- 05 7月, 2023 3 次提交
-
-
由 Zhihao Cheng 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7CBCS -------------------------------- Folllowing steps could make ext4_wripages trap into a dead loop: 1. Consume free_clusters until free_clusters > 2 * sbi->s_resv_clusters, and free_clusters > EXT4_FREECLUSTERS_WATERMARK. // eg. free_clusters = 1422, sbi->s_resv_clusters = 512 // nr_cpus = 4, EXT4_FREECLUSTERS_WATERMARK = 512 2. umount && mount. // dirty_clusters = 0 3. Run free_clusters tasks concurrently to write different files, many tasks write(appendant) 4K data by da_write method. And each inode will consume one data block and one extent block in map_block. // There are (free_clusters - EXT4_FREECLUSTERS_WATERMARK = 910) // tasks choosing da_write method, left 512 tasks choose write_begin // method. If tasks which chooses da_write path run first. // dirty_clusters = 910, free_clusters = 1422 // Tasks which choose write_begin path will get ENOSPC: // free_clusters < (nclusters + dirty_clusters + resv_clusters) // 1422 < (1 + 910 + 512) 4. After certain number of map_block iterations in ext4_writepages. // free_clusters = 0, // dirty_clusters = 910 - (1422 / 2) = 199 5. Delete one 4K file. // free_clusters = 1 6. ext4_writepages traps into dead loop: mpage_map_and_submit_extent mpage_map_one_extent // ret = ENOSPC ext4_map_blocks -> ext4_ext_map_blocks -> ext4_mb_new_blocks -> ext4_claim_free_clusters: if (free_clusters >= (nclusters + dirty_clusters)) // false if (err == -ENOSPC && ext4_count_free_clusters(sb)) // true return err *give_up_on_write = true // won't be executed Fix it by terminating ext4_writepages if no free blocks generated. Signed-off-by: NZhihao Cheng <chengzhihao1@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @wufan618223 A successful call to cgroup_css_set_fork() will always have taken a ref on kargs->cset (regardless of CLONE_INTO_CGROUP), so always do a corresponding put in cgroup_css_set_put_fork(). Without this, a cset and its contained css structures will be leaked for some fork failures. The following script reproduces the leak for a fork failure due to exceeding pids.max in the pids controller. A similar thing can happen if we jump to the bad_fork_cancel_cgroup label in copy_process(). [ -z "$1" ] && echo "Usage $0 pids-root" && exit 1 PID_ROOT=$1 CGROUP=$PID_ROOT/foo [ -e $CGROUP ] && rmdir -f $CGROUP mkdir $CGROUP echo 5 > $CGROUP/pids.max echo $$ > $CGROUP/cgroup.procs fork_bomb() { set -e for i in $(seq 10); do /bin/sleep 3600 & done } (fork_bomb) & wait echo $$ > $PID_ROOT/cgroup.procs kill $(cat $CGROUP/cgroup.procs) rmdir $CGROUP Link:https://gitee.com/openeuler/kernel/pulls/1280 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com> -
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Zhang Zekun <zhangzekun11@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/62KOPQGPH57KOUCLU3BZ6ECRRXYWU4HB/ Link:https://gitee.com/openeuler/kernel/pulls/1297 Reviewed-by: Weilong Chen <chenweilong@huawei.com> Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
-
- 04 7月, 2023 3 次提交
-
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Pu Lehui <pulehui@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/I6FYDSV7M256UEC5NL26CH6SJ3NLHPXX/ Link:https://gitee.com/openeuler/kernel/pulls/1283 Reviewed-by: Xu Kuohai <xukuohai@huawei.com> Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Chen Jiahao <chenjiahao16@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/LKM3OGRPHUFIBAXN26GKXPU4STERGPYH/ Link:https://gitee.com/openeuler/kernel/pulls/1270 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 Zhang Zekun 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7I3P1 CVE: NA -------------------------------------------- The commit 0227a749 introduce a config CONFIG_IOVA_MAX_GLOBAL_MAGS, but it relies on