diff options
author | Andrea Arcangeli <aarcange@redhat.com> | 2022-06-16 21:23:20 -0400 |
---|---|---|
committer | Andrea Arcangeli <aarcange@redhat.com> | 2022-06-16 21:23:20 -0400 |
commit | ecf507684263a633acd83475727516987f93a80e (patch) | |
tree | ad5d9bad334d68d9b6245e4dcb309e0fc32c05cb | |
parent | 3bb21e948357d6eecbea6094b6b9f5167314096f (diff) | |
parent | d7d527e500c60384e8260d5f4080b5bdb58ea553 (diff) | |
download | aa-main-5.10.y.tar.gz |
Merge remote-tracking branch 'gitlab/main-5.10.y' into main-5.10.ymain-5.10.y
3bb21e948357d6eecbea6094b6b9f5167314096f
- fix kvm_mmu_notifier_change_pte()
8ff1110a559984df1f0d803cf7f25fed2e395e6a
- tentative working set estimation for KSM
- fix missing young bit after NUMA migrate-on-fault and THP splits
725f6825d79ddce90aec36022d6eb34bba1a5ed5
- v5 fix for the KSM swapin anon_vma use after free.
28a96a7b5acb737187307c666dd3d1ef5e4ab87b
- v4 fix for the KSM swapin anon_vma use after free.
b422e140fce7b028999020b106c06cd024238dbd
- v3 fix for the KSM swapin anon_vma use after free.
- Cleanup FOLL_UNSHARE definition from code and commit headers and
other no-op cleanups. It's a further sync-up with the cleanups from
the v1 "mm: COW fixes part 1: fix the COW security issue for THP and
hugetlb" submit.
1b9e64a0576cadd759c241f8c211f247fd11f42f
- Tentative fix for the false positive BUILD_BUG_ON build error on some
arches reported by the kernel test robot.
- Fixed KSM checksum initialization reported by Dan Carpenter and the
kernel test robot with smatch.
- Worked around a coding style warning from the kernel test robot.
fc1a9068f8ebf45bd9b41c4dc3b1405847beb773
- The mprotect optimization that was proposed upstream to skip
spurious COW faults had a bug in not checking the swapcount which
could result in erroneously skipping the COW fault with swap
enabled. This implementation inherited the same bug that the
original upstream posted patch had. The bug has been found by source
review and it has been fixed: in this implementation the swapcount
is now taken into account as required for safety.
bd1802d4a4ead6e8404d0565025f3be194628360
- optimized wp_page_unshare() with can_read_pin_swap_page(), in
addition this change is a dependency for the PageKsm FOLL_MM_SYNC
rework.
- reworked from scratch PageKsm FOLL_MM_SYNC using
can_read_pin_swap_page(). Enforcing that no FOLL_LONGTERM read pin
can be ever taken on any PageKsm feels simpler in comparison to
enforcing no PageAnon can be converted to PageKsm if there's any
outstanding pin and that no wrprotected PageAnon can be replaced by
an equal PageKsm if the PageAnon had any outstanding FOLL_LONGTERM
pins. Both guarantees are required for FOLL_MM_SYNC to deliver
full synchronicity to FOLL_LONGTERM pins on VM_MERGEABLE vmas too.
a1250d3db4940768b22f38b398825d18588e95e1
- gup_must_unshare() optimized with can_read_pin_swap_page().
- added the page lock in the hugetlbfs gup_must_unshare() path to
protect against page migration. It'd be ideal if page migration could
be improved to count how many migration entries it installed and then
drop the mapcount accordingly only after the refcount freezing.
- Improved FOLL_MM_SYNC for PageKsm: KSM code should cooperate with
GUP and make sure to never de-dup pages with GUP pins. GUP already does
its part in unsharing PageKsm pages with the COR fault before taking
readonly FOLL_LONGTERM pins (with FOLL_MM_SYNC implicitly set).
- Minor: added more consistency to the SWAP=n version of
reuse_swap_page(), just in case.
