2020-03-04 06:29:16

by Andrew Morton

[permalink] [raw]
Subject: mmotm 2020-03-03-22-28 uploaded

The mm-of-the-moment snapshot 2020-03-03-22-28 has been uploaded to

http://www.ozlabs.org/~akpm/mmotm/

mmotm-readme.txt says

README for mm-of-the-moment:

http://www.ozlabs.org/~akpm/mmotm/

This is a snapshot of my -mm patch queue. Uploaded at random hopefully
more than once a week.

You will need quilt to apply these patches to the latest Linus release (5.x
or 5.x-rcY). The series file is in broken-out.tar.gz and is duplicated in
http://ozlabs.org/~akpm/mmotm/series

The file broken-out.tar.gz contains two datestamp files: .DATE and
.DATE-yyyy-mm-dd-hh-mm-ss. Both contain the string yyyy-mm-dd-hh-mm-ss,
followed by the base kernel version against which this patch series is to
be applied.

This tree is partially included in linux-next. To see which patches are
included in linux-next, consult the `series' file. Only the patches
within the #NEXT_PATCHES_START/#NEXT_PATCHES_END markers are included in
linux-next.


A full copy of the full kernel tree with the linux-next and mmotm patches
already applied is available through git within an hour of the mmotm
release. Individual mmotm releases are tagged. The master branch always
points to the latest release, so it's constantly rebasing.

https://github.com/hnaz/linux-mm

The directory http://www.ozlabs.org/~akpm/mmots/ (mm-of-the-second)
contains daily snapshots of the -mm tree. It is updated more frequently
than mmotm, and is untested.

A git copy of this tree is also available at

https://github.com/hnaz/linux-mm



This mmotm tree contains the following patches against 5.6-rc4:
(patches marked "*" will be included in linux-next)

