1. 11 Dec, 2023 18 commits
    • Andrei Vagin's avatar
      fs/proc/task_mmu: report SOFT_DIRTY bits through the PAGEMAP_SCAN ioctl · e6a9a2cb
      Andrei Vagin authored
      The PAGEMAP_SCAN ioctl returns information regarding page table entries. 
      It is more efficient compared to reading pagemap files.  CRIU can start to
      utilize this ioctl, but it needs info about soft-dirty bits to track
      memory changes.
      
      We are aware of a new method for tracking memory changes implemented in
      the PAGEMAP_SCAN ioctl.  For CRIU, the primary advantage of this method is
      its usability by unprivileged users.  However, it is not feasible to
      transparently replace the soft-dirty tracker with the new one.  The main
      problem here is userfault descriptors that have to be preserved between
      pre-dump iterations.  It means criu continues supporting the soft-dirty
      method to avoid breakage for current users.  The new method will be
      implemented as a separate feature.
      
      [avagin@google.com: update tools/include/uapi/linux/fs.h]
        Link: https://lkml.kernel.org/r/20231107164139.576046-1-avagin@google.com
      Link: https://lkml.kernel.org/r/20231106220959.296568-1-avagin@google.comSigned-off-by: default avatarAndrei Vagin <avagin@google.com>
      Reviewed-by: default avatarMuhammad Usama Anjum <usama.anjum@collabora.com>
      Cc: Michał Mirosław <mirq-linux@rere.qmqm.pl>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      e6a9a2cb
    • Minjie Du's avatar
      mm/filemap: increase usage of folio_next_index() helper · 8ff25266
      Minjie Du authored
      Simplify code pattern of 'folio->index + folio_nr_pages(folio)' by using
      the existing helper folio_next_index() in filemap_get_folios_contig().
      
      Link: https://lkml.kernel.org/r/20231107024635.4512-1-duminjie@vivo.comSigned-off-by: default avatarMinjie Du <duminjie@vivo.com>
      Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      8ff25266
    • Vishal Verma's avatar
      dax/kmem: allow kmem to add memory with memmap_on_memory · 4eca0ef4
      Vishal Verma authored
      Large amounts of memory managed by the kmem driver may come in via CXL,
      and it is often desirable to have the memmap for this memory on the new
      memory itself.
      
      Enroll kmem-managed memory for memmap_on_memory semantics if the dax
      region originates via CXL.  For non-CXL dax regions, retain the existing
      default behavior of hot adding without memmap_on_memory semantics.
      
      Link: https://lkml.kernel.org/r/20231107-vv-kmem_memmap-v10-3-1253ec050ed0@intel.comSigned-off-by: default avatarVishal Verma <vishal.l.verma@intel.com>
      Reviewed-by: default avatarJonathan Cameron <Jonathan.Cameron@huawei.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Reviewed-by: default avatar"Huang, Ying" <ying.huang@intel.com>
      Tested-by: Li Zhijian <lizhijian@fujitsu.com>	[cxl.kmem and nvdimm.kmem]
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Dave Jiang <dave.jiang@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Cc: Fan Ni <fan.ni@samsung.com>
      Cc: Jeff Moyer <jmoyer@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4eca0ef4
    • Vishal Verma's avatar
      mm/memory_hotplug: split memmap_on_memory requests across memblocks · 6b8f0798
      Vishal Verma authored
      The MHP_MEMMAP_ON_MEMORY flag for hotplugged memory is restricted to
      'memblock_size' chunks of memory being added.  Adding a larger span of
      memory precludes memmap_on_memory semantics.
      
      For users of hotplug such as kmem, large amounts of memory might get added
      from the CXL subsystem.  In some cases, this amount may exceed the
      available 'main memory' to store the memmap for the memory being added. 
      In this case, it is useful to have a way to place the memmap on the memory
      being added, even if it means splitting the addition into memblock-sized
      chunks.
      
      Change add_memory_resource() to loop over memblock-sized chunks of memory
      if caller requested memmap_on_memory, and if other conditions for it are
      met.  Teach try_remove_memory() to also expect that a memory range being
      removed might have been split up into memblock sized chunks, and to loop
      through those as needed.
      
      This does preclude being able to use PUD mappings in the direct map; a
      proposal to how this could be optimized in the future is laid out here[1].
      
      [1]: https://lore.kernel.org/linux-mm/b6753402-2de9-25b2-36e9-eacd49752b19@redhat.com/
      
      Link: https://lkml.kernel.org/r/20231107-vv-kmem_memmap-v10-2-1253ec050ed0@intel.comSigned-off-by: default avatarVishal Verma <vishal.l.verma@intel.com>
      Suggested-by: default avatarDavid Hildenbrand <david@redhat.com>
      Reviewed-by: default avatarDan Williams <dan.j.williams@intel.com>
      Reviewed-by: default avatar"Huang, Ying" <ying.huang@intel.com>
      Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: Dave Jiang <dave.jiang@intel.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Cc: Fan Ni <fan.ni@samsung.com>
      Cc: Jeff Moyer <jmoyer@redhat.com>
      Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      6b8f0798
    • Vishal Verma's avatar
      mm/memory_hotplug: replace an open-coded kmemdup() in add_memory_resource() · 82b8a3b4
      Vishal Verma authored
      Patch series "mm: use memmap_on_memory semantics for dax/kmem", v10.
      
      The dax/kmem driver can potentially hot-add large amounts of memory
      originating from CXL memory expanders, or NVDIMMs, or other 'device
      memories'.  There is a chance there isn't enough regular system memory
      available to fit the memmap for this new memory.  It's therefore
      desirable, if all other conditions are met, for the kmem managed memory to
      place its memmap on the newly added memory itself.
      
      The main hurdle for accomplishing this for kmem is that memmap_on_memory
      can only be done if the memory being added is equal to the size of one
      memblock.  To overcome this, allow the hotplug code to split an
      add_memory() request into memblock-sized chunks, and try_remove_memory()
      to also expect and handle such a scenario.
      
      Patch 1 replaces an open-coded kmemdup()
      
      Patch 2 teaches the memory_hotplug code to allow for splitting
      add_memory() and remove_memory() requests over memblock sized chunks.
      
      Patch 3 allows the dax region drivers to request memmap_on_memory
      semantics. CXL dax regions default this to 'on', all others default to
      off to keep existing behavior unchanged.
      
      
      This patch (of 3):
      
      A review of the memmap_on_memory modifications to add_memory_resource()
      revealed an instance of an open-coded kmemdup().  Replace it with
      kmemdup().
      
      Link: https://lkml.kernel.org/r/20231107-vv-kmem_memmap-v10-0-1253ec050ed0@intel.com
      Link: https://lkml.kernel.org/r/20231107-vv-kmem_memmap-v10-1-1253ec050ed0@intel.comSigned-off-by: default avatarVishal Verma <vishal.l.verma@intel.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Reviewed-by: default avatarFan Ni <fan.ni@samsung.com>
      Reported-by: default avatarDan Williams <dan.j.williams@intel.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Dave Jiang <dave.jiang@intel.com>
      Cc: "Huang, Ying" <ying.huang@intel.com>
      Cc: Jeff Moyer <jmoyer@redhat.com>
      Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      82b8a3b4
    • Liam Ni's avatar
      NUMA: optimize detection of memory with no node id assigned by firmware · ff6c3d81
      Liam Ni authored
      Sanity check that makes sure the nodes cover all memory loops over
      numa_meminfo to count the pages that have node id assigned by the
      firmware, then loops again over memblock.memory to find the total amount
      of memory and in the end checks that the difference between the total
      memory and memory that covered by nodes is less than some threshold. 
      Worse, the loop over numa_meminfo calls __absent_pages_in_range() that
      also partially traverses memblock.memory.
      
