Merge tag 'mm-nonmm-stable-2023-02-20-15-29' of...

D: fbdev hacking

N: Jesper Juhl

E: jj@chaosbits.net

E: jesperjuhl76@gmail.com

D: Various fixes, cleanups and minor features all over the tree.

D: Wrote initial version of the hdaps driver (since passed on to others).

S: Lemnosvej 1, 3.tv

S: 2300 Copenhagen S.

S: Titangade 5G, 2.tv

S: 2200 Copenhagen N.

S: Denmark

N: Jozsef Kadlecsik

kexec_load_disabled

===================

A toggle indicating if the ``kexec_load`` syscall has been disabled.

This value defaults to 0 (false: ``kexec_load`` enabled), but can be

set to 1 (true: ``kexec_load`` disabled).

A toggle indicating if the syscalls ``kexec_load`` and

``kexec_file_load`` have been disabled.

This value defaults to 0 (false: ``kexec_*load`` enabled), but can be

set to 1 (true: ``kexec_*load`` disabled).

Once true, kexec can no longer be used, and the toggle cannot be set

back to false.

This allows a kexec image to be loaded before disabling the syscall,

altered.

Generally used together with the `modules_disabled`_ sysctl.

kexec_load_limit_panic

======================

This parameter specifies a limit to the number of times the syscalls

``kexec_load`` and ``kexec_file_load`` can be called with a crash

image. It can only be set with a more restrictive value than the

current one.

== ======================================================

-1 Unlimited calls to kexec. This is the default setting.

N  Number of calls left.

== ======================================================

kexec_load_limit_reboot

=======================

Similar functionality as ``kexec_load_limit_panic``, but for a normal

image.

kptr_restrict

=============

	This feature is intended for systematic testing of faults in a single

	system call. See an example below.

Error Injectable Functions

--------------------------

This part is for the kenrel developers considering to add a function to

ALLOW_ERROR_INJECTION() macro.

Requirements for the Error Injectable Functions

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Since the function-level error injection forcibly changes the code path

and returns an error even if the input and conditions are proper, this can

cause unexpected kernel crash if you allow error injection on the function

which is NOT error injectable. Thus, you (and reviewers) must ensure;

- The function returns an error code if it fails, and the callers must check

  it correctly (need to recover from it).

- The function does not execute any code which can change any state before

  the first error return. The state includes global or local, or input

  variable. For example, clear output address storage (e.g. `*ret = NULL`),

  increments/decrements counter, set a flag, preempt/irq disable or get

  a lock (if those are recovered before returning error, that will be OK.)

The first requirement is important, and it will result in that the release

(free objects) functions are usually harder to inject errors than allocate

functions. If errors of such release functions are not correctly handled

it will cause a memory leak easily (the caller will confuse that the object

has been released or corrupted.)

The second one is for the caller which expects the function should always

does something. Thus if the function error injection skips whole of the

function, the expectation is betrayed and causes an unexpected error.

Type of the Error Injectable Functions

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Each error injectable functions will have the error type specified by the

ALLOW_ERROR_INJECTION() macro. You have to choose it carefully if you add

a new error injectable function. If the wrong error type is chosen, the

kernel may crash because it may not be able to handle the error.

There are 4 types of errors defined in include/asm-generic/error-injection.h

EI_ETYPE_NULL

  This function will return `NULL` if it fails. e.g. return an allocateed

  object address.

EI_ETYPE_ERRNO

  This function will return an `-errno` error code if it fails. e.g. return

  -EINVAL if the input is wrong. This will include the functions which will

  return an address which encodes `-errno` by ERR_PTR() macro.

EI_ETYPE_ERRNO_NULL

  This function will return an `-errno` or `NULL` if it fails. If the caller

  of this function checks the return value with IS_ERR_OR_NULL() macro, this

  type will be appropriate.

EI_ETYPE_TRUE

  This function will return `true` (non-zero positive value) if it fails.

If you specifies a wrong type, for example, EI_TYPE_ERRNO for the function

which returns an allocated object, it may cause a problem because the returned

value is not an object address and the caller can not access to the address.

How to add new fault injection capability

-----------------------------------------

static void

common_shutdown_1(void *generic_ptr)

{

	struct halt_info *how = (struct halt_info *)generic_ptr;

	struct halt_info *how = generic_ptr;

	struct percpu_struct *cpup;

	unsigned long *pflags, flags;

	int cpuid = smp_processor_id();

static void

ipi_flush_tlb_mm(void *x)

{

	struct mm_struct *mm = (struct mm_struct *) x;

	struct mm_struct *mm = x;

	if (mm == current->active_mm && !asn_locked())

		flush_tlb_current(mm);

	else

static void

ipi_flush_tlb_page(void *x)

{

	struct flush_tlb_page_struct *data = (struct flush_tlb_page_struct *)x;

	struct flush_tlb_page_struct *data = x;

	struct mm_struct * mm = data->mm;

	if (mm == current->active_mm && !asn_locked())