* mm-numa-fix-bad-pmd-by-atomically-check-for-pmd_trans_huge-when-marking-page-tables-prot_numa.patch
* mm-numa-fix-bad-pmd-by-atomically-check-for-pmd_trans_huge-when-marking-page-tables-prot_numa-fix.patch
* mm-fix-possible-pmd-dirty-bit-lost-in-set_pmd_migration_entry.patch
* mm-avoid-data-corruption-on-cow-fault-into-pfn-mapped-vma.patch
* mm-hugetlb-fix-a-addressing-exception-caused-by-huge_pte_offset.patch
* fat-fix-uninit-memory-access-for-partial-initialized-inode.patch
* mm-z3fold-do-not-include-rwlockh-directly.patch
* mm-hotplug-fix-page-online-with-debug_pagealloc-compiled-but-not-enabled.patch
* arch-kconfig-update-have_reliable_stacktrace-description.patch
* mm-swap-move-inode_lock-out-of-claim_swapfile.patch
* proc-kpageflags-prevent-an-integer-overflow-in-stable_page_flags.patch
* proc-kpageflags-do-not-use-uninitialized-struct-pages.patch
* mm-fork-fix-kernel_stack-memcg-stats-for-various-stack-implementations.patch
* vfs-partially-revert-dont-allow-writes-to-swap-files.patch
* x86-mm-split-vmalloc_sync_all.patch
* kthread-mark-timer-used-by-delayed-kthread-works-as-irq-safe.patch
* asm-generic-make-more-kernel-space-headers-mandatory.patch
* scripts-spellingtxt-add-syfs-sysfs-pattern.patch
* ocfs2-remove-fs_ocfs2_nm.patch
* ocfs2-remove-unused-macros.patch
* ocfs2-use-ocfs2_sec_bits-in-macro.patch
* ocfs2-remove-dlm_lock_is_remote.patch
* ocfs2-there-is-no-need-to-log-twice-in-several-functions.patch
* ocfs2-correct-annotation-from-l_next_rec-to-l_next_free_rec.patch
* ocfs2-remove-useless-err.patch
* ocfs2-add-missing-annotations-for-ocfs2_refcount_cache_lock-and-ocfs2_refcount_cache_unlock.patch
* ocfs2-replace-zero-length-array-with-flexible-array-member.patch
* ramfs-support-o_tmpfile.patch
* kernel-watchdog-flush-all-printk-nmi-buffers-when-hardlockup-detected.patch
mm.patch
* mm-slubc-replace-cpu_slab-partial-with-wrapped-apis.patch
* mm-slubc-replace-kmem_cache-cpu_partial-with-wrapped-apis.patch
* mm-kmemleak-use-address-of-operator-on-section-symbols.patch
* mm-disable-kcsan-for-kmemleak.patch
* mm-dont-bother-dropping-mmap_sem-for-zero-size-readahead.patch
* mm-page-writebackc-write_cache_pages-deduplicate-identical-checks.patch
* mm-gup-split-get_user_pages_remote-into-two-routines.patch
* mm-gup-pass-a-flags-arg-to-__gup_device_-functions.patch
* mm-introduce-page_ref_sub_return.patch
* mm-gup-pass-gup-flags-to-two-more-routines.patch
* mm-gup-require-foll_get-for-get_user_pages_fast.patch
* mm-gup-track-foll_pin-pages.patch
* mm-gup-page-hpage_pinned_refcount-exact-pin-counts-for-huge-pages.patch
* mm-gup-proc-vmstat-pin_user_pages-foll_pin-reporting.patch
* mm-gup_benchmark-support-pin_user_pages-and-related-calls.patch
* selftests-vm-run_vmtests-invoke-gup_benchmark-with-basic-foll_pin-coverage.patch
* mm-improve-dump_page-for-compound-pages.patch
* mm-dump_page-additional-diagnostics-for-huge-pinned-pages.patch
* mm-swapfilec-fix-comments-for-swapcache_prepare.patch
* mm-swapc-not-necessary-to-export-__pagevec_lru_add.patch
* mm-swapfile-fix-data-races-in-try_to_unuse.patch
* mm-memcg-fix-build-error-around-the-usage-of-kmem_caches.patch
* mm-allocate-shrinker_map-on-appropriate-numa-node.patch
* mm-memcg-slab-introduce-mem_cgroup_from_obj.patch
* mm-memcg-slab-introduce-mem_cgroup_from_obj-v2.patch
* mm-kmem-cleanup-__memcg_kmem_charge_memcg-arguments.patch
* mm-kmem-cleanup-memcg_kmem_uncharge_memcg-arguments.patch
* mm-kmem-rename-memcg_kmem_uncharge-into-memcg_kmem_uncharge_page.patch
* mm-kmem-switch-to-nr_pages-in-__memcg_kmem_charge_memcg.patch
* mm-memcg-slab-cache-page-number-in-memcg_uncharge_slab.patch
* mm-kmem-rename-__memcg_kmem_uncharge_memcg-to-__memcg_kmem_uncharge.patch
* mm-memcontrol-fix-memorylow-proportional-distribution.patch
* mm-memcontrol-clean-up-and-document-effective-low-min-calculations.patch
* mm-memcontrol-recursive-memorylow-protection.patch
* memcg-css_tryget_online-cleanups.patch
* mm-vmscan-remove-unnecessary-lruvec-adding.patch
* mm-vmscan-remove-unnecessary-lruvec-adding-checkpatch-fixes.patch
* mm-memcg-fold-lock_page_lru-into-commit_charge.patch
* mm-page_idle-no-unlikely-double-check-for-idle-page-counting.patch
* mm-thp-move-lru_add_page_tail-func-to-huge_memoryc.patch
* mm-thp-clean-up-lru_add_page_tail.patch
* mm-thp-narrow-lru-locking.patch
* mm-mapping_dirty_helpers-update-huge-page-table-entry-callbacks.patch
* mm-dont-prepare-anon_vma-if-vma-has-vm_wipeonfork.patch
* revert-mm-rmapc-reuse-mergeable-anon_vma-as-parent-when-fork.patch
* mm-set-vm_next-and-vm_prev-to-null-in-vm_area_dup.patch
* mm-vma-add-missing-vma-flag-readable-name-for-vm_sync.patch
* mm-vma-make-vma_is_accessible-available-for-general-use.patch
* mm-vma-replace-all-remaining-open-encodings-with-is_vm_hugetlb_page.patch
* mm-vma-replace-all-remaining-open-encodings-with-vma_is_anonymous.patch
* mm-vma-append-unlikely-while-testing-vma-access-permissions.patch
* mm-mmap-fix-the-adjusted-length-error.patch
* mm-vma-move-vm_no_khugepaged-into-generic-header.patch
* mm-vma-make-vma_is_foreign-available-for-general-use.patch
* mm-vma-make-is_vma_temporary_stack-available-for-general-use.patch
* mm-add-pagemaph-to-the-fine-documentation.patch
* mm-add-mremap_dontunmap-to-mremap.patch
* mm-add-mremap_dontunmap-to-mremap-v6.patch
* mm-add-mremap_dontunmap-to-mremap-v7.patch
* selftest-add-mremap_dontunmap-selftest.patch
* selftest-add-mremap_dontunmap-selftest-fix.patch
* selftest-add-mremap_dontunmap-selftest-v7.patch
* selftest-add-mremap_dontunmap-selftest-v7-checkpatch-fixes.patch
* mm-sparsemem-get-address-to-page-struct-instead-of-address-to-pfn.patch
* mm-sparse-rename-pfn_present-as-pfn_in_present_section.patch
* kasan-detect-negative-size-in-memory-operation-function.patch
