Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
"7 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
arch/Kconfig: update HAVE_RELIABLE_STACKTRACE description
mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled but not enabled
mm/z3fold.c: do not include rwlock.h directly
fat: fix uninit-memory access for partial initialized inode
mm: avoid data corruption on CoW fault into PFN-mapped VMA
mm: fix possible PMD dirty bit lost in set_pmd_migration_entry()
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa
+85
-28
+3
-2
arch/Kconfig
+3
-2
arch/Kconfig
···
738
738
config HAVE_RELIABLE_STACKTRACE
739
739
bool
740
740
help
741
-
Architecture has a save_stack_trace_tsk_reliable() function which
742
-
only returns a stack trace if it can guarantee the trace is reliable.
741
+
Architecture has either save_stack_trace_tsk_reliable() or
742
+
arch_stack_walk_reliable() function which only returns a stack trace
743
+
if it can guarantee the trace is reliable.
743
744
744
745
config HAVE_ARCH_HASH
745
746
bool
+7
-12
fs/fat/inode.c
+7
-12
fs/fat/inode.c
···
750
750
return NULL;
751
751
752
752
init_rwsem(&ei->truncate_lock);
753
+
/* Zeroing to allow iput() even if partial initialized inode. */
754
+
ei->mmu_private = 0;
755
+
ei->i_start = 0;
756
+
ei->i_logstart = 0;
757
+
ei->i_attrs = 0;
758
+
ei->i_pos = 0;
759
+
753
760
return &ei->vfs_inode;
754
761
}
755
762
···
1381
1374
return 0;
1382
1375
}
1383
1376
1384
-
static void fat_dummy_inode_init(struct inode *inode)
1385
-
{
1386
-
/* Initialize this dummy inode to work as no-op. */
1387
-
MSDOS_I(inode)->mmu_private = 0;
1388
-
MSDOS_I(inode)->i_start = 0;
1389
-
MSDOS_I(inode)->i_logstart = 0;
1390
-
MSDOS_I(inode)->i_attrs = 0;
1391
-
MSDOS_I(inode)->i_pos = 0;
1392
-
}
1393
-
1394
1377
static int fat_read_root(struct inode *inode)
1395
1378
{
1396
1379
struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb);
···
1841
1844
fat_inode = new_inode(sb);
1842
1845
if (!fat_inode)
1843
1846
goto out_fail;
1844
-
fat_dummy_inode_init(fat_inode);
1845
1847
sbi->fat_inode = fat_inode;
1846
1848
1847
1849
fsinfo_inode = new_inode(sb);
1848
1850
if (!fsinfo_inode)
1849
1851
goto out_fail;
1850
-
fat_dummy_inode_init(fsinfo_inode);
1851
1852
fsinfo_inode->i_ino = MSDOS_FSINFO_INO;
1852
1853
sbi->fsinfo_inode = fsinfo_inode;
1853
1854
insert_inode_hash(fsinfo_inode);
+4
include/linux/mm.h
+4
include/linux/mm.h
···
2715
2715
#if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_ARCH_HAS_SET_DIRECT_MAP)
2716
2716
extern void __kernel_map_pages(struct page *page, int numpages, int enable);
2717
2717
2718
+
/*
2719
+
* When called in DEBUG_PAGEALLOC context, the call should most likely be
2720
+
* guarded by debug_pagealloc_enabled() or debug_pagealloc_enabled_static()
2721
+
*/
2718
2722
static inline void
2719
2723
kernel_map_pages(struct page *page, int numpages, int enable)
2720
2724
{
+1
-2
mm/huge_memory.c
+1
-2
mm/huge_memory.c
···
3043
3043
return;
3044
3044
3045
3045
flush_cache_range(vma, address, address + HPAGE_PMD_SIZE);
3046
-
pmdval = *pvmw->pmd;
3047
-
pmdp_invalidate(vma, address, pvmw->pmd);
3046
+
pmdval = pmdp_invalidate(vma, address, pvmw->pmd);
3048
3047
if (pmd_dirty(pmdval))
3049
3048
set_page_dirty(page);
3050
3049
entry = make_migration_entry(page, pmd_write(pmdval));
+27
-8
mm/memory.c
+27
-8
mm/memory.c
···
2257
2257
bool ret;
2258
2258
void *kaddr;
2259
2259
void __user *uaddr;
2260
-
bool force_mkyoung;
2260
+
bool locked = false;
2261
2261
struct vm_area_struct *vma = vmf->vma;
2262
2262
struct mm_struct *mm = vma->vm_mm;
2263
2263
unsigned long addr = vmf->address;
···
2282
2282
* On architectures with software "accessed" bits, we would
2283
2283
* take a double page fault, so mark it accessed here.