1d79942e9e74049be0229d859a577516fca8157c
- More noop cleanups.
- Added a missing update_mmu_tlb() which is also a noop for all arches
except mips.
6eefdfb0dfe1057e0e476699db602fdbad0c188a
- A solution based on the FOLL_UNSHARE+COR solution that originated in
this tree has been proposed upstream and the review showed the
gup_must_unshare() didn't properly take into account the swapcount.
The lack of swapcount calculation reported upstream is a minor
implementation issue and requires no change in design to fix. In
fact it has been fixed in less than 48 hours as demonstrated by this
quick hotfix update.
It's worth pointing out that the lack of swapcount calculation in
the previous version caused zero regressions compared to upstream
v5.7 and in fact the previous version was preferable than v5.7.
As opposed upstream still randomly corrupts memory if swap is
enabled with O_DIRECT + swap if using 64k PAGE SIZE on aarch64 and a
4k db blocksize, with io_uring and all FOLL_LONGTERM and causes
various horizontal regressions (for example all swapcache is COWed
unconditionally even if it's exclusive).
At the time of this writing, this is the only known solution that
resolves all known security issues and that introduces zero user ABI
regression compared to v5.7 and that retains the full power of the
MM.
In fact this goes beyond what v5.7 could do: with FOLL_MM_SYNC for
the first time this solution provides full POSIX semantics to all
FOLL_LONGTERM and short term pins by leveraging the COR (Copy On
Read) fault.
7fc0a1e49e04b4bb7170ed670820823d3e692fa8
- Peter Xu discovered that the THP path of __page_mapcount was reading
the first tail page instead of the right tailpage in a doublemap.
This has been corrected.
- David Hildenbrand reported that __page_mapcount and gup_must_unshare
shared some code paths between THP and hugetlbfs, but the mapcount
seqcount wasn't initialized in hugetlbfs which could result in a
softlockup. This has been corrected and the hugetlbfs paths in
__page_mapcount and gup_must_unshare don't share the same code paths
anymore.
- Merged a permutation from David Hildenbrand that simplifies
__split_huge_pmd_locked() and reduces the
page_trans_huge_mapcount_lock() hold time as well.
- Merged FOLL_NOUNSHARE from David Hildenbrand "deactivate" the COR
fault in follow_page(). follow_page() is special because the kernel
is the "user" and the kernel intends to work on the real thing, not
on the post-COR copy. Obtaining a (post-COR) copy of the page is
functionally harmless from the userland point of view, but it'd
defeat various kernel MM optimizations.
- Added a tentative fix for an user after free in KSM rmap reported
upstream.
- Added a tentative fix to eliminate the KVM COW side channel.
45eb6f77a1e71a3b2dd71fefcdf03f7e55c4be50
- added the COR fault and the FAULT_FLAG_UNSHARE support to hugetlbfs.
106d5157f53aef387bc8b3804cbefccdf1807ea4
- added "mm/userfaultfd: provide unmasked address on page-fault".
fe2032472e830e335f0c223fe8a35bd543506d8a
- Improved the 72c05d6f8ef1ef3dda0f91c82cf0e83be3447e14 commit header.
a9e21523ddd619a99bb9ba4f718801e535657178
- cleanup gup_must_unshare(): added is_fast_only_in_irq() to document
and deduplicate the irq_count() check.
f49c147372f2acc6f82a20f4c6c041aeb21a090b
- Added feb889fb40fafc6933339cf1cca8f770126819fb to the list of
reverts since it's unnecessary after reverting
09854ba94c6aad7886996bfbee2530b3d8a7f4f4.
- Documented more details on the SMP race against pin-fast of
feb889fb40fafc6933339cf1cca8f770126819fb and
9348b73c2e1bfea74ccd4a44fb4ccc7276ab9623 at the end of the commit
header of a63e8a5c408bff7d6a8347567dc02470aa7d3c54 ("mm: COW:
restore full accuracy in page reuse").
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
0 files changed, 0 insertions, 0 deletions