* kasan-add-test-for-invalid-size-in-memmove.patch
* mm-page_alloc-increase-default-min_free_kbytes-bound.patch
* mm-vmpressure-dont-need-call-kfree-if-kstrndup-fails.patch
* mm-vmpressure-use-mem_cgroup_is_root-api.patch
* mm-vmscan-replace-open-codings-to-numa_no_node.patch
* mm-vmscanc-remove-cpu-online-notification-for-now.patch
* mm-vmscan-fix-data-races-at-kswapd_classzone_idx.patch
* mm-vmscanc-clean-code-by-removing-unnecessary-assignment.patch
* mmcompactioncma-add-alloc_contig-flag-to-compact_control.patch
* mmthpcompactioncma-allow-thp-migration-for-cma-allocations.patch
* mmthpcompactioncma-allow-thp-migration-for-cma-allocations-fix.patch
* mm-compaction-fully-assume-capture-is-not-null-in-compact_zone_order.patch
* really-limit-compact_unevictable_allowed-to-0-and-1.patch
* mm-compaction-disable-compact_unevictable_allowed-on-rt.patch
* mm-mempolicy-support-mpol_mf_strict-for-huge-page-mapping.patch
* mm-mempolicy-checking-hugepage-migration-is-supported-by-arch-in-vma_migratable.patch
* mm-mempolicy-use-vm_bug_on_vma-in-queue_pages_test_walk.patch
* mm-memblock-remove-redundant-assignment-to-variable-max_addr.patch
* hugetlb_cgroup-add-hugetlb_cgroup-reservation-counter.patch
* hugetlb_cgroup-add-interface-for-charge-uncharge-hugetlb-reservations.patch
* mm-hugetlb_cgroup-fix-hugetlb_cgroup-migration.patch
* hugetlb_cgroup-add-reservation-accounting-for-private-mappings.patch
* hugetlb_cgroup-add-reservation-accounting-for-private-mappings-fix.patch
* hugetlb-disable-region_add-file_region-coalescing.patch
* hugetlb-disable-region_add-file_region-coalescing-fix.patch
* hugetlb_cgroup-add-accounting-for-shared-mappings.patch
* hugetlb_cgroup-add-accounting-for-shared-mappings-fix.patch
* hugetlb_cgroup-support-noreserve-mappings.patch
* hugetlb-support-file_region-coalescing-again.patch
* hugetlb-support-file_region-coalescing-again-fix.patch
* hugetlb-support-file_region-coalescing-again-fix-2.patch
* hugetlb_cgroup-add-hugetlb_cgroup-reservation-tests.patch
* hugetlb_cgroup-add-hugetlb_cgroup-reservation-docs.patch
* mm-hugetlbc-clean-code-by-removing-unnecessary-initialization.patch
* mm-migratec-no-need-to-check-for-i-start-in-do_pages_move.patch
* mm-migratec-wrap-do_move_pages_to_node-and-store_status.patch
* mm-migratec-check-pagelist-in-move_pages_and_store_status.patch
* mm-migratec-unify-not-queued-for-migration-handling-in-do_pages_move.patch
* mm-migratec-migrate-pg_readahead-flag.patch
* mm-migratec-migrate-pg_readahead-flag-fix.patch
* mm-ksmc-update-get_user_pages-in-comment.patch
* drivers-base-memoryc-cache-memory-blocks-in-xarray-to-accelerate-lookup.patch
* drivers-base-memoryc-cache-memory-blocks-in-xarray-to-accelerate-lookup-fix.patch
* mm-pass-task-and-mm-to-do_madvise.patch
* mm-introduce-external-memory-hinting-api.patch
* mm-introduce-external-memory-hinting-api-fix.patch
* mm-check-fatal-signal-pending-of-target-process.patch
* pid-move-pidfd_get_pid-function-to-pidc.patch
* mm-support-both-pid-and-pidfd-for-process_madvise.patch
* mm-madvise-employ-mmget_still_valid-for-write-lock.patch
* mm-madvise-allow-ksm-hints-for-remote-api.patch
* mm-adjust-shuffle-code-to-allow-for-future-coalescing.patch
* mm-use-zone-and-order-instead-of-free-area-in-free_list-manipulators.patch
* mm-add-function-__putback_isolated_page.patch
* mm-introduce-reported-pages.patch
* virtio-balloon-pull-page-poisoning-config-out-of-free-page-hinting.patch
* virtio-balloon-add-support-for-providing-free-page-reports-to-host.patch
* mm-page_reporting-rotate-reported-pages-to-the-tail-of-the-list.patch
* mm-page_reporting-add-budget-limit-on-how-many-pages-can-be-reported-per-pass.patch
* mm-page_reporting-add-free-page-reporting-documentation.patch
* drivers-base-memoryc-indicate-all-memory-blocks-as-removable.patch
* drivers-base-memoryc-drop-section_count.patch
* drivers-base-memoryc-drop-pages_correctly_probed.patch
* mm-page_extc-drop-pfn_present-check-when-onlining.patch
* mm-hotplug-only-respect-mem=-parameter-during-boot-stage.patch
* mm-memory_hotplug-simplify-calculation-of-number-of-pages-in-__remove_pages.patch
* mm-memory_hotplug-cleanup-__add_pages.patch
* shmem-distribute-switch-variables-for-initialization.patch
* mm-shmemc-clean-code-by-removing-unnecessary-assignment.patch
* huge-tmpfs-try-to-split_huge_page-when-punching-hole.patch
* mm-elide-a-warning-when-casting-void-enum.patch
* zswap-allow-setting-default-status-compressor-and-allocator-in-kconfig.patch
* mm-compaction-add-missing-annotation-for-compact_lock_irqsave.patch
* mm-hugetlb-add-missing-annotation-for-gather_surplus_pages.patch
* mm-mempolicy-add-missing-annotation-for-queue_pages_pmd.patch
* mm-slub-add-missing-annotation-for-get_map.patch
* mm-slub-add-missing-annotation-for-put_map.patch
* mm-zsmalloc-add-missing-annotation-for-migrate_read_lock.patch
* mm-zsmalloc-add-missing-annotation-for-migrate_read_unlock.patch
* mm-zsmalloc-add-missing-annotation-for-pin_tag.patch
* mm-zsmalloc-add-missing-annotation-for-unpin_tag.patch
* mm-fix-ambiguous-comments-for-better-code-readability.patch
* mm-mm_initc-clean-code-use-build_bug_on-when-comparing-compile-time-constant.patch
* info-task-hung-in-generic_file_write_iter.patch
* info-task-hung-in-generic_file_write-fix.patch
* kernel-hung_taskc-monitor-killed-tasks.patch
* proc-annotate-close_pdeo-for-sparse.patch
* proc-faster-open-read-close-with-permanent-files.patch
* proc-faster-open-read-close-with-permanent-files-checkpatch-fixes.patch
* asm-generic-fix-unistd_32h-generation-format.patch
* kernel-extable-use-address-of-operator-on-section-symbols.patch
* maintainers-add-an-entry-for-kfifo.patch