IOMMU_SUPPORT. Some drivers can compile without IOMMU_SUPPORT, but still include include/linux/iova.h, which can cause compile problem. Fix this by moving the definition of CONFIG_IOVA_MAX_GLOBAL_MAGS out of IOMMU_SUPPORT. The error compile message is showned as below: In file included from ./include/linux/intel-iommu.h:14, from ./include/drm/intel-gtt.h:8, from drivers/char/agp/intel-agp.c:15: ./include/linux/iova.h:29:25: error: ‘CONFIG_IOVA_MAX_GLOBAL_MAGS’ undeclared here (not in a function) 29 | #define MAX_GLOBAL_MAGS CONFIG_IOVA_MAX_GLOBAL_MAGS /* magazines per bin */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ ./include/linux/iova.h:34:30: note: in expansion of macro ‘MAX_GLOBAL_MAGS’ 34 | struct iova_magazine *depot[MAX_GLOBAL_MAGS]; | ^~~~~~~~~~~~~~~ In file included from ./include/linux/intel-iommu.h:14, from ./include/drm/intel-gtt.h:8, from drivers/char/agp/intel-gtt.c:27: ./include/linux/iova.h:29:25: error: ‘CONFIG_IOVA_MAX_GLOBAL_MAGS’ undeclared here (not in a function) 29 | #define MAX_GLOBAL_MAGS CONFIG_IOVA_MAX_GLOBAL_MAGS /* magazines per bin */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ ./include/linux/iova.h:34:30: note: in expansion of macro ‘MAX_GLOBAL_MAGS’ 34 | struct iova_magazine *depot[MAX_GLOBAL_MAGS]; | ^~~~~~~~~~~~~~~ make[3]: *** [scripts/Makefile.build:286: drivers/char/agp/intel-agp.o] Error 1 make[3]: *** Waiting for unfinished jobs.... make[3]: *** [scripts/Makefile.build:286: drivers/char/agp/intel-gtt.o] Error 1 make[2]: *** [scripts/Makefile.build:503: drivers/char/agp] Error 2 make[1]: *** [scripts/Makefile.build:503: drivers/char] Error 2 make[1]: *** Waiting for unfinished jobs.... Signed-off-by: NZhang Zekun <zhangzekun11@huawei.com>
-
- 30 6月, 2023 3 次提交
-
-
由 Zheng Wang 提交于
stable inclusion from stable-v5.10.180 commit e9d64e90a0ada4d00ac6562e351ef10ae7d9b911 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7F1RG CVE: CVE-2023-35824 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e9d64e90a0ada4d00ac6562e351ef10ae7d9b911 -------------------------------- [ Upstream commit 5abda7a1 ] In dm1105_probe, it called dm1105_ir_init and bound &dm1105->ir.work with dm1105_emit_key. When it handles IRQ request with dm1105_irq, it may call schedule_work to start the work. When we call dm1105_remove to remove the driver, there may be a sequence as follows: Fix it by finishing the work before cleanup in dm1105_remove CPU0 CPU1 |dm1105_emit_key dm1105_remove | dm1105_ir_exit | rc_unregister_device | rc_free_device | rc_dev_release | kfree(dev); | | | rc_keydown | //use Fixes: 34d2f9bf ("V4L/DVB: dm1105: use dm1105_dev & dev instead of dm1105dvb") Signed-off-by: NZheng Wang <zyytlz.wz@163.com> Signed-off-by: NHans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: NSasha Levin <sashal@kernel.org> Signed-off-by: NPu Lehui <pulehui@huawei.com> Reviewed-by: NXu Kuohai <xukuohai@huawei.com> Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
-
由 John Sperbeck 提交于
mainline inclusion from mainline-v6.4-rc6 commit 2bd11033 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7E0F3 CVE: NA Reference:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2bd110339288c18823dcace602b63b0d8627e520 ------------------------------------------------- A successful call to cgroup_css_set_fork() will always have taken a ref on kargs->cset (regardless of CLONE_INTO_CGROUP), so always do a corresponding put in cgroup_css_set_put_fork(). Without this, a cset and its contained css structures will be leaked for some fork failures. The following script reproduces the leak for a fork failure due to exceeding pids.max in the pids controller. A similar thing can happen if we jump to the bad_fork_cancel_cgroup label in copy_process(). [ -z "$1" ] && echo "Usage $0 pids-root" && exit 1 PID_ROOT=$1 CGROUP=$PID_ROOT/foo [ -e $CGROUP ] && rmdir -f $CGROUP mkdir $CGROUP echo 5 > $CGROUP/pids.max echo $$ > $CGROUP/cgroup.procs fork_bomb() { set -e for i in $(seq 10); do /bin/sleep 3600 & done } (fork_bomb) & wait echo $$ > $PID_ROOT/cgroup.procs kill $(cat $CGROUP/cgroup.procs) rmdir $CGROUP Fixes: ef2c41cf ("clone3: allow spawning processes into cgroups") Cc: stable@vger.kernel.org # v5.7+ Signed-off-by: NJohn Sperbeck <jsperbeck@google.com> Signed-off-by: NTejun Heo <tj@kernel.org> Signed-off-by: Nwufan19 <wufan19@meituan.