1

10 hotfixes, 7 of which are cc:stable. All singletons, please see the

changelogs for details.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZzkr6AAKCRDdBJ7gKXxA
 jsb2AP9HCOI4w9rQTmBdnaefXytS7fiiPq+LVNpjJ0NGXX2FSgD/e1NM0wi8KevQ
 npcvlqTcXtRSJvYNF904aTNyDn+Kuw0=
 =KFGY
 -----END PGP SIGNATURE-----

Merge tag 'mm-hotfixes-stable-2024-11-16-15-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull hotfixes from Andrew Morton:
 "10 hotfixes, 7 of which are cc:stable. All singletons, please see the
  changelogs for details"

* tag 'mm-hotfixes-stable-2024-11-16-15-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
  mm: revert "mm: shmem: fix data-race in shmem_getattr()"
  ocfs2: uncache inode which has failed entering the group
  mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
  mm, doc: update read_ahead_kb for MADV_HUGEPAGE
  fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args()
  sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
  crash, powerpc: default to CRASH_DUMP=n on PPC_BOOK3S_32
  mm/mremap: fix address wraparound in move_page_tables()
  tools/mm: fix compile error
  mm, swap: fix allocation and scanning race with swapoff
This commit is contained in:
Linus Torvalds 2024-11-16 16:00:38 -08:00
commit 4a5df37964
19 changed files with 62 additions and 10 deletions

View File

@ -594,6 +594,9 @@ Description:
[RW] Maximum number of kilobytes to read-ahead for filesystems [RW] Maximum number of kilobytes to read-ahead for filesystems
on this block device. on this block device.
For MADV_HUGEPAGE, the readahead size may exceed this setting
since its granularity is based on the hugepage size.
What: /sys/block/<disk>/queue/rotational What: /sys/block/<disk>/queue/rotational
Date: January 2009 Date: January 2009

View File

@ -1598,6 +1598,9 @@ config ATAGS_PROC
config ARCH_SUPPORTS_CRASH_DUMP config ARCH_SUPPORTS_CRASH_DUMP
def_bool y def_bool y
config ARCH_DEFAULT_CRASH_DUMP
def_bool y
config AUTO_ZRELADDR config AUTO_ZRELADDR
bool "Auto calculation of the decompressed kernel image address" if !ARCH_MULTIPLATFORM bool "Auto calculation of the decompressed kernel image address" if !ARCH_MULTIPLATFORM
default !(ARCH_FOOTBRIDGE || ARCH_RPC || ARCH_SA1100) default !(ARCH_FOOTBRIDGE || ARCH_RPC || ARCH_SA1100)

View File

@ -1576,6 +1576,9 @@ config ARCH_DEFAULT_KEXEC_IMAGE_VERIFY_SIG
config ARCH_SUPPORTS_CRASH_DUMP config ARCH_SUPPORTS_CRASH_DUMP
def_bool y def_bool y
config ARCH_DEFAULT_CRASH_DUMP
def_bool y
config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION
def_bool CRASH_RESERVE def_bool CRASH_RESERVE

View File

@ -604,6 +604,9 @@ config ARCH_SUPPORTS_KEXEC
config ARCH_SUPPORTS_CRASH_DUMP config ARCH_SUPPORTS_CRASH_DUMP
def_bool y def_bool y
config ARCH_DEFAULT_CRASH_DUMP
def_bool y
config ARCH_SELECTS_CRASH_DUMP config ARCH_SELECTS_CRASH_DUMP
def_bool y def_bool y
depends on CRASH_DUMP depends on CRASH_DUMP

View File

@ -2876,6 +2876,9 @@ config ARCH_SUPPORTS_KEXEC
config ARCH_SUPPORTS_CRASH_DUMP config ARCH_SUPPORTS_CRASH_DUMP
def_bool y def_bool y
config ARCH_DEFAULT_CRASH_DUMP
def_bool y
config PHYSICAL_START config PHYSICAL_START
hex "Physical address where the kernel is loaded" hex "Physical address where the kernel is loaded"
default "0xffffffff84000000" default "0xffffffff84000000"