* bitops-always-inline-sign-extension-helpers.patch
* lib-test_lockup-test-module-to-generate-lockups.patch
* lib-bch-replace-zero-length-array-with-flexible-array-member.patch
* lib-ts_bm-replace-zero-length-array-with-flexible-array-member.patch
* lib-ts_fsm-replace-zero-length-array-with-flexible-array-member.patch
* lib-ts_kmp-replace-zero-length-array-with-flexible-array-member.patch
* lib-scatterlist-fix-sg_copy_buffer-kerneldoc.patch
* lib-test_stackinitc-xfail-switch-variable-init-tests.patch
* stackdepot-check-depot_index-before-accessing-the-stack-slab.patch
* stackdepot-build-with-fno-builtin.patch
* kasan-stackdepot-move-filter_irq_stacks-to-stackdepotc.patch
* percpu_counter-fix-a-data-race-at-vm_committed_as.patch
* lib-test_lockup-fix-spelling-mistake-iteraions-iterations.patch
* lib-test_bitmap-make-use-of-exp2_in_bits.patch
* lib-rbtree-fix-coding-style-of-assignments.patch
* lib-test_kmod-remove-a-null-test.patch
* string-add-stracpy-and-stracpy_pad-mechanisms.patch
* documentation-checkpatch-prefer-stracpy-strscpy-over-strcpy-strlcpy-strncpy.patch
* lib-optimize-cpumask_local_spread.patch
* checkpatch-remove-email-address-comment-from-email-address-comparisons.patch
* checkpatch-check-spdx-tags-in-yaml-files.patch
* checkpatch-support-base-commit-format.patch
* checkpatch-prefer-fallthrough-over-fallthrough-comments.patch
* checkpatch-fix-minor-typo-and-mixed-spacetab-in-indentation.patch
* checkpatch-fix-multiple-const-types.patch
* checkpatch-add-command-line-option-for-tab-size.patch
* checkpatch-improve-gerrit-change-id-test.patch
* epoll-fix-possible-lost-wakeup-on-epoll_ctl-path.patch
* kselftest-introduce-new-epoll-test-case.patch
* fs-epoll-make-nesting-accounting-safe-for-rt-kernel.patch
* elf-delete-loc-variable.patch
* elf-allocate-less-for-static-executable.patch
* elf-dont-free-interpreters-elf-pheaders-on-common-path.patch
* samples-hw_breakpoint-drop-hw_breakpoint_r-when-reporting-writes.patch
* samples-hw_breakpoint-drop-use-of-kallsyms_lookup_name.patch
* kallsyms-unexport-kallsyms_lookup_name-and-kallsyms_on_each_symbol.patch
* gcov-gcc_4_7-replace-zero-length-array-with-flexible-array-member.patch
* gcov-gcc_3_4-replace-zero-length-array-with-flexible-array-member.patch
* gcov-fs-replace-zero-length-array-with-flexible-array-member.patch
* kernel-relayc-fix-read_pos-error-when-multiple-readers.patch
* aio-simplify-read_events.patch
* init-cleanup-anon_inodes-and-old-io-schedulers-options.patch
* ubsan-add-trap-instrumentation-option.patch
* ubsan-split-bounds-checker-from-other-options.patch
* lkdtm-bugs-add-arithmetic-overflow-and-array-bounds-checks.patch
* ubsan-check-panic_on_warn.patch
* kasan-unset-panic_on_warn-before-calling-panic.patch
* ubsan-include-bug-type-in-report-header.patch
* ipc-mqueuec-fixed-a-brace-coding-style-issue.patch
linux-next.patch
linux-next-rejects.patch
linux-next-fix.patch
* dmaengine-tegra-apb-fix-platform_get_irqcocci-warnings.patch
* mm-frontswap-mark-various-intentional-data-races.patch
* mm-page_io-mark-various-intentional-data-races.patch
* mm-page_io-mark-various-intentional-data-races-v2.patch
* mm-swap_state-mark-various-intentional-data-races.patch
* mm-filemap-fix-a-data-race-in-filemap_fault.patch
* mm-swapfile-fix-and-annotate-various-data-races.patch
* mm-swapfile-fix-and-annotate-various-data-races-v2.patch
* mm-page_counter-fix-various-data-races-at-memsw.patch
* mm-memcontrol-fix-a-data-race-in-scan-count.patch
* mm-list_lru-fix-a-data-race-in-list_lru_count_one.patch
* mm-mempool-fix-a-data-race-in-mempool_free.patch
* mm-util-annotate-an-data-race-at-vm_committed_as.patch
* mm-rmap-annotate-a-data-race-at-tlb_flush_batched.patch
* mm-annotate-a-data-race-in-page_zonenum.patch
* mm-swap-annotate-data-races-for-lru_rotate_pvecs.patch
* mm-refactor-insert_page-to-prepare-for-batched-lock-insert.patch
* mm-bring-sparc-pte_index-semantics-inline-with-other-platforms.patch
* mm-define-pte_index-as-macro-for-x86.patch
* mm-add-vm_insert_pages.patch
* mm-add-vm_insert_pages-fix.patch
* mm-add-vm_insert_pages-2.patch
* mm-add-vm_insert_pages-2-fix.patch
* net-zerocopy-use-vm_insert_pages-for-tcp-rcv-zerocopy.patch
* net-zerocopy-use-vm_insert_pages-for-tcp-rcv-zerocopy-fix.patch
* arm-arm64-add-support-for-folded-p4d-page-tables.patch
* arm-arm64-add-support-for-folded-p4d-page-tables-fix.patch
* arm-arm64-add-support-for-folded-p4d-page-tables-fix-fix.patch
* h8300-remove-usage-of-__arch_use_5level_hack.patch
* hexagon-remove-__arch_use_5level_hack.patch
* ia64-add-support-for-folded-p4d-page-tables.patch
* nios2-add-support-for-folded-p4d-page-tables.patch
* openrisc-add-support-for-folded-p4d-page-tables.patch
* powerpc-32-drop-get_pteptr.patch
* powerpc-add-support-for-folded-p4d-page-tables.patch
* powerpc-add-support-for-folded-p4d-page-tables-fix.patch
* sh-fault-modernize-printing-of-kernel-messages.patch
* sh-drop-__pxd_offset-macros-that-duplicate-pxd_index-ones.patch
* sh-add-support-for-folded-p4d-page-tables.patch
* unicore32-remove-__arch_use_5level_hack.patch
* asm-generic-remove-pgtable-nop4d-hackh.patch
* mm-remove-__arch_has_5level_hack-and-include-asm-generic-5level-fixuph.patch
* seq_read-info-message-about-buggy-next-functions.patch
* seq_read-info-message-about-buggy-next-functions-fix.patch
* gcov_seq_next-should-increase-position-index.patch
* sysvipc_find_ipc-should-increase-position-index.patch
* drivers-tty-serial-sh-scic-suppress-warning.patch
* fix-read-buffer-overflow-in-delta-ipc.patch
make-sure-nobodys-leaking-resources.patch
releasing-resources-with-children.patch
mutex-subsystem-synchro-test-module.patch
kernel-forkc-export-kernel_thread-to-modules.patch
workaround-for-a-pci-restoring-bug.patch