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Longlong Xia <xialonglong1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/O25ROO7NSR27YAETYTL5DMZW7DV6CNOO/ Link:https://gitee.com/openeuler/kernel/pulls/1253 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
- 29 6月, 2023 3 次提交
-
-
由 Takashi Iwai 提交于
mainline inclusion from mainline-v6.4-rc3 commit b8c75e4a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6YKXB CVE: CVE-2023-31084 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b8c75e4a1b325ea0a9433fa8834be97b5836b946 -------------------------------- Using a semaphore in the wait_event*() condition is no good idea. It hits a kernel WARN_ON() at prepare_to_wait_event() like: do not call blocking ops when !TASK_RUNNING; state=1 set at prepare_to_wait_event+0x6d/0x690 For avoiding the potential deadlock, rewrite to an open-coded loop instead. Unlike the loop in wait_event*(), this uses wait_woken() after the condition check, hence the task state stays consistent. CVE-2023-31084 was assigned to this bug. Link: https://lore.kernel.org/r/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/ Link: https://lore.kernel.org/linux-media/20230512151800.1874-1-tiwai@suse.deReported-by: NYu Hao <yhao016@ucr.edu> Closes: https://nvd.nist.gov/vuln/detail/CVE-2023-31084Signed-off-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NMauro Carvalho Chehab <mchehab@kernel.org> Signed-off-by: NChen Jiahao <chenjiahao16@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Yu Liao <liaoyu15@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/6LHNPN45YXYLIR67CAIS2GKF3WWDRBD6/ Link:https://gitee.com/openeuler/kernel/pulls/1132 Reviewed-by: sanglipeng <sanglipeng1@jd.com> Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Xia Fukun <xiafukun@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/LCJWGRWDEBQ2SDVR5JOAP447NA4IDPK4/ Link:https://gitee.com/openeuler/kernel/pulls/1262 Reviewed-by: Zucheng Zheng <zhengzucheng@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
- 28 6月, 2023 6 次提交
-
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/1077 PR sync from: Wei Li <liwei391@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/thread/J4QNVBAATO5YYR4XQ6PLJNMFVEF6SNPX/ Link:https://gitee.com/openeuler/kernel/pulls/1127 Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
-
由 openeuler-ci-bot 提交于
!1261 usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition Merge Pull Request from: @ci-robot PR sync from: Jialin Zhang <zhangjialin11@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/7KTWBBNYFJCK5RNBNMDHJRJHHWNO7JEZ/ Link:https://gitee.com/openeuler/kernel/pulls/1261 Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ma-wupeng Introduce new syscall set_mempolicy_home_node and mempolicy MPOL_PREFERRED_MANY. This patch series introduces the concept of the MPOL_PREFERRED_MANY mempolicy. This mempolicy mode can be used with either the set_mempolicy(2) or mbind(2) interfaces. Like the MPOL_PREFERRED interface, it allows an application to set a preference for nodes which will fulfil memory allocation requests. Unlike the MPOL_PREFERRED mode, it takes a set of nodes. Like the MPOL_BIND interface, it works over a set of nodes. Unlike MPOL_BIND, it will not cause a SIGSEGV or invoke the OOM killer if those preferred nodes are not available. mm: add new syscall set_mempolicy_home_node Link:https://gitee.com/openeuler/kernel/pulls/637 Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 Xia Fukun 提交于