      It's much simpler and more efficient to have a single traversal of
      memblock.memory that verifies that amount of memory not covered by nodes
      is less than a threshold.
      
      Introduce memblock_validate_numa_coverage() that does exactly that and use
      it instead of numa_meminfo_cover_memory().
      
      Link: https://lkml.kernel.org/r/20231026020329.327329-1-zhiguangni01@gmail.comSigned-off-by: default avatarLiam Ni <zhiguangni01@gmail.com>
      Reviewed-by: default avatarMike Rapoport (IBM) <rppt@kernel.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Bibo Mao <maobibo@loongson.cn>
      Cc: Binbin Zhou <zhoubinbin@loongson.cn>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Feiyang Chen <chenfeiyang@loongson.cn>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Huacai Chen <chenhuacai@kernel.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: WANG Xuerui <kernel@xen0n.name>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      ff6c3d81
    • Baolin Wang's avatar
      mm: huge_memory: batch tlb flush when splitting a pte-mapped THP · 3027c6f8
      Baolin Wang authored
      I can observe an obvious tlb flush hotspot when splitting a pte-mapped THP
      on my ARM64 server, and the distribution of this hotspot is as follows:
      
         - 16.85% split_huge_page_to_list
            + 7.80% down_write
            - 7.49% try_to_migrate
               - 7.48% rmap_walk_anon
                    7.23% ptep_clear_flush
            + 1.52% __split_huge_page
      
      The reason is that the split_huge_page_to_list() will build migration
      entries for each subpage of a pte-mapped Anon THP by try_to_migrate(), or
      unmap for file THP, and it will clear and tlb flush for each subpage's
      pte.  Moreover, the split_huge_page_to_list() will set TTU_SPLIT_HUGE_PMD
      flag to ensure the THP is already a pte-mapped THP before splitting it to
      some normal pages.
      
      Actually, there is no need to flush tlb for each subpage immediately,
      instead we can batch tlb flush for the pte-mapped THP to improve the
      performance.
      
      After this patch, we can see the batch tlb flush can improve the latency
      obviously when running thpscale.
      
                                   k6.5-base                   patched
      Amean     fault-both-1      1071.17 (   0.00%)      901.83 *  15.81%*
      Amean     fault-both-3      2386.08 (   0.00%)     1865.32 *  21.82%*
      Amean     fault-both-5      2851.10 (   0.00%)     2273.84 *  20.25%*
      Amean     fault-both-7      3679.91 (   0.00%)     2881.66 *  21.69%*
      Amean     fault-both-12     5916.66 (   0.00%)     4369.55 *  26.15%*
      Amean     fault-both-18     7981.36 (   0.00%)     6303.57 *  21.02%*
      Amean     fault-both-24    10950.79 (   0.00%)     8752.56 *  20.07%*
      Amean     fault-both-30    14077.35 (   0.00%)    10170.01 *  27.76%*
      Amean     fault-both-32    13061.57 (   0.00%)    11630.08 *  10.96%*
      
      Link: https://lkml.kernel.org/r/431d9fb6823036369dcb1d3b2f63732f01df21a7.1698488264.git.baolin.wang@linux.alibaba.comSigned-off-by: default avatarBaolin Wang <baolin.wang@linux.alibaba.com>
      Reviewed-by: default avatar"Huang, Ying" <ying.huang@intel.com>
      Reviewed-by: default avatarYang Shi <shy828301@gmail.com>
      Reviewed-by: default avatarAlistair Popple <apopple@nvidia.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      3027c6f8
    • Peng Zhang's avatar
      fork: use __mt_dup() to duplicate maple tree in dup_mmap() · d2406291
      Peng Zhang authored
      In dup_mmap(), using __mt_dup() to duplicate the old maple tree and then
      directly replacing the entries of VMAs in the new maple tree can result in
      better performance.  __mt_dup() uses DFS pre-order to duplicate the maple
      tree, so it is efficient.
      
      The average time complexity of __mt_dup() is O(n), where n is the number
      of VMAs.  The proof of the time complexity is provided in the commit log
      that introduces __mt_dup().  After duplicating the maple tree, each
      element is traversed and replaced (ignoring the cases of deletion, which
      are rare).  Since it is only a replacement operation for each element,
      this process is also O(n).
      
      Analyzing the exact time complexity of the previous algorithm is
      challenging because each insertion can involve appending to a node,
      pushing data to adjacent nodes, or even splitting nodes.  The frequency of
      each action is difficult to calculate.  The worst-case scenario for a
      single insertion is when the tree undergoes splitting at every level.  If
      we consider each insertion as the worst-case scenario, we can determine
      that the upper bound of the time complexity is O(n*log(n)), although this
      is a loose upper bound.  However, based on the test data, it appears that
      the actual time complexity is likely to be O(n).
      
      As the entire maple tree is duplicated using __mt_dup(), if dup_mmap()
      fails, there will be a portion of VMAs that have not been duplicated in
      the maple tree.  To handle this, we mark the failure point with
      XA_ZERO_ENTRY.  In exit_mmap(), if this marker is encountered, stop
      releasing VMAs that have not been duplicated after this point.
      
      There is a "spawn" in byte-unixbench[1], which can be used to test the
      performance of fork().  I modified it slightly to make it work with
      different number of VMAs.
      
      Below are the test results.  The first row shows the number of VMAs.  The
      second and third rows show the number of fork() calls per ten seconds,
      corresponding to next-20231006 and the this patchset, respectively.  The
      test results were obtained with CPU binding to avoid scheduler load
      balancing that could cause unstable results.  There are still some
      fluctuations in the test results, but at least they are better than the
      original performance.
      
      21     121   221    421    821    1621   3221   6421   12821  25621  51221
      112100 76261 54227  34035  20195  11112  6017   3161   1606   802    393
      114558 83067 65008  45824  28751  16072  8922   4747   2436   1233   599
      2.19%  8.92% 19.88% 34.64% 42.37% 44.64% 48.28% 50.17% 51.68% 53.74% 52.42%
      
      [1] https://github.com/kdlucas/byte-unixbench/tree/master
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-11-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Suggested-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      d2406291
    • Peng Zhang's avatar
      maple_tree: preserve the tree attributes when destroying maple tree · 8e50d32c
      Peng Zhang authored
      When destroying maple tree, preserve its attributes and then turn it into
      an empty tree.  This allows it to be reused without needing to be
      reinitialized.
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-10-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      8e50d32c
    • Peng Zhang's avatar
      maple_tree: update check_forking() and bench_forking() · 446e1867
      Peng Zhang authored
      Updated check_forking() and bench_forking() to use __mt_dup() to duplicate
      maple tree.
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-9-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      446e1867
    • Peng Zhang's avatar
      maple_tree: skip other tests when BENCH is enabled · f670fa1c
      Peng Zhang authored
      Skip other tests when BENCH is enabled so that performance can be measured
      in user space.
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-8-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      f670fa1c
    • Peng Zhang's avatar
      maple_tree: update the documentation of maple tree · 9bc1d3cd
      Peng Zhang authored
      Introduce the new interface mtree_dup() in the documentation.
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-7-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      9bc1d3cd
    • Peng Zhang's avatar
      maple_tree: add test for mtree_dup() · a2587a7e
      Peng Zhang authored
      Add test for mtree_dup().
      