2020-03-04 17:11:12

by Randy Dunlap

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (objtool warnings)

On 3/3/20 10:28 PM, [email protected] wrote:
> The mm-of-the-moment snapshot 2020-03-03-22-28 has been uploaded to
>
> http://www.ozlabs.org/~akpm/mmotm/
>
> mmotm-readme.txt says
>
> README for mm-of-the-moment:
>
> http://www.ozlabs.org/~akpm/mmotm/
>
> This is a snapshot of my -mm patch queue. Uploaded at random hopefully
> more than once a week.
>
> You will need quilt to apply these patches to the latest Linus release (5.x
> or 5.x-rcY). The series file is in broken-out.tar.gz and is duplicated in
> http://ozlabs.org/~akpm/mmotm/series

on x86_64 (duh):

drivers/clk/clk-si5341.o: warning: objtool: si5341_synth_clk_set_rate()+0xd7: unreachable instruction
drivers/ide/ide-tape.o: warning: objtool: ide_tape_discard_merge_buffer.constprop.10()+0x4d: unreachable instruction


Full randconfig file is attached.

--
~Randy
Reported-by: Randy Dunlap <[email protected]>


Attachments:
config-mm-objtool (104.99 kB)

2020-03-04 17:35:36

by Randy Dunlap

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

On 3/3/20 10:28 PM, [email protected] wrote:
> The mm-of-the-moment snapshot 2020-03-03-22-28 has been uploaded to
>
> http://www.ozlabs.org/~akpm/mmotm/
>
> mmotm-readme.txt says
>
> README for mm-of-the-moment:
>
> http://www.ozlabs.org/~akpm/mmotm/
>
> This is a snapshot of my -mm patch queue. Uploaded at random hopefully
> more than once a week.
>
> You will need quilt to apply these patches to the latest Linus release (5.x
> or 5.x-rcY). The series file is in broken-out.tar.gz and is duplicated in
> http://ozlabs.org/~akpm/mmotm/series

on x86_64:

mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled


Full randconfig file is attached.

--
~Randy
Reported-by: Randy Dunlap <[email protected]>


Attachments:
config-r1243 (113.29 kB)

2020-03-05 08:19:11

by Peter Zijlstra

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> On 3/3/20 10:28 PM, [email protected] wrote:
> > The mm-of-the-moment snapshot 2020-03-03-22-28 has been uploaded to
> >
> > http://www.ozlabs.org/~akpm/mmotm/
> >
> > mmotm-readme.txt says
> >
> > README for mm-of-the-moment:
> >
> > http://www.ozlabs.org/~akpm/mmotm/
> >
> > This is a snapshot of my -mm patch queue. Uploaded at random hopefully
> > more than once a week.
> >
> > You will need quilt to apply these patches to the latest Linus release (5.x
> > or 5.x-rcY). The series file is in broken-out.tar.gz and is duplicated in
> > http://ozlabs.org/~akpm/mmotm/series
>
> on x86_64:
>
> mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled

I used next/master instead, and found the below broken commit
responsible for this.

---

commit 97f4ea76d4f40a401b84825f038710c9a96ec294
Author: Walter Wu <[email protected]>
Date: Wed Mar 4 22:31:15 2020 +1100

kasan: detect negative size in memory operation function

Patch series "fix the missing underflow in memory operation function", v4.

The patchset helps to produce a KASAN report when size is negative in
memory operation functions. It is helpful for programmer to solve an
undefined behavior issue. Patch 1 based on Dmitry's review and
suggestion, patch 2 is a test in order to verify the patch 1.

[1]https://bugzilla.kernel.org/show_bug.cgi?id=199341
[2]https://lore.kernel.org/linux-arm-kernel/[email protected]/

This patch (of 2):

KASAN missed detecting size is a negative number in memset(), memcpy(),
and memmove(), it will cause out-of-bounds bug. So needs to be detected
by KASAN.

If size is a negative number, then it has a reason to be defined as
out-of-bounds bug type. Casting negative numbers to size_t would indeed
turn up as a large size_t and its value will be larger than ULONG_MAX/2,
so that this can qualify as out-of-bounds.