stable inclusion from stable-v5.10.173 commit e9743b3052e125c44b555f07f2876a4bdccfd983 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7F2UT CVE: CVE-2023-3220 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e9743b3052e125c44b555f07f2876a4bdccfd983 -------------------------------- [ Upstream commit 93340e10 ] As kzalloc may fail and return NULL pointer, it should be better to check pstates in order to avoid the NULL pointer dereference. Fixes: 25fdd593 ("drm/msm: Add SDM845 DPU support") Signed-off-by: NJiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: NAbhinav Kumar <quic_abhinavk@quicinc.com> Patchwork: https://patchwork.freedesktop.org/patch/514160/ Link: https://lore.kernel.org/r/20221206080236.43687-1-jiasheng@iscas.ac.cnSigned-off-by: NDmitry Baryshkov <dmitry.baryshkov@linaro.org> Signed-off-by: NSasha Levin <sashal@kernel.org> Signed-off-by: NXia Fukun <xiafukun@huawei.com>
-
由 Zheng Wang 提交于
mainline inclusion from mainline-v6.4-rc1 commit 2b947f87 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7EDYS CVE: CVE-2023-35828 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b947f8769be8b8181dc795fd292d3e7120f5204 -------------------------------- In renesas_usb3_probe, role_work is bound with renesas_usb3_role_work. renesas_usb3_start will be called to start the work. If we remove the driver which will call usbhs_remove, there may be an unfinished work. The possible sequence is as follows: CPU0 CPU1 renesas_usb3_role_work renesas_usb3_remove usb_role_switch_unregister device_unregister kfree(sw) //free usb3->role_sw usb_role_switch_set_role //use usb3->role_sw The usb3->role_sw could be freed under such circumstance and then used in usb_role_switch_set_role. This bug was found by static analysis. And note that removing a driver is a root-only operation, and should never happen in normal case. But the root user may directly remove the device which will also trigger the remove function. Fix it by canceling the work before cleanup in the renesas_usb3_remove. Fixes: 39facfa0 ("usb: gadget: udc: renesas_usb3: Add register of usb role switch") Signed-off-by: NZheng Wang <zyytlz.wz@163.com> Reviewed-by: NYoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Link: https://lore.kernel.org/r/20230320062931.505170-1-zyytlz.wz@163.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Cai Xinchen <caixinchen1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/NYV2JFJ3O7YZNQOGH4SYOIN6Z5C2J3LP/ Link:https://gitee.com/openeuler/kernel/pulls/1247 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
- 27 6月, 2023 5 次提交
-
-
由 Zheng Wang 提交于
stable inclusion from stable-v5.10.180 commit 7dac96e9cc985328ec1fae92f0c245f559dc0e11 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7ERIV CVE: CVE-2023-3327 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7dac96e9cc985328ec1fae92f0c245f559dc0e11 -------------------------------- [ Upstream commit 30cf57da ] In saa7134_initdev, it will call saa7134_hwinit1. There are three function invoking here: saa7134_video_init1, saa7134_ts_init1 and saa7134_vbi_init1. All of them will init a timer with same function. Take saa7134_video_init1 as an example. It'll bound &dev->video_q.timeout with saa7134_buffer_timeout. In buffer_activate, the timer funtcion is started. If we remove the module or device which will call saa7134_finidev to make cleanup, there may be a unfinished work. The possible sequence is as follows, which will cause a typical UAF bug. Fix it by canceling the timer works accordingly before cleanup in saa7134_finidev. CPU0 CPU1 |saa7134_buffer_timeout saa7134_finidev | kfree(dev); | | | saa7134_buffer_next | //use dev