Commit 5e714bf1 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'mm-stable-2022-10-13' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm 

Pull more MM updates from Andrew Morton:

 - fix a race which causes page refcounting errors in ZONE_DEVICE pages
   (Alistair Popple)

 - fix userfaultfd test harness instability (Peter Xu)

 - various other patches in MM, mainly fixes

* tag 'mm-stable-2022-10-13' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (29 commits)
  highmem: fix kmap_to_page() for kmap_local_page() addresses
  mm/page_alloc: fix incorrect PGFREE and PGALLOC for high-order page
  mm/selftest: uffd: explain the write missing fault check
  mm/hugetlb: use hugetlb_pte_stable in migration race check
  mm/hugetlb: fix race condition of uffd missing/minor handling
  zram: always expose rw_page
  LoongArch: update local TLB if PTE entry exists
  mm: use update_mmu_tlb() on the second thread
  kasan: fix array-bounds warnings in tests
  hmm-tests: add test for migrate_device_range()
  nouveau/dmem: evict device private memory during release
  nouveau/dmem: refactor nouveau_dmem_fault_copy_one()
  mm/migrate_device.c: add migrate_device_range()
  mm/migrate_device.c: refactor migrate_vma and migrate_deivce_coherent_page()
  mm/memremap.c: take a pgmap reference on page allocation
  mm: free device private pages have zero refcount
  mm/memory.c: fix race when faulting a device private page
  mm/damon: use damon_sz_region() in appropriate place
  mm/damon: move sz_damon_region to damon_sz_region
  lib/test_meminit: add checks for the allocation functions
  ...
parents f2e44139 ef6e06b2

arch/loongarch/include/asm/pgtable.h

+3 −0
Original line number Diff line number Diff line
@@ -412,6 +412,9 @@ static inline void update_mmu_cache(struct vm_area_struct *vma, 
	__update_tlb(vma, address, ptep);

}



#define __HAVE_ARCH_UPDATE_MMU_TLB

#define update_mmu_tlb	update_mmu_cache



static inline void update_mmu_cache_pmd(struct vm_area_struct *vma,

			unsigned long address, pmd_t *pmdp)

{

arch/powerpc/kvm/book3s_hv_uvmem.c

+12 −9
Original line number Diff line number Diff line
@@ -508,10 +508,10 @@ unsigned long kvmppc_h_svm_init_start(struct kvm *kvm) 
static int __kvmppc_svm_page_out(struct vm_area_struct *vma,

		unsigned long start,

		unsigned long end, unsigned long page_shift,

		struct kvm *kvm, unsigned long gpa)

		struct kvm *kvm, unsigned long gpa, struct page *fault_page)

{

	unsigned long src_pfn, dst_pfn = 0;

	struct migrate_vma mig;

	struct migrate_vma mig = { 0 };

	struct page *dpage, *spage;

	struct kvmppc_uvmem_page_pvt *pvt;

	unsigned long pfn;
@@ -525,6 +525,7 @@ static int __kvmppc_svm_page_out(struct vm_area_struct *vma, 
	mig.dst = &dst_pfn;

	mig.pgmap_owner = &kvmppc_uvmem_pgmap;

	mig.flags = MIGRATE_VMA_SELECT_DEVICE_PRIVATE;

	mig.fault_page = fault_page;



	/* The requested page is already paged-out, nothing to do */

	if (!kvmppc_gfn_is_uvmem_pfn(gpa >> page_shift, kvm, NULL))
@@ -580,12 +581,14 @@ static int __kvmppc_svm_page_out(struct vm_area_struct *vma, 
static inline int kvmppc_svm_page_out(struct vm_area_struct *vma,

				      unsigned long start, unsigned long end,

				      unsigned long page_shift,

				      struct kvm *kvm, unsigned long gpa)

				      struct kvm *kvm, unsigned long gpa,

				      struct page *fault_page)

{

	int ret;



	mutex_lock(&kvm->arch.uvmem_lock);

	ret = __kvmppc_svm_page_out(vma, start, end, page_shift, kvm, gpa);

	ret = __kvmppc_svm_page_out(vma, start, end, page_shift, kvm, gpa,

				fault_page);

	mutex_unlock(&kvm->arch.uvmem_lock);



	return ret;
@@ -634,7 +637,7 @@ void kvmppc_uvmem_drop_pages(const struct kvm_memory_slot *slot, 
			pvt->remove_gfn = true;



			if (__kvmppc_svm_page_out(vma, addr, addr + PAGE_SIZE,

						  PAGE_SHIFT, kvm, pvt->gpa))