KASAN report is shown below:

BUG: KASAN: out-of-bounds in kmalloc_memmove_invalid_size+0x70/0xa0
Read of size 18446744073709551608 at addr ffffff8069660904 by task cat/72

CPU: 2 PID: 72 Comm: cat Not tainted 5.4.0-rc1-next-20191004ajb-00001-gdb8af2f372b2-dirty #1
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x0/0x288
show_stack+0x14/0x20
dump_stack+0x10c/0x164
print_address_description.isra.9+0x68/0x378
__kasan_report+0x164/0x1a0
kasan_report+0xc/0x18
check_memory_region+0x174/0x1d0
memmove+0x34/0x88
kmalloc_memmove_invalid_size+0x70/0xa0

[1] https://bugzilla.kernel.org/show_bug.cgi?id=199341

Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Walter Wu <[email protected]>
Reported-by: kernel test robot <[email protected]>
Reported-by: Dmitry Vyukov <[email protected]>
Suggested-by: Dmitry Vyukov <[email protected]>
Reviewed-by: Dmitry Vyukov <[email protected]>
Reviewed-by: Andrey Ryabinin <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Stephen Rothwell <[email protected]>

diff --git a/include/linux/kasan.h b/include/linux/kasan.h
index 5cde9e7c2664..31314ca7c635 100644
--- a/include/linux/kasan.h
+++ b/include/linux/kasan.h
@@ -190,7 +190,7 @@ void kasan_init_tags(void);

void *kasan_reset_tag(const void *addr);

-void kasan_report(unsigned long addr, size_t size,
+bool kasan_report(unsigned long addr, size_t size,
bool is_write, unsigned long ip);

#else /* CONFIG_KASAN_SW_TAGS */
diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index 6aa51723b92b..c798b12323d7 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -105,7 +105,8 @@ EXPORT_SYMBOL(__kasan_check_write);
#undef memset
void *memset(void *addr, int c, size_t len)
{
- check_memory_region((unsigned long)addr, len, true, _RET_IP_);
+ if (!check_memory_region((unsigned long)addr, len, true, _RET_IP_))
+ return NULL;

return __memset(addr, c, len);
}
@@ -114,8 +115,9 @@ void *memset(void *addr, int c, size_t len)
#undef memmove
void *memmove(void *dest, const void *src, size_t len)
{
- check_memory_region((unsigned long)src, len, false, _RET_IP_);
- check_memory_region((unsigned long)dest, len, true, _RET_IP_);
+ if (!check_memory_region((unsigned long)src, len, false, _RET_IP_) ||
+ !check_memory_region((unsigned long)dest, len, true, _RET_IP_))
+ return NULL;

return __memmove(dest, src, len);
}
@@ -124,8 +126,9 @@ void *memmove(void *dest, const void *src, size_t len)
#undef memcpy
void *memcpy(void *dest, const void *src, size_t len)
{
- check_memory_region((unsigned long)src, len, false, _RET_IP_);
- check_memory_region((unsigned long)dest, len, true, _RET_IP_);
+ if (!check_memory_region((unsigned long)src, len, false, _RET_IP_) ||
+ !check_memory_region((unsigned long)dest, len, true, _RET_IP_))
+ return NULL;

return __memcpy(dest, src, len);
}
@@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
#endif

extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
+extern bool report_enabled(void);

-void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
+bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
{
- unsigned long flags = user_access_save();
+ unsigned long flags;
+
+ if (likely(!report_enabled()))
+ return false;
+
+ flags = user_access_save();
__kasan_report(addr, size, is_write, ip);
user_access_restore(flags);
+
+ return true;
}

#ifdef CONFIG_MEMORY_HOTPLUG
diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index 616f9dd82d12..56ff8885fe2e 100644
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -173,17 +173,18 @@ static __always_inline bool check_memory_region_inline(unsigned long addr,
if (unlikely(size == 0))
return true;

+ if (unlikely(addr + size < addr))
+ return !kasan_report(addr, size, write, ret_ip);
+
if (unlikely((void *)addr <
kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) {
- kasan_report(addr, size, write, ret_ip);
- return false;
+ return !kasan_report(addr, size, write, ret_ip);
}

if (likely(!memory_is_poisoned(addr, size)))
return true;

- kasan_report(addr, size, write, ret_ip);
- return false;
+ return !kasan_report(addr, size, write, ret_ip);
}

bool check_memory_region(unsigned long addr, size_t size, bool write,
diff --git a/mm/kasan/generic_report.c b/mm/kasan/generic_report.c
index 2d97efd4954f..e200acb2d292 100644
--- a/mm/kasan/generic_report.c
+++ b/mm/kasan/generic_report.c
@@ -110,6 +110,17 @@ static const char *get_wild_bug_type(struct kasan_access_info *info)

const char *get_bug_type(struct kasan_access_info *info)
{
+ /*
+ * If access_size is a negative number, then it has reason to be
+ * defined as out-of-bounds bug type.
+ *
+ * Casting negative numbers to size_t would indeed turn up as
+ * a large size_t and its value will be larger than ULONG_MAX/2,
+ * so that this can qualify as out-of-bounds.
+ */
+ if (info->access_addr + info->access_size < info->access_addr)
+ return "out-of-bounds";
+
if (addr_has_shadow(info->access_addr))
return get_shadow_bug_type(info);
return get_wild_bug_type(info);
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index 3a083274628e..e8f37199d885 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -153,7 +153,7 @@ bool check_memory_region(unsigned long addr, size_t size, bool write,
void *find_first_bad_addr(void *addr, size_t size);
const char *get_bug_type(struct kasan_access_info *info);

-void kasan_report(unsigned long addr, size_t size,
+bool kasan_report(unsigned long addr, size_t size,
bool is_write, unsigned long ip);
void kasan_report_invalid_free(void *object, unsigned long ip);

diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 5ef9f24f566b..cf5c17d5e361 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -446,7 +446,7 @@ static void print_shadow_for_address(const void *addr)
}
}

-static bool report_enabled(void)
+bool report_enabled(void)
{
if (current->kasan_depth)
return false;
@@ -478,9 +478,6 @@ void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned lon
void *untagged_addr;
unsigned long flags;

- if (likely(!report_enabled()))
- return;
-
disable_trace_on_warning();

tagged_addr = (void *)addr;
diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
index 0e987c9ca052..25b7734e7013 100644
--- a/mm/kasan/tags.c
+++ b/mm/kasan/tags.c
@@ -86,6 +86,9 @@ bool check_memory_region(unsigned long addr, size_t size, bool write,
if (unlikely(size == 0))
return true;