View File

@ -684,6 +684,10 @@ config RELOCATABLE_TEST
config ARCH_SUPPORTS_CRASH_DUMP config ARCH_SUPPORTS_CRASH_DUMP
def_bool PPC64 || PPC_BOOK3S_32 || PPC_85xx || (44x && !SMP) def_bool PPC64 || PPC_BOOK3S_32 || PPC_85xx || (44x && !SMP)
config ARCH_DEFAULT_CRASH_DUMP
bool
default y if !PPC_BOOK3S_32
config ARCH_SELECTS_CRASH_DUMP config ARCH_SELECTS_CRASH_DUMP
def_bool y def_bool y
depends on CRASH_DUMP depends on CRASH_DUMP

View File

@ -898,6 +898,9 @@ config ARCH_SUPPORTS_KEXEC_PURGATORY
config ARCH_SUPPORTS_CRASH_DUMP config ARCH_SUPPORTS_CRASH_DUMP
def_bool y def_bool y
config ARCH_DEFAULT_CRASH_DUMP
def_bool y
config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION config ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION
def_bool CRASH_RESERVE def_bool CRASH_RESERVE

View File

@ -276,6 +276,9 @@ config ARCH_SUPPORTS_CRASH_DUMP
This option also enables s390 zfcpdump. This option also enables s390 zfcpdump.
See also <file:Documentation/arch/s390/zfcpdump.rst> See also <file:Documentation/arch/s390/zfcpdump.rst>
config ARCH_DEFAULT_CRASH_DUMP
def_bool y
menu "Processor type and features" menu "Processor type and features"
config HAVE_MARCH_Z10_FEATURES config HAVE_MARCH_Z10_FEATURES

View File

@ -550,6 +550,9 @@ config ARCH_SUPPORTS_KEXEC
config ARCH_SUPPORTS_CRASH_DUMP config ARCH_SUPPORTS_CRASH_DUMP
def_bool BROKEN_ON_SMP def_bool BROKEN_ON_SMP
config ARCH_DEFAULT_CRASH_DUMP
def_bool y
config ARCH_SUPPORTS_KEXEC_JUMP config ARCH_SUPPORTS_KEXEC_JUMP
def_bool y def_bool y

View File

@ -2084,6 +2084,9 @@ config ARCH_SUPPORTS_KEXEC_JUMP
config ARCH_SUPPORTS_CRASH_DUMP config ARCH_SUPPORTS_CRASH_DUMP
def_bool X86_64 || (X86_32 && HIGHMEM) def_bool X86_64 || (X86_32 && HIGHMEM)
config ARCH_DEFAULT_CRASH_DUMP
def_bool y
config ARCH_SUPPORTS_CRASH_HOTPLUG config ARCH_SUPPORTS_CRASH_HOTPLUG
def_bool y def_bool y

View File

@ -574,6 +574,8 @@ out_commit:
ocfs2_commit_trans(osb, handle); ocfs2_commit_trans(osb, handle);
out_free_group_bh: out_free_group_bh:
if (ret < 0)
ocfs2_remove_from_cache(INODE_CACHE(inode), group_bh);
brelse(group_bh); brelse(group_bh);
out_unlock: out_unlock:

View File

@ -2665,8 +2665,10 @@ static int pagemap_scan_get_args(struct pm_scan_arg *arg,
return -EFAULT; return -EFAULT;
if (!arg->vec && arg->vec_len) if (!arg->vec && arg->vec_len)
return -EINVAL; return -EINVAL;
if (UINT_MAX == SIZE_MAX && arg->vec_len > SIZE_MAX)
return -EINVAL;
if (arg->vec && !access_ok((void __user *)(long)arg->vec, if (arg->vec && !access_ok((void __user *)(long)arg->vec,
arg->vec_len * sizeof(struct page_region))) size_mul(arg->vec_len, sizeof(struct page_region))))
return -EFAULT; return -EFAULT;
/* Fixup default values */ /* Fixup default values */

