Commit d7c2b1f6 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm 

Pull misc hotfixes from Andrew Morton:
 "22 hotfixes.

  Eight are cc:stable and the remainder address issues which were
  introduced post-6.0 or which aren't considered serious enough to
  justify a -stable backport"

* tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (22 commits)
  docs: kmsan: fix formatting of "Example report"
  mm/damon/dbgfs: check if rm_contexts input is for a real context
  maple_tree: don't set a new maximum on the node when not reusing nodes
  maple_tree: fix depth tracking in maple_state
  arch/x86/mm/hugetlbpage.c: pud_huge() returns 0 when using 2-level paging
  fs: fix leaked psi pressure state
  nilfs2: fix use-after-free bug of ns_writer on remount
  x86/traps: avoid KMSAN bugs originating from handle_bug()
  kmsan: make sure PREEMPT_RT is off
  Kconfig.debug: ensure early check for KMSAN in CONFIG_KMSAN_WARN
  x86/uaccess: instrument copy_from_user_nmi()
  kmsan: core: kmsan_in_runtime() should return true in NMI context
  mm: hugetlb_vmemmap: include missing linux/moduleparam.h
  mm/shmem: use page_mapping() to detect page cache for uffd continue
  mm/memremap.c: map FS_DAX device memory as decrypted
  Partly revert "mm/thp: carry over dirty bit when thp splits on pmd"
  nilfs2: fix deadlock in nilfs_count_free_blocks()
  mm/mmap: fix memory leak in mmap_region()
  hugetlbfs: don't delete error page from pagecache
  maple_tree: reorganize testing to restore module testing
  ...
parents 5ad6e7ba 436fa4a6

Documentation/dev-tools/kmsan.rst

+1 −0
Original line number Diff line number Diff line
@@ -67,6 +67,7 @@ uninitialized in the local variable, as well as the stack where the value was 
copied to another memory location before use.



A use of uninitialized value ``v`` is reported by KMSAN in the following cases:



 - in a condition, e.g. ``if (v) { ... }``;

 - in an indexing or pointer dereferencing, e.g. ``array[v]`` or ``*v``;

 - when it is copied to userspace or hardware, e.g. ``copy_to_user(..., &v, ...)``;

arch/x86/kernel/traps.c

+7 −0
Original line number Diff line number Diff line
@@ -15,6 +15,7 @@ 
#include <linux/context_tracking.h>

#include <linux/interrupt.h>

#include <linux/kallsyms.h>

#include <linux/kmsan.h>

#include <linux/spinlock.h>

#include <linux/kprobes.h>

#include <linux/uaccess.h>
@@ -301,6 +302,12 @@ static noinstr bool handle_bug(struct pt_regs *regs) 
{

	bool handled = false;



	/*

	 * Normally @regs are unpoisoned by irqentry_enter(), but handle_bug()

	 * is a rare case that uses @regs without passing them to

	 * irqentry_enter().

	 */

	kmsan_unpoison_entry_regs(regs);

	if (!is_valid_bugaddr(regs->ip))

		return handled;

arch/x86/lib/usercopy.c

+3 −0
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ 


#include <linux/uaccess.h>

#include <linux/export.h>

#include <linux/instrumented.h>



#include <asm/tlbflush.h>
@@ -44,7 +45,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) 
	 * called from other contexts.

	 */

	pagefault_disable();

	instrument_copy_from_user_before(to, from, n);

	ret = raw_copy_from_user(to, from, n);

	instrument_copy_from_user_after(to, from, n, ret);

	pagefault_enable();



	return ret;

arch/x86/mm/hugetlbpage.c

+4 −0
Original line number Diff line number Diff line
@@ -37,8 +37,12 @@ int pmd_huge(pmd_t pmd) 
 */

int pud_huge(pud_t pud)

{

#if CONFIG_PGTABLE_LEVELS > 2

	return !pud_none(pud) &&

		(pud_val(pud) & (_PAGE_PRESENT|_PAGE_PSE)) != _PAGE_PRESENT;

#else

	return 0;

#endif

}



#ifdef CONFIG_HUGETLB_PAGE

fs/btrfs/compression.c

+8 −6
Original line number Diff line number Diff line
@@ -512,7 +512,7 @@ static u64 bio_end_offset(struct bio *bio) 
static noinline int add_ra_bio_pages(struct inode *inode,

				     u64 compressed_end,

				     struct compressed_bio *cb,

				     unsigned long *pflags)

				     int *memstall, unsigned long *pflags)

{

	struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb);

	unsigned long end_index;
@@ -581,8 +581,10 @@ static noinline int add_ra_bio_pages(struct inode *inode, 
			continue;

		}



		if (PageWorkingset(page))

		if (!*memstall && PageWorkingset(page)) {

			psi_memstall_enter(pflags);

			*memstall = 1;

		}



		ret = set_page_extent_mapped(page);

		if (ret < 0) {
@@ -670,8 +672,8 @@ void btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, 
	u64 em_len;

	u64 em_start;

	struct extent_map *em;

	/* Initialize to 1 to make skip psi_memstall_leave unless needed */

	unsigned long pflags = 1;

	unsigned long pflags;

	int memstall = 0;

	blk_status_t ret;

	int ret2;

	int i;
@@ -727,7 +729,7 @@ void btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, 
		goto fail;

	}



	add_ra_bio_pages(inode, em_start + em_len, cb, &pflags);

	add_ra_bio_pages(inode, em_start + em_len, cb, &memstall, &pflags);



	/* include any pages we added in add_ra-bio_pages */

	cb->len = bio->bi_iter.bi_size;
@@ -807,7 +809,7 @@ void btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, 
		}

	}



	if (!pflags)

	if (memstall)

		psi_memstall_leave(&pflags);



	if (refcount_dec_and_test(&cb->pending_ios))