+ if (unlikely(addr + size < addr))
+ return !kasan_report(addr, size, write, ret_ip);
+
tag = get_tag((const void *)addr);

/*
@@ -111,15 +114,13 @@ bool check_memory_region(unsigned long addr, size_t size, bool write,
untagged_addr = reset_tag((const void *)addr);
if (unlikely(untagged_addr <
kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) {
- kasan_report(addr, size, write, ret_ip);
- return false;
+ return !kasan_report(addr, size, write, ret_ip);
}
shadow_first = kasan_mem_to_shadow(untagged_addr);
shadow_last = kasan_mem_to_shadow(untagged_addr + size - 1);
for (shadow = shadow_first; shadow <= shadow_last; shadow++) {
if (*shadow != tag) {
- kasan_report(addr, size, write, ret_ip);
- return false;
+ return !kasan_report(addr, size, write, ret_ip);
}
}

diff --git a/mm/kasan/tags_report.c b/mm/kasan/tags_report.c
index 969ae08f59d7..1d412760551a 100644
--- a/mm/kasan/tags_report.c
+++ b/mm/kasan/tags_report.c
@@ -36,6 +36,17 @@

const char *get_bug_type(struct kasan_access_info *info)
{
+ /*
+ * If access_size is a negative number, then it has reason to be
+ * defined as out-of-bounds bug type.
+ *
+ * Casting negative numbers to size_t would indeed turn up as
+ * a large size_t and its value will be larger than ULONG_MAX/2,
+ * so that this can qualify as out-of-bounds.
+ */
+ if (info->access_addr + info->access_size < info->access_addr)
+ return "out-of-bounds";
+
#ifdef CONFIG_KASAN_SW_TAGS_IDENTIFY
struct kasan_alloc_meta *alloc_meta;
struct kmem_cache *cache;

2020-03-05 08:19:27

by Peter Zijlstra

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:

> > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
>
> I used next/master instead, and found the below broken commit
> responsible for this.

> @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> #endif
>
> extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> +extern bool report_enabled(void);
>
> -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> {
> - unsigned long flags = user_access_save();
> + unsigned long flags;
> +
> + if (likely(!report_enabled()))
> + return false;

This adds an explicit call before the user_access_save() and that is a
straight on bug.

> +
> + flags = user_access_save();
> __kasan_report(addr, size, is_write, ip);
> user_access_restore(flags);
> +
> + return true;
> }

2020-03-05 09:16:59

by Walter Wu

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
> On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> > On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
>
> > > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> >
> > I used next/master instead, and found the below broken commit
> > responsible for this.
>
> > @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> > #endif
> >
> > extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> > +extern bool report_enabled(void);
> >
> > -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > {
> > - unsigned long flags = user_access_save();
> > + unsigned long flags;
> > +
> > + if (likely(!report_enabled()))
> > + return false;
>
> This adds an explicit call before the user_access_save() and that is a
> straight on bug.
>
Hi Peter,

Thanks for your help. Unfortunately, I don't reproduce it in our
environment, so I have asked Stephen, if I can reproduce it, then we
will send new patch.


Thanks.

Walter

> > +
> > + flags = user_access_save();
> > __kasan_report(addr, size, is_write, ip);
> > user_access_restore(flags);
> > +
> > + return true;
> > }

2020-03-05 09:55:20

by Peter Zijlstra

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

On Thu, Mar 05, 2020 at 05:16:22PM +0800, Walter Wu wrote:
> On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
> > On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> > > On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> >
> > > > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> > >
> > > I used next/master instead, and found the below broken commit
> > > responsible for this.
> >
> > > @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> > > #endif
> > >
> > > extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> > > +extern bool report_enabled(void);
> > >
> > > -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > {
> > > - unsigned long flags = user_access_save();
> > > + unsigned long flags;
> > > +
> > > + if (likely(!report_enabled()))
> > > + return false;
> >
> > This adds an explicit call before the user_access_save() and that is a
> > straight on bug.
> >
> Hi Peter,
>
> Thanks for your help. Unfortunately, I don't reproduce it in our
> environment, so I have asked Stephen, if I can reproduce it, then we
> will send new patch.

The patch is trivial; and all you need is an x86_64 (cross) compiler to
reproduce.


diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index ad2dc0c9cc17..2906358e42f0 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -618,16 +618,17 @@ extern bool report_enabled(void);

bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
{
- unsigned long flags;
+ unsigned long flags = user_access_save();
+ bool ret = false;

- if (likely(!report_enabled()))
- return false;
+ if (likely(report_enabled())) {
+ __kasan_report(addr, size, is_write, ip);
+ ret = true;
+ }

- flags = user_access_save();
- __kasan_report(addr, size, is_write, ip);
user_access_restore(flags);

- return true;
+ return ret;
}

#ifdef CONFIG_MEMORY_HOTPLUG

2020-03-05 17:05:15

by Randy Dunlap

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

On 3/5/20 1:54 AM, Peter Zijlstra wrote:
> On Thu, Mar 05, 2020 at 05:16:22PM +0800, Walter Wu wrote:
>> On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
>>> On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
>>>> On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
>>>
>>>>> mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
>>>>
>>>> I used next/master instead, and found the below broken commit
>>>> responsible for this.

Yes, I see that same warning in linux-next of 20200305.