View File

@ -9,6 +9,7 @@
#include <linux/sched.h> #include <linux/sched.h>
#include <linux/magic.h> #include <linux/magic.h>
#include <linux/refcount.h> #include <linux/refcount.h>
#include <linux/kasan.h>
#ifdef CONFIG_THREAD_INFO_IN_TASK #ifdef CONFIG_THREAD_INFO_IN_TASK
@ -89,6 +90,7 @@ static inline int object_is_on_stack(const void *obj)
{ {
void *stack = task_stack_page(current); void *stack = task_stack_page(current);
obj = kasan_reset_tag(obj);
return (obj >= stack) && (obj < (stack + THREAD_SIZE)); return (obj >= stack) && (obj < (stack + THREAD_SIZE));
} }

View File

@ -97,7 +97,7 @@ config KEXEC_JUMP
config CRASH_DUMP config CRASH_DUMP
bool "kernel crash dumps" bool "kernel crash dumps"
default y default ARCH_DEFAULT_CRASH_DUMP
depends on ARCH_SUPPORTS_CRASH_DUMP depends on ARCH_SUPPORTS_CRASH_DUMP
depends on KEXEC_CORE depends on KEXEC_CORE
select VMCORE_INFO select VMCORE_INFO

View File

@ -648,7 +648,7 @@ again:
* Prevent negative return values when {old,new}_addr was realigned * Prevent negative return values when {old,new}_addr was realigned
* but we broke out of the above loop for the first PMD itself. * but we broke out of the above loop for the first PMD itself.
*/ */
if (len + old_addr < old_end) if (old_addr < old_end - len)
return 0; return 0;
return len + old_addr - old_end; /* how much done */ return len + old_addr - old_end; /* how much done */

View File

@ -4607,7 +4607,8 @@ unsigned long alloc_pages_bulk_noprof(gfp_t gfp, int preferred_nid,
gfp = alloc_gfp; gfp = alloc_gfp;
/* Find an allowed local zone that meets the low watermark. */ /* Find an allowed local zone that meets the low watermark. */
for_each_zone_zonelist_nodemask(zone, z, ac.zonelist, ac.highest_zoneidx, ac.nodemask) { z = ac.preferred_zoneref;
for_next_zone_zonelist_nodemask(zone, z, ac.highest_zoneidx, ac.nodemask) {
unsigned long mark; unsigned long mark;
if (cpusets_enabled() && (alloc_flags & ALLOC_CPUSET) && if (cpusets_enabled() && (alloc_flags & ALLOC_CPUSET) &&

View File

@ -1166,9 +1166,7 @@ static int shmem_getattr(struct mnt_idmap *idmap,
stat->attributes_mask |= (STATX_ATTR_APPEND | stat->attributes_mask |= (STATX_ATTR_APPEND |
STATX_ATTR_IMMUTABLE | STATX_ATTR_IMMUTABLE |
STATX_ATTR_NODUMP); STATX_ATTR_NODUMP);
inode_lock_shared(inode);
generic_fillattr(idmap, request_mask, inode, stat); generic_fillattr(idmap, request_mask, inode, stat);
inode_unlock_shared(inode);
if (shmem_huge_global_enabled(inode, 0, 0, false, NULL, 0)) if (shmem_huge_global_enabled(inode, 0, 0, false, NULL, 0))
stat->blksize = HPAGE_PMD_SIZE; stat->blksize = HPAGE_PMD_SIZE;