      Test by duplicating different maple trees and then comparing the two
      trees.  Includes tests for duplicating full trees and memory allocation
      failures on different nodes.
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-6-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      a2587a7e
    • Peng Zhang's avatar
      radix tree test suite: align kmem_cache_alloc_bulk() with kernel behavior. · 46c99e26
      Peng Zhang authored
      When kmem_cache_alloc_bulk() fails to allocate, leave the freed pointers
      in the array.  This enables a more accurate simulation of the kernel's
      behavior and allows for testing potential double-free scenarios.
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-5-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      46c99e26
    • Peng Zhang's avatar
      maple_tree: introduce interfaces __mt_dup() and mtree_dup() · fd32e4e9
      Peng Zhang authored
      Introduce interfaces __mt_dup() and mtree_dup(), which are used to
      duplicate a maple tree.  They duplicate a maple tree in Depth-First Search
      (DFS) pre-order traversal.  It uses memcopy() to copy nodes in the source
      tree and allocate new child nodes in non-leaf nodes.  The new node is
      exactly the same as the source node except for all the addresses stored in
      it.  It will be faster than traversing all elements in the source tree and
      inserting them one by one into the new tree.  The time complexity of these
      two functions is O(n).
      
      The difference between __mt_dup() and mtree_dup() is that mtree_dup()
      handles locks internally.
      
      Analysis of the average time complexity of this algorithm:
      
      For simplicity, let's assume that the maximum branching factor of all
      non-leaf nodes is 16 (in allocation mode, it is 10), and the tree is a
      full tree.
      
      Under the given conditions, if there is a maple tree with n elements, the
      number of its leaves is n/16.  From bottom to top, the number of nodes in
      each level is 1/16 of the number of nodes in the level below.  So the
      total number of nodes in the entire tree is given by the sum of n/16 +
      n/16^2 + n/16^3 + ...  + 1.  This is a geometric series, and it has log(n)
      terms with base 16.  According to the formula for the sum of a geometric
      series, the sum of this series can be calculated as (n-1)/15.  Each node
      has only one parent node pointer, which can be considered as an edge.  In
      total, there are (n-1)/15-1 edges.
      
      This algorithm consists of two operations:
      
      1. Traversing all nodes in DFS order.
      2. For each node, making a copy and performing necessary modifications
         to create a new node.
      
      For the first part, DFS traversal will visit each edge twice.  Let
      T(ascend) represent the cost of taking one step downwards, and T(descend)
      represent the cost of taking one step upwards.  And both of them are
      constants (although mas_ascend() may not be, as it contains a loop, but
      here we ignore it and treat it as a constant).  So the time spent on the
      first part can be represented as ((n-1)/15-1) * (T(ascend) + T(descend)).
      
      For the second part, each node will be copied, and the cost of copying a
      node is denoted as T(copy_node).  For each non-leaf node, it is necessary
      to reallocate all child nodes, and the cost of this operation is denoted
      as T(dup_alloc).  The behavior behind memory allocation is complex and not
      specific to the maple tree operation.  Here, we assume that the time
      required for a single allocation is constant.  Since the size of a node is
      fixed, both of these symbols are also constants.  We can calculate that
      the time spent on the second part is ((n-1)/15) * T(copy_node) + ((n-1)/15
      - n/16) * T(dup_alloc).
      
      Adding both parts together, the total time spent by the algorithm can be
      represented as:
      
      ((n-1)/15) * (T(ascend) + T(descend) + T(copy_node) + T(dup_alloc)) -
      n/16 * T(dup_alloc) - (T(ascend) + T(descend))
      
      Let C1 = T(ascend) + T(descend) + T(copy_node) + T(dup_alloc)
      Let C2 = T(dup_alloc)
      Let C3 = T(ascend) + T(descend)
      
      Finally, the expression can be simplified as:
      ((16 * C1 - 15 * C2) / (15 * 16)) * n - (C1 / 15 + C3).
      
      This is a linear function, so the average time complexity is O(n).
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-4-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Suggested-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      fd32e4e9
    • Peng Zhang's avatar
      maple_tree: introduce {mtree,mas}_lock_nested() · b2472efe
      Peng Zhang authored
      In some cases, nested locks may be needed, so {mtree,mas}_lock_nested is
      introduced.  For example, when duplicating maple tree, we need to hold the
      locks of two trees, in which case nested locks are needed.
      
      At the same time, add the definition of spin_lock_nested() in tools for
      testing.
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-3-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      b2472efe
    • Peng Zhang's avatar
      maple_tree: add mt_free_one() and mt_attr() helpers · 4f2267b5
      Peng Zhang authored
      Patch series "Introduce __mt_dup() to improve the performance of fork()", v7.
      
      This series introduces __mt_dup() to improve the performance of fork(). 
      During the duplication process of mmap, all VMAs are traversed and
      inserted one by one into the new maple tree, causing the maple tree to be
      rebalanced multiple times.  Balancing the maple tree is a costly
      operation.  To duplicate VMAs more efficiently, mtree_dup() and __mt_dup()
      are introduced for the maple tree.  They can efficiently duplicate a maple
      tree.
      
      Here are some algorithmic details about {mtree,__mt}_dup().  We perform a
      DFS pre-order traversal of all nodes in the source maple tree.  During
      this process, we fully copy the nodes from the source tree to the new
      tree.  This involves memory allocation, and when encountering a new node,
      if it is a non-leaf node, all its child nodes are allocated at once.
      
      This idea was originally from Liam R.  Howlett's Maple Tree Work email,
      and I added some of my own ideas to implement it.  Some previous
      discussions can be found in [1].  For a more detailed analysis of the
      algorithm, please refer to the logs for patch [3/10] and patch [10/10].
      
      There is a "spawn" in byte-unixbench[2], which can be used to test the
      performance of fork().  I modified it slightly to make it work with
      different number of VMAs.
      
      Below are the test results.  The first row shows the number of VMAs.  The
      second and third rows show the number of fork() calls per ten seconds,
      corresponding to next-20231006 and the this patchset, respectively.  The
      test results were obtained with CPU binding to avoid scheduler load
      balancing that could cause unstable results.  There are still some
      fluctuations in the test results, but at least they are better than the
      original performance.
      
      21     121   221    421    821    1621   3221   6421   12821  25621  51221
      112100 76261 54227  34035  20195  11112  6017   3161   1606   802    393
      114558 83067 65008  45824  28751  16072  8922   4747   2436   1233   599
      2.19%  8.92% 19.88% 34.64% 42.37% 44.64% 48.28% 50.17% 51.68% 53.74% 52.42%
      
      Thanks to Liam and Matthew for the review.
      
      
      This patch (of 10):
      
      Add two helpers:
      1. mt_free_one(), used to free a maple node.
      2. mt_attr(), used to obtain the attributes of maple tree.
      