						  PAGE_SHIFT, kvm, pvt->gpa, NULL))

				pr_err("Can't page out gpa:0x%lx addr:0x%lx\n",

				       pvt->gpa, addr);

		} else {
@@ -715,7 +718,7 @@ static struct page *kvmppc_uvmem_get_page(unsigned long gpa, struct kvm *kvm) 


	dpage = pfn_to_page(uvmem_pfn);

	dpage->zone_device_data = pvt;

	lock_page(dpage);

	zone_device_page_init(dpage);

	return dpage;

out_clear:

	spin_lock(&kvmppc_uvmem_bitmap_lock);
@@ -736,7 +739,7 @@ static int kvmppc_svm_page_in(struct vm_area_struct *vma, 
		bool pagein)

{

	unsigned long src_pfn, dst_pfn = 0;

	struct migrate_vma mig;

	struct migrate_vma mig = { 0 };

	struct page *spage;

	unsigned long pfn;

	struct page *dpage;
@@ -994,7 +997,7 @@ static vm_fault_t kvmppc_uvmem_migrate_to_ram(struct vm_fault *vmf) 


	if (kvmppc_svm_page_out(vmf->vma, vmf->address,

				vmf->address + PAGE_SIZE, PAGE_SHIFT,

				pvt->kvm, pvt->gpa))

				pvt->kvm, pvt->gpa, vmf->page))

		return VM_FAULT_SIGBUS;

	else

		return 0;
@@ -1065,7 +1068,7 @@ kvmppc_h_svm_page_out(struct kvm *kvm, unsigned long gpa, 
	if (!vma || vma->vm_start > start || vma->vm_end < end)

		goto out;



	if (!kvmppc_svm_page_out(vma, start, end, page_shift, kvm, gpa))

	if (!kvmppc_svm_page_out(vma, start, end, page_shift, kvm, gpa, NULL))

		ret = H_SUCCESS;

out:

	mmap_read_unlock(kvm->mm);

drivers/block/zram/zram_drv.c

+3 −23
Original line number Diff line number Diff line
@@ -52,9 +52,6 @@ static unsigned int num_devices = 1; 
static size_t huge_class_size;



static const struct block_device_operations zram_devops;

#ifdef CONFIG_ZRAM_WRITEBACK

static const struct block_device_operations zram_wb_devops;

#endif



static void zram_free_page(struct zram *zram, size_t index);

static int zram_bvec_read(struct zram *zram, struct bio_vec *bvec,
@@ -546,17 +543,6 @@ static ssize_t backing_dev_store(struct device *dev, 
	zram->backing_dev = backing_dev;

	zram->bitmap = bitmap;

	zram->nr_pages = nr_pages;

	/*

	 * With writeback feature, zram does asynchronous IO so it's no longer

	 * synchronous device so let's remove synchronous io flag. Othewise,

	 * upper layer(e.g., swap) could wait IO completion rather than

	 * (submit and return), which will cause system sluggish.

	 * Furthermore, when the IO function returns(e.g., swap_readpage),

	 * upper layer expects IO was done so it could deallocate the page

	 * freely but in fact, IO is going on so finally could cause

	 * use-after-free when the IO is really done.

	 */

	zram->disk->fops = &zram_wb_devops;

	up_write(&zram->init_lock);



	pr_info("setup backing device %s\n", file_name);
@@ -1270,6 +1256,9 @@ static int __zram_bvec_read(struct zram *zram, struct page *page, u32 index, 
		struct bio_vec bvec;



		zram_slot_unlock(zram, index);

		/* A null bio means rw_page was used, we must fallback to bio */

		if (!bio)

			return -EOPNOTSUPP;



		bvec.bv_page = page;

		bvec.bv_len = PAGE_SIZE;
@@ -1856,15 +1845,6 @@ static const struct block_device_operations zram_devops = { 
	.owner = THIS_MODULE

};



#ifdef CONFIG_ZRAM_WRITEBACK

static const struct block_device_operations zram_wb_devops = {

	.open = zram_open,

	.submit_bio = zram_submit_bio,

	.swap_slot_free_notify = zram_slot_free_notify,

	.owner = THIS_MODULE

};

#endif



static DEVICE_ATTR_WO(compact);

static DEVICE_ATTR_RW(disksize);

static DEVICE_ATTR_RO(initstate);

drivers/gpu/drm/amd/amdkfd/kfd_migrate.c

+11 −8
Original line number Diff line number Diff line
@@ -223,7 +223,7 @@ svm_migrate_get_vram_page(struct svm_range *prange, unsigned long pfn) 
	page = pfn_to_page(pfn);

	svm_range_bo_ref(prange->svm_bo);

	page->zone_device_data = prange->svm_bo;

	lock_page(page);

	zone_device_page_init(page);