Fixes: 1e7126b4 ("media: saa7134: Convert timers to use timer_setup()") Signed-off-by: NZheng Wang <zyytlz.wz@163.com> Signed-off-by: NHans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: NSasha Levin <sashal@kernel.org> Signed-off-by: NLonglong Xia <xialonglong1@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Liu Shixin <liushixin2@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/5RIDEB6A7NBTUWJUHQL6MOC4ZUD2N323/ Link:https://gitee.com/openeuler/kernel/pulls/1246 Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Liu Shixin <liushixin2@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/NL3WSSDH4CG2P2J6NDYTGUIS3A4PSEFY/ Fix two bugfix of hugetlb: 1) Invalid use of nr_online_nodes; 2) Inconsistency between 1G hugepage and 2M hugepage. Peng Liu (2): hugetlb: fix wrong use of nr_online_nodes hugetlb: fix hugepages_setup when deal with pernode -- 2.25.1 Link:https://gitee.com/openeuler/kernel/pulls/1245 Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Tong Tiangen <tongtiangen@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/6SPGFOOWI5JQIZEOAPQCWFRHCMH4UUGY/ Link:https://gitee.com/openeuler/kernel/pulls/1242 Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 Jiasheng Jiang 提交于
stable inclusion from stable-v5.10.166 commit 7b4516ba56f1fcb13ffc91912f3074e28362228d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7FCLX CVE: CVE-2023-3358 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7b4516ba56f1fcb13ffc91912f3074e28362228d ---------------------------------------- [ Upstream commit b3d40c3e ] As the kcalloc may return NULL pointer, it should be better to check the ishtp_dma_tx_map before use in order to avoid NULL pointer dereference. Fixes: 3703f53b ("HID: intel_ish-hid: ISH Transport layer") Signed-off-by: NJiasheng Jiang <jiasheng@iscas.ac.cn> Acked-by: NSrinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Signed-off-by: NJiri Kosina <jkosina@suse.cz> Signed-off-by: NSasha Levin <sashal@kernel.org> Signed-off-by: NCai Xinchen <caixinchen1@huawei.com>
-
- 26 6月, 2023 11 次提交
-
-
由 Joao Martins 提交于
mainline inclusion from mainline-v6.2-rc1 commit 11aad263 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I6SROX CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=11aad2631bf74b3c811dee76154702aab855a323 -------------------------------- Today with `hugetlb_free_vmemmap=on` the struct page memory that is freed back to page allocator is as following: for a 2M hugetlb page it will reuse the first 4K vmemmap page to remap the remaining 7 vmemmap pages, and for a 1G hugetlb it will remap the remaining 4095 vmemmap pages. Essentially, that means that it breaks the first 4K of a potentially contiguous chunk of memory of 32K (for 2M hugetlb pages) or 16M (for 1G hugetlb pages). For this reason the memory that it's free back to page allocator cannot be used for hugetlb to allocate huge pages of the same size, but rather only of a smaller huge page size: Trying to assign a 64G node to hugetlb (on a 128G 2node guest, each node having 64G): * Before allocation: Free pages count per migrate type at order 0 1 2 3 4 5 6 7 8 9 10 ... Node 0, zone Normal, type Movable 340 100 32 15 1 2 0 0 0 1 15558 $ echo 32768 > /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages $ cat /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages 31987 * After: Node 0, zone Normal, type Movable 30893 32006 31515 7 0 0 0 0 0 0 0 Notice how the memory freed back are put back into 4K / 8K / 16K page pools. And it allocates a total of 31987 pages (63974M). To fix this behaviour rather than remapping second vmemmap page (thus breaking the contiguous block of memory backing the struct pages) repopulate the first vmemmap page with a new one. We allocate and copy from the currently mapped vmemmap page, and then remap it later on. The