      Link: https://lkml.kernel.org/r/20231027033845.90608-1-zhangpeng.00@bytedance.com
      Link: https://lkml.kernel.org/r/20231027033845.90608-2-zhangpeng.00@bytedance.comSigned-off-by: default avatarPeng Zhang <zhangpeng.00@bytedance.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Cc: Christian Brauner <brauner@kernel.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Mateusz Guzik <mjguzik@gmail.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Cc: Mike Christie <michael.christie@oracle.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suren Baghdasaryan <surenb@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4f2267b5
    • Li Zhijian's avatar
      mm/vmstat: move pgdemote_* to per-node stats · 23e9f013
      Li Zhijian authored
      Demotion will migrate pages across nodes.  Previously, only the global
      demotion statistics were accounted for.  Changed them to per-node
      statistics, making it easier to observe where demotion occurs on each
      node.
      
      This will help to identify which nodes are under pressure.
      
      This patch also make pgdemote_* behind CONFIG_NUMA_BALANCING, since
      demotion is not available for !CONFIG_NUMA_BALANCING
      
      With this patch, here is a sample where node0 node1 are DRAM,
      node3 is PMEM:
      Global stats:
      $ grep demote /proc/vmstat
      pgdemote_kswapd 254288
      pgdemote_direct 113497
      pgdemote_khugepaged 0
      
      Per-node stats:
      $ grep demote /sys/devices/system/node/node0/vmstat # demotion source
      pgdemote_kswapd 68454
      pgdemote_direct 83431
      pgdemote_khugepaged 0
      $ grep demote /sys/devices/system/node/node1/vmstat # demotion source
      pgdemote_kswapd 185834
      pgdemote_direct 30066
      pgdemote_khugepaged 0
      $ grep demote /sys/devices/system/node/node3/vmstat # demotion target
      pgdemote_kswapd 0
      pgdemote_direct 0
      pgdemote_khugepaged 0
      
      Link: https://lkml.kernel.org/r/20231103031450.1456523-1-lizhijian@fujitsu.comSigned-off-by: default avatarLi Zhijian <lizhijian@fujitsu.com>
      Acked-by: default avatar"Huang, Ying" <ying.huang@intel.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: "Rafael J. Wysocki" <rafael@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      23e9f013
  2. 07 Dec, 2023 22 commits
    • Andrew Morton's avatar
      0c92218f
    • Jiexun Wang's avatar
      mm/madvise: add cond_resched() in madvise_cold_or_pageout_pte_range() · b2f557a2
      Jiexun Wang authored
      I conducted real-time testing and observed that
      madvise_cold_or_pageout_pte_range() causes significant latency under
      memory pressure, which can be effectively reduced by adding cond_resched()
      within the loop.
      
      I tested on the LicheePi 4A board using Cylictest for latency testing and
      Ftrace for latency tracing.  The board uses TH1520 processor and has a
      memory size of 8GB.  The kernel version is 6.5.0 with the PREEMPT_RT patch
      applied.
      
      The script I tested is as follows:
      
      echo wakeup_rt > /sys/kernel/tracing/current_tracer
      echo 1 > /sys/kernel/tracing/tracing_on
      echo 0 > /sys/kernel/tracing/tracing_max_latency
      stress-ng --vm 8 --vm-bytes 2G &
      cyclictest --mlockall --smp --priority=99 --distance=0 --duration=30m
      echo 0 > /sys/kernel/tracing/tracing_on
      cat /sys/kernel/tracing/trace 
      
      The tracing results before modification are as follows:
      
      # tracer: wakeup_rt
      #
      # wakeup_rt latency trace v1.1.5 on 6.5.0-rt6-r1208-00003-g999d221864bf
      # --------------------------------------------------------------------
      # latency: 2552 us, #6/6, CPU#3 | (M:preempt_rt VP:0, KP:0, SP:0 HP:0 #P:4)
      #    -----------------
      #    | task: cyclictest-196 (uid:0 nice:0 policy:1 rt_prio:99)
      #    -----------------
      #
      #                    _--------=> CPU#
      #                   / _-------=> irqs-off/BH-disabled
      #                  | / _------=> need-resched
      #                  || / _-----=> need-resched-lazy
      #                  ||| / _----=> hardirq/softirq
      #                  |||| / _---=> preempt-depth
      #                  ||||| / _--=> preempt-lazy-depth
      #                  |||||| / _-=> migrate-disable
      #                  ||||||| /     delay
      #  cmd     pid     |||||||| time  |   caller
      #     \   /        ||||||||  \    |    /
      stress-n-206       3dn.h512    2us :      206:120:R   + [003]     196:  0:R cyclictest
      stress-n-206       3dn.h512    7us : <stack trace>
       => __ftrace_trace_stack
       => __trace_stack
       => probe_wakeup
       => ttwu_do_activate
       => try_to_wake_up
       => wake_up_process
       => hrtimer_wakeup
       => __hrtimer_run_queues
       => hrtimer_interrupt
       => riscv_timer_interrupt
       => handle_percpu_devid_irq
       => generic_handle_domain_irq
       => riscv_intc_irq
       => handle_riscv_irq
       => do_irq
      stress-n-206       3dn.h512    9us#: 0
      stress-n-206       3d...3.. 2544us : __schedule
      stress-n-206       3d...3.. 2545us :      206:120:R ==> [003]     196:  0:R cyclictest
      stress-n-206       3d...3.. 2551us : <stack trace>
       => __ftrace_trace_stack
       => __trace_stack
       => probe_wakeup_sched_switch
       => __schedule
       => preempt_schedule
       => migrate_enable
       => rt_spin_unlock
       => madvise_cold_or_pageout_pte_range
       => walk_pgd_range
       => __walk_page_range
       => walk_page_range
       => madvise_pageout
       => madvise_vma_behavior
       => do_madvise
       => sys_madvise
       => do_trap_ecall_u
       => ret_from_exception
      
      The tracing results after modification are as follows:
      
      # tracer: wakeup_rt
      #
      # wakeup_rt latency trace v1.1.5 on 6.5.0-rt6-r1208-00004-gca3876fc69a6-dirty
      # --------------------------------------------------------------------
      # latency: 1689 us, #6/6, CPU#0 | (M:preempt_rt VP:0, KP:0, SP:0 HP:0 #P:4)
      #    -----------------
      #    | task: cyclictest-217 (uid:0 nice:0 policy:1 rt_prio:99)
      #    -----------------
      #
      #                    _--------=> CPU#
      #                   / _-------=> irqs-off/BH-disabled
      #                  | / _------=> need-resched
      #                  || / _-----=> need-resched-lazy
      #                  ||| / _----=> hardirq/softirq
      #                  |||| / _---=> preempt-depth
      #                  ||||| / _--=> preempt-lazy-depth
      #                  |||||| / _-=> migrate-disable
      #                  ||||||| /     delay
      #  cmd     pid     |||||||| time  |   caller
      #     \   /        ||||||||  \    |    /
      stress-n-232       0dn.h413    1us+:      232:120:R   + [000]     217:  0:R cyclictest
      stress-n-232       0dn.h413   12us : <stack trace>
       => __ftrace_trace_stack
       => __trace_stack
       => probe_wakeup
       => ttwu_do_activate
       => try_to_wake_up
       => wake_up_process
       => hrtimer_wakeup
       => __hrtimer_run_queues
       => hrtimer_interrupt
       => riscv_timer_interrupt
       => handle_percpu_devid_irq
       => generic_handle_domain_irq
       => riscv_intc_irq
       => handle_riscv_irq
       => do_irq
      stress-n-232       0dn.h413   19us#: 0
      stress-n-232       0d...3.. 1671us : __schedule
      stress-n-232       0d...3.. 1676us+:      232:120:R ==> [000]     217:  0:R cyclictest
      stress-n-232       0d...3.. 1687us : <stack trace>
       => __ftrace_trace_stack
       => __trace_stack
       => probe_wakeup_sched_switch
       => __schedule
       => preempt_schedule
       => migrate_enable
       => free_unref_page_list
       => release_pages
       => free_pages_and_swap_cache
       => tlb_batch_pages_flush
       => tlb_flush_mmu
       => unmap_page_range
       => unmap_vmas
       => unmap_region
       => do_vmi_align_munmap.constprop.0
       => do_vmi_munmap
       => __vm_munmap
       => sys_munmap
       => do_trap_ecall_u
       => ret_from_exception
      
      After the modification, the cause of maximum latency is no longer
      madvise_cold_or_pageout_pte_range(), so this modification can reduce the
      latency caused by madvise_cold_or_pageout_pte_range().
      