}



static void
@@ -410,7 +410,7 @@ svm_migrate_vma_to_vram(struct amdgpu_device *adev, struct svm_range *prange, 
	uint64_t npages = (end - start) >> PAGE_SHIFT;

	struct kfd_process_device *pdd;

	struct dma_fence *mfence = NULL;

	struct migrate_vma migrate;

	struct migrate_vma migrate = { 0 };

	unsigned long cpages = 0;

	dma_addr_t *scratch;

	void *buf;
@@ -666,7 +666,7 @@ svm_migrate_copy_to_ram(struct amdgpu_device *adev, struct svm_range *prange, 
static long

svm_migrate_vma_to_ram(struct amdgpu_device *adev, struct svm_range *prange,

		       struct vm_area_struct *vma, uint64_t start, uint64_t end,

		       uint32_t trigger)

		       uint32_t trigger, struct page *fault_page)

{

	struct kfd_process *p = container_of(prange->svms, struct kfd_process, svms);

	uint64_t npages = (end - start) >> PAGE_SHIFT;
@@ -674,7 +674,7 @@ svm_migrate_vma_to_ram(struct amdgpu_device *adev, struct svm_range *prange, 
	unsigned long cpages = 0;

	struct kfd_process_device *pdd;

	struct dma_fence *mfence = NULL;

	struct migrate_vma migrate;

	struct migrate_vma migrate = { 0 };

	dma_addr_t *scratch;

	void *buf;

	int r = -ENOMEM;
@@ -697,6 +697,7 @@ svm_migrate_vma_to_ram(struct amdgpu_device *adev, struct svm_range *prange, 


	migrate.src = buf;

	migrate.dst = migrate.src + npages;

	migrate.fault_page = fault_page;

	scratch = (dma_addr_t *)(migrate.dst + npages);



	kfd_smi_event_migration_start(adev->kfd.dev, p->lead_thread->pid,
@@ -764,7 +765,7 @@ svm_migrate_vma_to_ram(struct amdgpu_device *adev, struct svm_range *prange, 
 * 0 - OK, otherwise error code

 */

int svm_migrate_vram_to_ram(struct svm_range *prange, struct mm_struct *mm,

			    uint32_t trigger)

			    uint32_t trigger, struct page *fault_page)

{

	struct amdgpu_device *adev;

	struct vm_area_struct *vma;
@@ -805,7 +806,8 @@ int svm_migrate_vram_to_ram(struct svm_range *prange, struct mm_struct *mm, 
		}



		next = min(vma->vm_end, end);

		r = svm_migrate_vma_to_ram(adev, prange, vma, addr, next, trigger);

		r = svm_migrate_vma_to_ram(adev, prange, vma, addr, next, trigger,

			fault_page);

		if (r < 0) {

			pr_debug("failed %ld to migrate prange %p\n", r, prange);

			break;
@@ -849,7 +851,7 @@ svm_migrate_vram_to_vram(struct svm_range *prange, uint32_t best_loc, 
	pr_debug("from gpu 0x%x to gpu 0x%x\n", prange->actual_loc, best_loc);



	do {

		r = svm_migrate_vram_to_ram(prange, mm, trigger);

		r = svm_migrate_vram_to_ram(prange, mm, trigger, NULL);

		if (r)

			return r;

	} while (prange->actual_loc && --retries);
@@ -950,7 +952,8 @@ static vm_fault_t svm_migrate_to_ram(struct vm_fault *vmf) 
	}



	r = svm_migrate_vram_to_ram(prange, vmf->vma->vm_mm,

				    KFD_MIGRATE_TRIGGER_PAGEFAULT_CPU);

				    KFD_MIGRATE_TRIGGER_PAGEFAULT_CPU,

				    vmf->page);

	if (r)

		pr_debug("failed %d migrate svms 0x%p range 0x%p [0x%lx 0x%lx]\n",

			 r, prange->svms, prange, prange->start, prange->last);

drivers/gpu/drm/amd/amdkfd/kfd_migrate.h

+1 −1
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ enum MIGRATION_COPY_DIR { 
int svm_migrate_to_vram(struct svm_range *prange,  uint32_t best_loc,

			struct mm_struct *mm, uint32_t trigger);

int svm_migrate_vram_to_ram(struct svm_range *prange, struct mm_struct *mm,

			    uint32_t trigger);

			    uint32_t trigger, struct page *fault_page);

unsigned long

svm_migrate_addr_to_pfn(struct amdgpu_device *adev, unsigned long addr);