same algorithm works if there's a pre initialized walk::reuse_page and the head page doesn't need to be skipped and instead we remap it when the @addr being changed is the @reuse_addr. The new head page is allocated in vmemmap_remap_free() given that on restore there's no need for functional change. Note that, because right now one hugepage is remapped at a time, thus only one free 4K page at a time is needed to remap the head page. Should it fail to allocate said new page, it reuses the one that's already mapped just like before. As a result, for every 64G of contiguous hugepages it can give back 1G more of contiguous memory per 64G, while needing in total 128M new 4K pages (for 2M hugetlb) or 256k (for 1G hugetlb). After the changes, try to assign a 64G node to hugetlb (on a 128G 2node guest, each node with 64G): * Before allocation Free pages count per migrate type at order 0 1 2 3 4 5 6 7 8 9 10 ... Node 0, zone Normal, type Movable 1 1 1 0 0 1 0 0 1 1 15564 $ echo 32768 > /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages $ cat /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages 32394 * After: Node 0, zone Normal, type Movable 0 50 97 108 96 81 70 46 18 0 0 In the example above, 407 more hugeltb 2M pages are allocated i.e. 814M out of the 32394 (64788M) allocated. So the memory freed back is indeed being used back in hugetlb and there's no massive order-0..order-2 pages accumulated unused. [joao.m.martins@oracle.com: v3] Link: https://lkml.kernel.org/r/20221109200623.96867-1-joao.m.martins@oracle.com [joao.m.martins@oracle.com: add smp_wmb() to ensure page contents are visible prior to PTE write] Link: https://lkml.kernel.org/r/20221110121214.6297-1-joao.m.martins@oracle.com Link: https://lkml.kernel.org/r/20221107153922.77094-1-joao.m.martins@oracle.comSigned-off-by: NJoao Martins <joao.m.martins@oracle.com> Reviewed-by: NMuchun Song <songmuchun@bytedance.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Conflicts: mm/hugetlb_vmemmap.c Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Peng Liu 提交于
mainline inclusion from mainline-v5.19-rc1 commit f87442f4 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6OWV4 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f87442f407af80dac4dc81c8a7772b71b36b2e09 -------------------------------- Hugepages can be specified to pernode since "hugetlbfs: extend the definition of hugepages parameter to support node allocation", but the following problem is observed. Confusing behavior is observed when both 1G and 2M hugepage is set after "numa=off". cmdline hugepage settings: hugepagesz=1G hugepages=0:3,1:3 hugepagesz=2M hugepages=0:1024,1:1024 results: HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages HugeTLB registered 2.00 MiB page size, pre-allocated 1024 pages Furthermore, confusing behavior can be also observed when an invalid node behind a valid node. To fix this, never allocate any typical hugepage when an invalid parameter is received. Link: https://lkml.kernel.org/r/20220413032915.251254-3-liupeng256@huawei.com Fixes: b5389086 ("hugetlbfs: extend the definition of hugepages parameter to support node allocation") Signed-off-by: NPeng Liu <liupeng256@huawei.com> Reviewed-by: NMike Kravetz <mike.kravetz@oracle.com> Cc: Baolin Wang <baolin.wang@linux.alibaba.com> Cc: David Hildenbrand <david@redhat.com> Cc: Liu Yuntao <liuyuntao10@huawei.com> Cc: Muchun Song <songmuchun@bytedance.com> Cc: Zhenguo Yao <yaozhenguo1@gmail.com> Cc: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Peng Liu 提交于
