)]}' { "commit": "98fa22f9fff105842c6faded7c4f6c86d6683db8", "tree": "df5db110c17d4dda96a5d3514d7c97cd1cf1bfa2", "parents": [ "d2f3ce7f42140d4830379ae2131148251b1654d6", "0c5e59ab3e2053bd6c0f9666d040fe599cccb945" ], "author": { "name": "Andrea Arcangeli", "email": "aarcange@redhat.com", "time": "Sat Nov 11 22:03:39 2023 -0500" }, "committer": { "name": "Andrea Arcangeli", "email": "aarcange@redhat.com", "time": "Sat Nov 11 22:03:39 2023 -0500" }, "message": "Merge remote-tracking branch \u0027gitlab/main-5.15.y\u0027 into main-5.15.y\n\nd2f3ce7f42140d4830379ae2131148251b1654d6\n\n- revert one more page_count check in the NUMA hinting fault path\n\n- added the bpf_prefault writable tracepoint which is the dependency\n to run BPFML in non simulation mode\n\nb6580318481399405e1368d38d13ec5c58071352\n\n- remove a PageAnonGup() BUG_ON() from unuse_pte() because it\n triggered a false positive during swapoff().\n\n51d469787f3e79c2f4540267dd204ed75a532613\n\n- optimize the universal fix for the synchronicity of all GUP pins\n further with the PageAnonGup filter\n\nac721fb4219c46772f4dd5861e83335eb3718214\n\n- add synchronicity to all GUP pins, including thread+gup+fork at\n hardblocksize subpage granularity without requiring FOLL_PIN\n\n38ecec4f7a55bb85c8affa97c546991a5351f326\n\n- defer the ksm wse opt-in experimental feature\n\n- deliver full accuracy to the THP mapcount with thp_idx to avoid GUP\n pin synchronicity loss after a THP virtual split followed by fork\n\n- fix a FOLL_LONGTERM synchronicity loss in presence of swapping over\n raid5/blk-integrity that would enable SWP_STABLE_WRITES\n\n- fix a FOLL_LONGTERM synchronicity loss if multiple threads take a\n long term GUP pin at the same time while a child exists\n\n8f74a7d45e5a7d33084bd0958f7a491bbd8f3fc5\n\n- fix kvm_mmu_notifier_change_pte()\n\n608641cdbe7a69741088f8bd0072cab4e1943ff6\n\n- tentative working set estimation for KSM\n- fix missing young bit after NUMA migrate-on-fault and THP splits\n\n47b23851febb91384f497da51c77f23b47376eba\n\n- v5 fix for the KSM swapin anon_vma use after free.\n\ne4dbaa0db656bc7e3fce23695c00dc8fc15d96ea\n\n- v4 fix for the KSM swapin anon_vma use after free.\n\nce4bc19086d1e96ca9ed1491a39aa5291d14b08e\n\n- v3 fix for the KSM swapin anon_vma use after free.\n\n- Cleanup FOLL_UNSHARE definition from code and commit headers and\n other no-op cleanups. It\u0027s a further sync-up with the cleanups from\n the v1 \"mm: COW fixes part 1: fix the COW security issue for THP and\n hugetlb\" submit.\n\na8e5bf4916fecaacbe49f60cedcf20c658b54707\n\n- Tentative fix for the false positive BUILD_BUG_ON build error on some\n arches reported by the kernel test robot.\n\n- Fixed KSM checksum initialization reported by Dan Carpenter and the\n kernel test robot with smatch.\n\n- Worked around a coding style warning from the kernel test robot.\n\n8a4fc2ffa29df05a65a5d662e0db910dcb93a176\n\n- The mprotect optimization that was proposed upstream to skip\n spurious COW faults had a bug in not checking the swapcount which\n could result in erroneously skipping the COW fault with swap\n enabled. This implementation inherited the same bug that the\n original upstream posted patch had. The bug has been found by source\n review and it has been fixed: in this implementation the swapcount\n is now taken into account as required for safety.\n\ne60b432637711574fba6507c2dbc26043f2f7e9e\n\n- optimized wp_page_unshare() with can_read_pin_swap_page(), in\n addition this change is a dependency for the PageKsm FOLL_MM_SYNC\n rework.\n\n- reworked from scratch PageKsm FOLL_MM_SYNC using\n can_read_pin_swap_page(). Enforcing that no FOLL_LONGTERM read pin\n can be ever taken on any PageKsm feels simpler in comparison to\n enforcing no PageAnon can be converted to PageKsm if there\u0027s any\n outstanding pin and that no wrprotected PageAnon can be replaced by\n an equal PageKsm if the PageAnon had any outstanding FOLL_LONGTERM\n pins. Both guarantees are required for FOLL_MM_SYNC to deliver\n full synchronicity to FOLL_LONGTERM pins on VM_MERGEABLE vmas too.\n\ne8a5fe3acb45be705bde7d167d4d89ea6151bec9\n\n- gup_must_unshare() optimized with can_read_pin_swap_page().\n\n- added the page lock in the hugetlbfs gup_must_unshare() path to\n protect against page migration. It\u0027d be ideal if page migration could\n be improved to count how many migration entries it installed and then\n drop the mapcount accordingly only after the refcount freezing.