      
      Currently the madvise_cold_or_pageout_pte_range() function exhibits
      significant latency under memory pressure, which can be effectively
      reduced by adding cond_resched() within the loop.
      
      When the batch_count reaches SWAP_CLUSTER_MAX, we reschedule
      the task to ensure fairness and avoid long lock holding times.
      
      Link: https://lkml.kernel.org/r/85363861af65fac66c7a98c251906afc0d9c8098.1695291046.git.wangjiexun@tinylab.orgSigned-off-by: default avatarJiexun Wang <wangjiexun@tinylab.org>
      Cc: Zhangjin Wu <falcon@tinylab.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      b2f557a2
    • Ryusuke Konishi's avatar
      nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() · 675abf8d
      Ryusuke Konishi authored
      If nilfs2 reads a disk image with corrupted segment usage metadata, and
      its segment usage information is marked as an error for the segment at the
      write location, nilfs_sufile_set_segment_usage() can trigger WARN_ONs
      during log writing.
      
      Segments newly allocated for writing with nilfs_sufile_alloc() will not
      have this error flag set, but this unexpected situation will occur if the
      segment indexed by either nilfs->ns_segnum or nilfs->ns_nextnum (active
      segment) was marked in error.
      
      Fix this issue by inserting a sanity check to treat it as a file system
      corruption.
      
      Since error returns are not allowed during the execution phase where
      nilfs_sufile_set_segment_usage() is used, this inserts the sanity check
      into nilfs_sufile_mark_dirty() which pre-reads the buffer containing the
      segment usage record to be updated and sets it up in a dirty state for
      writing.
      
      In addition, nilfs_sufile_set_segment_usage() is also called when
      canceling log writing and undoing segment usage update, so in order to
      avoid issuing the same kernel warning in that case, in case of
      cancellation, avoid checking the error flag in
      nilfs_sufile_set_segment_usage().
      
      Link: https://lkml.kernel.org/r/20231205085947.4431-1-konishi.ryusuke@gmail.comSigned-off-by: default avatarRyusuke Konishi <konishi.ryusuke@gmail.com>
      Reported-by: syzbot+14e9f834f6ddecece094@syzkaller.appspotmail.com
      Closes: https://syzkaller.appspot.com/bug?extid=14e9f834f6ddecece094Tested-by: default avatarRyusuke Konishi <konishi.ryusuke@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      675abf8d
    • Sidhartha Kumar's avatar
      mm/hugetlb: have CONFIG_HUGETLB_PAGE select CONFIG_XARRAY_MULTI · 4a3ef6be
      Sidhartha Kumar authored
      After commit a08c7193 "mm/filemap: remove hugetlb special casing in
      filemap.c", hugetlb pages are stored in the page cache in base page sized
      indexes.  This leads to multi index stores in the xarray which is only
      supporting through CONFIG_XARRAY_MULTI.  The other page cache user of
      multi index stores ,THP, selects XARRAY_MULTI.  Have CONFIG_HUGETLB_PAGE
      follow this behavior as well to avoid the BUG() with a CONFIG_HUGETLB_PAGE
      && !CONFIG_XARRAY_MULTI config.
      
      Link: https://lkml.kernel.org/r/20231204183234.348697-1-sidhartha.kumar@oracle.com
      Fixes: a08c7193 ("mm/filemap: remove hugetlb special casing in filemap.c")
      Signed-off-by: default avatarSidhartha Kumar <sidhartha.kumar@oracle.com>
      Reported-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Cc: Mike Kravetz <mike.kravetz@oracle.com>
      Cc: Muchun Song <muchun.song@linux.dev>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4a3ef6be
    • Florian Fainelli's avatar
      scripts/gdb: fix lx-device-list-bus and lx-device-list-class · 801a2b1b
      Florian Fainelli authored
      After the conversion to bus_to_subsys() and class_to_subsys(), the gdb
      scripts listing the system buses and classes respectively was broken, fix
      those by returning the subsys_priv pointer and have the various caller
      de-reference either the 'bus' or 'class' structure members accordingly.
      
      Link: https://lkml.kernel.org/r/20231130043317.174188-1-florian.fainelli@broadcom.com
      Fixes: 7b884b7f ("driver core: class.c: convert to only use class_to_subsys")
      Signed-off-by: default avatarFlorian Fainelli <florian.fainelli@broadcom.com>
      Tested-by: default avatarKuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Jan Kiszka <jan.kiszka@siemens.com>
      Cc: Kieran Bingham <kbingham@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      801a2b1b
    • Bagas Sanjaya's avatar
      MAINTAINERS: drop Antti Palosaari · bc220fe7
      Bagas Sanjaya authored
      He is currently inactive (last message from him is two years ago [1]). 
      His media tree [2] is also dormant (latest activity is 6 years ago), yet
      his site is still online [3].
      
      Drop him from MAINTAINERS and add CREDITS entry for him. We thank him
      for maintaining various DVB drivers.
      
      [1]: https://lore.kernel.org/all/660772b3-0597-02db-ed94-c6a9be04e8e8@iki.fi/
      [2]: https://git.linuxtv.org/anttip/media_tree.git/
      [3]: https://palosaari.fi/linux/
      
      Link: https://lkml.kernel.org/r/20231130083848.5396-1-bagasdotme@gmail.comSigned-off-by: default avatarBagas Sanjaya <bagasdotme@gmail.com>
      Acked-by: default avatarAntti Palosaari <crope@iki.fi>
      Cc: Hans Verkuil <hverkuil-cisco@xs4all.nl>
      Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
      Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
      Cc: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      bc220fe7
    • Su Hui's avatar
      highmem: fix a memory copy problem in memcpy_from_folio · 73424d00
      Su Hui authored
      Clang static checker complains that value stored to 'from' is never read. 
      And memcpy_from_folio() only copy the last chunk memory from folio to
      destination.  Use 'to += chunk' to replace 'from += chunk' to fix this
      typo problem.
      
