = page_address(page);
631
631
}
632
632
633
-
raw_spin_lock_irqsave(&pool_lock, flags);
633
+
if (in_nmi()) {
634
+
/* We can never allocate in NMI context. */
635
+
WARN_ON_ONCE(can_alloc);
636
+
/* Best effort; bail if we fail to take the lock. */
637
+
if (!raw_spin_trylock_irqsave(&pool_lock, flags))
638
+
goto exit;
639
+
} else {
640
+
raw_spin_lock_irqsave(&pool_lock, flags);
641
+
}
634
642
printk_deferred_enter();
635
643
636
644
/* Try to find again, to avoid concurrently inserting duplicates. */
+1
lib/stackinit_kunit.c
+1
lib/stackinit_kunit.c
···
212
212
static noinline DO_NOTHING_TYPE_ ## which(var_type) \
213
213
do_nothing_ ## name(var_type *ptr) \
214
214
{ \
215
+
OPTIMIZER_HIDE_VAR(ptr); \
215
216
/* Will always be true, but compiler doesn't know. */ \
216
217
if ((unsigned long)ptr > 0x2) \
217
218
return DO_NOTHING_RETURN_ ## which(ptr); \
+5
-2
mm/debug.c
+5
-2
mm/debug.c
···
124
124
{
125
125
struct folio *foliop, folio;
126
126
struct page precise;
127
+
unsigned long head;
127
128
unsigned long pfn = page_to_pfn(page);
128
129
unsigned long idx, nr_pages = 1;
129
130
int loops = 5;
130
131
131
132
again:
132
133
memcpy(&precise, page, sizeof(*page));
133
-
foliop = page_folio(&precise);
134
-
if (foliop == (struct folio *)&precise) {
134
+
head = precise.compound_head;
135
+
if ((head & 1) == 0) {
136
+
foliop = (struct folio *)&precise;
135
137
idx = 0;
136
138
if (!folio_test_large(foliop))
137
139
goto dump;
138
140
foliop = (struct folio *)page;
139
141
} else {
142
+
foliop = (struct folio *)(head - 1);
140
143
idx = folio_page_idx(foliop, page);
141
144
}
142
145
+2
-2
mm/filemap.c
+2
-2
mm/filemap.c
···
3501
3501
continue;
3502
3502
if (xa_is_value(folio))
3503
3503
continue;
3504
-
if (folio_test_locked(folio))
3505
-
continue;
3506
3504
if (!folio_try_get(folio))
3507
3505
continue;
3506
+
if (folio_test_locked(folio))
3507
+
goto skip;
3508
3508
/* Has the page moved or been split? */
3509
3509
if (unlikely(folio != xas_reload(xas)))
3510
3510
goto skip;
+10
-1
mm/gup.c
+10
-1
mm/gup.c
···
52
52
*/
53
53
for (; npages; npages--, pages++) {
54
54
struct page *page = *pages;
55
-
struct folio *folio = page_folio(page);
55
+
struct folio *folio;
56
+
57
+
if (!page)
58
+
continue;
59
+
60
+
folio = page_folio(page);
56
61
57
62
if (is_zero_page(page) ||
58
63
!folio_test_anon(folio))
···
414
409
415
410
sanity_check_pinned_pages(pages, npages);
416
411
for (i = 0; i < npages; i += nr) {
412
+
if (!pages[i]) {
413
+
nr = 1;
414
+
continue;
415
+
}
417
416
folio = gup_folio_next(pages, npages, i, &nr);
418
417
gup_put_folio(folio, nr, FOLL_PIN);
419
418
}
+3
-3
mm/kasan/report.c
+3
-3
mm/kasan/report.c
···
201
201
202
202
#endif /* CONFIG_KUNIT */
203
203
204
-
static DEFINE_SPINLOCK(report_lock);
204
+
static DEFINE_RAW_SPINLOCK(report_lock);
205
205
206
206
static void start_report(unsigned long *flags, bool sync)
207
207
{
···
212
212
lockdep_off();
213
213
/* Make sure we don't end up in loop. */
214
214
report_suppress_start();
215
-
spin_lock_irqsave(&report_lock, *flags);
215
+
raw_spin_lock_irqsave(&report_lock, *flags);
216
216
pr_err("==================================================================\n");
217
217
}
218
218
···
222
222
trace_error_report_end(ERROR_DETECTOR_KASAN,
223
223
(unsigned long)addr);
224
224
pr_err("==================================================================\n");
225
-
spin_unlock_irqrestore(&report_lock, *flags);
225
+
