ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

/proc/sharepool/proc_overview supports to show process overview info.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Let /proc/$pid/sp_group show multi-group info.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

To simplify the design, we can put the pointer of sp_proc_stat in
sp_group_master so we don't need call proc_stat = idr_find(id).
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

If group adding failed, we should release the memory of newly allocated
spg_node. sp_group_master and sp_proc_stat don't need to be freed as
they are released when process exits.

In addition, sp_proc_stat may not be initialized when group adding is
failed. Check this in sp_group_post_exit.

Also adjust the position of access control permission check.
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: Ding Tianhong <dingtianhong@huawei.com>dd
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

A process may belong to many sp_groups, so we need to check it.
Extract is_process_in_group to help us do this.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Let va_start and va_size be global and not belong to any special group,
and the configurations will be applied to all sp_groups.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------

Since a single process could be added to multiple groups, we must take
the spg_id into account when we do k2spg.

Change:
The caller must provide a valid spg_id for k2spg.
SPG_ID_DEFAULT and SPG_ID_NONE is used to indicate that we should share
the input kva to current process.
Signed-off-by: NWang Wensheng <wangwensheng4@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------

Since a process could be added to multiple groups, we should return an
array of spg_ids to cover all the groups.
Signed-off-by: NWang Wensheng <wangwensheng4@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

The procedure of finding task_struct and increasing its refcount
is duplicate. Extract function get_task to eliminate redundant
code.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

SPG_ID_DVPP_PASS_THROUGH_MIN, SPG_ID_DVPP_PASS_THROUGH_MAX
and SPG_ID_DVPP_PASS_THROUGH are now useless.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

The requirement of sp_alloc pass through was not proposed in the
original design and the first implementation confused many people.

When a process not in any sp group calls sp_alloc, it enters pass
through procedure. In the first implementation, this process is added to
a special sp group which id is between [SPG_ID_DVPP_PASS_THROUGH_MIN,
SPG_ID_DVPP_PASS_THROUGH_MAX]. The main benefit is that most procedure
of sp_alloc can be reused directly.

However, many code reviewers feel confused because of the sp group.
The call of sp_group_add_task in sp_alloc is not only abrupt but also
buggy. Moreover, a process once in sp alloc pass through procedure
can't be added to any sp groups later because it is already in a special
sp group. This is a scalability limitation.

Idealy, sp_alloc pass through procedure doesn't need any sp group.
That's why we decide to redesign it with spg_none, which manages all
accounting statistics of sp_areas generated by sp_alloc pass through and
k2u_task but contains none.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Refactor sp_free to improve its readability.
Extract sp_free_get_spa to get sp_area and check its validity.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Refactor sp_alloc to improve its readability.
Extract sp_alloc_finish.
Suggested-by: NWang Wensheng <wangwensheng4@huawei.com>
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Refactor sp_alloc to improve its readability.

Extract sp_alloc_mmap_populate, which consists of sp_alloc_mmap and
sp_alloc_populate.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Refactor sp_alloc to improve its readability.
Extract sp_fallocate.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Refactor sp_alloc to improve its readability.
1. Introduce struct sp_alloc_context to save allocation parameters.
2. Extract sp_alloc_prepare to check input parameters of sp_alloc
and initialize sp_alloc_context instance.
Suggested-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Suggested-by: NWang Wensheng <wangwensheng4@huawei.com>
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Using pr_fmt to have the module name "share pool: " prepended.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

After removing the 'pid' parameter of sp_unshare_uva, we need to
implement a new access control for unshare uva (to task).
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------------

Remove unnecessary params(pid, spg_id) of sp_unshare.
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

The prot parameter is added to sp_group_add_task function. It indicates the
PROT_READ/PROT_WRITE permission of the task for this spg.
Signed-off-by: NPeng Wu <wupeng58@huawei.com>
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

In multi-group mode, we introduce struct sp_spg_stat which represents
statistics for an sp_group. It is the accumulation of all structs of
spg_proc_stat in an sp_group.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

In multi-group mode, we introduce struct spg_proc_stat which represents
statistics in an sp_group for a process. And struct sp_proc_stat
is the accumulation of all structs of spg_proc_stat for a process.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

When a process not in any sp group calls k2u_task, it will encounter a
null pointer visit problem in sp_init_proc_stat:

mm->sp_group_master is null, and visit mm->sp_group_master->sp_stat_id
is illegal.