>>>> @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
>>>> #endif
>>>>
>>>> extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
>>>> +extern bool report_enabled(void);
>>>>
>>>> -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
>>>> +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
>>>> {
>>>> - unsigned long flags = user_access_save();
>>>> + unsigned long flags;
>>>> +
>>>> + if (likely(!report_enabled()))
>>>> + return false;
>>>
>>> This adds an explicit call before the user_access_save() and that is a
>>> straight on bug.
>>>
>> Hi Peter,
>>
>> Thanks for your help. Unfortunately, I don't reproduce it in our
>> environment, so I have asked Stephen, if I can reproduce it, then we
>> will send new patch.
>
> The patch is trivial; and all you need is an x86_64 (cross) compiler to
> reproduce.
>
>
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index ad2dc0c9cc17..2906358e42f0 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -618,16 +618,17 @@ extern bool report_enabled(void);
>
> bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> {
> - unsigned long flags;
> + unsigned long flags = user_access_save();
> + bool ret = false;
>
> - if (likely(!report_enabled()))
> - return false;
> + if (likely(report_enabled())) {
> + __kasan_report(addr, size, is_write, ip);
> + ret = true;
> + }
>
> - flags = user_access_save();
> - __kasan_report(addr, size, is_write, ip);
> user_access_restore(flags);
>
> - return true;
> + return ret;
> }
>
> #ifdef CONFIG_MEMORY_HOTPLUG
>

and that fixes the warning. Thanks.

Acked-by: Randy Dunlap <[email protected]> # build-tested

--
~Randy

2020-03-11 01:32:11

by Walter Wu

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

On Thu, 2020-03-05 at 10:54 +0100, Peter Zijlstra wrote:
> On Thu, Mar 05, 2020 at 05:16:22PM +0800, Walter Wu wrote:
> > On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
> > > On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> > > > On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> > >
> > > > > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> > > >
> > > > I used next/master instead, and found the below broken commit
> > > > responsible for this.
> > >
> > > > @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> > > > #endif
> > > >
> > > > extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> > > > +extern bool report_enabled(void);
> > > >
> > > > -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > > +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > > {
> > > > - unsigned long flags = user_access_save();
> > > > + unsigned long flags;
> > > > +
> > > > + if (likely(!report_enabled()))
> > > > + return false;
> > >
> > > This adds an explicit call before the user_access_save() and that is a
> > > straight on bug.
> > >
> > Hi Peter,
> >
> > Thanks for your help. Unfortunately, I don't reproduce it in our
> > environment, so I have asked Stephen, if I can reproduce it, then we
> > will send new patch.
>
> The patch is trivial; and all you need is an x86_64 (cross) compiler to
> reproduce.
>
>
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index ad2dc0c9cc17..2906358e42f0 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -618,16 +618,17 @@ extern bool report_enabled(void);
>
> bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> {
> - unsigned long flags;
> + unsigned long flags = user_access_save();
> + bool ret = false;
>
> - if (likely(!report_enabled()))
> - return false;
> + if (likely(report_enabled())) {
> + __kasan_report(addr, size, is_write, ip);
> + ret = true;
> + }
>
> - flags = user_access_save();
> - __kasan_report(addr, size, is_write, ip);
> user_access_restore(flags);
>
> - return true;
> + return ret;
> }
>
> #ifdef CONFIG_MEMORY_HOTPLUG

Reviewed-and-tested-by:






2020-03-11 01:35:47

by Walter Wu

[permalink] [raw]
Subject: Re: mmotm 2020-03-03-22-28 uploaded (warning: objtool:)

On Thu, 2020-03-05 at 10:54 +0100, Peter Zijlstra wrote:
> On Thu, Mar 05, 2020 at 05:16:22PM +0800, Walter Wu wrote:
> > On Thu, 2020-03-05 at 09:18 +0100, Peter Zijlstra wrote:
> > > On Thu, Mar 05, 2020 at 09:17:17AM +0100, Peter Zijlstra wrote:
> > > > On Wed, Mar 04, 2020 at 09:34:49AM -0800, Randy Dunlap wrote:
> > >
> > > > > mm/kasan/common.o: warning: objtool: kasan_report()+0x13: call to report_enabled() with UACCESS enabled
> > > >
> > > > I used next/master instead, and found the below broken commit
> > > > responsible for this.
> > >
> > > > @@ -634,12 +637,20 @@ void kasan_free_shadow(const struct vm_struct *vm)
> > > > #endif
> > > >
> > > > extern void __kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip);
> > > > +extern bool report_enabled(void);
> > > >
> > > > -void kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > > +bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> > > > {
> > > > - unsigned long flags = user_access_save();
> > > > + unsigned long flags;
> > > > +
> > > > + if (likely(!report_enabled()))
> > > > + return false;
> > >
> > > This adds an explicit call before the user_access_save() and that is a
> > > straight on bug.
> > >
> > Hi Peter,
> >
> > Thanks for your help. Unfortunately, I don't reproduce it in our
> > environment, so I have asked Stephen, if I can reproduce it, then we
> > will send new patch.
>
> The patch is trivial; and all you need is an x86_64 (cross) compiler to
> reproduce.
>
>
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index ad2dc0c9cc17..2906358e42f0 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -618,16 +618,17 @@ extern bool report_enabled(void);
>
> bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip)
> {
> - unsigned long flags;
> + unsigned long flags = user_access_save();
> + bool ret = false;
>
> - if (likely(!report_enabled()))
> - return false;
> + if (likely(report_enabled())) {
> + __kasan_report(addr, size, is_write, ip);
> + ret = true;
> + }
>
> - flags = user_access_save();
> - __kasan_report(addr, size, is_write, ip);
> user_access_restore(flags);
>
> - return true;
> + return ret;
> }
>
> #ifdef CONFIG_MEMORY_HOTPLUG

Reviewed-and-tested-by: Walter Wu <[email protected]>

It need newer GCC compiler(>7.4) enough to reproduce.
Thanks.

Walter