      Link: https://lkml.kernel.org/r/20231130034017.1210429-1-suhui@nfschina.com
      Fixes: b23d03ef ("highmem: add memcpy_to_folio() and memcpy_from_folio()")
      Signed-off-by: default avatarSu Hui <suhui@nfschina.com>
      Reviewed-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Cc: Ira Weiny <ira.weiny@intel.com>
      Cc: Jiaqi Yan <jiaqiyan@google.com>
      Cc: Nathan Chancellor <nathan@kernel.org>
      Cc: Nick Desaulniers <ndesaulniers@google.com>
      Cc: Peter Collingbourne <pcc@google.com>
      Cc: Tom Rix <trix@redhat.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      73424d00
    • Ryusuke Konishi's avatar
      nilfs2: fix missing error check for sb_set_blocksize call · d61d0ab5
      Ryusuke Konishi authored
      When mounting a filesystem image with a block size larger than the page
      size, nilfs2 repeatedly outputs long error messages with stack traces to
      the kernel log, such as the following:
      
       getblk(): invalid block size 8192 requested
       logical block size: 512
       ...
       Call Trace:
        dump_stack_lvl+0x92/0xd4
        dump_stack+0xd/0x10
        bdev_getblk+0x33a/0x354
        __breadahead+0x11/0x80
        nilfs_search_super_root+0xe2/0x704 [nilfs2]
        load_nilfs+0x72/0x504 [nilfs2]
        nilfs_mount+0x30f/0x518 [nilfs2]
        legacy_get_tree+0x1b/0x40
        vfs_get_tree+0x18/0xc4
        path_mount+0x786/0xa88
        __ia32_sys_mount+0x147/0x1a8
        __do_fast_syscall_32+0x56/0xc8
        do_fast_syscall_32+0x29/0x58
        do_SYSENTER_32+0x15/0x18
        entry_SYSENTER_32+0x98/0xf1
       ...
      
      This overloads the system logger.  And to make matters worse, it sometimes
      crashes the kernel with a memory access violation.
      
      This is because the return value of the sb_set_blocksize() call, which
      should be checked for errors, is not checked.
      
      The latter issue is due to out-of-buffer memory being accessed based on a
      large block size that caused sb_set_blocksize() to fail for buffers read
      with the initial minimum block size that remained unupdated in the
      super_block structure.
      
      Since nilfs2 mkfs tool does not accept block sizes larger than the system
      page size, this has been overlooked.  However, it is possible to create
      this situation by intentionally modifying the tool or by passing a
      filesystem image created on a system with a large page size to a system
      with a smaller page size and mounting it.
      
      Fix this issue by inserting the expected error handling for the call to
      sb_set_blocksize().
      
      Link: https://lkml.kernel.org/r/20231129141547.4726-1-konishi.ryusuke@gmail.comSigned-off-by: default avatarRyusuke Konishi <konishi.ryusuke@gmail.com>
      Tested-by: default avatarRyusuke Konishi <konishi.ryusuke@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      d61d0ab5
    • Baoquan He's avatar
      kernel/Kconfig.kexec: drop select of KEXEC for CRASH_DUMP · dccf78d3
      Baoquan He authored
      Ignat Korchagin complained that a potential config regression was
      introduced by commit 89cde455 ("kexec: consolidate kexec and crash
      options into kernel/Kconfig.kexec").  Before the commit, CONFIG_CRASH_DUMP
      has no dependency on CONFIG_KEXEC.  After the commit, CRASH_DUMP selects
      KEXEC.  That enforces system to have CONFIG_KEXEC=y as long as
      CONFIG_CRASH_DUMP=Y which people may not want.
      
      In Ignat's case, he sets CONFIG_CRASH_DUMP=y, CONFIG_KEXEC_FILE=y and
      CONFIG_KEXEC=n because kexec_load interface could have security issue if
      kernel/initrd has no chance to be signed and verified.
      
      CRASH_DUMP has select of KEXEC because Eric, author of above commit, met a
      LKP report of build failure when posting patch of earlier version.  Please
      see below link to get detail of the LKP report:
      
          https://lore.kernel.org/all/3e8eecd1-a277-2cfb-690e-5de2eb7b988e@oracle.com/T/#u
      
      In fact, that LKP report is triggered because arm's <asm/kexec.h> is
      wrapped in CONFIG_KEXEC ifdeffery scope.  That is wrong.  CONFIG_KEXEC
      controls the enabling/disabling of kexec_load interface, but not kexec
      feature.  Removing the wrongly added CONFIG_KEXEC ifdeffery scope in
      <asm/kexec.h> of arm allows us to drop the select KEXEC for CRASH_DUMP. 
      Meanwhile, change arch/arm/kernel/Makefile to let machine_kexec.o
      relocate_kernel.o depend on KEXEC_CORE.
      
      Link: https://lkml.kernel.org/r/20231128054457.659452-1-bhe@redhat.com
      Fixes: 89cde455 ("kexec: consolidate kexec and crash options into kernel/Kconfig.kexec")
      Signed-off-by: default avatarBaoquan He <bhe@redhat.com>
      Reported-by: default avatarIgnat Korchagin <ignat@cloudflare.com>
      Tested-by: Ignat Korchagin <ignat@cloudflare.com>	[compile-time only]
      Tested-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
      Reviewed-by: default avatarEric DeVolder <eric_devolder@yahoo.com>
      Tested-by: default avatarEric DeVolder <eric_devolder@yahoo.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      dccf78d3
    • Andy Shevchenko's avatar
      units: add missing header · 8e92157d
      Andy Shevchenko authored
      BITS_PER_BYTE is defined in bits.h.
      
      Link: https://lkml.kernel.org/r/20231128174404.393393-1-andriy.shevchenko@linux.intel.com
      Fixes: e8eed5f7 ("units: Add BYTES_PER_*BIT")
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Reviewed-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Cc: Damian Muszynski <damian.muszynski@intel.com>
      Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      8e92157d
    • Baoquan He's avatar
      drivers/base/cpu: crash data showing should depends on KEXEC_CORE · 4e9e2e4c
      Baoquan He authored
      After commit 88a6f899 ("crash: memory and CPU hotplug sysfs
      attributes"), on x86_64, if only below kernel configs related to kdump are
      set, compiling error are triggered.
      
      ----
      CONFIG_CRASH_CORE=y
      CONFIG_KEXEC_CORE=y
      CONFIG_CRASH_DUMP=y
      CONFIG_CRASH_HOTPLUG=y
      ------
      
      ------------------------------------------------------
      drivers/base/cpu.c: In function `crash_hotplug_show':
      drivers/base/cpu.c:309:40: error: implicit declaration of function `crash_hotplug_cpu_support'; did you mean `crash_hotplug_show'? [-Werror=implicit-function-declaration]
        309 |         return sysfs_emit(buf, "%d\n", crash_hotplug_cpu_support());
            |                                        ^~~~~~~~~~~~~~~~~~~~~~~~~
            |                                        crash_hotplug_show
      cc1: some warnings being treated as errors
      ------------------------------------------------------
      
      CONFIG_KEXEC is used to enable kexec_load interface, the
      crash_notes/crash_notes_size/crash_hotplug showing depends on
      CONFIG_KEXEC is incorrect. It should depend on KEXEC_CORE instead.
      
      Fix it now.
      
      Link: https://lkml.kernel.org/r/20231128055248.659808-1-bhe@redhat.com
      Fixes: 88a6f899 ("crash: memory and CPU hotplug sysfs attributes")
      Signed-off-by: default avatarBaoquan He <bhe@redhat.com>
      Tested-by: Ignat Korchagin <ignat@cloudflare.com>	[compile-time only]
      Tested-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
      Reviewed-by: default avatarEric DeVolder <eric_devolder@yahoo.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      4e9e2e4c
    • SeongJae Park's avatar
      mm/damon/sysfs-schemes: add timeout for update_schemes_tried_regions · 7d6fa31a
      SeongJae Park authored
      If a scheme is set to not applied to any monitoring target region for any
      reasons including the target access pattern, quota, filters, or
      watermarks, writing 'update_schemes_tried_regions' to 'state' DAMON sysfs
      file can indefinitely hang.  Fix the case by implementing a timeout for
      the operation.  The time limit is two apply intervals of each scheme.
      