To fix this, we initialize sp_group_master when call k2u_task.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

We are going to redesign the accounting subsystem of share pool.
We need to disambiguate the meaning of sp_stat_idr, as we will
introduce an struct which representing per-spg statistics.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

We are going to redesign the accounting subsystem of share pool.
First we need to disambiguate the meaning of sp_spg_stat, as it is
system-level not spg-level.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

The max num of process in a group is MAX_PROC_PER_GROUP.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

The max num of sp_group in the system is MAX_GROUP_FOR_SYSTEM.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

The share pool need to support multi-group mode for automotive platform,
it will enhance the system reliability and security.

The new multi-group mode could be enabled by boot command line. When
disabled, the share pool should only support single group mode by
default. When enabled, the task could be added to several groups
(at most 3k). At most 50k groups can be created in the whole system.

This patch also fixes the kabi problem for mm struct.
Signed-off-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

The situation below is not allowed:

int *result = mmap(ADDR, sizeof(int), PROT_READ | PROT_WRITE,
	MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);

As share pool uses an independent UVA allocation algorithm, it may
produce an address that is conflicted with user-specified address.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Once sp group is created, the generated id will be freed in
sp_group_drop. Before that, we should call free_sp_group_id()
when error occurs.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Free id at the end of sp_group_add_task when failed.
Benefits are below:
1. Less time to hold locks.
2. Avoid to forget freeing id in other error handling branches.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Increase the value of sp_stat_sem when failed.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Only root can enable pr_debug printing.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Let memory compact to be configurable.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

We found a hungtask problem when do direct compact in
__alloc_pages_nodemask:

vmalloc_hugepage_user -> __vmalloc_node_range -> __vmalloc_area_node ->
sp_alloc_pages -> alloc_huge_page_node -> alloc_fresh_huge_page ->
__alloc_pages_nodemask.

Set PF_MEMALLOC then direct reclaim and direct compact won't be called.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

We found a concurrency problem of sp_group_add_task and sp_free which
lead to memory leak.

After process A calls __sp_free and vfs_fallocate but before calling
__sp_area_drop, process B is being added to the same group by a manager
process, the *dead* spa freed by sp_free may be mapped into process B
again, then do_mm_populate is called.

When sp_group_add_task is finished, this spa is dropped and can't be
seen in /proc/sharepool/spa_stat, but the memory of spa still reside in
the group. It can only be freed when the group is dead.

To fix the problem, we add a member is_dead in spa. We can access it
when spg->rw_lock is held. This may sound a little strange if not
realizing the life cycle of spa has a direct relation with sp group.
Suggested-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huwei.com>
Reviewed-by: N为珑 陈 <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

---------------------------------------------------

When mmput is called concurrently, the judgment of "mm_users == 2"
in sp_group_exit is not atomic with atomic_dec_and_test in mmput.
The judgment of "mm_users == 2" may never be valid. As a result,
mm leakage occurs.

For example, in a typical scenario, a process has two threads, with
the mmget is performed in sp_group_add_task. In this case, mm_users
is 3. When two threads exit at the same time, the judgment of
"mm_users == 2" fail.

Therefore, the judgment and atomic_dec_and_test are put in the spg
rw_lock to ensure the serialization of the whole process.
Signed-off-by: NDing Tianhong <dingtianhong@huawei.com>
Signed-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------

Adding a function for getting node id, which can be used to alloc
share pool memory on a specified memory node.
Signed-off-by: NPeng Wu <wupeng58@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Reviewed-by: Nchenweilong <chenweilong@huawei.com>
Reviewed-by: NTang Yizhou <tangyizhou@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

ascend inclusion
category: perf
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

We encounter a problem as follows:

[ 3057. 75094] share pool: task add group failed, current thread is killed
[ 3057. 75152] [ascend] [drv_buff] [buff_mv_pid_node_to_recycle_list 872] <rosnode:12273,12273> release empty list node pid 12273, group_id 1
[ 3057. 76380] [ascend] [ERROR] [drv_buff] [buff_req_ioctl_pid_add_group 443] <rosnode:12297,12297> pid add group failed, pid:12297, grp_id:1, ret -512
[ 3057. 76382] [ascend] [drv_buff] [buff_ioctl 841] <rosnode:12297,12297> buff_req_ioctl_handlers failed. ret:-512
[ 3057. 76452] Unable to handle kernel paging request at virtual address dead000000000108
[ 3057. 76454] Mem abort info:
[ 3057. 76456]   ESR = 0x96000044
[ 3057. 76457]   Exception class = DABT (current EL), IL = 32 bits
[ 3057. 76458]   SET = 0, FnV = 0
[ 3057. 76459]   EA = 0, S1PTW = 0
[ 3057. 76460] Data abort info:
[ 3057. 76461]   ISV = 0, ISS = 0x00000044
[ 3057. 76462]   CM = 0, WnR = 1
[ 3057. 76463] [dead000000000108] address between user and kernel address ranges
[ 3057. 76466] Internal error: Oops: 96000044 [#1] SMP
[ 3057. 76469] Process rosnode (pid: 12308, stack limit = 0x0000000012aa85df)
[ 3057. 76473] CPU: 10 PID: 12308 Comm: rosnode Tainted: P         C O      4.19.95-1.h1.AOS2.0.aarch64 #1
[ 3057. 76474] Hardware name: evb (DT)
[ 3057. 76476] pstate: 20400009 (nzCv daif +PAN -UAO)
[ 3057. 76483] pc : sp_group_exit+0x94/0x130
[ 3057. 76486] lr : sp_group_exit+0x48/0x130
[ 3057. 76486] sp : ffff00001a163c10
[ 3057. 76487] pmr_save: 000000e0
[ 3057. 76489] x29: ffff00001a163c10 x28: ffff800887e2a940
[ 3057. 76491] x27: 0000000000000000 x26: ffff800d8098ca40
[ 3057. 76492] x25: ffff80089a879168 x24: ffff00001a163dd0
[ 3057. 76494] x23: 0000000000000000 x22: 0000000000000002
[ 3057. 76495] x21: ffff800896e73088 x20: ffff80089a879100
[ 3057. 76496] x19: ffff800896e73000 x18: ffff7e002ca9a4f4
[ 3057. 76498] x17: 0000000000000001 x16: 0000000000000001
[ 3057. 76499] x15: 0400000000000000 x14: ffff800bd5d0d050
[ 3057. 76500] x13: 0000000000000001 x12: 0000000000000000
[ 3057. 76502] x11: 0000000000000000 x10: 00000000000009e0
[ 3057. 76503] x9 : ffff00001a163a90 x8 : ffff800887e2b380
[ 3057. 76505] x7 : 00000000000000b4 x6 : 0000001b5b9081bb
[ 3057. 76506] x5 : dead000000000100 x4 : dead000000000200
[ 3057. 76507] x3 : dead000000000100 x2 : dead000000000200
[ 3057. 76508] x1 : ffff800d81365400 x0 : ffff800896e73088
[ 3057. 76510] Call trace:
[ 3057. 76513]  sp_group_exit+0x94/0x130
[ 3057. 76517]  mmput+0x20/0x170
[ 3057. 76519]  do_exit+0x338/0xb38
[ 3057. 76520]  do_group_exit+0x3c/0xe8
[ 3057. 76522]  get_signal+0x14c/0x7d8
[ 3057. 76524]  do_signal+0x88/0x290
[ 3057. 76525]  do_notify_resume+0x150/0x3c8
[ 3057. 76528]  work_pending+0x8/0x10
[ 3057. 76530] Code: d2804004 f2fbd5a5 f2fbd5a4 aa1503e0 (f9000462)
[ 3057. 76534] [kbox] unable to set sctrl register, 				maybe the domain is not SD, continue
[ 3057. 76535] [kbox] catch die event on cpu 10
[ 3057. 76537] [kbox] catch die event, start logging
[ 3057. 76540] [kbox] die info:Oops:0044
[ 3057. 76540] [kbox] start to collect

If process A adds process B into an sp_group and B is killed at the
mean time, then the calling of sp_group_add_task for B is failed and

list_del(&mm->sp_node);

is executed. Notice there is also an execution of this code in
sp_group_exit for B, so mm->sp_node is double freed.

The addr of sp_node->next is LIST_POISON1, which is dead000000000108
in arm64.
Signed-off-by: NTang Yizhou <tangyizhou@huawei.com>
Reviewed-by: NDing Tianhong <dingtianhong@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: NWeilong Chen <chenweilong@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>