mainline inclusion from mainline-v5.19-rc1 commit 0a7a0f6f category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6OWV4 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a7a0f6f7f3679c906fc55e3805c1d5e2c566f55 -------------------------------- Patch series "hugetlb: Fix some incorrect behavior", v3. This series fix three bugs of hugetlb: 1) Invalid use of nr_online_nodes; 2) Inconsistency between 1G hugepage and 2M hugepage; 3) Useless information in dmesg. This patch (of 4): Certain systems are designed to have sparse/discontiguous nodes. In this case, nr_online_nodes can not be used to walk through numa node. Also, a valid node may be greater than nr_online_nodes. However, in hugetlb, it is assumed that nodes are contiguous. For sparse/discontiguous nodes, the current code may treat a valid node as invalid, and will fail to allocate all hugepages on a valid node that "nid >= nr_online_nodes". As David suggested: if (tmp >= nr_online_nodes) goto invalid; Just imagine node 0 and node 2 are online, and node 1 is offline. Assuming that "node < 2" is valid is wrong. Recheck all the places that use nr_online_nodes, and repair them one by one. [liupeng256@huawei.com: v4] Link: https://lkml.kernel.org/r/20220416103526.3287348-1-liupeng256@huawei.com Link: https://lkml.kernel.org/r/20220413032915.251254-1-liupeng256@huawei.com Link: https://lkml.kernel.org/r/20220413032915.251254-2-liupeng256@huawei.com Fixes: 4178158e ("hugetlbfs: fix issue of preallocation of gigantic pages can't work") Fixes: b5389086 ("hugetlbfs: extend the definition of hugepages parameter to support node allocation") Fixes: e79ce983 ("hugetlbfs: fix a truncation issue in hugepages parameter") Fixes: f9317f77 ("hugetlb: clean up potential spectre issue warnings") Signed-off-by: NPeng Liu <liupeng256@huawei.com> Suggested-by: NDavid Hildenbrand <david@redhat.com> Reviewed-by: NBaolin Wang <baolin.wang@linux.alibaba.com> Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com> Reviewed-by: NDavidlohr Bueso <dave@stgolabs.net> Reviewed-by: NMike Kravetz <mike.kravetz@oracle.com> Acked-by: NDavid Hildenbrand <david@redhat.com> Cc: Zhenguo Yao <yaozhenguo1@gmail.com> Cc: Muchun Song <songmuchun@bytedance.com> Cc: Liu Yuntao <liuyuntao10@huawei.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Conflicts: mm/hugetlb.c Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Hui Tang <tanghui20@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/YBGT2EBOTBD7PFWTPX3DX74QNLLTRRVR/ Link:https://gitee.com/openeuler/kernel/pulls/1217 Reviewed-by: Zucheng Zheng <zhengzucheng@huawei.com> Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 Tong Tiangen 提交于
hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7F28R CVE: NA -------------------------------- On Hisilicon LINXICORE9100 cores, sharing tlb entries on two cores when TTBRx.CNP=1 differs from the standard ARM core. This causes issues when tlb entries sharing between CPU cores. Avoid these issues by disabling CNP feature for Hisilicon LINXICORE9100 cores. Signed-off-by: NTong Tiangen <tongtiangen@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Zhang Zekun <zhangzekun11@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/OQE3GDKPH36NAFWPS5QAOYB7RBEGMMIE/ Link:https://gitee.com/openeuler/kernel/pulls/1223 Reviewed-by: Weilong Chen <chenweilong@huawei.com> Reviewed-by: Hanjun Guo <guohanjun@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: "GONG, Ruiqi" <gongruiqi1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/2UQWQFUDJJ3AA4KWKXEAZSYYXWTLW3UM/ Link:https://gitee.com/openeuler/kernel/pulls/1181 Reviewed-by: sanglipeng <sanglipeng1@jd.