      Link: https://lkml.kernel.org/r/20231124213840.39157-1-sj@kernel.org
      Fixes: 4d4e41b6 ("mm/damon/sysfs-schemes: do not update tried regions more than one DAMON snapshot")
      Signed-off-by: default avatarSeongJae Park <sj@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      7d6fa31a
    • Kuan-Ying Lee's avatar
      scripts/gdb/tasks: fix lx-ps command error · 854f2764
      Kuan-Ying Lee authored
      Since commit 8e1f3851 ("kill task_struct->thread_group") remove
      the thread_group, we will encounter below issue.
      
      (gdb) lx-ps
            TASK          PID    COMM
      0xffff800086503340   0   swapper/0
      Python Exception <class 'gdb.error'>: There is no member named thread_group.
      Error occurred in Python: There is no member named thread_group.
      
      We use signal->thread_head to iterate all threads instead.
      
      [Kuan-Ying.Lee@mediatek.com: v2]
        Link: https://lkml.kernel.org/r/20231129065142.13375-2-Kuan-Ying.Lee@mediatek.com
      Link: https://lkml.kernel.org/r/20231127070404.4192-2-Kuan-Ying.Lee@mediatek.com
      Fixes: 8e1f3851 ("kill task_struct->thread_group")
      Signed-off-by: default avatarKuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
      Acked-by: default avatarOleg Nesterov <oleg@redhat.com>
      Tested-by: default avatarFlorian Fainelli <florian.fainelli@broadcom.com>
      Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
      Cc: Chinwen Chang <chinwen.chang@mediatek.com>
      Cc: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
      Cc: Matthias Brugger <matthias.bgg@gmail.com>
      Cc: Qun-Wei Lin <qun-wei.lin@mediatek.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      854f2764
    • Peter Xu's avatar
      mm/Kconfig: make userfaultfd a menuconfig · 97219cc3
      Peter Xu authored
      PTE_MARKER_UFFD_WP is a subconfig for userfaultfd.  To make it clear,
      switch to use menuconfig for userfaultfd.
      
      Link: https://lkml.kernel.org/r/20231123224204.1060152-1-peterx@redhat.comSigned-off-by: default avatarPeter Xu <peterx@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Axel Rasmussen <axelrasmussen@google.com>
      Cc: Mike Rapoport (IBM) <rppt@kernel.org>
      Cc: Peter Xu <peterx@redhat.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      97219cc3
    • Nico Pache's avatar
      selftests/mm: prevent duplicate runs caused by TEST_GEN_PROGS · f39fb633
      Nico Pache authored
      Commit 05f1edac ("selftests/mm: run all tests from run_vmtests.sh")
      fixed the inconsistency caused by tests being defined as TEST_GEN_PROGS. 
      This issue was leading to tests not being executed via run_vmtests.sh and
      furthermore some tests running twice due to the kselftests wrapper also
      executing them.
      
      Fix the definition of two tests (soft-dirty and pagemap_ioctl) that are
      still incorrectly defined.
      
      Link: https://lkml.kernel.org/r/20231120222908.28559-1-npache@redhat.comSigned-off-by: default avatarNico Pache <npache@redhat.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Cc: Joel Savitz <jsavitz@redhat.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      f39fb633
    • SeongJae Park's avatar
      mm/damon/core: copy nr_accesses when splitting region · 1f3730fd
      SeongJae Park authored
      Regions split function ('damon_split_region_at()') is called at the
      beginning of an aggregation interval, and when DAMOS applying the actions
      and charging quota.  Because 'nr_accesses' fields of all regions are reset
      at the beginning of each aggregation interval, and DAMOS was applying the
      action at the end of each aggregation interval, there was no need to copy
      the 'nr_accesses' field to the split-out region.
      
      However, commit 42f994b7 ("mm/damon/core: implement scheme-specific
      apply interval") made DAMOS applies action on its own timing interval. 
      Hence, 'nr_accesses' should also copied to split-out regions, but the
      commit didn't.  Fix it by copying it.
      
      Link: https://lkml.kernel.org/r/20231119171529.66863-1-sj@kernel.org
      Fixes: 42f994b7 ("mm/damon/core: implement scheme-specific apply interval")
      Signed-off-by: default avatarSeongJae Park <sj@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      1f3730fd
    • Ming Lei's avatar
      lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly · 0263f92f
      Ming Lei authored
      group_cpus_evenly() could be part of storage driver's error handler, such
      as nvme driver, when may happen during CPU hotplug, in which storage queue
      has to drain its pending IOs because all CPUs associated with the queue
      are offline and the queue is becoming inactive.  And handling IO needs
      error handler to provide forward progress.
      
      Then deadlock is caused:
      
      1) inside CPU hotplug handler, CPU hotplug lock is held, and blk-mq's
         handler is waiting for inflight IO
      
      2) error handler is waiting for CPU hotplug lock
      
      3) inflight IO can't be completed in blk-mq's CPU hotplug handler
         because error handling can't provide forward progress.
      
      Solve the deadlock by not holding CPU hotplug lock in group_cpus_evenly(),
      in which two stage spreads are taken: 1) the 1st stage is over all present
      CPUs; 2) the end stage is over all other CPUs.
      
      Turns out the two stage spread just needs consistent 'cpu_present_mask',
      and remove the CPU hotplug lock by storing it into one local cache.  This
      way doesn't change correctness, because all CPUs are still covered.
      
      Link: https://lkml.kernel.org/r/20231120083559.285174-1-ming.lei@redhat.comSigned-off-by: default avatarMing Lei <ming.lei@redhat.com>
      Reported-by: default avatarYi Zhang <yi.zhang@redhat.com>
      Reported-by: default avatarGuangwu Zhang <guazhang@redhat.com>
      Tested-by: default avatarGuangwu Zhang <guazhang@redhat.com>
      Reviewed-by: default avatarChengming Zhou <zhouchengming@bytedance.com>
      Reviewed-by: default avatarJens Axboe <axboe@kernel.dk>
      Cc: Keith Busch <kbusch@kernel.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      0263f92f
    • Heiko Carstens's avatar
      checkstack: fix printed address · ee34db3f
      Heiko Carstens authored
      All addresses printed by checkstack have an extra incorrect 0 appended at
      the end.
      
      This was introduced with commit 677f1410 ("scripts/checkstack.pl: don't
      display $dre as different entity"): since then the address is taken from
      the line which contains the function name, instead of the line which
      contains stack consumption. E.g. on s390:
      
      0000000000100a30 <do_one_initcall>:
      ...
        100a44:       e3 f0 ff 70 ff 71       lay     %r15,-144(%r15)
      
      So the used regex which matches spaces and hexadecimal numbers to extract
      an address now matches a different substring. Subsequently replacing spaces
      with 0 appends a zero at the and, instead of replacing leading spaces.
      
      Fix this by using the proper regex, and simplify the code a bit.
      