2284
2284
*/
2285
-
force_mkyoung = arch_faults_on_old_pte() && !pte_young(vmf->orig_pte);
2286
-
if (force_mkyoung) {
2285
+
if (arch_faults_on_old_pte() && !pte_young(vmf->orig_pte)) {
2287
2286
pte_t entry;
2288
2287
2289
2288
vmf->pte = pte_offset_map_lock(mm, vmf->pmd, addr, &vmf->ptl);
2289
+
locked = true;
2290
2290
if (!likely(pte_same(*vmf->pte, vmf->orig_pte))) {
2291
2291
/*
2292
2292
* Other thread has already handled the fault
···
2310
2310
* zeroes.
2311
2311
*/
2312
2312
if (__copy_from_user_inatomic(kaddr, uaddr, PAGE_SIZE)) {
2313
+
if (locked)
2314
+
goto warn;
2315
+
2316
+
/* Re-validate under PTL if the page is still mapped */
2317
+
vmf->pte = pte_offset_map_lock(mm, vmf->pmd, addr, &vmf->ptl);
2318
+
locked = true;
2319
+
if (!likely(pte_same(*vmf->pte, vmf->orig_pte))) {
2320
+
/* The PTE changed under us. Retry page fault. */
2321
+
ret = false;
2322
+
goto pte_unlock;
2323
+
}
2324
+
2313
2325
/*
2314
-
* Give a warn in case there can be some obscure
2315
-
* use-case
2326
+
* The same page can be mapped back since last copy attampt.
2327
+
* Try to copy again under PTL.
2316
2328
*/
2317
-
WARN_ON_ONCE(1);
2318
-
clear_page(kaddr);
2329
+
if (__copy_from_user_inatomic(kaddr, uaddr, PAGE_SIZE)) {
2330
+
/*
2331
+
* Give a warn in case there can be some obscure
2332
+
* use-case
2333
+
*/
2334
+
warn:
2335
+
WARN_ON_ONCE(1);
2336
+
clear_page(kaddr);
2337
+
}
2319
2338
}
2320
2339
2321
2340
ret = true;
2322
2341
2323
2342
pte_unlock:
2324
-
if (force_mkyoung)
2343
+
if (locked)
2325
2344
pte_unmap_unlock(vmf->pte, vmf->ptl);
2326
2345
kunmap_atomic(kaddr);
2327
2346
flush_dcache_page(dst);
+7
-1
mm/memory_hotplug.c
+7
-1
mm/memory_hotplug.c
···
574
574
575
575
void generic_online_page(struct page *page, unsigned int order)
576
576
{
577
-
kernel_map_pages(page, 1 << order, 1);
577
+
/*
578
+
* Freeing the page with debug_pagealloc enabled will try to unmap it,
579
+
* so we should map it first. This is better than introducing a special
580
+
* case in page freeing fast path.
581
+
*/
582
+
if (debug_pagealloc_enabled_static())
583
+
kernel_map_pages(page, 1 << order, 1);
578
584
__free_pages_core(page, order);
579
585
totalram_pages_add(1UL << order);
580
586
#ifdef CONFIG_HIGHMEM
+36
-2
mm/mprotect.c
+36
-2
mm/mprotect.c
···
161
161
return pages;
162
162
}
163
163
164
+
/*
165
+
* Used when setting automatic NUMA hinting protection where it is
166
+
* critical that a numa hinting PMD is not confused with a bad PMD.
167
+
*/
168
+
static inline int pmd_none_or_clear_bad_unless_trans_huge(pmd_t *pmd)
169
+
{
170
+
pmd_t pmdval = pmd_read_atomic(pmd);
171
+
172
+
/* See pmd_none_or_trans_huge_or_clear_bad for info on barrier */
173
+
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
174
+
barrier();
175
+
#endif
176
+
177
+
if (pmd_none(pmdval))
178
+
return 1;
179
+
if (pmd_trans_huge(pmdval))
180
+
return 0;
181
+
if (unlikely(pmd_bad(pmdval))) {
182
+
pmd_clear_bad(pmd);
183
+
return 1;
184
+
}
185
+
186
+
return 0;
187
+
}
188
+
164
189
static inline unsigned long change_pmd_range(struct vm_area_struct *vma,
165
190
pud_t *pud, unsigned long addr, unsigned long end,
166
191
pgprot_t newprot, int dirty_accountable, int prot_numa)
···
203
178
unsigned long this_pages;
204
179
205
180
next = pmd_addr_end(addr, end);
206
-
if (!is_swap_pmd(*pmd) && !pmd_trans_huge(*pmd) && !pmd_devmap(*pmd)
207
-
&& pmd_none_or_clear_bad(pmd))
181
+
182
+
/*
183
+
* Automatic NUMA balancing walks the tables with mmap_sem
184
+
* held for read. It's possible a parallel update to occur
185
+
* between pmd_trans_huge() and a pmd_none_or_clear_bad()
186
+
* check leading to a false positive and clearing.
187
+
* Hence, it's necessary to atomically read the PMD value
188
+
* for all the checks.
189
+
*/
190
+
if (!is_swap_pmd(*pmd) && !pmd_devmap(*pmd) &&
191
+
pmd_none_or_clear_bad_unless_trans_huge(pmd))
208
192
goto next;
209
193
210
194
/* invoke the mmu notifier if the pmd is populated */