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Wupeng Ma <mawupeng1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/HO6QXFWOBWOT6QFQ3P5VMHCBDUJXVKCI/ Link:https://gitee.com/openeuler/kernel/pulls/1220 Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Wupeng Ma <mawupeng1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/DBYQ7YX2NZXNZFVXLHOUZRNTPCMRY75Q/ From: Ma Wupeng <mawupeng1@huawei.com> Fix memory reliable related issues. Ma Wupeng (3): mm: mem_reliable: Fix reliable page counter mismatch problem mm: mem_reliable: Update reliable page counter to zero if underflows efi: Disable mirror feature during crashkernel -- 2.25.1 Link:https://gitee.com/openeuler/kernel/pulls/1191 Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Wupeng Ma <mawupeng1@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/JDE2LDXAOHQR2RGYUMOGCZOLNJGVO7EW/ From: Ma Wupeng <mawupeng1@huawei.com> 1. fix memleak with efi_fake_mem 2. disable efi_fake_mem support by default for arm64 Ma Wupeng (2): efi: Fix UAF for arm64 when enable efi_fake_mem config: Disable EFI_FAKE_MEMMAP support for arm64 by default -- 2.25.1 Link:https://gitee.com/openeuler/kernel/pulls/1194 Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Liu Shixin <liushixin2@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/LB3KEGYTHZN2JVMAZADIFG73PYZUD2RV/ This series patches add swap control for memory cgroup. Patch[2] add page type in memory.reclaim interface to support reclaim anon pages. Patch[4] add memory.force_swapin interface to support swap back pages proactively. Patch[5] add memory.swap.max interface to limit usage of swap for memory cgroup. Patch[6-7] add memory.swapfile interface to limit available swap device for memory cgroup. v2->v3: Enable memcg swap qos for x86_64 and arm64 by default. v1->v2: Rebase on the latest version and fix merge conflicts. Liu Shixin (7): memcg: add page type to memory.reclaim interface memcg: introduce memcg swap qos feature memcg: introduce per-memcg swapin interface memcg: add restrict to swap to cgroup1 mm/swapfile: introduce per-memcg swapfile control mm: swap_slots: add per-type slot cache config: enable memcg swap qos for x86_64 and arm64 by default Yosry Ahmed (1): mm: vmpressure: don't count proactive reclaim in vmpressure -- 2.25.1 Link:https://gitee.com/openeuler/kernel/pulls/1228 Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
-
- 25 6月, 2023 6 次提交
-
-
由 openeuler-ci-bot 提交于
Merge Pull Request from: @ci-robot PR sync from: Zheng Zengkai <zhengzengkai@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/523BXW5DZPQ2JZPS3ZS4NBZ6GCRCWCWW/ Link:https://gitee.com/openeuler/kernel/pulls/1227 Reviewed-by: Jason Zeng <jason.zeng@intel.com> Reviewed-by: Xie XiuQi <xiexiuqi@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7CGGT CVE: NA -------------------------------- Support memcg swap qos by default on x86_64 and arm64 platforms. Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7CGGT CVE: NA -------------------------------- Since we support per-memcg swapfile control, we need per-type slot cache to optimize performance. To reduce memory waste, allocate per-type slot cache when enable feature or online the corresponding swap device. Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7CGGT CVE: NA -------------------------------- With memory.swapfile interface, the avail swap device can be limit for memcg. The acceptable parameters are 'all', 'none' and valid swap device. Usage: echo /dev/zram0 > memory.swapfile If the swap device is offline, the swapfile will be fallback to 'none'. Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7CGGT CVE: NA -------------------------------- The memsw can't limit the usage of swap space. Add memory.swap.max interface to limit the difference value of memsw.usage and memory.usage. Since a page may occupy both swap entry and a swap cache page, this value is not exactly equal to swap.usage. Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-
由 Liu Shixin 提交于
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7CGGT CVE: NA -------------------------------- Add a new per-memcg swapin interface to load data into memory in advance to improve access efficiency. Usage: # echo 0 > memory.force_swapin Signed-off-by: NLiu Shixin <liushixin2@huawei.com>
-