View File

@ -664,12 +664,15 @@ static bool cluster_scan_range(struct swap_info_struct *si,
return true; return true;
} }
static void cluster_alloc_range(struct swap_info_struct *si, struct swap_cluster_info *ci, static bool cluster_alloc_range(struct swap_info_struct *si, struct swap_cluster_info *ci,
unsigned int start, unsigned char usage, unsigned int start, unsigned char usage,
unsigned int order) unsigned int order)
{ {
unsigned int nr_pages = 1 << order; unsigned int nr_pages = 1 << order;
if (!(si->flags & SWP_WRITEOK))
return false;
if (cluster_is_free(ci)) { if (cluster_is_free(ci)) {
if (nr_pages < SWAPFILE_CLUSTER) { if (nr_pages < SWAPFILE_CLUSTER) {
list_move_tail(&ci->list, &si->nonfull_clusters[order]); list_move_tail(&ci->list, &si->nonfull_clusters[order]);
@ -690,6 +693,8 @@ static void cluster_alloc_range(struct swap_info_struct *si, struct swap_cluster
list_move_tail(&ci->list, &si->full_clusters); list_move_tail(&ci->list, &si->full_clusters);
ci->flags = CLUSTER_FLAG_FULL; ci->flags = CLUSTER_FLAG_FULL;
} }
return true;
} }
static unsigned int alloc_swap_scan_cluster(struct swap_info_struct *si, unsigned long offset, static unsigned int alloc_swap_scan_cluster(struct swap_info_struct *si, unsigned long offset,
@ -713,7 +718,10 @@ static unsigned int alloc_swap_scan_cluster(struct swap_info_struct *si, unsigne
while (offset <= end) { while (offset <= end) {
if (cluster_scan_range(si, ci, offset, nr_pages)) { if (cluster_scan_range(si, ci, offset, nr_pages)) {
cluster_alloc_range(si, ci, offset, usage, order); if (!cluster_alloc_range(si, ci, offset, usage, order)) {
offset = SWAP_NEXT_INVALID;
goto done;
}
*foundp = offset; *foundp = offset;
if (ci->count == SWAPFILE_CLUSTER) { if (ci->count == SWAPFILE_CLUSTER) {
offset = SWAP_NEXT_INVALID; offset = SWAP_NEXT_INVALID;
@ -805,7 +813,11 @@ new_cluster:
if (!list_empty(&si->free_clusters)) { if (!list_empty(&si->free_clusters)) {
ci = list_first_entry(&si->free_clusters, struct swap_cluster_info, list); ci = list_first_entry(&si->free_clusters, struct swap_cluster_info, list);
offset = alloc_swap_scan_cluster(si, cluster_offset(si, ci), &found, order, usage); offset = alloc_swap_scan_cluster(si, cluster_offset(si, ci), &found, order, usage);
VM_BUG_ON(!found); /*
* Either we didn't touch the cluster due to swapoff,
* or the allocation must success.
*/
VM_BUG_ON((si->flags & SWP_WRITEOK) && !found);
goto done; goto done;
} }
@ -1041,6 +1053,8 @@ static int cluster_alloc_swap(struct swap_info_struct *si,
VM_BUG_ON(!si->cluster_info); VM_BUG_ON(!si->cluster_info);
si->flags += SWP_SCANNING;
while (n_ret < nr) { while (n_ret < nr) {
unsigned long offset = cluster_alloc_swap_entry(si, order, usage); unsigned long offset = cluster_alloc_swap_entry(si, order, usage);
@ -1049,6 +1063,8 @@ static int cluster_alloc_swap(struct swap_info_struct *si,
slots[n_ret++] = swp_entry(si->type, offset); slots[n_ret++] = swp_entry(si->type, offset);
} }
si->flags -= SWP_SCANNING;
return n_ret; return n_ret;
} }

View File

@ -420,7 +420,7 @@ static void show_page(unsigned long voffset, unsigned long offset,
if (opt_file) if (opt_file)
printf("%lx\t", voffset); printf("%lx\t", voffset);
if (opt_list_cgroup) if (opt_list_cgroup)
printf("@%" PRIu64 "\t", cgroup) printf("@%" PRIu64 "\t", cgroup);
if (opt_list_mapcnt) if (opt_list_mapcnt)
printf("%" PRIu64 "\t", mapcnt); printf("%" PRIu64 "\t", mapcnt);