      Link: https://lkml.kernel.org/r/20231120183719.2188479-2-hca@linux.ibm.com
      Fixes: 677f1410 ("scripts/checkstack.pl: don't display $dre as different entity")
      Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
      Cc: Maninder Singh <maninder1.s@samsung.com>
      Cc: Masahiro Yamada <masahiroy@kernel.org>
      Cc: Vaneet Narang <v.narang@samsung.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      ee34db3f
    • Sumanth Korikkar's avatar
      mm/memory_hotplug: fix error handling in add_memory_resource() · f42ce5f0
      Sumanth Korikkar authored
      In add_memory_resource(), creation of memory block devices occurs after
      successful call to arch_add_memory().  However, creation of memory block
      devices could fail.  In that case, arch_remove_memory() is called to
      perform necessary cleanup.
      
      Currently with or without altmap support, arch_remove_memory() is always
      passed with altmap set to NULL during error handling.  This leads to
      freeing of struct pages using free_pages(), eventhough the allocation
      might have been performed with altmap support via
      altmap_alloc_block_buf().
      
      Fix the error handling by passing altmap in arch_remove_memory(). This
      ensures the following:
      * When altmap is disabled, deallocation of the struct pages array occurs
        via free_pages().
      * When altmap is enabled, deallocation occurs via vmem_altmap_free().
      
      Link: https://lkml.kernel.org/r/20231120145354.308999-3-sumanthk@linux.ibm.com
      Fixes: a08a2ae3 ("mm,memory_hotplug: allocate memmap from the added memory range")
      Signed-off-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
      Reviewed-by: default avatarGerald Schaefer <gerald.schaefer@linux.ibm.com>
      Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
      Cc: Alexander Gordeev <agordeev@linux.ibm.com>
      Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Cc: Anshuman Khandual <anshuman.khandual@arm.com>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: kernel test robot <lkp@intel.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Cc: <stable@vger.kernel.org>	[5.15+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      f42ce5f0
    • Sumanth Korikkar's avatar
      mm/memory_hotplug: add missing mem_hotplug_lock · 001002e7
      Sumanth Korikkar authored
      From Documentation/core-api/memory-hotplug.rst:
      When adding/removing/onlining/offlining memory or adding/removing
      heterogeneous/device memory, we should always hold the mem_hotplug_lock
      in write mode to serialise memory hotplug (e.g. access to global/zone
      variables).
      
      mhp_(de)init_memmap_on_memory() functions can change zone stats and
      struct page content, but they are currently called w/o the
      mem_hotplug_lock.
      
      When memory block is being offlined and when kmemleak goes through each
      populated zone, the following theoretical race conditions could occur:
      CPU 0:					     | CPU 1:
      memory_offline()			     |
      -> offline_pages()			     |
      	-> mem_hotplug_begin()		     |
      	   ...				     |
      	-> mem_hotplug_done()		     |
      					     | kmemleak_scan()
      					     | -> get_online_mems()
      					     |    ...
      -> mhp_deinit_memmap_on_memory()	     |
        [not protected by mem_hotplug_begin/done()]|
        Marks memory section as offline,	     |   Retrieves zone_start_pfn
        poisons vmemmap struct pages and updates   |   and struct page members.
        the zone related data			     |
         					     |    ...
         					     | -> put_online_mems()
      
      Fix this by ensuring mem_hotplug_lock is taken before performing
      mhp_init_memmap_on_memory().  Also ensure that
      mhp_deinit_memmap_on_memory() holds the lock.
      
      online/offline_pages() are currently only called from
      memory_block_online/offline(), so it is safe to move the locking there.
      
      Link: https://lkml.kernel.org/r/20231120145354.308999-2-sumanthk@linux.ibm.com
      Fixes: a08a2ae3 ("mm,memory_hotplug: allocate memmap from the added memory range")
      Signed-off-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
      Reviewed-by: default avatarGerald Schaefer <gerald.schaefer@linux.ibm.com>
      Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
      Cc: Alexander Gordeev <agordeev@linux.ibm.com>
      Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
      Cc: Anshuman Khandual <anshuman.khandual@arm.com>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Oscar Salvador <osalvador@suse.de>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Cc: kernel test robot <lkp@intel.com>
      Cc: <stable@vger.kernel.org>	[5.15+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      001002e7
    • Chester Lin's avatar
      .mailmap: add a new address mapping for Chester Lin · c540b038
      Chester Lin authored
      My company email address is going to be disabled so let's create a mapping
      that links to my private/community email just in case people might still
      try to reach me via the old one.
      
      Link: https://lkml.kernel.org/r/20231117022807.29461-1-clin@suse.comSigned-off-by: default avatarChester Lin <clin@suse.com>
      Cc: Chester Lin <chester62515@gmail.com>
      Cc: Bjorn Andersson <quic_bjorande@quicinc.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Heiko Stuebner <heiko@sntech.de>
      Cc: Jakub Kicinski <kuba@kernel.org>
      Cc: Konrad Dybcio <konrad.dybcio@linaro.org>
      Cc: Oleksij Rempel <o.rempel@pengutronix.de>
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Cc: Conor Dooley <conor.dooley@microchip.com>
      Cc: Matthias Brugger <mbrugger@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      c540b038
    • Hugh Dickins's avatar
      mm: fix oops when filemap_map_pmd() without prealloc_pte · 9aa1345d
      Hugh Dickins authored
      syzbot reports oops in lockdep's __lock_acquire(), called from
      __pte_offset_map_lock() called from filemap_map_pages(); or when I run the
      repro, the oops comes in pmd_install(), called from filemap_map_pmd()
      called from filemap_map_pages(), just before the __pte_offset_map_lock().
      
      The problem is that filemap_map_pmd() has been assuming that when it finds
      pmd_none(), a page table has already been prepared in prealloc_pte; and
      indeed do_fault_around() has been careful to preallocate one there, when
      it finds pmd_none(): but what if *pmd became none in between?
      
      My 6.6 mods in mm/khugepaged.c, avoiding mmap_lock for write, have made it
      easy for *pmd to be cleared while servicing a page fault; but even before
      those, a huge *pmd might be zapped while a fault is serviced.
      
      The difference in symptomatic stack traces comes from the "memory model"
      in use: pmd_install() uses pmd_populate() uses page_to_pfn(): in some
      models that is strict, and will oops on the NULL prealloc_pte; in other
      models, it will construct a bogus value to be populated into *pmd, then
      __pte_offset_map_lock() oops when trying to access split ptlock pointer
      (or some other symptom in normal case of ptlock embedded not pointer).
      
      Link: https://lore.kernel.org/linux-mm/20231115065506.19780-1-jose.pekkarinen@foxhound.fi/
      Link: https://lkml.kernel.org/r/6ed0c50c-78ef-0719-b3c5-60c0c010431c@google.com
      Fixes: f9ce0be7 ("mm: Cleanup faultaround and finish_fault() codepaths")
      Signed-off-by: default avatarHugh Dickins <hughd@google.com>
      Reported-and-tested-by: syzbot+89edd67979b52675ddec@syzkaller.appspotmail.com
      Closes: https://lore.kernel.org/linux-mm/0000000000005e44550608a0806c@google.com/Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Cc: Jann Horn <jannh@google.com>,
      Cc: José Pekkarinen <jose.pekkarinen@foxhound.fi>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
      Cc: <stable@vger.kernel.org>    [5.12+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      9aa1345d