\n\n- Improved FOLL_MM_SYNC for PageKsm: KSM code should cooperate with\n GUP and make sure to never de-dup pages with GUP pins. GUP already does\n its part in unsharing PageKsm pages with the COR fault before taking\n readonly FOLL_LONGTERM pins (with FOLL_MM_SYNC implicitly set).\n\n- Minor: added more consistency to the SWAP\u003dn version of\n reuse_swap_page(), just in case.\n\n129b654f78e4e2386d823d616201b0775d69b382\n\n- More noop cleanups.\n\n- Added a missing update_mmu_tlb() which is also a noop for all arches\n except mips.\n\nc1e6044c5bd1ed2592f7196e7ad99b8c47f7787c\n\n- A solution based on the FOLL_UNSHARE+COR solution that originated in\n this tree has been proposed upstream and the review showed the\n gup_must_unshare() didn\u0027t properly take into account the swapcount.\n\n The lack of swapcount calculation reported upstream is a minor\n implementation issue and requires no change in design to fix. In\n fact it has been fixed in less than 48 hours as demonstrated by this\n quick hotfix update.\n\n It\u0027s worth pointing out that the lack of swapcount calculation in\n the previous version caused zero regressions compared to upstream\n v5.7 and in fact the previous version was preferable than v5.7.\n\n As opposed upstream still randomly corrupts memory if swap is\n enabled with O_DIRECT + swap if using 64k PAGE SIZE on aarch64 and a\n 4k db blocksize, with io_uring and all FOLL_LONGTERM and causes\n various horizontal regressions (for example all swapcache is COWed\n unconditionally even if it\u0027s exclusive).\n\n At the time of this writing, this is the only known solution that\n resolves all known security issues and that introduces zero user ABI\n regression compared to v5.7 and that retains the full power of the\n MM.\n\n In fact this goes beyond what v5.7 could do: with FOLL_MM_SYNC for\n the first time this solution provides full POSIX semantics to all\n FOLL_LONGTERM and short term pins by leveraging the COR (Copy On\n Read) fault.\n\n170df1aaab8e5dc923479b75d91500d6cf366796\n\n- Peter Xu discovered that the THP path of __page_mapcount was reading\n the first tail page instead of the right tailpage in a doublemap.\n This has been corrected.\n\n- David Hildenbrand reported that __page_mapcount and gup_must_unshare\n shared some code paths between THP and hugetlbfs, but the mapcount\n seqcount wasn\u0027t initialized in hugetlbfs which could result in a\n softlockup. This has been corrected and the hugetlbfs paths in\n __page_mapcount and gup_must_unshare don\u0027t share the same code paths\n anymore.\n\n- Merged a permutation from David Hildenbrand that simplifies\n __split_huge_pmd_locked() and reduces the\n page_trans_huge_mapcount_lock() hold time as well.\n\n- Merged FOLL_NOUNSHARE from David Hildenbrand \"deactivate\" the COR\n fault in follow_page(). follow_page() is special because the kernel\n is the \"user\" and the kernel intends to work on the real thing, not\n on the post-COR copy. Obtaining a (post-COR) copy of the page is\n functionally harmless from the userland point of view, but it\u0027d\n defeat various kernel MM optimizations.\n\n- Added a tentative fix for an user after free in KSM rmap reported\n upstream.\n\n- Added a tentative fix to eliminate the KVM COW side channel.\n\n08afe7e6dd05f64c64af20ea11825067d497004b\n\n- added the COR fault and the FAULT_FLAG_UNSHARE support to hugetlbfs.\n\n806134b9aae1c4f00d92bf942869adb0b0e257e4\n\n- added \"mm/userfaultfd: provide unmasked address on page-fault\".\n\n828efbc74a232a39869c1612af02bd75b98bb497\n\n- Improved the 3771dc26618494d2fca1f8489cc1581a63a51ce8 commit header.\n\nd22a27cc8aa072e6fb002ec127b5891253658055\n\n- cleanup gup_must_unshare(): added is_fast_only_in_irq() to document\n and deduplicate the irq_count() check.\n\n6d6837a51fe0e71e3dc9c10deefbd616aeaec1fa\n\n- Added feb889fb40fafc6933339cf1cca8f770126819fb to the list of\n reverts since it\u0027s unnecessary after reverting\n 09854ba94c6aad7886996bfbee2530b3d8a7f4f4.\n\n- Documented more details on the SMP race against pin-fast of\n feb889fb40fafc6933339cf1cca8f770126819fb and\n 9348b73c2e1bfea74ccd4a44fb4ccc7276ab9623 at the end of the commit\n header of 5f3f91f23e41359338a41991fe19e4735d7e56e4 (\"mm: COW:\n restore full accuracy in page reuse\").\n\nSigned-off-by: Andrea Arcangeli \u003caarcange@redhat.com\u003e\n", "tree_diff": [] }