raw_spin_unlock_irqrestore(&report_lock, *flags);
226
226
if (!test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))
227
227
check_panic_on_warn("KASAN");
228
228
switch (kasan_arg_fault) {
+1
-1
mm/memcontrol-v1.h
+1
-1
mm/memcontrol-v1.h
+4
mm/mempolicy.c
+4
mm/mempolicy.c
+1
-1
mm/migrate.c
+1
-1
mm/migrate.c
+1
mm/mmap.c
+1
mm/mmap.c
···
889
889
if (get_area) {
890
890
addr = get_area(file, addr, len, pgoff, flags);
891
891
} else if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE)
892
+
&& !addr /* no hint */
892
893
&& IS_ALIGNED(len, PMD_SIZE)) {
893
894
/* Ensures that larger anonymous mappings are THP aligned. */
894
895
addr = thp_get_unmapped_area_vmflags(file, addr, len,
+2
-3
mm/readahead.c
+2
-3
mm/readahead.c
···
458
458
struct file_ra_state *ra, unsigned int new_order)
459
459
{
460
460
struct address_space *mapping = ractl->mapping;
461
-
pgoff_t start = readahead_index(ractl);
462
-
pgoff_t index = start;
461
+
pgoff_t index = readahead_index(ractl);
463
462
unsigned int min_order = mapping_min_folio_order(mapping);
464
463
pgoff_t limit = (i_size_read(mapping->host) - 1) >> PAGE_SHIFT;
465
464
pgoff_t mark = index + ra->size - ra->async_size;
···
521
522
if (!err)
522
523
return;
523
524
fallback:
524
-
do_page_cache_ra(ractl, ra->size - (index - start), ra->async_size);
525
+
do_page_cache_ra(ractl, ra->size, ra->async_size);
525
526
}
526
527
527
528
static unsigned long ractl_max_pages(struct readahead_control *ractl,
+1
-1
mm/vma.c
+1
-1
mm/vma.c
+2
-1
mm/vmalloc.c
+2
-1
mm/vmalloc.c
···
4093
4093
/* Zero out spare memory. */
4094
4094
if (want_init_on_alloc(flags))
4095
4095
memset((void *)p + size, 0, old_size - size);
4096
-
4096
+
kasan_poison_vmalloc(p + size, old_size - size);
4097
+
kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL);
4097
4098
return (void *)p;
4098
4099
}
4099
4100
+1
-1
tools/testing/selftests/damon/Makefile
+1
-1
tools/testing/selftests/damon/Makefile
···
6
6
TEST_GEN_FILES += debugfs_target_ids_pid_leak
7
7
TEST_GEN_FILES += access_memory access_memory_even
8
8
9
-
TEST_FILES = _chk_dependency.sh _debugfs_common.sh
9
+
TEST_FILES = _chk_dependency.sh _debugfs_common.sh _damon_sysfs.py
10
10
11
11
# functionality tests
12
12
TEST_PROGS = debugfs_attrs.sh debugfs_schemes.sh debugfs_target_ids.sh
+5
-9
tools/testing/selftests/mm/hugetlb_dio.c
+5
-9
tools/testing/selftests/mm/hugetlb_dio.c
···
76
76
/* Get the free huge pages after unmap*/
77
77
free_hpage_a = get_free_hugepages();
78
78
79
+
ksft_print_msg("No. Free pages before allocation : %d\n", free_hpage_b);
80
+
ksft_print_msg("No. Free pages after munmap : %d\n", free_hpage_a);
81
+
79
82
/*
80
83
* If the no. of free hugepages before allocation and after unmap does
81
84
* not match - that means there could still be a page which is pinned.
82
85
*/
83
-
if (free_hpage_a != free_hpage_b) {
84
-
ksft_print_msg("No. Free pages before allocation : %d\n", free_hpage_b);
85
-
ksft_print_msg("No. Free pages after munmap : %d\n", free_hpage_a);
86
-
ksft_test_result_fail(": Huge pages not freed!\n");
87
-
} else {
88
-
ksft_print_msg("No. Free pages before allocation : %d\n", free_hpage_b);
89
-
ksft_print_msg("No. Free pages after munmap : %d\n", free_hpage_a);
90
-
ksft_test_result_pass(": Huge pages freed successfully !\n");
91
-
}
86
+
ksft_test_result(free_hpage_a == free_hpage_b,
87
+
"free huge pages from %u-%u\n", start_off, end_off);
92
88
}
93
89
94
90
int main(void)